Multigrain Bakery Café Ltd (hereinafter “we”, “us” or “our”) is the controller of the information collected or provided directly.
- directly from you or
- through third parties in the standard course of the business we do in order to provide you with the service you requested.
Collection of Personal Information
We collect and use several types of information the individuals we co-operate with, including information by which you may be personally identified and that is defined as personal data or personally identifiable information under applicable law (“Personal Information”), such as your first and last name, e-mail address, billing information, demographics, telephone number, or other (online) contact information, personal details, health related information.
Categories of Personal Information we collect and use on or through our Website include:
- Information that you provide by filling in forms, in particular at the time of first contact with us.
- We also collect Personal Information when you enter a contest or promotion sponsored by us, and when you report a problem with our Website.
- Records and copies of your correspondence (including e-mail addresses), if you contact us.
- Details of transactions you carry out, if any, and of the fulfillment of your orders.
Purposes for Which We Use Your Personal Information
In general, we use information that we collect about you or that you provide to us, including Personal Information and Sensitive Personal Information, for following purposes:
- Provision of services:to provide you with information, products or services that you request from us;
- Customer management:to manage your account, to provide you with customer support and with notices about your account, including notices, notices about changes to any products or services we offer or provide through it;
- Advertising:following explicit consent to communicate with you about products or services that may be of interest to you either from us, our affiliates or other third parties;
- Functionality and security: to detect, prevent, and respond to actual or potential fraud, illegal activities, or intellectual property infringement;
- Compliance:to enforce our terms and conditions and to comply with our legal obligations as these derive from the applicable laws or our regulators;
Disclosure of Your Personal Information
We want you to understand when and to whom we disclose Personal Information and other information we have collected about you or your activities on the Website. We do not share your Personal Information with third parties except as indicated below:
- Service providers.To our authorized service providers that perform certain services on our behalf, including for purposes of provision of the services you requested from us, customer management and security. These services may include fulfilling orders, processing credit card payments, check payments risk and fraud detection and mitigation, providing customer service and marketing assistance. These service providers may have access to Personal Information needed to perform their functions but are not permitted to share or use such information for any other purposes. We have taken all reasonable steps to ensure that they comply with the current data protection regulations.
We also disclose your Personal Information to other third parties, including official authorities, courts, or other public bodies:
- In response to a subpoena or similar investigative demand, a court order or other judicial or administrative order, or a request for cooperation from a law enforcement or other government agency; to establish or exercise our legal rights; to defend against legal claims; to comply with applicable law or cooperate with law enforcement, government or regulatory agencies; or to enforce our Website terms and conditions or other agreements or policies; or as otherwise required by law (including responding to any government or regulatory request). In such cases, we may raise or waive any legal objection or right available to us, in our sole discretion.
- To the extent a disclosure is necessary in connection with efforts to investigate, prevent, report or take other action regarding illegal activity, suspected fraud or other wrongdoing; to protect and defend the rights, property or safety of our company, our users, our employees, or others; to maintain and protect the security and integrity of our Website or infrastructure.
Third parties to whom we may disclose Personal Information may have their own privacy policies which describe how they use and protect Personal Information. If you want to learn more about their privacy practices, we encourage you to visit the websites of those third parties.
We may disclose aggregated information about our users, and information that does not identify any individual, without restriction. In particular, we may transfer non-Personal Information and process it outside your country of residence, wherever the Website, its affiliates and service providers operate. We may combine non-Personal Information we collect with additional non-Personal Information collected from other sources. We also may share aggregated information with third parties, including advisors, advertisers and investors, for the purpose of conducting general business analysis.
How We Store Your Personal Information
The information that we collect about you, including Personal Information, will be stored and processed in Cyprus and/or in remote cases in the Countries in which we and the third parties mentioned above maintain facilities. If you are located in the European Union or other regions with laws governing data collection and use that may differ from European data protection laws, please note that in the course of providing you with the service you requested we may transfer Personal Information to some of these countries and jurisdictions that have data protection laws that do not provide the exact same level of protection as in your jurisdiction, however we make every effort possible to verify and audit that the processor and sub processors provide the best level of protection of personal data.
Retention of Personal Information
To the extent we have collected your Personal Data for purposes of provision of services, customer management, and customization of content (for descriptions of these purposes see above), we keep your Personal Information for as long as you have an account with the Website, as needed to provide you with our respective services and in compliance with relevant laws of Cyprus. For further information regarding specific retention period please contact us at firstname.lastname@example.org.
Personal Information used for advertising purposes will be stored for a period of 12 months.
The period for which we keep your Personal Information that is necessary for compliance and legal enforcement purposes varies and depend on the nature of our legal obligations and claims in the individual case.
Legal Bases for Collection, Use and Disclosure of Your Personal Information
There are different legal bases that we rely on to collect, use and disclose your Personal Information, namely:
- Performance of contract:The use of your Personal Information for purposes of providing the services, customer management and functionality and security as described above is necessary to perform the services provided to you under our term and conditions and any other contract that you have with us.
- Compliance with legal obligation:We are permitted to use your Personal Information in to the extent this is required to comply with a legal obligation to which we are subject.
How We Protect the Security of Your Personal Information
We take appropriate security measures (including physical, electronic and procedural measures) to safeguard your Personal Information from unauthorized access and disclosure. For example, only authorized employees are permitted to access Personal Information, and they may do so only for permitted business functions. In addition we have trained our employees on how to handle, manage and process personal data, applied upgraded technical measures and transformed our policies and procedures in a way that will comply with the General Data Protection Regulation.
Users should also take care with how they handle and disclose their Personal Information and should avoid sending Personal Information through insecure email. We are not responsible for circumventions of any privacy settings or security measures contained on the Website.
Choices About How We Collect, Use and Disclose Your Personal Information
We strive to provide you with choices regarding the Personal Information you provide to us.
- You can choose not to provide us with certain Personal Information, but that may result in you being unable to use certain services.
- When you register with us, you may be given a choice as to whether you want to receive email messages, newsletters or advertising material about product updates, improvements, special offers, or containing special distributions of content by us. If consented yet later on you decide you no longer want to receive commercial or promotional emails or newsletters from us, you will need to avail yourself of the unsubscribe mechanism set out in the applicable communication. It may take up to seven days for us to process an opt-out request. We may send you other types of transactional and relationship e-mail communications, such as service announcements, administrative notices, and surveys, without offering you the opportunity to opt out of receiving them as these will related directly to your relationship with us.
- If you provided Personal Information, you may terminate your relationship with us at any time as per the provision of the between us agreement or engagement. If you choose to do so, your Personal Information will be deleted in accordance with our retention policy.
Your Rights Related to Your Personal Information
Subject to the provisions of the General Data Protection Regulation, you have certain rights regarding the Personal Information we collect, use or disclose and that is related to you, including the right
- to receive information on the Personal Information concerning we hold about you and how such Personal Information is used (right to access);
- to rectify inaccurate Personal Information concerning you (right to data rectification);
- to delete/erase your Personal Information (right to erasure/deletion, “right to be forgotten”);
- to receive the Personal Information provided by you in a structured, commonly used and machine-readable format and to transmit those Personal Information to another data controller (right to data portability)
- to object to the use of your Personal Information where such use is based on our legitimate interests or on public interests (right to object); and
- in some cases, to restrict our use of your Personal Information (right to restriction of processing).
If we ask for your consent to use your Personal Information, you can withdraw your consent at any time.
You may, at any time, send us an e-mail at email@example.com to exercise your above rights in accordance with the applicable legal requirements and limitations.
Note that some requests to delete certain Personal Information will require the deletion of your user account as the provision of user accounts are inextricable linked to the use of certain Personal Information (e.g., your e-mail address). Also note that it is possible that we require additional information from you in order to verify your authorization to make the request and to honor your request.
No Rights of Third Parties
No Error Free Performance
You may also contact us at 40 Leof. Lemesou str. 2572 Pera Chorio Nisou, Nicosia, Cyprus, telephone +35722525500.