This is the privacy statement of Rime Information Bureau Ltd. (RIME). RIME processes personal data as part of our services. In the paragraphs below we describe which personal data we process and for what purposes. We also explain for which services we process the data for and on what legal basis we are allowed to do so. The sharing of data with other parties will be discussed, as well as the processing of personal data outside the EU. The security of personal data is dealt with together with the retention terms. We have also detailed your rights as a data subject and what you need to do should you wish to contact RIME about your concerns.
1.1 RIME’s vision on privacy
RIME makes every effort to ensure that we process personal data appropriately and securely. It is imperative that you have confidence in our organisation and we will do whatever is necessary to protect your privacy. The rules on protecting your privacy are laid down in the General Data Protection Regulation (GDPR), whereby the Cyprus Commissioner of Personal Data Protection supervises compliance with the law. The GDPR is one of the largest regulatory changes over the last decade for our industry. Data is at the core of RIMEs business and how we serve our clients. RIME considers GDPR of the greatest importance.
What is personal data?
Personal data is defined as any data that can be traced back to a person, or commonly referred to as a data subject. Examples include your name, address, telephone number and account number. Sometimes we aggregate or anonymise your personal data so that you are no longer traceable as a person. A data subject can be a customer, supplier, partner, employee or any other person whose personal data is being processed.
1.2 From which sources do we collect personal data?
RIME uses several sources to collect personal data:
The public sources from which RIME obtain personal data include:
a) Public registers
b) Public sector information and regulatory bodies
c) National and international sanction lists
d) Company websites
e) Foreign equivalents of the sources mentioned under a) to d)
The non-public sources from which RIME can obtain personal data include:
a) The data subject itself, including those representing the data subject concerned and those
authorised for that purpose by the data subject;
b) Clients of RIME and others who have a business or financial relationship relevant to the
collection and processing purpose;
c) Commercial entities and their customers and suppliers
d) Data suppliers
1.3 Who is the controller when processing data?
RIME is the data controller when processing personal data for the following purposes stated in
section 2, such as:
- Credit Management
- Market Information
1.4 Who is the Data Protection Officer?
The Data Protection Officer within RIME is Costa Gregoriou. The Data Protection Officer observes compliance with the privacy laws and regulations and is the contact person with the Cyprus Commissioner of Personal Data Protection If you wish to contact our Data Protection Officer please send an email to: firstname.lastname@example.org.
2. For which purposes do we collect personal data?
RIME supports organisations in the field of credit management activities by processing and providing business information which may contain personal data, either within a credit score or credit information report, to assist organisations when making the following decisions:
a) identifying, verifying and/or selecting potential trading partners;
b) deciding whether or not to enter into, continue and/or terminate commercial transactions;
c) establishing the commercial terms under which these transactions take place, including the provision of credit or the provision of (trade) credit;
d) determining (future) opportunities of collecting debts and/or determining creditworthiness.
RIME supports organisations by processing and providing business information, which may contain personal data for the marketing activities.
Processing personal data to improve our products and solutions; provide customers with products and solutions that have been requested from RIME, advertise and promote the services offered. Conducting internal administration and managing our own accounts and records for this purpose. Recruiting and selecting new employees; supporting employees and managing personnel files.
3. Which legitimate grounds does RIME process personal data?
Legitimate interest: processing of personal data for the purpose of offering and providing commercial information, as well as the development of these services, is necessary in view of the legitimate interest of RIME or its client. The purpose of this processing is to enable businesses to manage their financial risks, protect against fraud, know whom they are doing business with, meet compliance and regulatory obligations and better understand organisations, industries and markets. Processing of personal data on this ground does not take place if the interests of the person whose data is being processed prevail.
Consent: the data subject has granted their unambiguous permission for the processing. For example, a data subject completes a contact form on the website to request information about our services, RIME asks for personal information such as name, company, email address and telephone number. RIME only uses this information for the purpose for which it is intended. Personal details will not be made available to third parties.
Agreement: processing is necessary for the execution of an agreement in which the data subject is a party. This only applies when the processing is necessary for the execution of a contract, e.g. an employment contract or a sales/customer contract.
Legal obligation: data processing is necessary to fulfil a legal obligation.
4. Does RIME make use of automatic processing or profiling?
RIME makes use of automatic processing when determining the credit score of an organisation. Automated processing of business data and/or personal data, combined with statistical and/or demographic data occurs when determining the credit score of an organisation. The credit score predicts whether an organisation is likely to continue trading, pays its bills on time, receives credit or whether they are subject to any specific risks. The outcome is a risk indicator. RIME does not attach legal consequences to this credit score nor does it make any decisions about an organisation and does not tell customers whether to trade with an organisation or not.
RIME also makes use of automatic processing to determine if an organisation is a potential customer. Information is collected, including the personal contact details, and a score derived. On the basis of the score RIME contacts a potential client. There are no legal consequences attached to the automatic processing, nor does it affect data subjects significantly whether or not the potential client is contacted by RIME on the basis of the score.
5. Does RIME share personal data with other parties?
RIME does not share any internal marketing data including personal data with anyone outside the RIME Group. Marketing data is shared within the RIME Group in the Middle East, North Africa and Mediterranean regions.
RIME’s core business is to collect business information, which may include personal data, for the provision of trade information services (commercial data). RIME shares this commercial data with:
- Customers – businesses and organisations with whom RIME enters into an agreement to purchase or access data;
- Entities within the RIME Group
- Suppliers – businesses and organisations with whom RIME enters into an agreement to purchase or access data.
6. Does RIME transfer data outside the European Economic Area(EEA)?
RIME only transfers data outside the EEA when either the country has a sufficient level of data protection according to the European Commission or when extra safeguards are taken (standard model clauses) with these parties to make sure your personal data is protected in line with GDPR standards.
7. How does RIME secure personal data?
RIME considers the protection of privacy and confidentiality of personal information important, and therefore ensures appropriate technical and organisational measures to protect personal data against loss, misuse and any form of unlawful processing.
8. How long does RIME retain my data?
RIME ensures that personal data processed by RIME for the benefit of their business information services is correct, adequate, relevant and up-to-date. In that respect, RIME takes all reasonable measures necessary to remove personal data if it appears that, in view of the provisions in section 2, the aforementioned processing purposes are incorrect or, no longer sufficient, relevant or up-to-date.
9. Data Subject Rights
RIME makes best endeavours to keep personal information accurate and up-to-date. Data subjects can request RIME to provide their personal data stored by RIME (right of access). If the information contains inaccuracies, is incomplete or irrelevant for the purpose of the processing, or otherwise conflicts with a legal requirement, data subjects can request RIME to correct, supplement or remove this data (right to rectification and the right to deletion/or expunction).
Furthermore, data subjects can execute their rights:
- to restrict the processing of their data (right to restriction of your processing);
- to a transfer of their data when their data is processed automatically and based on a contract or consent (data portability);
- to object to the processing of their data. When their personal data is being used for direct marketing they can object to the processing at any time.
If a Data Subject wants to exercise their rights, they can make a request to RIME.
10. Complaint to the Cyprus Commissioner of Personal Data Protection
If you have any complaints concerning the protection of personal data, it is possible to submit a complaint to the Cyprus Commissioner of Personal Data Protection, if it concerns the protection of personal data. This can be done via: PO Box 23378, 1682 Nicosia, Cyprus or tel: +357 22818456 or email: email@example.com.
11. How can I contact RIME?
Would you like to know more about RIME’s views on privacy? Do you have a question or a suggestion?
Feel free to contact us via: firstname.lastname@example.org or write to Rime Information Bureau Ltd, 8 Vasilios Voulgaroktonou Street, Nicosia 1010, Cyprus