Privacy Policy

Introduction

This is the privacy statement of Rime Information Bureau Ltd (RIME), registered in Cyprus. RIME processes personal data as part of our services. In the paragraphs below we describe which personal data we process and for what purposes. We also explain for which services we process the data and on what legal basis we are allowed to do so. The sharing of data with other parties is discussed, as well as the processing of personal data outside the EU. The security of personal data is addressed together with the retention terms. We have also detailed your rights as a data subject and how you can contact RIME.

1.1 RIME’s vision on privacy

RIME makes every effort to ensure that personal data is processed appropriately and securely. It is imperative that you have confidence in our organisation and we will do what is necessary to protect your privacy. The rules on protecting your privacy are laid down in the General Data Protection Regulation (GDPR), supervised by the Cyprus Commissioner of Personal Data Protection. Data is at the core of RIME’s business and how we serve our clients. RIME considers GDPR of the greatest importance.

What is personal data?

Personal data is defined as any data that can be traced back to a person (data subject). Examples include name, address, telephone number and account number. Sometimes we aggregate or anonymise personal data so that individuals are no longer identifiable. A data subject can be a customer, supplier, partner, employee or any other person whose personal data is processed.

1.2 From which sources do we collect personal data?

RIME uses several sources to collect personal data:

The public sources from which RIME obtain personal data include:

Public registers
Public sector information and regulatory bodies
National and international sanction lists
Company websites
Foreign equivalents of the sources mentioned under a) to d)

The non-public sources from which RIME can obtain personal data include:

The data subject, including authorised representatives;
Clients of RIME and parties with relevant business or financial relationships;
Commercial entities and their customers and suppliers;
Data suppliers

1.3 Who is the controller when processing data?

RIME is the data controller when processing personal data for the purposes such as:

Credit Management
Market Information

1.4 Who is the Data Protection Officer?

The Data Protection Officer is Costa Gregoriou. The DPO monitors compliance with privacy laws and acts as the contact with the Cyprus Commissioner of Personal Data Protection. Contact: accounts@rimeib.com.

2. For which purposes do we collect personal data?

2.1 Categories of personal data

RIME may process the following categories of personal data:

Identification data (name, company affiliation)
Contact details (email, telephone number)

Credit management

RIME supports organisations in credit management by providing business information which may contain personal data, including credit scores or credit information reports, to assist in:

identifying, verifying and/or selecting potential trading partners.
deciding whether to enter, continue or terminate commercial transactions.
establishing commercial terms under which these transactions take place, including the provision of credit or the provision of (trade) credit.
assessing creditworthiness and debt recovery opportunities.

Marketing information

RIME supports organisations by providing business information, which may include personal data, for marketing purposes.

Other purposes

Improving products and services
Providing customers with requested services
Advertising and promotion
Internal administration and record management
Recruitment and employee management.
Preventing fraud, money laundering and other financial crime
Conducting compliance checks (e.g. sanctions screening, “know your customer” processes)
Protecting RIME’s legal and financial interests

Communicating with clients and potential clients regarding services, updates and enquiries.

3. Which legal grounds does RIME rely on?

RIME processes personal data based on the following legal grounds under Article 6 GDPR:

Legitimate interest (Article 6(1)(f)): processing of personal data for the purpose of offering and providing commercial information, as well as the development of these services, is necessary in view of the legitimate interest of RIME or its client. The purpose of this processing is to enable businesses to manage their financial risks, protect against fraud, know whom they are doing business with, meet compliance and regulatory obligations and better understand organisations, industries and markets. Processing of personal data on this ground does not take place if the interests of the person whose data is being processed prevail.

RIME’s legitimate interests include:

Providing and improving products and services
Responding to enquiries and customer support
Protecting systems, data and business operations (including fraud prevention and cybersecurity)
Conducting analysis
Ensuring compliance with internal policies and risk management procedures

Consent (Article 6(1)(a)): the data subject has given clear consent. For example, a data subject completes a contact form on the website to request information about our services, Data is used only for the intended purpose and not shared externally.

Contract (Article 6(1)(b)): Processing is necessary for the performance of a contract, including providing services, managing customer relationships, handling transactions, and responding to enquiries. This applies where processing is required for the execution of a contract, such as an employment contract or a sales/customer contract.

Legal obligation (Article 6(1)(c)): data processing is necessary to comply with legal requirements.

4. Does RIME use automated processing or profiling?

RIME makes use of automatic processing when determining the credit score of an organisation. Automated processing of business data and/or personal data, combined with statistical and/or demographic data occurs when determining the credit score of an organisation. The credit score predicts whether an organisation is likely to continue trading, pays its bills on time, receives credit or whether they are subject to any specific risks. The outcome is a risk indicator. RIME does not attach legal consequences to this credit score, nor does it make any decisions about an organisation and does not tell customers whether to trade with an organisation or not.
RIME also makes use of automatic processing to determine if an organisation is a potential customer. Information is collected, including the personal contact details, and a score derived. Based on the score RIME contacts a potential client. There are no legal consequences attached to the automatic processing, nor does it affect data subjects significantly whether the potential client is contacted by RIME on the basis of the score.

5. Does RIME share personal data with other parties?

RIME does not share any internal marketing data including personal data with anyone outside the RIME Group. Marketing data may be shared within the RIME Group in the Middle East, North Africa and Mediterranean regions.

RIME’s core business is to collect business information, which may include personal data, for the provision of trade information services (commercial data). RIME shares this commercial data with:

Customers - businesses and organisations with whom RIME enters into an agreement to purchase or access data;
Entities within the RIME Group
Suppliers - businesses and organisations with whom RIME enters into an agreement to purchase or access data.

6. Does RIME transfer data outside the European Economic Area(EEA)?

RIME only transfers data outside the EEA when either the country has a sufficient level of data protection according to the European Commission or when appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

7. How does RIME secure personal data?

RIME implements appropriate technical and organisational measures to protect personal data, including access controls, internal policies and, where appropriate, encryption.

8. How long does RIME retain my data?

RIME ensures that personal data processed by RIME for the benefit of their business information services is correct, adequate, relevant and up to date. In that respect, RIME takes all reasonable measures necessary to remove personal data if it appears that, in view of the provisions in section 2, the aforementioned processing purposes are incorrect or, no longer sufficient, relevant or up to date.

9. Data Subject Rights

RIME makes best endeavours to keep personal information accurate and up-to-date. Data subjects can request RIME to provide their personal data stored by RIME (right of access). If the information contains inaccuracies, is incomplete or irrelevant for the purpose of the processing, or otherwise conflicts with a legal requirement, data subjects can request RIME to correct, supplement or remove this data (right to rectification and the right to deletion/or expunction).
Furthermore, data subjects can execute their rights:

to restrict the processing of their data (right to restriction of your processing);
to a transfer of their data when their data is processed automatically and based on a contract or consent (data portability);

to object to the processing of their data. When their personal data is being used for direct marketing they can object to the processing at any time.

10. Complaints

Complaints can be submitted to the Cyprus Commissioner of Personal Data Protection: PO Box 23378, 1682 Nicosia, Cyprus Tel: +357 22818456 Email: commissioner@dataprotection.gov.cy

11. Contact

For questions or requests: Email: accounts@rimeib.com Address: Rime Information Bureau Ltd, 8 Vasileiou Voulgaroktonou Street, Nicosia 1010, Cyprus