Logo

Privacy Policy

At Demetra Holdings PLC, we are committed to protect the privacy of the information and personal data you entrust to us and to manage your personal data in a fair and transparent manner. References in this privacy policy to “we”, “us”, “our” and “Demetra” are references to “Demetra Holdings PLC”, a Cypriot public listed company with registration number HE107777, located at 13 Limassol Avenue, 5th floor, 2112 Aglantzia, Nicosia, and shall include any and all of its subsidiaries / affiliated entities. Any references to “you” shall mean the data subject whose personal data is processed in accordance with this privacy policy.

This privacy policy describes what personal data we, as data controller may collect from you, when and why we may use this information and to whom we may disclose it. In addition, it indicates your rights in relation to your information, as well as to who you can contact for additional information or any questions you may have.

This privacy policy applies to anyone dealing with the company (including suppliers, tenants and other partners), our shareholders, job applicants and visitors of our website.

1. What type of personal data is collected and how?

The personal data we collect may, indicatively, include, but is not limited to:

  • identification information (such as name, date of birth, ID number, nationality, profession);
  • contact details (such as telephone, e-mail address, home address, country of residence);
  • financial information (such as bank account numbers, our company’s shares ownership, where appropriate, information required for complying with anti-money laundering legislative provisions);
  • business related information (information provided to us in the course of our contractual relationship with you),
  • Recruitment related information (such as professional experience, CV, training)
  • Technical information (such as IP address, the type and language of your browser, device type, access times),
  • any other similar information provided to us during the course of our relationship.

The personal data is collected, indicatively:

  • In the course of our business, such as for the purposes of renting or servicing property from or for us, transacting with us in any manner, investing or otherwise cooperating with us, providing or receiving any services to or from you;
  • Upon receipt of the register of shareholders of Demetra from the CSE’s Central Depository, who is responsible for the maintaining of the register.
  • From CCTV video surveillance systems located in our or any of our subsidiaries’ buildings.
  • For recruitment purposes: processing job applications and CVs for employment with our company.

We do not collect and / or obtain or export your personal data by observing how you interact with us with the use of cookies (small files stored in your browser) or other tracking technologies which may collect personal data.

We understand the importance of protecting minors’ privacy. Our website is not designed or intended for minors. We may process personal data of minors upon receipt of the register of shareholders of our company. Intentional collection and storage of data for children is not part of our policy. For the purposes of this Privacy Policy, “minors” are persons under the age of fourteen.

The personal data we collect is limited and necessary for the purpose of the processing and is processed with a specific legal basis.

When on this policy we refer to “our Website”, we mean the website https://www.demetra.com.cy.

2. How and why we use the personal information we retain?

We will process your personal data to the fullest extent permitted by applicable law. Usually, we will use your personal information in the following cases:

  • Performance of a service: We may use your Personal Data to provide, complete and /or administer our services;
  • Providing investor support / communicating with you: We may use your Personal Data to communicate with you for administrative or operational reasons, for example to deal with the company’s shareholders’ matters and affairs, to respond or handle any queries, requests or complaints;
  • For the interest of the company’s shareholders in general;
  • To comply with legal obligations.
  • In case you have given us your consent.
  • To sign contracts with you.
  • For recruitment purposes: to assess and evaluate your CV, in relation to a position you have applied or to an open position we may have.
  • To contact you.
  • For the purposes of safeguarding legitimate interests: in certain cases, we may need to use your Personal Data to handle and resolve legal disputes, to enforce the terms of any contract, agreement or arrangement we have with you, or to comply with lawful requests from law enforcement authorities;
  • To improve our website, products and services: We may use your Personal Data to improve your user experience while using our website, to improve the content of our communications, to improve our products and services, to customize the content of our website, in relation to announcements, information, actions, and activities that may be of interest to you, to manage any requests submitted through our website.
  • IT Security: To protect our website, online platforms, networks and software systems.
  • Physical Security: To ensure the safety of our employees and visitors at our premises and to protect our property (including but not limited to hardware and equipment).

You may withdraw your consent to any such processing at any time by contacting us at dpo@demetra.com.cy .

Please note that any processing of personal data prior to the withdrawal of your consent is not affected.

Special categories of data (sensitive data)

To the extent that we process any sensitive personal data relating to you for any of the above purposes, we will do so because either:

  • you have given your explicit consent to the processing of your information,
  • processing is necessary to comply with our obligations under employment, social security, or social protection legislation,
  • the processing is necessary for the establishment, exercise, or support of legal claims, or
  • you have made your data publicly available.

4. To whom we may disclose your information.

As part of the tasks assigned to them by Demetra as the “controller” and in accordance with the GDPR, either under a contract or other legal act, the employees and the associates of Demetra have access to your personal data, as “processors”.

We may disclose your personal data to:

  • Our professional advisors, affiliated entities, subsidiaries;
  • Third parties to the extent that such disclosure has been expressly and in writing authorized by you;
  • Third parties to the extent that the data disclosed has already entered the public domain in circumstances not engaging our liability;
  • Third parties to the extent that such disclosure is required pursuant to applicable law;
  • Third parties in the context of any judicial or other proceedings for the settlement of any dispute arising out of or in connection with any agreement with you (including a dispute relating to the existence, validity or termination of such agreement or any non-contractual obligation arising out of or in connection with such agreement), so long as the disclosure is made in good faith;
  • Third parties in the course of defending ourselves in the context of any administrative and/or disciplinary and/or civil and/or criminal proceedings anywhere in the world, to the extent that, acting in good faith and reasonably, we resolve that such disclosure is necessary for properly defending ourselves;
  • Third party providers of accounting and/or actuarial and/or auditing and/or banking and/or business consulting and/or business management/administration and/or  human resources and/or insurance and/or technology and/or legal and/or regulatory compliance and/or security (such as data security etc.) and/or tax services to us, to the extent necessary for the purposes of the provision of such services to us and provided that the relevant provider is subject to a duty of confidentiality;
  • Third parties where it is necessary to protect the vital interests of the data subject or another natural person.

To the extent that it is necessary to transfer personal data outside of the European Union, we will ensure appropriate safeguards are in place to protect the privacy and integrity of such personal data pursuant to applicable law.

Demetra does not use the information which you provide us to take any automated decision which might affect you.

Further information regarding the above transfers can be obtained by contacting the Data Protection Officer of Demetra Holdings PLC at 22 818222 or by e-mail at dpo@demetra.com.cy.

5. Protection of your personal information.

We have implemented several technical and organizational measures to ensure that your personal data is secure, accurate and up to date. These measures include:

  • Training of our staff to ensure that we know our obligations regarding the protection of privacy and the protection of personal data in their management.
  • Administrative and technical checks and controls to restrict access to personal data based on the “need to know”.
  • Technical checks and controls including protection programs, encryption and anti-virus software.
  • Physical security measures, such as special staff access to our facilities.

6. How long do we keep your data?

Demetra processes your personal data only for the period required for the purposes of the processing that is relevant to such data. The personal data shall be kept for the maximum period permitted by applicable law; we will keep your Personal Data for the purposes of complying with any legal, regulatory, accounting, reporting requirements, to provide our services and for the establishment or defence of out of court and in court legal claims.

Demetra undertakes to erase any personal data received when it is no longer required to be recorded pursuant to the applicable law.

7. Your Rights.

Under the General Data Protection Regulation (GDPR), you have rights regarding the processing of your personal data. More specifically you have the right to:

  • Access your personal data. You can request a copy of the personal data we hold about you and verify that we process it legally.
  • Request a correction of your personal data that we process. This allows you to correct any incomplete and / or incorrect data held by us.
  • Erasure. This right allows you to request the deletion of your personal data (known as the “right to be forgotten”) when there is no reason for us to continue processing it. In addition, you have the right to request the deletion of your data where you have exercised your right to object to the processing (see right to object to the processing below).
  • Object to the processing of your personal data, including profiling, when we invoke our legitimate interests (or the interests of others), but there is something special about your situation that makes you oppose the processing of that purpose. You also have the right to object to the processing of your personal data for information purposes by Demetra.
  • Restrict the processing of your personal data. With this right you can ask us to suspend the processing of your personal data if:
    • your personal data are not accurate,
    • have been used illegally but you do not want us to delete them,
    • are no longer relevant, but you want to keep them to use them for possible legal claims, or
    • you have already asked us to stop processing your personal data, but you wait for us to confirm if we have another legal basis to continue processing them.
  • Ask to receive a copy of your personal data in a structured commonly used format to transfer it on to other organizations. You can request the transfer of your personal data directly from us to another organization (data portability).
  • Revoke your consent to the processing of your personal data for specified purposes at any time. Please note that any revocation of consent will not affect the legality of the processing based on your consent or other legal basis before it is revoked by you.

Some of the data subject’s rights may not be exercised if there are reasons as stated in Article 23 of the GDPR.

To exercise any of your rights or if you have any other questions regarding the processing of your personal data by us, you may email the DPO at dpo@demetra.com.cy or write to us at:

Data Protection Officer
Demetra Holdings PLC,
13, Limassol Avenue,
5th floor,
2112 Aglantzia Cyprus

You may also use the above contact details to file a complaint regarding the processing and the protection of your personal data.

8. Right to complain.

If you are not satisfied with the way we handled your personal data or any of your questions or requests, you have the right to file a complaint with the Data Protection Authority, in particular in the European Union Member State of your residence, place of work or place of an alleged infringement, if you consider that the processing of your personal data infringes the General Data Protection Regulation (Regulation (EU) 2016/679). Τhe Office of the Commissioner for Personal Data Protection of the Republic of Cyprus is designated as the Supervisory Authority in Cyprus, with which you may get in touch by using the following link: www.dataprotection.gov.cy.

9. Changes to this privacy policy.

We may modify this privacy policy from time to time. To let you know when we make changes to this privacy statement, we will amend the revision date at the top of the first page. The new modified privacy policy will apply from that revision date. Therefore, we encourage you to periodically review this policy to be informed about how we are protecting your information.