Privacy policy

Your privacy is important to us. Please take time to read our Privacy Statement ("Policy") as it sets out important information relating on how we handle your personal information.

KGH Limited ("KGH", "we", "us" or "our") is committed to the privacy and secure processing of any personal data it processes in regard to the provided services, which may include provision of services for various banking activities, in an open and transparent manner. We are highly committed to the collection and processing of this personal data in full compliance with the General Regulation on the Protection of Personal Data of the European Union (Regulation 2016/679) ("the Regulation") and the legislation in force in Cyprus that governs the collection and processing of Personal Data of Individuals (Law 125(I)/2018).

What is the definition of Personal Data

Personal data is any information that relates to an identified or identifiable living individual (data subject). Different pieces of information, which collected together can lead to the identification of a particular person also constitute personal data.

An identifiable natural person (data subject) is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person), such as your first and last name, identity number, e-mail address, address and province, contact number, education details and training records, employment Data, financial and / or banking Data, photographs and videos, as well as other Data related to cookies, online identifiers, demographics and other (online) contact Data, etc, always in regards to the relationship we have with you.

Our role under the Regulation

Under the Regulation, KGH is the Data Controller or might be joint Controller under specific agreements, for all the personal data it maintains and processes. As a Data Controller, we may be allowed to collect, maintain and process the personal data of all customers and collaborators.

Depending on our business relations, we may act as a Data Processor. Where we act as a Data Processor we shall process personal data as per the means and purposes defined by the Data Controller, under strict supervision and legal clauses.

We’re committed to protecting and respecting your privacy.
We will:

• always keep your personal data safe and private
• never sell your personal data
• allow you to manage and review your marketing choices at any time

How we collect Personal Data

We may collect your Personal Data:

• directly from you
• through third parties in the standard course of the business we do, in order to provide you with the service you requested
• through our Company website, when you contact us directly to report an issue or via our Contact Us form
• through our associates and collaborators.

Types of Personal Data Collected

We collect and use several types of data for the individuals we co-operate with, including Data by which subjects may be identified ("data subjects"). Further to other means of collection, we may collect and use the following:

• Data that you provide by filling in forms, in particular at the time of first contact with us.
• Data when you report a problem with our Website/ service.
• Records and copies of your correspondence (including e-mail addresses)
• Employment data when you have an employee relationship with us or contact us through email for an employment opportunity.
• Data that you provided your Bank for the provision of specific services, such as the promotion of new banking services, upon your explicit consent.

Purposes for Which We Use Your Personal Data

In general, we might process your personal data for following purposes:

• Provision of services: to provide you with the services for the provision of specific banking services we promote;
• Customer management: to manage your account, to provide you with customer support and with notices about your account and about changes to the product/services we offer to you;
• Functionality and security: to detect, prevent, and respond to actual or potential fraud, illegal activities, or intellectual property infringement;
• Compliance: to enforce our Terms and Conditions and to comply with our legal obligations as these derive from the applicable laws or our regulators;
• Advertising: following explicit consent to communicate with you about products or services that may be of interest to you;
• Public functions: in the exercise of official authority such as public functions and powers that are set out in the Law and/or to perform a specific task in the public interest that is set out in law.
• For any other purpose with your explicit consent.

Please note that we may collect some personal information and use it inside our site(s) and services, where we anonymise some of the data. For example, we receive standard information that your browser sends to every website you visit, such as your IP address, browser type and access times. This type of information is collected for purely internal purposes such as marketing analysis or demographic studies and is used solely to improve KGH site and Services to better address our users' needs.

Disclosure of Your Personal Data

We shall not share your Personal Data with third parties except as indicated below:

• Affiliates. We share of Personal Data with our affiliates to the extent this is necessary for the purposes of provision of services, customer management, customization of content, advertising (if you have consented) security and compliance, or to the extent you have provided your consent.
• Service providers. We use and work with third party service providers and our trusted Business Partners to provide application development, hosting, website, infrastructure, maintenance, backup, payment processing, customer relationship management, marketing, accounting, human resources, business intelligence and analytics, data enrichment, customer support and other services for us. These service providers may have access to or process your information for the purpose of providing those services for us. Please note that some of our third parties may be located in countries which may be outside of your location. We have taken all reasonable steps to ensure that they comply with the current data protection regulations.

We may also disclose your Personal Data to other third parties, including official authorities, courts, or other public bodies:

• In response to a subpoena or similar investigative demand, a court order or other judicial or administrative order, or a request for cooperation from a law enforcement or other government agency; to establish or exercise our legal rights; to defend against legal claims; to comply with applicable law or cooperate with law enforcement, government or regulatory agencies; or to enforce our Website terms and conditions or other agreements or policies; or as otherwise required by law (including responding to any government or regulatory request). In such cases, we may raise or waive any legal objection or right available to us, in our sole discretion.
• To the extent a disclosure is necessary in connection with efforts to investigate, prevent, report or take other action regarding illegal activity, suspected fraud or other wrongdoing; to protect and defend the rights, property or safety of our company, our users, our employees, or others; to maintain and protect the security and integrity of our Service or infrastructure.

How We Store Your Personal Data

To bring you our Services, we operate both within the European Economic Area (EEA) and also outside the EEA. In order to do so, your personal information may be transferred to, and processed in countries other than the country you live in, outside of your home country. These countries may have laws different to what you’re used to. Rest assured, when we disclose personal data to a third party in another country, we put strict safeguards in place to ensure your personal data remains protected.

When your personal information is transferred outside the EEA, it will only be transferred to countries that have been deemed to provide adequate protection for EEA information, or to a third party where we have approved transfer mechanisms in place to protect your personal information – i.e., by entering into the European Commission’s Standard Contractual Clauses.

Retention of Personal Data

We generally retain your information only as long as reasonably necessary to provide you the Services or to comply with applicable law. However, if you request that we delete your data, we will also delete your data from out Services unless we are required to retain the data according to applicable law. Please note that we must also keep certain records we hold for you, such as records related to financial reporting and compliance reasons, or for the continuation of service provision (if you haven’t executed your right of erasure). For further Data regarding specific retention periods please contact us at gdpr@kgh.com

Legal Bases for Collection, Use and Disclosure of Your Personal Data

There are different legal bases that we rely on to collect, use and disclose your Personal Data, namely:

• Performance of contract: The use of your Personal Data for purposes of providing our Service, customer management and functionality and security as described above is necessary to perform the services provided to you under our Terms and Conditions and any other contract that you have with us.
• Compliance with legal obligation: We are permitted to use your Personal Data to the extent this is required to comply with a legal obligation to which we are subject.
• Protection of your vital interests: The processing of your Personal Data is necessary to protect your vital interests, if you are physically or legally incapable of giving consent.
• Protection of our legitimate interests: The processing of your Personal Data is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data, in particular where the data subject is a child.
• Consent: We will rely on your consent to use (i) your Personal Data for marketing and advertising purposes; (ii) your Personal Data for other purposes when we ask for your consent and for which the purpose of the process does not relate to the Service we offer to you.

Your Rights related to the Regulation

Subject to the provisions of the General Data Protection Regulation (GDPR), you have the following rights in regard to your Personal Data:

• Right of Access. You have the right to access your own Personal Data, and also you have the right to request a copy of your personal data that is maintained and processed by us.
• Right of Rectification. You have the right to request the correction of any incomplete and / or inaccurate personal Data we hold for you.
• Right to Erasure. You have the right to request the deletion of personal Data only if one of the following reasons is true:
  1. Personal Data are no longer necessary in relation to the purposes for which they were collected or processed.
  2. If the processing is based on your consent and you have withdrawn this consent, which identifies this processing in accordance with Articles 6.1.a and 9.2.a of the Regulation and if no other legal basis for processing applies.
  3. If you object to processing in accordance with Article 21.1 of the Regulation and there are no compelling and legitimate reasons for processing.
  4. If your personal Data have been processed illegally.
  5. If personal Data should be deleted in compliance with a legal obligation under EU law to which our Company is subject to.
  6. If the personal data has been collected in relation to the provision of referred to in Article 8.1 of the Regulation.
• Right to Object. You have the right to oppose the processing of your Personal Data at any time and for reasons related to a specific situation, unless there are compelling legitimate reasons for processing that override your interests, rights and freedoms.
• Right to Restriction of Processing. You reserve the right to request the restriction of processing of your Personal Data so that we may no longer process the specific Data until the restriction is lifted (for example, the data have been corrected).
• Right to Data Portability. You have the right to request the transfer of your personal data, that you have provided to our company. These data will be given to you in a format that is structured, widely used and machine readable and, in certain cases you may also have the right to request for us to send the Data to another organization, provided that such a transfer is technically feasible.
• Right to Object and Automated Individual Decision-Making (Including Profiling). You have the right to request that we do not make any decision, regarding you, solely on the basis of automated processing, including profiling, only in the case that this decision has legal or significant consequences on you.

Please note, these rights are not absolute, and, in some cases, they are subjected to conditions as defined by Law. If you have any questions in regard to the kind of personal data we hold for you, or if you want to exercise any of your personal data rights, please send a written request to the email gdpr@kgh.com or to our postal address provided at the bottom of this Privacy Policy. However, we reserve the right to reject any requests for access or for imposing restrictions or other claims if required or permitted by the law.

Choices About How We Collect, Use and Disclose Your Personal Data

We strive to provide you with choices regarding the Personal Data you provide us. Please note that you can choose not to provide us with certain Personal Data, but that may result in you being unable to use certain services. We may send you other types of transactional and relationship communications via email, such as service announcements, administrative notices, and surveys, without offering you the opportunity to opt out of receiving them as these are related directly to your relationship with us.

If you provided Personal Data, you may terminate your relationship with us at any time as per the provision of the between us agreement or engagement. If you choose to do so, your Personal Data will be deleted in accordance with our retention policy.

Automated Decision-Making

By using our services, you expressly consent to the automated decision-making and profiling practices described in this clause. This clause explains how your data may be used to make automated decisions and create profiles that could influence your experience with our services. We may use algorithms, data analysis, and artificial intelligence to make decisions that impact your access to certain features, services, or benefits. These decisions may be based on various factors, such as your usage patterns, preferences, and interactions with our platform. You have the right to obtain human intervention, express your viewpoint, and seek a review of any automated decision that significantly affects you. To initiate this process, please contact our designated privacy contact (provided in our privacy policy).

Profiling

We may create profiles using automated processes to analyze your behaviors, interests, and preferences. These profiles help us tailor our services to your needs and preferences. You can opt out of being subjected to profiling by contacting us through the methods provided in our privacy policy. Keep in mind that this may impact the personalization of services we offer you.

Data Protection

Your personal data used in automated decision-making and profiling will be processed in accordance with applicable data protection laws and regulations. We implement measures to ensure the accuracy and security of your data throughout these processes.

Information and Updates

We may update our practices from time to time. Any significant changes will be communicated through our privacy policy and, when required, through direct communication channels.

How We Protect the Security of Your Personal Data

Rest assure! We take all appropriate security technical and organisational measures (including physical, electronic and procedural measures) to safeguard your Personal Data from unauthorized access, unlawful use, intervention, modification or disclosure under the requirements of the Regulation.

No Rights of Third Parties

This Privacy Policy does not create rights enforceable by third parties or require disclosure of any Personal Data relating to users of the Website.

Changes to Our Privacy Policy

We may modify or revise our Privacy Policy and subsequent processing as they are reflected in this note, privacy policy from time to time. Although we may attempt to notify you when major changes are made to this Privacy Policy, you are expected to periodically review the most up-to-date version found at our website https://keabank.com/home so you are aware of any changes, as they are binding on you.

No Error Free Performance

We do not guarantee error-free performance. We will use reasonable efforts to comply with this Privacy Policy and will take prompt corrective action when we learn of any failure to comply with our Privacy Policy. We shall not be liable for any incidental, consequential or punitive damages relating to this privacy policy.

Contact Data

If you have any questions about this privacy policy or our Data-handling practices, please contact us at gdpr@kgh.com. You may also contact us at KGH Consultants, 30 Costa Anaxagora Str., Storikon Building, Flat 102, 2014 Nicosia, Cyprus.

Submission of a Complain: If you feel that your concerns in regard to the use of your personal data or any of your data protection rights have not been address by us, you have the right to contact us at gdpr@kgh.com and submit a complain. You also have the right to submit a complaint with the Personal Data Protection Commissioner’s Office, https://www.dataprotection.gov.cy.

Last Modified date: 10 August 2023