Version: 2.0
Last modified: May 10, 2024
Introduction
We respect your privacy and are committed to protecting your personal data when you use our website (https://gr8.tech/) including any mobile or a device-specific version of the website, and our official representations on social media (together the “Website”). Personal data refers to any information from which an individual can be identified.
This Privacy Notice does not cover our data practices related to our processing of your personal data as:
- A candidate whose personal data is used during the recruitment process;
- An employee or contractor of GR8 Tech.
These processing activities are governed by other privacy notices, which will be provided to you in a timely manner.
Table of contents:
- Who we are
- Our data protection officer
- How is your personal data processed?
- What personal data we process
- How we use your personal data
- How we share your personal data
- International data transfers
- Data security
- Data retention
- Your data protection rights
- Automated decision-making
- Changes to this Privacy Notice
- Contacting us
Who we are
There are a number of companies within GR8 Tech group, including parent and ultimate holding companies, affiliates, subsidiaries, and business units (“we”, “us”, “our”). Any of these companies within GR8 Tech group may access your personal data.
The data controller, responsible for determining how your personal data is processed, is Ater-Tech Limited (reg. no. ΗΕ 445116).
You can contact us:
- By mail to: Iakovou Tompazi 1, office 101, Limassol, 3107, Cyprus;
- By email to: [email protected].
Our data protection officer
If you have any questions about this Privacy Notice or want to know more about how we handle your personal data, please contact our data protection officer (DPO):
- By mail to: Iakovou Tompazi 1, office 101, Limassol, 3107, Cyprus;
- By email to: [email protected].
How is your personal data collected?
In most cases, we collect personal data directly from you. For example, when you fill out forms or communicate with us via mail, phone, email, chat, or other channels. This includes the personal data you provide when you subscribe to our newsletter or inquire about our solutions and services, or during attendance at offline events.
When you interact with our Website, we may collect information from your device, including details about the device’s hardware and software, usage of the Website, traffic data, IP address, etc.
In certain cases, we may collect information about you from third parties or publicly available sources such as analytics providers, public media, social media platforms, advertising service providers, providers of data feeds, etc.
You are not legally required to provide us with your personal data. However, if you do not provide certain information when requested, we may be unable to proceed with your inquiry (for example, we may not be able to enter into a contract with you if you do not provide us with the company name). Providing us with complete and accurate information is crucial.
What personal data we process
We may process the following categories of personal data about you.
| Categories of personal data | Types of data |
| Identity and Contact Data | Name, position, contact details such as your phone number, email address, messenger, etc. |
| Communication Data | Communications via our Website, including our chat, email, phone, messengers, and our official representations on social media platforms. |
| Business Data | Company name, business industry, solutions and services you are interested in, records of registration, legal status, and any regulatory references. |
| Device Data | When you access our Website, we collect information from your device, which includes details about the device's hardware and software, how you use the Website, traffic data, IP address, etc. |
| Usage Data | This information may pertain to you, your preferences, or your device, and is collected during your interactions with our website. While it typically does not directly identify you, it can improve and personalize your browsing experience. Details about the use of cookies and other tracking technologies are provided in the cookie notice on our Website. |
How we use your personal data
We will use your personal data for the following purposes and related lawful bases:
| Purpose of processing | Categories of personal data | Lawful basis |
| To provide you with the information, solutions and services that you request from us | Identity and Contact Data Communication Data Business Data | Legitimate interests (e.g., to respond to your inquiries) Contract |
| To manage our relationships with you and carry out our obligations arising from any contracts we enter into with you | Identity and Contact Data Communication Data Business Data | Contract Legitimate interests (e.g., to provide customer support) |
| To make suggestions and recommendations about solutions or services that may be of interest to you | Identity and Contact Data Communication Data Business Data Usage Data | Legitimate interests (e.g., to run our business more effectively) |
| To detect and prevent fraud and other illegal activities, including undertaking necessary security checks. | Identity and Contact Data Business Data | Legal obligations Legitimate interests (e.g., to protect our business and manage risks) |
| To administer and protect our business and the Website | Identity and Contact Data Business Data Device Data | Legitimate interests (e.g., for provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganization or group restructuring) |
| To develop and improve our Website, solutions and services, to enhance marketing, customer relationships and experiences | Communication Data Device Data Usage Data | Legitimate interests (e.g., to define types of partners and clients for our solutions and services, to keep our Website updated and relevant) |
| For intra group data sharing such as sharing personal data with other entities within GR8 Tech group | Identity and Contact Data Communication Data Business Data Device Data Usage Data | Legitimate interest (e.g. for business operations purposes) |
| To contact you and provide you with direct marketing communications. We will only do this in line with your preferences and you can opt-out of receiving such communications at any time. | Identity and Contact Data Communication Data | Legitimate interests (e.g., to notify you of solutions or services that are similar to those which were the subject of a previous sale or negotiations of a sale with you) |
How we share your personal data
6.1. Sharing your personal data within GR8 Tech group
Your personal data will be shared with companies within the GR8 Tech group, in compliance with applicable data protection laws and the provisions of this Privacy Notice, for the following purposes:
- Ensuring uninterrupted business processes;
- Effectively managing human resources;
- Obtaining legal, compliance, or financial assistance;
- Fulfilling our regulatory obligations;
- Conducting reporting and overseeing group activities;
- System maintenance support and hosting of data;
- For the continuity of business in the event of a merger or takeover.
Entities within the GR8 Tech group are required to implement appropriate technical and organizational measures, including security measures, to safeguard your personal data.
6.2. Sharing your personal data with our service providers
We may share your personal data with our service providers. We enter into contracts with our service providers and ensure they take good care of your personal data. We engage service providers for the following services:
| Categories of providers | Purpose of sharing |
| IT and data storage services | To store data and documents and facilitate both internal and external communications |
| Marketing and sales services providers | To manage our partners and clients, communicate with you (for example, via chat), and send you marketing notifications and offers |
| Electronic signature services | To facilitate the electronic signing and sending of documents |
| Data analytics providers | To measure and understand our audience, tailor our marketing services, improve your website experience |
| Audit, legal, and compliance services | To obtain expert advice and services from consultants, lawyers, accountants, and other professional service providers |
6.3. Sharing your personal data in other circumstances
We may share your personal data under the following circumstances:
- When mandated by applicable law or regulation, such as disclosures to governmental, regulatory, or enforcement authorities;
- To comply with a court order;
- To protect ourselves and/or in connection with legal proceedings; and
- During negotiations of a takeover, purchase, merger, or sale of assets, and in accordance with such transactions.
International data transfers
As a multinational business, we collaborate with service providers in various countries, including those outside the European Economic Area (EEA) and the United Kingdom (UK). To ensure an adequate level of data protection, we implement the following measures:
| Transfer mechanism | Description |
| Adequacy decision | We may transfer personal data to a third country that has received an official determination of “adequacy” from the relevant regulatory authorities. For more information about “adequacy decisions” for the EEA, click here. For more information about “adequacy regulations” for the UK, click here. |
| Appropriate safeguards | We establish appropriate safeguards by using binding, standard data protection clauses adopted by the relevant regulatory authorities. These clauses are enforceable by data subjects within the United Kingdom and/or the European Economic Area. For more information about the Standard Contractual Clauses for the EEA and UK, click here. For more information about the international data transfer addendum and international data transfer agreement for the UK, click here. |
| Derogations | Depending on the circumstances, we may also collect and transfer personal data based on specific derogations, such as explicit consent from the data subject, the necessity of performance under a contract involving the data subject, important public interest reasons, or the establishment, exercise, or defense of legal claims. |
If you want further information on the specific transfer mechanism used by us when transferring your personal data, please contact us at [email protected].
Data security
We implement appropriate security, technical, and organizational measures to protect your personal data against theft, loss, or unauthorized access. We limit access to your data on a genuine business need-to-know basis. If you suspect that your personal data has been compromised, please contact us immediately for investigation. We have established procedures to address potential data security breaches and will inform you and any relevant regulator of a suspected breach, as legally required.
Data retention
We do not retain your personal data longer than necessary. The duration for which we keep your personal data varies depending on many factors. To determine the appropriate retention period for personal data, we consider the volume, nature, and sensitivity of the personal data, the risk of harm from unauthorized use or disclosure, the processing purposes, and whether these purposes can be achieved by other means, along with legal requirements.
When determining the relevant retention periods for your personal data, we will take into account factors including:
- Our contractual obligations and rights in relation to the information involved;
- Legal obligations under applicable law;
- Our legitimate interests (e.g., to protect our business against potential legal claims);
- Guidelines issued by relevant data protection authorities.
For instance, the default data retention period for most processing activities is 3 years. If we enter into a contract with you, we may retain your information further for a period of time specifically required by applicable regulations or laws, such as retaining the information for tax and accounting record keeping obligations.
When we no longer need to keep your personal data, we delete or anonymise it in accordance with applicable security standards, so it can never be linked back to an individual. You can request information about the retention period applicable to you by contacting us at [email protected].
Your data protection rights
Under the applicable data protection laws, you have the following rights regarding your personal data:
| Privacy right | Description |
| Right to access | You have the right to obtain confirmation that your personal data is processed and to obtain a copy of your personal data. |
| Right to rectification | You have the right to ask us to rectify data you think is inaccurate. You also have the right to ask us to complete data you think is incomplete. |
| Right to erasure | You have the right to ask us to delete your personal data in certain circumstances. |
| Right to restriction of processing | You have the right to ask us to restrict the processing of your personal data in certain circumstances but we need to verify whether we have overriding legitimate grounds to use it. |
| Right to object to processing | You have the right to object to processing if we are able to process your data based on our legitimate interests. Please note that in some cases, we may demonstrate that we have legitimate grounds to process your data which override your rights and freedoms. |
| Right to data portability | You have the right to ask that we transfer the information you gave us from one organization to another, or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated. |
| Right to withdraw consent | When we rely on consent to process your personal data, you have the right to withdraw your consent at any time. |
| Right to complain | You can lodge a complaint about the way we process your personal data with the relevant data protection authority, particularly in the country where you habitually reside, work, or believe an infringement has occurred. We ask that you contact us at [email protected] in the first instance to allow us the opportunity to address your concerns. |
You are not required to pay any charge for exercising your data protection rights. We have one month to respond to you. Please contact us at [email protected] if you wish to exercise your data protection rights. We may need to request specific information from you to confirm your identity before complying with your request.
Automated decision-making
Automated decision-making takes place when an electronic system uses personal data to make a decision without human involvement. We do not use automated decision-making which produces legal effects concerning you or similarly significantly affects you.
Nevertheless, under the applicable data protection laws, you have the right to not be subject to a decision based solely on automated processing, without human involvement, that has a legal effect or significantly affects you. This right allows you to request the involvement of one of our employees or representatives in the decision-making process.
Changes to this Privacy Notice
We may, from time to time, change or update this Privacy Notice. All changes to this Privacy Notice will be published on this page. We recommend that you revisit and read this Privacy Notice regularly to ensure that you are up-to-date. In case of substantial changes to this Privacy Notice, we will take additional steps to ensure you are aware of them.
Contacting us
If you have any questions or comments about this Privacy Notice or want to know more about how we use your personal data, please contact our data protection officer (see section 2).
