1. Field of Scope
2. Categories & Types of Collected Data
A. Sole Proprietorships’ Commercial and Financial Data: trading name, communication data, history, premises, staff number, activity, imports & exports information, customers, suppliers, represented firms, other commercial relationships, cooperating banks, participations in other legal entities, net sales figures, balance sheet, P&L accounts, business plans, management
B. Companies’ Trading Activity Data: company’s identification data (i.e.: name, Tax Registration No., registered address, sector, legal form, date of establishment)
C. Companies’ Financial Data: company separate & group consolidated financial statements and interim financial statements, comprising of: balance sheet, P&L accounts, cash flow, changes on equity, notes, independent auditors’ report, BoD or administration report (exclusively for financial statements)
D. Companies’ Transactional Data: secure charges
E. Companies’ Commercial Data: business name, communication data, history, premises, staff number, activity, imports & exports information, clientele, suppliers, represented firms, other commercial relationships, cooperating banks, participations in other legal entities, net sales figures, shareholder/partner structure, administration structure, management, business plans
F. Ιndividuals Personal & Identification Data: first name, last name, identification card No., passport No., date of birth, address, occupation, nationality
G. Individuals Data Concerning Relationship with Legal Entities: shareholder/ partner relationship, administrative relationship, participation in Board of Directors, management relationship
H. Lawyers: name, surname, occupation, e-mail, address, phone number, fax
I. Accountants: name, surname, occupation, e-mail, address, phone number, fax
J. Companies’ Contact Details: e-mail, address, phone number, fax, website
K. Candidates: CV details: name/surname, postal address, contact details (including e-mail address, mobile phone number, academic qualifications, working experience, hobbies, interests, references)
L. Website Visitor/Client Data: internet protocol address (ΙΡ), browser type and the operating system
Declaration Regarding The Processing of Personal Data By ICAP (by its capacity as Data Controller and Processor – in accordance with the General Data Protection Regulation EU 679/2016)
Why will ICAP process my Personal Data (PD)?
ICAP provides products and services containing commercial and financial information about legal entities and sole proprietorships on the basis of the intended purpose, such as described in paragraph 6 hereof. Their contents vary depending on the type and purpose of the provided service of ICAP. The lawful basis of the data processing is ICAP’s legitimate interest and in some instances the consent of the data subjects.
In addition ICAP may collect personal data of candidate employees who are interested in working with ICAP for the sole purpose of examining the possibility of a future collaboration – employment. The legal basis for the aforementioned data collection is the consent of the data subject who provides the necessary information.
Information automatically collected when visiting and interacting in the Website: We inform you that your personal data and information that are collected and processed when you manage your account in the Website, are appropriate to the purpose for which they are collected and are required for the processing of your inquiries, applications and the use of ICAP Services.
In particular, when visiting and interacting with the Website, certain information may be automatically collected, such as:
● your computer’s Internet protocol address (ΙΡ)
● the type of browser and the operating system
More specifically ICAP’s website employs the use of various types of cookies. For a full description on the types of cookies used and the data collected through them, you may read our cookies policy.
ICAP does not manage, collect or process geolocation data, which are collected and processed exclusively by the companies providing operating systems for each device you use (in case of use of iOS-Apple Inc or in case of android – Google Inc). ICAP does not have access to the positioning refresh rate of GPS.
3. Data Collection Points
1) General Commercial Registry (Department of the Registrar of Companies and Official Receiver, Cyprus) – B, C, D, E, F, G
2) Internet (corporate sites) – A, B, C, E, G, J
3) Cyprus Stock Exchange Website – B, C, E, J
4) Sole Proprietorships – A
5) Chambers of Commerce and Industry – B, E
6) Google research (websites) – H, I
7) Social Media – A, J
8) Candidate employees – K
4. Recipients & Transfer of Data to Third Parties
ICAP reserves the right to disclose the data subject’s personal data to any member of its affiliate/subsidiary companies (parent company and its subsidiaries) or other third parties to the extent it is reasonably necessary for the purposes determined in this notice and in particular:
5. Personal Data Retention Period
The data retention period depends on the lawful basis of processing, as set out in detail below:
6. Legitimate Interest – Intended Purpose – Lawful Basis for Data Processing
ΙCAP within the framework of the general business activity according to the above and the pursuit of its statutory objectives, among which it is the collection, management, and provision of commercial and financial information (business information) regarding the transactors’ evaluation of the creditworthiness and the promotion of its business activity for the assessment of the credit risks and the resolution of transactions, has created and maintains a database, which is daily updated with economic and commercial information in terms of economic units details. ICAP processes and stores the said data within the E.U.
Moreover, in cases where the Clients register and use the Website and Services of ICAP (including those offered by www.icapb2b.gr or through the Application they will be requested to provide certain personal data. The data processing in this instance, is deemed necessary for the conclusion of a contract with ICAP, as well as for the use of the aforementioned applications, Services and Websites. Indicative personal data requested by the Clients in order to register and enable the use of the Services are the following: full name, company title, company vat number, registered address, corporate e-mail, country of registration.
7. Rights of the Data Subjects
You may exercise, as the case may be, the rights deriving from the applicable Cyprus Legislation and the General Data Protection Regulation (Regulation (EU) 2016/679) which are as follows: (a. the right of information (article 13), b. the right of access (article 15), c. the right to rectification (article 16), d. the right to erasure “right to be forgotten” (article 17), e. the right to restriction of processing (article 18), f. the right to data portability (to receive your personal data in a structured and commonly used format – article 20 where applicable) and g. the right to object (article 21) which applies to certain data processing activities
8. Data Processing by ICAP
In some instances, our clients provide their business data, such as customer, supplier or third parties’ data – which may contain personal data (who may refer to individuals or companies) – within the framework of provision of our services. In such cases, ICAP shall operate as the “Processor” of the personal data, which are included in the said business data. Consequently, in those cases different provisions of the GDPR 679/2016 shall apply, with which we comply.
Additionally, ICAP applies throughout the data processing procedure, the appropriate technical, physical, and administrative security measures for the protection and security of the personal data from loss, misuse, damage or modification, unauthorised access and disclosure, in compliance with article 32 of the GDPR 679/2016, in order to ensure the appropriate security level against those risks. Those include, among others, as the case may be: a) application of encryption protocols b) the ability to ensure confidentiality (article 90 GDPR 679/2016), the integrity, availability, and resilience of processing systems and services on an ongoing basis, c) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident, d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing. Moreover, ICAP shall take measures so as to ensure that any physical person acting under the authority of the data controller or of the processor, who has access to personal data, shall not process those data except on instructions from the data controller and limits access to your personal information to authorised employees.
Indicative security measures applied by ICAP are as follows:
● ICAP maintains a dedicated information security team that plans, implements and provides surveillance of our information security program
● The company controls the security and functionality of its products and services before they are introduced to the Internet, for any vulnerabilities in technology
● The company performs ongoing infrastructure checks to detect weaknesses and potential intrusions, vulnerabilities in systems etc.
● The company uses https protocols for secure and encrypted client communication with ICAP
● The company uses the open standard protocol to access Lightweight Directory Access Protocol (LDAP) directory services and uses encrypted passwords
● The company uses a Secure Sockets Layer (SSL) certificate to create an encrypted connection between the web server and the Client’s browser
● The company protects its Web Sites by presenting a Web Application Firewall and an IDS/IPS Firewall in-front of the Web Servers
● The company operates an ISMS – Information Security Management System to reduce Cyber-Security Risks.
We use the information we obtain to produce scores and ratings such as ICAP’s Failure and Delinquency Scores, ICAP’s Maximum Credit etc. We may also carry out customized profiles for our customers. We use highly developed scoring models and algorithms, based on previous similar circumstances, adverse events and economic forecasts to produce a score.
We recommend to our customers to interpret and use our scores by their own standards. Our customers may choose to use our scores individually or combine the scores with other information available to them. Their decision making will be based around whether to insure or market to, extend credit, acquire, trade or partner with a business entity. Our scores predict the probability of default and/or bankruptcy whether a business is likely to continue trading, pay its bills on time, receive credit, whether they would be likely to purchase a product or service, where they benchmark within their industry or whether they are subject to any specific risks. We do not make any decisions for an organization – nor do we maintain blacklists and we do not encourage our customers to decide whether to trade with an organization.
10. Submission of Complaint – Appeal
● For any issue regarding the processing of your personal data, you may contact us via e-mail at, firstname.lastname@example.org
● Moreover, you shall always be entitled to contact the Office of the Commissioner for Personal Data Protection, which may accept the submission of relevant complaints in writing at its protocol in its offices at Iasonos 1, Postal Code 1082, Nicosia, Postal address P.O.Box 23378, 1682 Nicosia or by e-mail (email@example.com) in accordance with the instructions indicated on its website.
● If you no longer wish to receive newsletters from ICAP, please send an e-mail by visiting the link ‘Newsletter’ at ICAP Web Site or follow the unsubscribe instructions included in each relevant email/communication.
This policy may be renewed from time to time, due to amendments to the related legislation or change to the corporate structure of ICAP. Thereby, we encourage the Clients to periodically visit this site so as to be informed regarding recent information of privacy practices. In any case, the Clients may be informed by e-mail or a notice in our Website regarding any amendments to this policy.