Privacy Statement

Jinius Privacy Statement

Jinius Ltd (referred to as ‘we’, ‘us’, ‘our’, or ‘Jinius’) is committed to protecting your privacy and handling your data in an open and transparent manner.

This privacy statement:

  • provides an overview of how Jinius collects and processes your personal data and tells you about your rights under the local data protection law and the EU General Data Protection Regulation (‘GDPR’),
  • is directed to natural persons who are either current or potential customers of Jinius, or are authorised representatives/agents or beneficial owners of legal entities or of natural persons which/who are current or potential customers of Jinius,
  • is directed to natural persons who now have or who had a business relationship with Jinius in the past,
  • is directed to any other natural persons whose personal data has been, or may in the future, be lawfully obtained by Jinius in the normal course of its business,
  • contains information about when we share your personal data with other third parties (for example, our service providers or suppliers).

In this privacy statement, your data is sometimes called “personal data” or “personal information”. We may also sometimes collectively refer to handling, collecting, protecting, and storing your personal data or any such action as “processing” such personal data.

For the purposes of this privacy statement, personal data shall mean any information relating to you which identifies or may identify you and which includes, for example, your name, address.

  1. WHO WE ARE

    Jinius is a company registered in Cyprus under registration number HE441093, having its registered office at 51 Stassinos Street, Strovolos, 2002 Nicosia. If you have any questions or wish to obtain more details about how we use your personal information, you can contact our Data Protection Officer at privacy@jinius.com.cy.

    Jinius is part of the Bank of Cyprus Group. Each entity of the Bank of Cyprus Group has its own separate privacy statement.

  2. WHAT PERSONAL DATA WE PROCESS AND WHERE WE COLLECT IT FROM

    We collect and process different types of data which we receive from data subjects or via their representative, in the context of our business relationship.

    We may also collect and process personal data which we lawfully obtain not only from you but from other entities within the Bank of Cyprus Group, or other third parties (e.g., public authorities, companies that introduce you to us, companies that process card payments such as JCC Payment Systems Ltd).

    We may also collect and process personal data from publicly available sources (e.g., the Department of Registrar of Companies and Official Receiver, the Bankruptcy Archive, commercial registers, the press, media, and the Internet) which we lawfully obtain, and we are permitted to process.

    If you are a prospective customer, or a non-customer counterparty in a transaction of a customer (e.g., remittance payment) or an authorised representative/agent of a legal entity or of a natural person which/who is a prospective customer, the relevant personal data which we collect may include:
    First name, last name, billing address, delivery address, email address, telephone number.

    When we agree to provide products and services to you or another person (for example, a legal entity for which you are the authorized representative / agent) then the personal data may be collected and processed which may include:

    Type Description
    Contact data First name, last name, billing address, delivery address, email address, telephone number.
    Financial data Financial statements, tax returns, bank account.
    Identity data First name, last name, date of birth, identity card number/passport number.
    Marketing & communication data Your preferences in receiving marketing from us and our third parties and your communication preferences.
    Profile data Username, password, purchases/orders made by you, your interests/preferences and feedback/survey responses.
    Technical data Internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access the Jinius website and web application.
    Transaction data/history Details about payments to/from you and other details of products/services you have purchased through Jinius.
    Usage data Information about how you use Jinius website/web application, products, and services.

    We also collect, use, and share aggregated data, such as statistical or demographic data for any purpose (e.g., analytics). Aggregated data may be derived from your personal data but is not considered personal data in the applicable law, as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy statement.

  3. CHILDREN'S DATA

    We do not knowingly collect data relating to children. For the purposes of this privacy statement, “children” are individuals who are under the age of eighteen (18).
     
  4. WHETHER YOU HAVE AN OBLIGATION TO PROVIDE US WITH YOUR PERSONAL DATA

    To be in a position to proceed with a business relationship with you or another person (for example, a legal entity for which you are the authorized representative / agent or beneficial owner), you must provide your personal data to us which are necessary for the required commencement and execution of a business relationship and the performance of our contractual obligations. We are, furthermore, obligated to collect such personal data given the provisions of the applicable money laundering legislation which require that we verify your identity before we enter a contract or a business relationship with you or another person. Depending on the circumstances, you might have to provide us with your identity card/passport, your full name, place of birth (city and country), and your residential address so that we may comply with our statutory obligations as mentioned above.

    Kindly note that, if you do not provide us with the required data, then we will not be allowed to commence or continue our business relationship with you or another relevant person.

  5. WHY WE PROCESS YOUR PERSONAL DATA AND ON WHAT LEGAL BASIS

    As mentioned earlier we are committed to protecting your privacy and handling your data in an open and transparent manner and as such we process your personal data in accordance with the GDPR and the local data protection law for one or more of the following reasons:
    Legal basis Description
    For the performance of a contract We process personal data based on contracts with our customers or others but also to be able to complete our acceptance procedure so as to enter into a contract with prospective customers or others.
    The purpose of processing personal data depends on the requirements for each product or service and the contract terms and conditions provide more details of the relevant purposes.
    For compliance with a legal obligation

    There are a number of legal obligations emanating from the relevant laws to which we are subject as well as statutory requirements, e.g. the Prevention and Suppression of Money Laundering and Terrorist Financing Law, Companies Law, the EU Directive on Administrative Cooperation (DAC7) for Digital Platforms.

    There are also various supervisory authorities whose laws and regulations we are subject to e.g. the European Central Bank, the European Banking Authority, and the Central Bank of Cyprus, which may issue Directives or Guidelines, which derive from Jinius being a member of the Bank of Cyprus Group. 

    Such obligations and requirements impose necessary personal data processing activitied for, among others, identity verification, customer complaints handling, creation of various registries and reports, compliance with court orders, tax laws or other reporting obligations and anti-money laundering controls.
    For the purposes of safeguarding legitimate interests

    We process personal ddata so as to safeguard the legitimate interests pursued by us or by a third party. A legitimate interest is when we have a business or commercial reason to use your information. But even then, it must not unfairly go against what is right and best for you. Examples of such processing activities include: 

    • Mantaining an internal registry of legal actions files against Jinius,
    • Sharing specific information with other entities of the group for anti-money laundering purposes,
    • Measures to determine whether Jinius' quality standards are met and to initiate actions for the improvement of service e.g. performing customer satisfaction surveys,
    • Voice recording of telephone communications for quality assurance, compliance, legal protection, employee training purposes, call routing, and gaining valuable insights, monitoring, and improving our services, quality control and performance of our systems.
    You have provided your consent Provided that you have given us your specific consent for processing (other than for the reasons set out hereinabove) then the lawfulness of such processing is based on that consent. You have the right to revoke consent at any time. However, any processing of personal data prior to the receipt of your revocation will not be affected.
     
  6. WHO RECEIVES YOUR PERSONAL DATA

    During the performance of our contractual and statutory obligations, your personal data may be provided to various departments within Jinius, but also to other companies of the Bank of Cyprus Group. Various service providers and suppliers may also receive your personal data so that we may perform our obligations and provide our services. Such service providers and suppliers enter into contractual agreements with Jinius by which they observe confidentiality and data protection according to the data protection law and GDPR.

    It must be noted that we may disclose data about you for any of the reasons set out hereinabove, or if we are authorized under our contractual and statutory obligations or if you have given your consent. All data processors appointed by us to process personal data on our behalf are bound by contract to comply with the GDPR provisions.

    Under the circumstances referred to above, recipients of personal data may be, for example:

    • Marketing companies and market research companies, including companies which assist us in performing customer satisfaction surveys,
    • File storage companies, archiving and/or records management companies, cloud storage companies,
    • Purchasing, procurement, website and advertising agencies,
    • Call centres and/or other service providers which may assist us with large scale and urgent campaigns and/or correspondence relating either to marketing or other obligations of Jinius,
       
  7. TRANSFER OF YOUR PERSONAL DATA TO A THIRD COUNTRY OR TO AN INTERNATIONAL ORGANISATION

    Your personal data may be transferred to third countries (i.e. countries outside of the European Economic Area) in such cases as e.g. if this data transfer is required by the applicable law (e.g. reporting obligation under Tax law) or you have given us your consent to do so or where Jinius uses service providers for certain tasks which they or their service providers may have their headquarters, parent companies or data centers in a third country. Processors in third countries are obligated to comply with the European data protection standards and to provide appropriate safeguards in relation to the transfer of your data in accordance with GDPR Article 46.

  8. TO WHAT EXTENT THERE IS AUTOMATED DECISION-MAKING AND WHETHER PROFILING TAKES PLACE

    In establishing and carrying out a business relationship, we generally do not use any automated decision-making. We may process some of your data automatically, with the goal of assessing certain personal aspects (profiling), to enter or perform a contract with you or another person (for example, a legal entity for which you are the authorized representative), in the following cases:
    • Data assessments are carried out in the context of combating money laundering and fraud.
    • Profiling, with the help of specialized tools, whereby your personal data, such as contact details, products and services portfolio information, transaction pattern and behaviour (including spending habits), financial background and demographic data (including family status) is processed for the purpose of developing and creating specialized products and services.

    In the rare instances that we process your personal data by solely automated means (including profiling), we shall only process your data for such purpose, if we have your explicit consent to do so.

  9. HOW WE TREAT YOUR PERSONAL DATA FOR MARKETING ACTIVITIES AND WHETHER PROFILING IS USED FOR SUCH ACTIVITIES

    We may process your personal data to tell you about products, services and offers that may be of interest to you or your business.

    The personal data that we process for this purpose consists of information you provide to us and data we collect and/or infer when you use our services, such as information on your policy transactions. We study all such information to form a view on what we think you may need or what may interest you. In some cases, profiling is used, i.e., we process your data automatically with the aim of evaluating certain personal aspects to provide you with targeted marketing information on products.

    We can only use your personal data to promote our products and services to you if we have your explicit consent to do so.

    You have the right to object at any time to the processing of your personal data for marketing purposes, which includes profiling, by contacting at any time our Customer Services Centre either in person or in writing.

  10. HOW LONG WE KEEP YOUR PERSONAL INFORMATION FOR

    We will keep your personal data for as long as we have a business relationship with you as either an individual or as an appointed representative of a legal entity, or a beneficial owner.

    Once our business relationship with you has ended, we may keep your personal data for the longest of the following periods: (i) any retention period set out in our retention policy which is in line with regulatory requirements relating to retention or (ii) the end of the period in which legal action or investigations might arise in respect of the products and services provided.

    We may keep your data for longer if we cannot delete it for legal, regulatory, or technical reasons. If we do, we will make sure that your privacy is protected and only use it for these purposes.

    For prospective customer data we shall keep your personal data for 12 months from the date that a quotation was provided to you, unless you have requested that we maintain this data for a further period as determined by yourself.

  11. YOUR DATA PROTECTION RIGHTS

    You have several rights in relation to the personal data you have shared with us. These are in line with the applicable legislation and can be summarized as follows:
    Type Description
    Right to Access You have the right to request access to your personal data that we hold including the right to be informed about the purpose of the processing and the recipients of your personal data. Provided the rights of others are not affected, we will supply to you a copy of your personal data that we hold but in doing so we may ask you to verify your identity.
    Right to Rectification You have the right to have any inaccurate personal data rectified and, considering the purposes of the processing, to have any incomplete personal data about you completed.
    Right to Erasure Under some circumstances, you have the right to the erasure of your personal data without undue delay. Those circumstances can come about when:
    • your personal data is no longer necessary in relation to the purpose for which it was collected or otherwise processed.
    • you withdraw consent in circumstances where you had previously provided it.
    • you object to the processing under certain rules of applicable data protection law.
    • the processing is for direct marketing purposes.
    • your personal data was unlawfully processed.
    The right to erasure is not absolute and exclusions include circumstances where processing is necessary for exercising the right of freedom of expression and information; for compliance with a legal obligation; and/ or for the establishment, exercise, or defence of legal claims.
    Right to Restrict Processing Under certain circumstances, you have the right to restrict the processing of your personal data. Examples of such circumstances include cases where you contest the accuracy of your personal data or our need to have access to your personal data for the declared processing purposes. If processing has been restricted on this basis, we may continue to store your personal data, but we cannot otherwise process it.
    Right to Object to Processing If we have been processing your personal data on a certain legal basis (such as legitimate interest) you have the right to object to such processing in certain circumstances. On the submission of such objection and unless we can demonstrate compelling legitimate grounds for the continuance of the processing which override your interests or if the processing is for the establishment, exercise, or defence of legal claims, we shall seize the processing.
    Right to Data Portability If the processing is carried out by automated means and the legal basis for our processing of your personal data is:

    i. consent; or

    ii. performance of a contract to which you are party; or

    iii. preparatory work at your request prior to entering a contract,

    you have the right to receive your personal data from us in a structured, commonly used, and machine-readable format, unless it would adversely affect the rights and freedoms of others.
    Right to Lodge a Complaint If you have exercised any or all of your data protection rights and still feel that your concerns about how we use your personal data have not been adequately addressed by us, you have the right to complain by contacting us via privacy@jinius.com.cy. You also have the right to complain to the Office of the Commissioner for Personal Data Protection. Find out on their website how to submit a complaint (http://www.dataprotection.gov.cy).
    Right to Withdraw Consent To the extent that the legal basis for our processing of your personal data is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.

    You may exercise any of your rights in relation to your personal data by written notice to us via privacy@jinius.com.cy.
    We endeavour to address all of your requests promptly.
     
  12. CHANGES TO THIS PRIVACY STATEMENT

    We may modify or amend this privacy statement from time to time.

    We will reasonably endeavour to notify you appropriately when we make changes to this privacy statement, and we will amend the revision date at the top of this page. We do however encourage you to review this statement periodically to always be informed about how we are processing and protecting your personal information.

  13. CONTACT INFORMATION

    You can reach our data protection officer at privacy@jinius.com.cy.
     
  14. COOKIES

    You can set your browser to refuse all or some browser cookies or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website/web application may become inaccessible or not function properly. For more information, please refer to our Cookie policy, which is available on our website.