This document is used exclusively within Cablenet Communication Systems PLC and part or all of it can be photocopied or printed for internal use only. A written authorization by the Policy Owner is required before this document or part of it can become available in any way or form outside Cablenet Communication Systems PLC
Having a customer-oriented philosophy, Cablenet Communication Systems PLC (referred as ‘we’, or ‘Cablenet’) seek maximum satisfaction of your requirements by offering high quality telecommunications services at the highest speeds and lowest prices.
It applies to the products and services we provide to you (such as your broadband connection, mobile, Wi-Fi, TV and fixed telephony), our support services and our websites. It applies to our subscribers and sole traders, but doesn’t apply to our employees and to the information we hold about companies or organisations.
It applies even if you’re not one of our customers and you interact with us, such as by:
- taking part in a survey or trial;
- entering a completion or promotion;
- calling our helpdesk; or
- generally enquiring about our services.
We take our responsibilities under the General Data Protection Regulation (EU) 2016/679 very seriously and as such we are committed to:
- Processing personal data openly, fairly and in accordance with applicable laws
- Inform you (either directly or in our policies) about how we will use your personal data
- Only collect personal data when we need it for legitimate purposes, or legal reasons
- Ensure that all personal data are adequate, relevant and not excessive for the purpose for which we collect them
- Avoid keeping personal data for longer than we need to
- Keep personal data secure, and limit the people who can access it
- Ensure that you know how to access your personal data and exercise your rights in relation to it, including being able to keep it accurate and up-to-date; and
- Ensure that any third parties we share personal data with take appropriate steps to protect it.
There are various instances that we collect your personal data. In some instances, you provide your data to us when you subscribe with us and in some other instances this is performed automatically through other interactions with us. Below is a list of possible ways we collect your data.
- When you create an account with us.
- When you use any of our networks – mobile, Wi-Fi or Cablenet products and services
- When you request to activate a direct debit or credit order and a reference in disputes and legal cases
- When you want to check network coverage of your residence or office
- When you request maintenance or technical support
- When you engage with us on social media.
- When you are using your online account (e.g. cablenet.me, etc)
- When you contact us by any means with queries, complaints etc.
- When you ask one of our members or staff to email you information about a product or service.
- When you enter prize draws or competitions.
- When you choose to complete any surveys we send you.
- When you comment on or review our products and services.
- When you fill in any forms. For example, if an accident happens in one of our shops, a member of our staff may collect your personal data and a member of our management may contact you as part of investigation
- When you’ve given a third party permission to share with us the information they hold about you.
- When you visit our shops which usually have CCTV systems operated for the security of both customers and Partners. These systems may record your image during your visit.
General Data Protection Regulation (EU) 2016/679 sets out a number of different reasons for which a company may collect and process your personal data, including:
In specific situations, we can collect and process your data with your consent.
For example, when you tick a box to receive email newsletters. When collecting your personal data, we’ll always make clear to you which data is necessary in connection with a particular service.
In most circumstances, we need your personal data to comply with our contractual obligations i.e. to provide to you our services at the quality level we are committed to our customers.
For example, if you have made a technical enquiry, we are contractually obliged to inform you of repair of any damage or other matters related to our services and we’ll process your name and address details to do that.
If the law requires us to, we may need to collect and process your data.
For example, we can pass on details of people involved in fraud or other criminal activity to the Police
In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests.
For example, we will use your viewing history to send you or make available personalised suggestions.
We’ll use your personal data if we consider it is in our legitimate business interests so that we can operate as an efficient and effective business. We use your information to:
- Identify, and let you know about, new products and services that interest you;
- create aggregated and anonymised information for research, statistical analysis, reporting and performance measurement of our operations;
- detect and prevent fraud; and
- secure and protect our network, shops, building and our company assets
To provide services based on terms and conditions, we’ll use your personal data to provide you with products and services. This applies when you subscribe for a service from us.
We use the following to provide products and services and manage your account.
- Your contact details and other information to confirm your identity and your communications with us. This includes your name, home phone, mobile phone, home address, ID or passport number, email address, passwords and credentials (such as the security questions and answers we have on your account).
- Your payment and financial information.
- Your communications with us, including emails, and phone calls. We’ll also keep records of any settings or communication preferences you choose.
- Information from cookies placed on your connected devices that we need so we can provide a service.
- We use this information to carry out our contract (or to prepare a contract) and provide products or services to you. If you don’t give us the correct information or ask us to delete it, we might not be able to provide you with the product or service you ordered from us.
- If you don’t pay your outstanding amounts, we might ask a debt-recovery agency to collect what you owe to us. We’ll give them information about you (such as your contact details) and your account (the amount of the debt).
We use data (name, contact details, your address and any other qualitative information) to respond to customer enquiries, diagnose problems, rectify technical issues and provide other customer care and support services. This processing is necessary for the performance of the agreement we have with you, as well as to serve our legitimate interests.
We record your calls every time you contact our call centre for quality of service, dispute management and security reasons We will always give you the choice to opt in for recording your call and we will not keep records of your call if you choose not to.
Secure our people, operations, network and services
We’ll use your personal data to help prevent and detect crime and fraud. We’ll also use it to prevent and detect criminal attacks on our network or against your equipment. We monitor traffic over our network, trace nuisance or malicious calls, and track malware and cyber-attacks.
To do that we use the following information, but only where strictly necessary.
Computer or other electronic device
- Mac Address
- IP Address
Fixed and mobile telephony
- XDR – Data Records including SMS, call logs, call duration, calling number, called number, time of call,
We use information for research and to develop aggregate analysis and business intelligence that enable us to operate, protect, make informed decisions, and report on the performance of our business.
Communication, Sales and Marketing
To display the most interesting TV content to you, we’ll use your viewing history and duration. We do so on the basis of maximising your viewing experience and entertainment.
If we are asked by law enforcement agencies such as Police, we may provide personal data to help detect and stop crime, prosecute offenders and protect national security. Any information requested will be accompanied by a Court order detailing exactly what information is being requested and for what reason.
Generally, court orders ask for the following details.
Your contact details including but not limited to your name, phone number, email address, physical address of installation, billing address, and under special circumstances your passwords and credentials (such as your security questions and answers) needed to confirm your identity and your communications with us. Your payment and financial information.
Details of the products and services you’ve bought and how you use them – including your call, browser (including IP address) and TV records.
Under the General Data Protection Regulation (EU) 2016/679 you have rights over the following rights in terms of your personal data we hold about you:
Receive access to your personal data.
This enables you to receive a copy of the personal data we hold about you. In order to receive such a copy, you must request this in writing which can be done electronically at email@example.com or by sending such requests in writing to:
Cablenet Communication Systems PLC
Data Protection Officer
41-49 Ay. Nicolaou Street
Nimeli Court, Block A ,2nd floor
2408 Engomi, Nicosia, Cyprus
Right to rectification
We rely on you to ensure that your personal data is complete, accurate and up to date. Please do inform us promptly of any changes to or inaccuracies in your personal data by contacting as above.
Right to Erasure
You may ask that we erase your information in certain circumstances (the right to erasure). In some cases, other laws or regulations require us to keep some or all of your personal data on record for a specified period. An example would be the requirement by Cyprus Police Service to retain your data for up to six months.
Right to the restriction of processing your personal data
The right to request that we restrict the processing of your information in certain circumstances. Again, there may be circumstances where you ask us to restrict the processing of your information, but we are legally required to refuse that request.
In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we have a legitimate overriding reason to continue processing your personal data.
Right to data portability
Request to receive a copy of the personal data concerning you, in a format that is structured and commonly used, and transmit such data to a third party where this is technically feasible. Please note that this right only applies to information which you have provided to us.
Right to Consent
Your Data remains yours at all times, and you have the right to withdraw the consent that you gave us with regard to the processing of your personal data at any time. Note that any withdrawal of consent shall not affect the lawfulness of processing based on consent before it was withdrawn or revoked by you.
You have the right to make a complaint with the Data Protection Commissioner if you think that any of your rights have been infringed by us.
To exercise any of your rights, or if you have any other questions about our use of your personal data, you can send us your request and our Data Protection Officer who will be happy to deal with your request without delay, and within one month however we will need to verify your identity first.
You can opt out of receiving direct marketing communications from us by following the instructions included in every email sent to you via the “Unsubscribe” tab. Alternatively you can contact our customer service desk by dialling “130” and request to be unsubscribed. We respect your choice, and we will stop sending you promotional emails once you unsubscribe.
Please note, regardless of your communication settings, we will continue to communicate with you regarding changes to terms and conditions, policy updates, routine customer service messages such as information about service interruptions, data breaches or other significant information about services you are subscribed to.
It is our Policy to never knowingly collect personal Data from anyone under the age of 16 unless we first obtain permission from the child’s parent or legal guardian.
Once we are in possession of your personal data we delicately take care of it and we use an array of technical and organisational measures to safeguard the Confidentiality Integrity and Availability of your data, based on a balance of the state of the art and the risks for your rights and freedoms.
There are occasions when we need to share your personal data with a third party data processor.
Our policy is that we will only transfer your personal data to a third party processor who complies with Cablenet’s security and data protection procedures and policies or if they put in place equivalent measures themselves, which we deem to be acceptable and are at minimum in compliance with the General Data Protection Regulation (EU) 2016/679. Furthermore, we will provide only the information they need to perform their specific services, they may only use your data for the exact purposes we specify in our contract with them and if we stop using their services, any of your data held by them will either be disposed or anonymised.
Examples of the kind of third parties we work with are:
- IT companies or cloud storage companies who support our Information Technology and other business systems.
- Operational companies such as archiving or records management companies, printers of your monthly bills, delivery couriers.
- Banks and other financial institutions.
- External legal consultants, financial Auditors and business advisors to help us with statutory and other compliance obligations.
- Direct marketing companies and market research companies who help us manage our electronic or postal communications with you and shape our products and services to serve your communication and entertainment needs and expectations to the highest standards.
- Card payment processing companies, such as JCC Payment Systems Ltd,
- Debt collection agencies who assist us in recovering outstanding amounts
For fraud management, we may share information about fraudulent or potentially fraudulent activity in our premises or systems. We may also be required to disclose your personal data to the police or other enforcement, regulatory or public authority like income tax authorities upon a valid request to do so. These requests are assessed on a case-by-case basis and take the privacy of our customers into consideration.
We might send your personal data to other companies based outside the EEA. For example, like many companies, we may use cloud services from suppliers outside the EEA. However, your Personal data will not be transferred to a country outside the EEA unless that country has adequate measures in place to ensure that your rights and freedoms are protected when your personal data is processed (stored for example). Where we transfer your information to companies outside the EEA, we will make sure that mechanisms for adequate safeguards are provided by the processor residing in countries outside EEA. Examples of such mechanisms could include:
- Country is approved by the European Union for adequacy on data protection
- The recipient company might have signed up a contract or use adequate terms and conditions obliging them to protect your information.
- The recipient is located in the US and is a certified member of the EU-US Privacy Shield scheme.
There are likely some other instances in which this principle does not apply, which include cases where we might require your consent for the transfer and we will explain to you clearly in advance all the details; Examples of such instances are:
- the transfer is necessary for the performance of a contract between us;
- the transfer is necessary for the purposes of legal proceedings or obtaining legal advice;
- the transfer is to a country which the European Commission has found to offer an adequate level of protection;
- or adequate safeguards are put in place using EU Model Contract Clauses (security addendum).
In all cases however, we will ensure that any transfer of your information is always compliant with the General Data Protection Regulation (EU) 2016/679.
We follow an internal records retention policy based on legal, business and security criteria. We will store personal data for the periods needed for the purposes for which the personal data were collected or in cases there will be requirements to be further processed. There are also occasions a law requiring us to keep it longer. Otherwise we delete it.
We will keep:
a copy of your bills for 7 years from the date of the bill;
your contact details while you have a service subscription with us and for 7 years after your business relationship is terminated with us.
details relating to any dispute for 2 years after it was closed.
Online-Payments, when available
It is safe to make payments with us online as it is Cablenet ‘s policy to protect our Customer’s privacy. This is achieved by making all Customer’s online transactions through JCC.
When you send your payment details, they are encrypted, (changed to unreadable code), on their journey between your computer or mobile device and Cablenet. This reduces the risk of interception between these two points.
When your payment details arrive they are held securely at our end. Access to your information is carefully monitored and restricted.
Cablenet will only use your card details for the payment concerned. We will not disclose card details to any third parties other than the bank, which processes them for payment.
Once your payment has been authorized, we will provide notification of this confirmation via email or letters.
We use “cookies” to monitor site user traffic patterns and site usage. This helps us to understand how our customers and potential customers use our website so that we can develop and improve the design layout and functionality of the sites.
A cookie is a small amount of data, which often includes an anonymous unique identifier that is sent to the Customer’s browser from the web sites computers and stored on the Customer’s computer hard drive.
The below table contains a list of commonly asked questions regarding the new GDPR. Cablenet is working hard to make the transition as smooth as possible for our customers and we remain available to answer any further questions you may have regarding the protection and use of your data.
For any further enquiries please contact our Data Protection Officer (DPO) via email at:
|What is PERSONAL DATA?||Any information relating to an identified or identifiable to a living individual – natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;|
|What is GDPR?||GDPR stands for the General Data Protection Regulation (Regulation (EU) 2016/679). The new European Union Regulation that replaces the current Data Protection Directive (95/46/EC) as well as the Cyprus Data Protection Law of 2001 as of 25th May 2018. The GDPR requires greater openness and transparency from companies on how they collect, store and use personal data and enhances the rights of individuals over their personal data|
|What are SPECIAL CATEGORIES of data?||Information about a person’s:
• Racial or ethnic origin;
• Political opinions;
• Religious or similar beliefs;
• Trade union membership;
• Physical or mental health or condition;
• Sexual life; or information about
• The commission of, or proceedings for, any offence committed or alleged to have been committed by that person, the disposal of such proceedings or the sentence of any court in any such proceedings.
Special categories of data can only be processed under strict conditions and will usually require the explicit consent of the person concerned.
|What is processing of personal data?||Any activity which involves the data. It includes obtaining, recording or holding the data or carrying out any operation or set of operations on the data including organizing, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transferring personal data to third parties.|
|Who is a DATA SUBJECT?||The individual the data relates to and for the purpose of this policy, data subjects include all living individuals about whom we hold personal data. A data subject need not be a Cypriot national or resident. All data subjects have legal rights in relation to their personal data.|
|DATA CONTROLLER||Cablenet is a data controller because under GDPR determines the purposes and methods of processing of personal data and|
|DATA PROCESSOR||Any individual or organisation which processes personal data on behalf of a data controller. Employees of a Data Controller are not considered to be data processors; however the definition is likely to include suppliers or service providers which handle personal data on the controller’s behalf.|
|DATA PROTECTION OFFICER (DPO)||This is the new responsibility for organisations introduced by article 37 of GDPR. DPO’s assist in the monitoring of internal compliance, inform and advise on data protection obligations, provide advice regarding data protection risks and acts as a contact point for data subjects and the supervisory authority.|
|DATA USER||Includes employees and other staff members whose work involves using personal data. Data users have a duty to protect the information they handle by following our data protection and security policies at all times.|
|PRIVACY NOTICE||A statement provided to data subjects when or before their personal data is collected which explains, what their information will be used for, to whom it may be disclosed for these purposes (particularly any external third parties) and any other information they may need to know in order to ensure that the processing is fair.|
|COMMISSIONER FOR PROTECTION OF DATA||An independent regulator who reports directly to Parliament.
The Commissioner for Protection of data is responsible for regulating and enforcing the GDPR in Cyprus and provides advice and guidance about compliance to organisations and members of the public.
|Anonymised data||Data which has had all personally identifiable information removed. Anonymised data are not covered by the GDPR|
|Aggregated data||Grouped information, which do not identify customers and they do not contain personal data. They are used for statistical analysis, reporting and research. For example the total number of calls made in a month or total number of minutes called.|
|What are Cookies?||A cookie is a piece of information, that’s stored on your computer, tablet or phone when you visit a website. It can help identify your device whenever you visit that website. Cookies are a convenient way to carry information from one session on a website to another, or between sessions on related websites, without having to burden a server machine with massive amounts of data storage.|