Privacy Policy

Respecting the right to privacy of those who entrusted Griner Finance Ltd, we would like to declare that we process the data collected in accordance with applicable regulations and under conditions ensuring their security.

In order to ensure the transparency of the processing that we carry out, we present the current Griner Finance Ltd, the principles of personal data protection, established on the basis of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as “the GDPR”).

Data Controller

The Controller, i.e. the entity deciding on the purposes and means of personal data processing is the Griner Finance Ltd which is a private company limited by shares incorporated in the Republic of Cyprus under registration number HE 346624, with its registered address at 82, Archiepiskopou Makariou III, 1st Floor, 4003 Mesa Geitonia Limassol, Cyprus and using the trade name of Griner. In matters related to the processing of your personal data, you may also contact us by e-mail at: dpo@griner.in

Data acquisition and purpose of processing

In the performance of our business functions, we process personal data for the following purposes:

Purpose of processing	Legal basis and retention period	Legitimate objective, if any
Conclusion of the contract and performance of the contract with the customer, legitimate interests of the Controller.	Article 6(1)(b) and (f) GDPR For the duration of the contract, and at the end of the contract until the expiry of claims arising therefrom, in principle 3 years, maximum 6 years.	Griner Finance Ltd in connection with actions taken to conclude the agreement or its execution, contacts the employees/cooperators of clients and contractors for a justified purpose.
Dealing with complaints.	Article 6(1)(b) and (c) GDPR - For a period of 3 years after the settlement of the complaint.	N/A
Recovery of debts or defense against legal claims	Article 6(1) (b) and (f) GDPR - For the duration of the proceedings for the assertion of claims, i.e. until they are finally concluded, and in the case of enforcement proceedings until the claims are finally satisfied.	The Controller, in connection with the assertion of claims or defence against any legal claims, any litigation, may process the data of employees/cooperators of customers or contractors for a legitimate purpose.
Archiving of documents, i.e. contracts and settlement documents	Article 6(1)(c) GDPR - For the periods indicated by law, or, if not indicated for certain documents, for the period until their storage falls within the legitimate objective of the Controller regulated by the time of possible redress.	N/A
Conducting marketing activities without using electronic means of communication	Article 6(1)(f) GDPR - Until you object, i.e. show us in any way that you do not want to stay in contact with us and receive information about our actions.	Conducting marketing activities to promote our business.
Conducting marketing activities using electronic communication means	Article 6(1)(a) and (f) GDPR - These activities, due to other applicable regulations, are in some instances carried out on the basis of the consents held. Until such time as you withdraw your consent, i.e. show us in any way that you do not wish to remain in contact with us and receive information about the actions we take, and after it is revoked for the purpose of demonstrating that we have properly fulfilled our legal obligations and in connection with potential related claims (up to 6 years after withdrawal of consent).	Conducting marketing activities to promote our business using e-mail addresses and telephone numbers.
Conducting recruitment	Article 6(a), (b), (c) and (f) GDPR - Up to 6 months from the end of the recruitment process, and in the case of consent to further recruitment processes no longer than one year.	The Controller without the additional consent of the data subject may store the data of candidates for work who have not been recruited until 6 months after the end of the recruitment process based on the legitimated interest of the Controller due to the fact that the employed employee/co-employee may not prove himself/herself at the position or may resign.
Human resources management – employees and associates	Article 6(1)(a), (b), (c) and (f) GDPR Article 9(2)(b) GDPR - In accordance with the applicable regulations obliging to archive labor law, social security, tax or other employment documents. If the period of storage of selected documents is shorter, the Controller will observe this shorter period. In the case of commercial contracts, these contracts will be kept until the expiry of the limitation periods for filling claims arising from them.	The processing for CCTV purposes is made under the legitimate interest of the Controller.
Money laundering and terrorist financing	Article 6(1)(c) of the GDPR - The processing of data is necessary to fulfil a legal obligation to the Controller. Pursuant to applicable regulations on preventing money laundering and financing terrorism, obliged institutions shall keep the documentation concerning the client as specified in the applicable laws.	N/A

If the time limits for the assertion of possible claims are shorter than the periods for storing settlement documents for tax purposes, we will keep these documents for the time necessary for tax and settlement purposes as specified in the applicable regulations.

Data recipients

In the course of the performance of our contractual and statutory obligations your personal data may be provided to various departments within Griner Finance Ltd.

Various service providers and suppliers may also receive your personal data so that we may perform our obligations and provide our services. Such service providers and suppliers enter into contractual agreements with Griner Finance Ltd by which they observe confidentiality and data protection according to the data protection law and GDPR. It must be noted that we may disclose data about you for any of the reasons set out hereinabove, or if we are legally required to do so, or if we are authorized under our contractual and statutory obligations or if you have given your consent. All data processors appointed by us to process personal data on our behalf are bound by contract to comply with the GDPR provisions.

By way of example Griner Finance Ltd will disclose your personal data to the following entities:

state bodies or other entities entitled under the law, supervisory and other regulatory and public authorities, in as much as a statutory obligation exists. Some examples are the Central Bank of Cyprus, the income tax authorities, criminal prosecution authorities,
entities supporting us in our activity on our behalf, in particular: suppliers of external information and communication systems supporting our activity, platform and technology providers, entities auditing our activities, KYC and identity document verification service providers,
for our anti-money laundering process, such as credit reference agencies, commercial and credit information companies,
an entity providing accounting services or entities cooperating with Griner Finance Ltd as part of marketing campaigns, where such entities will process data on the basis of an agreement with Griner Finance Ltd and exclusively in accordance with its instructions,
banks, cards schemes, Gateway Service Providers, in the event of the need to carry out settlements,
External legal consultants,
Fraud prevention agencies,
External expert consultants whose assistance is required with respect to specialised investigations conducted for internal audit purposes,
File storage companies, archiving and/or records management companies, cloud storage companies.

Rights regarding the data processing and voluntary submission of data

Each person whose data is processed by Griner Finance Ltd is entitled to:

access to their personal data,
to correct their personal data,
delete their personal data,
restrict processing of their personal data,
to object to the processing of their personal data,
to transfer their personal data.

Moreover, the person whose data is processed by Griner Finance Ltd has the right to lodge a complaint with the supervisory authority, i.e.:

Cyprus – the Office of the Commissionaire for Personal Data Protection. For more information, please access the address: http://www.dataprotection.gov.cy/dataprotection/dataprotection.nsf/home_el/home_el?opendocument

Do you have to provide Griner Finance Ltd with your personal data?

In order to be in a position to proceed with a business relationship with you or another person (for example, a legal entity for which you are the authorized representative / agent or beneficial owner), you must provide your personal data to Griner Finance Ltd which are necessary for the required commencement and execution of a business relationship and the performance of our contractual obligations. Griner Finance Ltd is furthermore obligated to collect such personal data given the provisions of the money laundering law which require that Griner Finance Ltd verifies your identity before we enter into a contract or a business relationship with you or another person. Depending on the circumstances, you might have to provide us with your identity card/passport, your full name, place of birth (city and country), and your residential address so that we may comply with our statutory obligation as mentioned above.

Kindly note that if you do not provide us with the required data, then we will not be allowed to commence or continue our business relationship with you or another relevant person.

For the rest (in particular for the purpose of data processing by Griner Finance Ltd for marketing purposes) the provision of data is voluntary, see also below

How we treat your personal data for marketing activities and whether profiling is used for such activities or any other related activities

We may process your personal data to tell you about products, services and offers and related benefits that may be of interest to you or your business.

The personal data that we process for this purpose consists of information you provide to us and data we collect and/or infer when you use our services, such as information on your transactions. We study all such information to form a view on what we think you may need or what may interest you. In some cases, profiling is used, i.e. we process your data automatically with the aim of evaluating certain personal aspects in order to provide you with targeted marketing information on products. Examples of where profiling is used is where with the help of specialized tools we utilize personal information such as contact details, products and services portfolio information, transaction pattern and behaviour (including spending habits), financial background and demographic data (including family status), in order to direct our marketing of products and services to you and possible related benefits having in mind your specific circumstances.

We can only use your personal data to promote our products and services to you if we have your explicit consent to do so or, in certain cases, if we consider that it is in our legitimate interest to do so.

You have the right to object at any time to the processing of your personal data for marketing purposes, which includes profiling, by contacting at any time your personal banker or any branch of the Bank either in person or in writing.

Transfers of data to third countries

The provision of services by Griner Finance Ltd may require the transfer of personal data to entities providing services to Griner Finance Ltd in other countries, including countries outside the European Economic Area. In case of transfer to countries which do not provide an adequate level of personal data protection, Griner Finance Ltd applies safeguards in the form of standard data protection clauses adopted by the European Commission. The data subject has the possibility to obtain a copy of his or her data.

Processing of personal data by automated means

Your personal data may be processed in an automated manner (including profiling).

Changes to this Privacy Statement

We may modify or amend this Privacy State from time to time.

We will reasonably endeavor to notify you appropriately when we make changes to this Privacy Statement and we will amend the revision date at the bottom of this page. We do however encourage you to review this statement periodically so as to always be informed about how we are processing and protecting your personal information.

‍