Protection of our Clients / Resellers / Partners Data

Registered users on my.netshop-isp.com.cy are “Clients” [Clients (Individuals or Companies) / Resellers / Partners] and unregistered users are “Visitors”. This applies to both Clients and Visitors.

This privacy policy describes NetShop Internet Services Ltd (referred to as ‘we’, ‘us’, ‘our’, ‘NetShop ISP’) current policies and practices with regard to personal data collected by NetShop ISP through its websites, my.netshop-isp.com.cy, www.netshop-isp.com.cy and other related sites, landing pages, communication and other services (hereinafter referred to collectively as “NetShop ISP websites”).

GDPR Compliance

Our team is working diligently to be compliant with the General Data Protection Regulation, GDPR, which will apply from May 25, 2018. Because of these ongoing changes in the law, and the changing nature of technology, NetShop ISP data practices will change from time to time. If and when our data practices change, NetShop ISP will post the changes on our websites to notify you of the changes. View our Roadmap towards GDPR Compliance.

How we Collect your Personal Data

Your personal data is only collected for specific, explicitly stated and legitimate purposes. NetShop ISP websites collect data to provide you with a better service. You provide some of this data, such as when you create an account in myNetShop portal my.netshop-isp.com.cy, submit the call back form, apply for a Dedicated Center Visit, or contact us for support.

Anonymous Data Collection through NetShop ISP Websites

NetShop ISP uses technology to compile statistics about our visitors and their use of our sites by collecting anonymous information about the use of our websites e.g. we track how many visitors access our websites, the length of their stay, their IP and which pages they view. This technology does not identify you personally. We also use technology to determine which web browsers our visitors use and the address from which they accessed our sites (for example, if they connected to a NetShop ISP website by clicking on one of our banner ads).

How we Use your Personal Data

NetShop ISP may use this information to contact you about your services and to inform you about services we believe will be of interest to you. If we do so, each communication we send you will contain instructions permitting you to “opt-out” of receiving future communications. Similarly, we may provide “subscription” e-mail services which enable you to receive current news about NetShop ISP and its business. For all such services, we will provide an opportunity to “opt-out” of, or cancel, the subscription.

Disclosure of Your Personal Data

NetShop ISP may share some of your personal data with third-party Vendors / Registrants in Cyprus, Malta, UK and overseas who act for or on behalf of NetShop ISP in accordance with this Privacy Policy as they may need information about you in order to perform their functions. These companies are not authorized to use the information we share with them for any other purpose. NetShop ISP and our Partners use commercially reasonable efforts to ensure protection of your data including industry-standard encryption and offline security methods in our physical facilities.

Data Process

NetShop ISP ensures that your personal data is always processed in accordance with good practice. No more personal data is processed than is necessary having regard to the purposes of the processing. All reasonable measures are taken to complete, correct, block or erase data to the extent that such data is incomplete or incorrect, having regard to the purposes for which they are processed. NetShop ISP does not keep personal data for a period longer than is necessary, having regard to the purposes for which they are processed.

Right to be forgotten

You have the right to have your personal data erased and no longer processed. If you wish to delete your account, at any time you can do so by raising a ticket to backoffice@netshop-isp.com.cy via your registered account requesting account termination. Client details will be deleted by our system and you will no longer accessing or using our Services. At this stage, it is not clear if the right to be forgotten also means removing data from backups, because certain types of storage media, for example, tapes, do not allow deleting bits of data without destroying the entire backup. Your business may also be subject to certain backup retention policies for archiving and legal purposes.

Link to Other Sites

NetShop ISP’s websites may contain hyperlinks to websites that are not operated by NetShop ISP or one of our affiliates. These hyperlinks are provided for your reference and convenience only and do not imply any endorsement of the activities of these third-party websites or any association with their operators. This privacy policy applies only to NetShop ISP’s websites.

Information and Access Policy

You have the right to obtain:

  • - Confirmation that your data is being processed
  • - Access to your personal data
  • - Update your personal data
  • - Other supplementary information (mostly the information provided in privacy notices)
NetShop ISP must provide you with a copy of the information you requested free of charge. However, we are permitted to charge a “reasonable fee” when a request is manifestly unfounded, excessive or repetitive. The fee must be based on the administrative cost of providing the information.

Dealing with your cloud storage and data protection vendor

The GDPR impose new security and contractual requirements on organizations (controllers) dealing with cloud service providers and data protection vendors such as NetShop ISP (processors).

The relationship between controllers and processors can be summarised by the following points:

  • - Cloud service providers have to offer sufficient guarantee that the service meets technical and organizational requirements of the new regulation.
  • - Service contracts between the controller and the processor prohibit the use of subcontractors without the consent of the controller.
  • - On termination of the service contract, all data must be removed from the cloud and the processor must provide sufficient proof that it has been done.
  • - Controllers have a duty to report data breach incidents to the regulatory body.