top of page

Privacy Policy

Introduction

Vinaria Limited and its affiliates (referred to as “we”, “our”, or “Vinaria") recognise and respect the rights and privacy of individuals. This includes our applicants, current and former employees, suppliers and customers.

This Notice explains what we do with your personal data, whether we are considering your application for employment, continuing our relationship with you, providing you with a service, receiving a service from you, or if you are visiting our premises, restaurants or our website and mobile application for iOS, Android or Windows phone (the “Mobile apps”).

It describes how we collect, handle, and process your personal data, and how, in doing so, we comply with our legal obligations. We consider privacy to be important and we are committed to protecting and safeguarding your data privacy rights. The use of the word “processing” in this Notice is intended to include such actions as collecting, handling, using, storing and protecting your personal data.

This Notice applies to the personal data of data subjects such as yourself, our Employees, Visitors, Customers, Suppliers of goods and services, Website/Mobile apps Users (all as defined below), and others whom we may contact in order to collect more information about our Employees or those whom they have indicated as an Emergency contact (the “Data Subject”).

 

Legal framework

This Notice is written to comply with the applicable data protection legislation which includes, but is not limited to, the European Union General Data Protection Regulation (GDPR).

The company responsible for your personal Data (Data Controller)

Name: Vinaria Limited Phone: +357 24400077

Email: larnaca@vinaria.cy Address: 14 Q City Centre, D.N. Dimitriou, Larnaca, 6022, Cyprus

Data Protection Officer

Name: Matthew Hall

Phone: +357 24400777

Email: matt@vinaria.cy

 

How do we use data?

We may process personal data as part of our catering services. Such processing may include, but is not limited to, employment contracts, anti-money-laundering, risk management, document processing, marketing, procurement and catering supervision. What personal data do we collect?

 
Employees

In order to consider you for employment, or employ you, we need to process certain information about you. We only ask for or collect details that help us provide what is required as part of your application process or employment. For example, we need information such as your name, age, contact details, education details, employment history, emergency contacts, next of kin, immigration status, passport size photos, passport copies, overalls size, bank account details, utility bills and other relevant information required for the purposes of your employment or that you may choose to share with us. Where appropriate, and in accordance with local laws and requirements, we may also collect information of a more sensitive nature, such as diversity information, information related to your health, or details of any criminal convictions.

 
Customers

To enable us to communicate with you, provide you with our services and to ensure that we meet certain legal requirements such as KYC (know your customer) and AML (anti-money-laundering), we need to have certain details of yours or details of individual contacts at your organisation (such as their names, telephone numbers and e-mail addresses).

We ensure that our marketing communications to you are relevant and timely.

 

Website/Mobile apps Users

We collect a limited amount of data in order to improve your experience when using our website and mobile apps. This includes information such as name, gender, address, phone number, email address, birthday name, name day and the frequency with which you access our website/mobile apps, and the times that our website/mobile appsis most popular.

Suppliers of goods and services

We collect a small amount of information from our Suppliers to ensure that operations work properly. We need contact details of relevant individuals at your organisation so that we can communicate with you. We also need other information such as your bank details so that we can pay for the services you provide (if this is part of the contractual arrangements between us).

 

Emergency contacts

As part of due diligence and in order to protect the vital interests of our Data Subjects, we will under certain circumstances collect emergency contact details.

Visitors

When visiting our premises and restaurants, we collect the necessary personal data required for security and notification purposes. For security purposes, we also operate a Closed Circuit Television system (CCTV). The CCTV cameras only operate in common areas of our premises and restaurants and are positioned so as not to intrude on privacy. The footage is kept for no longer than two months and access is strictly regulated.

The legal bases we use for lawful processing

In order to conduct business and fulfil our legal, regulatory, and contractual obligations, we need to perform legitimate and fundamental processing activities. These are:

  1. Establishing contracts

  2. Maintaining contracts

  3. Provision of all contracted services

  4. Invoicing: remittance, payments, and collections

  5. Non-promotional communications

  6. Marketing and other promotional communications

  7. Risk management contract review

  8. Response to subject requests

  9. Performance measurement

  10. Business continuity and contingency planning

  11. Legal and regulatory obligations

  12. Responding to enquiries, requests, and complaints

  13. Employment processing

  14. Workforce planning

  15. Training and certifications

  16. Emergency communications

  17. Interacting with other organisations, industry groups, and professional associations

  18. Internal ethics reporting, security, and investigations

 

Who will access or receive the data?

We need to share the personal information we process with individuals themselves and also with other organisations. The list below contains a description of the types of organisations with which we may need to share some of the personal information we process.

  1. Agents and brokers

  2. Business associates, other professional bodies, and advisers

  3. Central and local government

  4. Claimants, beneficiaries, assignees, and payees

  5. Claims investigators

  6. Complainants, and enquirers

  7. Courts and tribunals

  8. Credit reference, debt collection, and tracing agencies

  9. Current, past, and prospective employers

  10. Customers

  11. Debt collection and tracing agencies

  12. Education and examining bodies

  13. Employment and recruitment agencies

  14. Family, associates, and representatives of the person whose personal data we are processing

  15. Financial organisations and advisers

  16. Healthcare professionals, social and welfare organisations

  17. Law enforcement and prosecuting authorities

  18. Ombudsman and other regulatory authorities

  19. Other affiliated companies

  20. Pension schemes

  21. Police forces

  22. Private investigators

  23. Professional advisers

  24. Share administrators

  25. Suppliers and services providers

  26. Survey and research organisations

  27. Unions, trade associations, professional bodies, and employer associations

The countries where data will be stored, processed and/or transferred

Your personal data we collect may be stored and processed in the EU or any other country in which we or associated third parties maintain facilities. In case we need to transfer your personal data, we will take all reasonable measures to safeguard the transfer of your personal data to third parties in a manner that complies with the applicable data protection laws.

 

How long will the data be retained?

Retention of specific records may be necessary for one or more of the following reasons:

  1. Fulfilling statutory or other regulatory requirements

  2. Evidencing events/agreements in case of disputes

  3. Operational needs

  4. Historical and statistical purposes

Where we collect personal data for which we subsequently have no use for any business purpose we will then review and may destroy such personal data at our discretion.

 

The right to withdraw consent

In situations where we request and receive your consent to perform processing, we are also obliged to stop such processing if you decide to withdraw your consent. Withdrawing consent is as straightforward as giving consent. Withdrawing consent cannot be back-dated so it has no effect on processing already performed during the period of consent.

 

The right to access, change, delete, restrict, object, request a copy

Under certain circumstances you have rights regarding your personal data. These are:

  1. Access to a copy of your personal data

  2. Object to processing that you object to

  3. Stop receiving direct marketing material

  4. Object to decisions being taken by automated means

  5. Have inaccurate personal data rectified, blocked, erased or destroyed

  6. Lodge a complaint with the relevant data protection authority

  7. Claim compensation for damages caused by a breach of the GDPR

If you are an employee, and wish to exercise any of these rights, please follow the relevant company procedure. If you are not an employee, please contact Columbia Restaurants directly.

 

What happens if the data is not collected?

Your personal data is required for communication and setting up a contractual agreement to provide employment, products, and services. Without this data we will not be able to communicate with you or enter into a contractual agreement with you. This includes both business and employment contracts. We need personal data to:

  1. Enable consensual bilateral communications

  2. Engage in pre-contractual activities

  3. Honour contractual obligations Be able to employ people

Without this data, we will not be able to perform these primary activities. Automated decision making We do not use automated decision making.

 

Cookies

A cookie is a small file placed onto internet enabled devices in order to recognise a device upon recurring visits, and in turn enable a website’s/ features and functionalities. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. Cookies may transmit information via a device’s browser with a purpose of authentication or identification via the IP address. For example, cookies enable us to identify a device, secure access to our websites, and keep track of web browsing preferences.

Cookies may also be used for recognising you as the user when you visit our website, remembering your preferences, and overall giving you a more personalised experience that's in line with your settings.

Essentially there are two types of cookies:

  • persistent cookies,

  • and session cookies

A persistent cookie helps the website (and third party applications) to recognise you as an existing user, so it is easier to return and continue your existing user experience.

Session cookies are temporary cookies that remain on your device until you leave the website.

 

When do we use cookies on our websites?

Our websites only utilise persistent cookies when any browser loads the site, essentially for keeping track and observing website visitor trends and statistics. This is applicable to various internet enabled devices, e.g. PC’s, smartphones and tablets. Cookies may also be placed in your browser when visiting our website via third party application plugins or when using third party modules on the website. This applies when using social media “sharing” tools via third party application plugins. We do not, however, have access to details regarding your social media or personal data during this process. We can only see which pages of our website have been shared collectively over social media and how many times.

The table below demonstrates the cookies that we use and explains why we use them. (...)

bottom of page