Privacy Policy of Personal Data obtained for and when completing ESG questionnaire.

This Policy provides information on how to use, share and protect the personal data of natural persons used when completing the questionnaire regarding the assessment, based on ESG criteria through the Synesgy platform, of the level of maturity in relation to Environmental, Social and Governance issues. Furthermore, it also covers the data received from the Banks for communication with each interested party for the purpose of completing the questionnaire. The protection of your personal data is very important to Us and we are committed to protect handle your Personal Data in an open and transparent manner. Through this Policy, Artemis Credit Bureau Ltd provides you, in a concise and comprehensive form, information on the data it processes, the purposes and legal basis of its processing and in general all the information required to be provided to you, as data subject, under the General Data Protection Regulation of the European Parliament and of the Council, EU/2016/679 ("the GDPR").

1. Definitions and Interpretation

In this Policy, the following terms shall have the following meanings:

"Personal Data" means any information that concerns you, as a natural person, and that can lead to your identification. In this case, it means Personal Data entered by you in the questionnaire, as well as your e-mail address transmitted to us by the banks, after obtaining your consent from them.

"Data Processing" means both the collection of Personal Data, either directly by you or by third parties, as well as any other act related to the handling of data, such as, for example, its organization, storage, use, transmission or deletion and

"We/Us" means Artemis Credit Bureau Ltd.

2. Who we are and how we can be contacted

We are Artemis Credit Bureau Ltd, a limited company registered in Cyprus under registration number ΗΕ 240932 having its registered office at 77, Strovolos Avenue, Office 501, 5th floor, 2018 Strovolos, Nicosia.

You can contact us about issues relating to personal data, including the contents of this notice, by any of the following methods:

Post: 77, Strovolos Avenue, Office 501, 5th floor, 2018 Strovolos, Nicosia

Email: [email protected]

Telephone: +357 22 454785

3. What we use personal data for

This section explains the purpose for which we process personal data as a credit bureau. More details about the types of personal data that we use for these purposes can be found in section 3 below.

3.1 Send Email

We use your email address to inform you about the possibility of completing a questionnaire for evaluation using ESG criteria through the Synesgy platform. The e-mail address is obtained from the bank or banks with which you cooperate and to which you have already given your consent to send your e-mail address.

3.2 Completion of questionnaire

When completing the questionnaire, the name, email address and telephone number of the responsible person will be requested. The above data will be kept in order to be sent to any bank that wanted to request them, provided that the bank is a member of the Association of Cyprus Banks.

4. What is the legal ground for handling personal data

The legal basis for handling your Personal Data is the legitimate interest. Specifically, the legal interest pursued by the processing of your Personal Data is the collection by Us and the transmission to the banks of the absolutely necessary data, in order to verify the compliance of your business with the ESG criteria.

5. Who we share the personal data with


We share the personal data with the banks.

Data Processors

We use third parties who provide us with services and are Processors and with whom we have entered into agreements to protect your Data. This means that they cannot perform any processing operations on your Personal Data unless we have expressly instructed them to do so and only to the extent explained in this Policy.

In addition to the above transmission of the data as mentioned above, we do not in any case grant or transmit your Personal Data to third parties. An exception is the case in which the communication of the data is required by the law and exclusively to the competent authorities.

6. Where the personal data is stored

Your data is only stored within the European Union.

Data security is very important to Us and we have taken all appropriate measures to protect your data.

Your Personal Data will be stored in a cloud provider.

In particular, your Personal Data is stored in the Azure Cloud of Microsoft in Western Europe, which acts as a provider of cloud services (cloud services) and includes an entire ecosystem with the appropriate mechanisms to control access to the infrastructure and information content.

7. How long the personal data is kept for

We will keep your personal data for as long as the invitation, questionnaire and certificate are valid, i.e. for 12 months and an additional 1 month in case there are any queries from your side.

8. Your rights in relation to the Personal Data we hold about you

8.1 As a data subject, you have the following rights under the GDPR. For the right to exercise the above rights you can use the contact details found in section 2.

8.1.1 The right to access the personal data we hold about you. This enables you, among other things, to obtain a copy of your Data that we are processing and to check that we are processing it lawfully.

8.1.2 The right to rectification if any personal data we hold about you is inaccurate or incomplete.

8.1.3 The right to erasure (right to be forgotten). This allows you to request that we delete your Data when it is no longer necessary for the purposes for which it was collected or unlawfully processed, or you have objected to the processing which it has been accepted and its deletion is required by law. It is noted that your right to deletion of Data does not apply in certain cases such as, for example, when the processing is necessary to comply with a legal obligation or to exercise or support legal claims.

8.1.4 The right to restrict the processing of your personal data. This gives you the right to object to the processing of your data when you question its correctness or accuracy, when you consider that the processing is unlawful and instead of deletion you request the restriction of processing and when we no longer need your data, but this data is required by you to exercise or support legal claims.

8.2 If you have any reason to complain about Us for the use of your Personal Data, please contact Us using the details provided in section 2 and we will do our best to assist you. You also have the right to lodge a complaint with the supervisory authority of Cyprus, which is the Office of the Commissioner for the Protection of Personal Data.

9. Whether the Personal Data is used to make automated decisions about you or to profile you

We do not use automated decision-making or profiling in relation to your Personal Data.

10. Changes to Our Privacy Policy

We may amend this Policy from time to time, in order to be always compliant with the statutory requirements and the procedures of Our business activities. In order to be informed about the most up to date version of this Policy, visit this page regularly.