Who We Are
Our website address is https://netshop-isp.com.cy/ (referred to as “Our Website”, “Main Website”, “Company Website”) and our Client Portal is https://my.netshop-isp.com.cy/ (referred to as “myNetShop”, “Client Portal”, “Hosting Portal”, “Billing Portal”).
1. Protection of our Clients and Partners Data
NetShop ISP will never sell your data on.
NetShop ISP will never share your data with any third party for their own marketing.
NetShop ISP will always keep your personal data secure by using strong encryption, abiding by data protection rules and by implementing good security practice.
NetShop ISP will never send you direct email marketing without your consent. Our newsletter requires you to explicitly opt-in and you are free to opt-out at any time using the unsubscribe link contained within the email.
2. GDPR Compliance
Our team is working diligently to ensure our procedures and policies are persistent with the General Data Protection Regulation (GDPR), which has been applied from May 25, 2018. Because of these ongoing changes in the law, and the changing nature of technology, NetShop ISP data practices will change from time to time. If and when our data practices change, NetShop ISP will post the changes on our websites to notify you of the changes. View our Roadmap towards GDPR Compliance.
3. What Personal Data we collect and when
Your personal data is only collected for specific, explicitly stated and legitimate purposes. NetShop ISP websites collect data to provide you with a better service.
Website Users – If you signup to myNetShop Portal to use our services, then we will collect the following information:
The same information is collected for Authorized Contacts added by the Client.
Client and Authorized Contacts information in the myNetShop Portal must be valid and added using only the Latin Alphabet. In case of invalid information, NetShop ISP reserves the right to stop Services Activation or proceed with Suspension.
Application Forms – If you apply for a Data Center Visit or a Cyprus Domain Registration we will additionally collect the following required information:
Copy of Passport/ID card
While not actively collected we may store any other personal information that you may disclose during live chat, tickets, contact forms, phone calls or emails.
Employment Candidate - If you apply for a position in the Company we will collect the following required information:
Curriculum Vitae (CV)
4. Anonymous Data Collection through NetShop ISP Websites
NetShop ISP uses technology (Cookies) to compile statistics about our visitors and their use of our sites by collecting anonymous information about the use of our websites e.g. we track how many visitors access our websites, the length of their stay, their IP and which pages they view. This technology does not identify you personally. We also use technology to determine which web browsers our visitors use and the address from which they accessed our sites (for example, if they connected to a NetShop ISP website by clicking on one of our banner ads). You can read more about this in our Cookies Policy.
5. Data Processing and Storage
The data that we collect from you is stored in the UK which is a member of the EEA (European Economic Area) but it may be processed by staff operating outside who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to the processing of this data outside of the EEA.
You acknowledge and agree that details of Your full name, address, telephone and fax numbers together with email address(es) and assigned IP Addresses may be released to the RIPE NCC to ensure that both WE and You fulfil their obligations under prevailing RIPE policies and that such data may be published in whole or in part in the RIPE WHOIS database.
6. Newsletters & Notifications
NetShop ISP contacts its clients and subscribers by e-mail, telephone and/or post for Marketing purposes such as service updates, newsletters, with invitations for events, etc.
By submitting this Form you can easily opt-in or opt-out from our Marketing mailing lists. In case of opt-out and you do not have an account created at myNetShop, your details will be deleted. If you opt-out but you are a registered client at myNetShop, we will still be contacting you but only for important notifications about your service(s).
You can also unsubscribe to our Newsletters by clicking the “Unsubscribe” link/button at the end of the email newsletter.
7. Disclosure of Your Personal Data
NetShop ISP ensures that the third-party recipient is either subject to an adequacy decision or to appropriate safeguards in accordance with the General Data Protection Regulation (Regulation (EU) 2016/679) and any other applicable legislation and that NetShop ISP has a justifiable ground for such a transfer. NetShop ISP and its Employees use commercially reasonable efforts to ensure protection of your data including industry-standard encryption and offline security methods in our physical facilities.
7.1. Debt Collection Process
NetShop ISP is under a Debt Collection Agreement and has the right to share your personal data and assign the debt collection to its Partner. The third-party will contact you, identify themselves as a debt collection agency, inform you on the amount you owe and how you can dispute the debt or seek verification of the debt. The debt collection agency is permitted to contact you by every communication system available – phone, letter, email or text message.
8. Right to be forgotten
You have the right to have your personal data erased and no longer processed. If you wish to delete your account, at any time you can do so by logging in to your myNetShop account Tab Account > Overview and click on button “Delete my account / forget my data”. If you do not have any Paid invoices, all your account details will be deleted by our system in 30 days and you will no longer be able to access or use our Services. In case of Paid invoices, the Account will be deleted 7 Years after last payment.
9. Data Retention Policy
When you purchase a service, we need to collect personal data to fulfill our legal contractual obligation, for example: so we can manage your account, to invoice and to keep financial records as per the Law requires and contact you for technical support purposes.
Clients with only Terminated services and Paid Invoices:
Once the Services of a Client are all terminated, the account is set to be Deleted along with all Invoices, Statements, Tickets, Emails, Personal Data in 84 months (7 Years) for legal purposes, as is required by Law to have a history of the financial transactions for the period of 7 years.
Clients who signed up but never ordered anything – without Paid Invoices:
These accounts will be automatically Deleted in 6 months after sign-up.
Employment Candidates and CVs:
All data collected during the employment application will be processed for recruitment purposes only and will be kept on record for a period of 6 months. During the application process, candidates can specify whether or not they wish their personal data to be on record for a longer period of time.
10. Link to Other Sites
11. Information and Access Policy
You have the right to obtain:
Confirmation that your data is being processed
Access to your personal data
Update your personal data
Other supplementary information (mostly the information provided in privacy notices)
You can download all the information we have stored about your account in machine-readable format (json). Simply login to your myNetShop account then click Account > Overview > and then scroll down to find the button ‘Download’
NetShop ISP must provide you with a copy of the information you requested free of charge. However, we are permitted to charge a “reasonable fee” when a request is manifestly unfounded, excessive or repetitive. The fee must be based on the administrative cost of providing the information.
You have the right to lodge a complaint with the Office of the Commissioner for Personal Data Protection concerning the processing of personal data.
12. How to Update/Change your Personal Data
You can update your Personal Data by logging in to your myNetShop account then click Account > Edit Details. Subsequently, you must also inform us via email at email@example.com about the Data changes so that we ensure you that the new information is updated everywhere.
13. Your Data Safety
All data we collect is done so over encrypted connections (https).
All data is stored behind state of the art firewalls, managed by our security team.
All data is access-controlled to ISO27001 standards.
All systems storing personal data have access logging.
All passwords are encoded at rest.
All systems are subject to regular penetration testing and are monitored for vulnerabilities and attacks.
14. Password Policy
To increase the security of our Client’s accounts we have set the following rules for setting your password:
Password must be at least 8 characters long
It must contain at least 1-lower (a-z) case character
It must contain at least 1-upper (A-Z) case character
It must contain at least 1-number (0-9)
Your password provides access to your myNetShop account. It is your responsibility to keep your password secure. Sharing your password and account access with unauthorized users is strictly prohibited. You must take care and prevent others from using your Account since you will be responsible for the consequences.
We reserve the right to update the current policy, at any time, with amendments which may concern new or updated legislation, or other privacy related matters.
Electronic Signature Agreements Policy
NetShop ISP utilizes the SignRequest B.V. (“SignRequest”, “Data Processor”) online signatures software to ensure that agreements or agreement related documents are safely and securely signed electronically.
What types of personal data do we process in the context of SignRequest?
Work e-mail address
Work contact telephone number
Who is the Data Controller of your data?
S.S. NETSHOP INTERNET SERVICES LTD a limited liability company, duly organised according to the Laws of Cyprus, registration number HE217340, with registered office situate at 2A Marathonos Street, Livadhia, 7060 Larnaca, Cyprus.
Execution of the processing:
- In the execution of the Assignment, the Data Processor is obliged to handle and only process the personal data in a careful manner based on the assignment of the Data Controller, in accordance with the Data Controller instructions, the DPA Agreement between the Data Processor and the Data Controller and in accordance with the GDPR.
- The Data Processor will not process the personal data for its own purpose or any other purpose other than as established by the Data Controller. The Data Processor has no control over the purpose and means of the processing of the personal data.
- The Data Processor implements appropriate technical and organisational measures to prevent loss of personal data or any form of unlawful processing. These measures shall guarantee an adequate level of protection of the personal data being processed.
- The Data Processor will at least take the following security measures:
- Encryption of digital files containing personal data
- Security of the network connection with Secure Socket Layer (SSL) technology or a similar technology
- Restriction of access to the personal data to authorised employees
- Security of the personal data in accordance with the ISO 27001 standard for the selected server (Amazon Web Services)
The Agreements are only processed and stored on Servers in Countries which are members of the EEA (European Economic Area), Ireland, Germany & the Netherlands.
SignRequest provides the option to sign a Document through other applications, such as Elasticsearch, Google G Suite, Sendgrid etc. In case of this option, the Data might be stored and processed in Servers in other locations.