Information About Us
This website (“Website”) is operated by Butos LTD ("we", "us" or "Company”) that provides this Privacy Policy ("Policy") to give you a better understanding of our practices regarding the collection, use, transfer, storage and other processing of personal data we collect about our Website visitors and customers ("you", "your").
Butos LTD determines the means and purposes of the processing of your personal data and therefore acts as the “Data Controller” in terms of the applicable data Protection Laws.
Butos LTD determines the means and purposes of the processing of your personal data and therefore acts as the “Data Controller” in terms of the applicable data Protection Laws.
Background
Please read this Privacy Policy carefully and ensure that you understand it. This Privacy Policy is intended to give you a better understanding of the personal data we collect, the reason why we collect such data, the manner in which we process this data, the entities with whom we share the said personal data, your rights in relation to the collection, processing and sharing of such data and any other pertinent matter relating to privacy and security of your personal data.
We understand that your privacy is important to you and that you care about how your personal data is used and shared online. We respect and value the privacy of everyone who visits our Website and will only collect and use personal data in ways that are described here, and in a manner that is consistent with our obligations and your rights under national and international laws and regulations.
Under the applicable laws, we are required to comply with personal data protection and processing procedures to ensure that your data is at all times stored and processed securely and that your rights as a data subject are observed and protected. We take these obligations very seriously and have implemented adequate technical and organizational measures to ensure protection of your privacy.
All processing of your personal data performed by us as envisaged in this Privacy Policy shall be carried out in line with the following laws and regulations, as well all binding acts amending or implementing the same (“Data Protection Laws”):
• the Cypriot Law providing for the Protection of Natural Persons with regard to the Processing of Personal Data and for the Free Movement of such Data of 2018 (Law 125(I)/2018), as well as any other subsidiary legislation issued under the law, as may be amended from time to time; and
• Regulation (EU) 2016/679 of The European Parliament And of The Council of 27 April 2016 On The Protection of Natural Persons With Regard to The Processing of Personal Data And On The Free Movement of Such Data, And Repealing Directive 95/46/EC (General Data Protection Regulation);
• Any other law or regulation that is applicable to Our processing of personal data.
We understand that your privacy is important to you and that you care about how your personal data is used and shared online. We respect and value the privacy of everyone who visits our Website and will only collect and use personal data in ways that are described here, and in a manner that is consistent with our obligations and your rights under national and international laws and regulations.
Under the applicable laws, we are required to comply with personal data protection and processing procedures to ensure that your data is at all times stored and processed securely and that your rights as a data subject are observed and protected. We take these obligations very seriously and have implemented adequate technical and organizational measures to ensure protection of your privacy.
All processing of your personal data performed by us as envisaged in this Privacy Policy shall be carried out in line with the following laws and regulations, as well all binding acts amending or implementing the same (“Data Protection Laws”):
• the Cypriot Law providing for the Protection of Natural Persons with regard to the Processing of Personal Data and for the Free Movement of such Data of 2018 (Law 125(I)/2018), as well as any other subsidiary legislation issued under the law, as may be amended from time to time; and
• Regulation (EU) 2016/679 of The European Parliament And of The Council of 27 April 2016 On The Protection of Natural Persons With Regard to The Processing of Personal Data And On The Free Movement of Such Data, And Repealing Directive 95/46/EC (General Data Protection Regulation);
• Any other law or regulation that is applicable to Our processing of personal data.
What Does This Policy Cover?
This Privacy Policy applies to the processing of your personal data by us in the context of:
• Your use of the Website;
• Your use of our services;
• Our communication with you;
• The processing of any of your queries;
• The Company's compliance with legal requirements we are subject to;
• Any other relationship with you that is not covered by a separate privacy policy or privacy notice.
• Your use of the Website;
• Your use of our services;
• Our communication with you;
• The processing of any of your queries;
• The Company's compliance with legal requirements we are subject to;
• Any other relationship with you that is not covered by a separate privacy policy or privacy notice.
Data Protection Principles
We are committed to ensure that the personal data we use, collect, process about you will be:
• Used lawfully, fairly and in a transparent manner;
• Collected for specified, explicit and legitimate purposes, and not further processed in a manner that is incompatible with such purposes;
• Adequate, relevant and limited to what is necessary in relation to those purposes;
• Accurate and kept up to date;
• Kept only as long as necessary for those purposes;
• Kept securely.
• Used lawfully, fairly and in a transparent manner;
• Collected for specified, explicit and legitimate purposes, and not further processed in a manner that is incompatible with such purposes;
• Adequate, relevant and limited to what is necessary in relation to those purposes;
• Accurate and kept up to date;
• Kept only as long as necessary for those purposes;
• Kept securely.
Categories of Personal Data
The paragraphs below outline the categories of personal data which we process, including the following:
Personal and Contact Information - This type of data may include your full name, email address, telephone/mobile number, postal address, the company you represent and your title, date of birth, photos, our communication with you, your interaction with our social media resources. We obtain this data from you when you contact us, either by using the contact form or social features on the Website or by other means.
Service data - This type of data may include information on the services you order and/or obtain from us, information on your appointments, your feedback, and similar. We obtain this data from you when you order, subscribe to, or receive our services.
Cookie data - This type of data may include your activity on the Website and on the Internet in general, the pages you visit, the links you click on, and other similar activities, traffic data, GeoIP location, information from your browser, computer or mobile device when you access or use our Website, device and network information. This information is obtained and processed through cookies – please see our Cookie Policy for more details.
Other information you provide to us - This includes any other data you choose to share with us.
We do not perform any automated decision making or profiling using your personal data.
Personal and Contact Information - This type of data may include your full name, email address, telephone/mobile number, postal address, the company you represent and your title, date of birth, photos, our communication with you, your interaction with our social media resources. We obtain this data from you when you contact us, either by using the contact form or social features on the Website or by other means.
Service data - This type of data may include information on the services you order and/or obtain from us, information on your appointments, your feedback, and similar. We obtain this data from you when you order, subscribe to, or receive our services.
Cookie data - This type of data may include your activity on the Website and on the Internet in general, the pages you visit, the links you click on, and other similar activities, traffic data, GeoIP location, information from your browser, computer or mobile device when you access or use our Website, device and network information. This information is obtained and processed through cookies – please see our Cookie Policy for more details.
Other information you provide to us - This includes any other data you choose to share with us.
We do not perform any automated decision making or profiling using your personal data.
Purposes of processing of Personal Data
The Company uses and otherwise processes personal data to the extent necessary or appropriate for the following purposes:
Purpose
Legal basis
Delivering our services
The legal bases for processing personal data in this context are performance of a contract (Art. 6.1(b) GDPR) and our legitimate interests (Art. 6.1(f) GDPR). Our legitimate interest in this case is to deliver our services to our customers’ satisfaction.
Developing our business
The legal basis for processing personal data in this context is our legitimate interest (Art. 6.1(f) GDPR). Our legitimate interest in this case is to develop and improve our business and our Website by responding to your queries, providing you with information on our offers, industry events and other news and products of ours and of our affiliates that may interest you, improving our Website and our services, analyzing performance of our Website, publishing your feedback to our services.
Delivering targeted advertising
The legal basis for processing personal data in this context is your consent (Art. 6.1(a) GDPR), which you are free to give, modify or withdraw via a consent management solution (cookie banner) published on our Website.
Security reasons, including ensuring the security of company-held information, company's systems, detecting fraudulent or illegal behavior, etc
The legal bases for processing this data are our legal obligation (Art. 6.1(c) GDPR) and legitimate interests (Art. 6.1(f) GDPR). Our legitimate interests in this case are protection of Company's property and that belonging to third parties, enforcing our policies and keeping the safety of our services, employees and end-users.
Complying with applicable laws, including labor and employment laws and judicial or administrative orders
The legal base for processing this data is the performance of our legal obligations (Art. 6.1(c) GDPR).
Conducting legal disputes - If the Company receives a notice of legal proceedings for actions taken by you or a third party, or the Company initiates such legal proceedings
The legal base for processing this data is the performance of our legal obligations (Art. 6.1(c) GDPR) and our legitimate interests (Art. 6.1(f) GDPR). Our legitimate interests in this case are to establish and defend our legal claims.
If there are circumstances where the Company considers it needs to process personal data for a purpose that is not compatible with the purposes above, we will provide you with an updated notification regarding such new purpose (or seek your express consent if necessary).
Your Rights
As a data subject, you have the following rights under the applicable data protection laws, which this Policy and our use of personal data have been designed to uphold. Please contact us at sales@buton.com for more information, or to exercise these rights.
• You have the right to be informed about our processing and use of your personal data and the right to access your personal data we process;
• You have the right of rectification if any of your personal data we process is inaccurate or incomplete;
• You have the right to be forgotten – i.e. the right to ask us to delete your personal data we process;
• You have the right to restrict the processing of your personal data, and the right to object to us using your personal data for particular purposes, e.g. for marketing purposes;
• You have the right to data portability (obtaining a copy of your personal data to re-use with another service or organization). We will provide such copy free of charge unless the request is manifestly unfounded or excessive, where in such case a reasonable fee for administration costs may be charged;
• You have the right to lodge a complaint with the relevant Data Protection Supervisory Authority should you feel that any of your rights have been impinged by us. Without limiting this right, we kindly ask you to attempt to resolve any issues you may have with us directly, prior to lodging a complaint;
• You have certain rights with respect to automated decision making and profiling. You have the right to obtain human intervention in the process of automated decision making, to express your point of view and to contest the decision.
Kindly note that the above rights are not absolute. There are instances where applicable law or regulatory requirements allow or require us to refuse your request. In addition, in certain instances, your personal data may have been destroyed, erased or made anonymous in accordance with our record retention obligations and practices.
In addition, note that you are responsible to update the Company if there are any changes or inaccuracies in your personal data.
• You have the right to be informed about our processing and use of your personal data and the right to access your personal data we process;
• You have the right of rectification if any of your personal data we process is inaccurate or incomplete;
• You have the right to be forgotten – i.e. the right to ask us to delete your personal data we process;
• You have the right to restrict the processing of your personal data, and the right to object to us using your personal data for particular purposes, e.g. for marketing purposes;
• You have the right to data portability (obtaining a copy of your personal data to re-use with another service or organization). We will provide such copy free of charge unless the request is manifestly unfounded or excessive, where in such case a reasonable fee for administration costs may be charged;
• You have the right to lodge a complaint with the relevant Data Protection Supervisory Authority should you feel that any of your rights have been impinged by us. Without limiting this right, we kindly ask you to attempt to resolve any issues you may have with us directly, prior to lodging a complaint;
• You have certain rights with respect to automated decision making and profiling. You have the right to obtain human intervention in the process of automated decision making, to express your point of view and to contest the decision.
Kindly note that the above rights are not absolute. There are instances where applicable law or regulatory requirements allow or require us to refuse your request. In addition, in certain instances, your personal data may have been destroyed, erased or made anonymous in accordance with our record retention obligations and practices.
In addition, note that you are responsible to update the Company if there are any changes or inaccuracies in your personal data.
Personal Data Storage, Security and Retention
Personal data processed by us is protected using industry standard security processes and systems. We store your personal data within the European Union, on encrypted hard drives and/or with certified data centers. We use secured https protocol for communication between the website and your browser. Our secure servers protect all information using advanced firewall technology. In addition, we limit access to your personal data to those employees and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality. Despite the best practices we employ, no party can warrant absolute security of your Internet connection. Any data sent via the Internet may be transmitted across international borders even where sender and receiver of information are located in the same country. We cannot be held responsible for anything done or omitted to be done with your personal data before such personal data reaches us.
We do not process your personal data for any longer than is necessary for the purposes of processing for which it was first collected, except as otherwise permitted or required by applicable law or regulatory requirements. Your personal data will be retained for as long as we have a relationship with you (for example, delivering services to you, communicating with you, evaluating employment opportunity, etc.) and up to one (1) year thereafter. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. Regarding your personal data used to provide you with information on our offers, industry events and other news and products of ours and of our affiliates that may be of interest, such data will be processed until you indicate that you no longer wish to receive such information from us.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
We do not process your personal data for any longer than is necessary for the purposes of processing for which it was first collected, except as otherwise permitted or required by applicable law or regulatory requirements. Your personal data will be retained for as long as we have a relationship with you (for example, delivering services to you, communicating with you, evaluating employment opportunity, etc.) and up to one (1) year thereafter. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. Regarding your personal data used to provide you with information on our offers, industry events and other news and products of ours and of our affiliates that may be of interest, such data will be processed until you indicate that you no longer wish to receive such information from us.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Sharing your Personal Data
We may share your personal data with competent authorities having jurisdiction over us. Such disclosures will only be made when permitted or required pursuant to applicable data protection laws and/or other legislation applicable to us.
We may share your personal data with other companies in our corporate group – our parent companies, subsidiaries, and sister companies. These companies, as our processors, will process your personal data on our behalf on the grounds and for the purposes listed in this Policy. We may share your personal data with other selected third parties, including:
• Third party service providers: entities we engage to assist us in our business, IT and related services’ providers and their sub-processors, such as service providers contracted to store your personal data, subcontractors, enterprise resource planning and record management tools;
• Affiliated companies and business partners;
• Recruitment agencies: for the purpose of recruitment and assessing your fitness for a specific role
• Business transactions: we may share your personal data if we enter into a business transaction such as a merger, acquisition, reorganization, bankruptcy, or sale of some or all of our assets. Any party that acquires our assets as part of such a transaction may continue to use your data in accordance with the terms of this Policy.
• Governmental authorities and regulatory bodies: to meet local statutory requirements e.g. tax authorities, regulatory registration bodies, etc., such as with governmental agencies and authorities and regulators, social organizations, courts and other tribunals, to the extent permitted or required by applicable law.
• External advisors: our lawyers, advisors, auditors, consultants who we may engage from time to time to advise on any matter which requires them to gain access to personal data.
These third party service providers have access to personal data as needed to perform their functions, but they are not permitted to use it for other purposes. To ensure your personal data is secured, the Company exercises appropriate due diligence in the selection of such service providers and enters into contractual obligation requiring such service providers to maintain adequate technical and organizational security measures to safeguard the personal data, and process the personal data only as instructed by the Company (as applicable).
It may be required to transfer your personal data to service providers, authorities and affiliates in jurisdictions that are outside of the European Economic Area. The data protection and other laws of these countries may not be as comprehensive as those of the European Union. In these instances and where applicable, the Company is taking ongoing measures to ensure that such service providers and affiliates have implemented appropriate safeguards to protect the security of personal data. This includes standard contractual clauses that have been approved by the European Commission or in conducting of the transfer subject to an EU Commission adequacy decision. Your personal data will never be shared with third parties for their own marketing purposes (unless you give your explicit consent thereto).
We may share your personal data with other companies in our corporate group – our parent companies, subsidiaries, and sister companies. These companies, as our processors, will process your personal data on our behalf on the grounds and for the purposes listed in this Policy. We may share your personal data with other selected third parties, including:
• Third party service providers: entities we engage to assist us in our business, IT and related services’ providers and their sub-processors, such as service providers contracted to store your personal data, subcontractors, enterprise resource planning and record management tools;
• Affiliated companies and business partners;
• Recruitment agencies: for the purpose of recruitment and assessing your fitness for a specific role
• Business transactions: we may share your personal data if we enter into a business transaction such as a merger, acquisition, reorganization, bankruptcy, or sale of some or all of our assets. Any party that acquires our assets as part of such a transaction may continue to use your data in accordance with the terms of this Policy.
• Governmental authorities and regulatory bodies: to meet local statutory requirements e.g. tax authorities, regulatory registration bodies, etc., such as with governmental agencies and authorities and regulators, social organizations, courts and other tribunals, to the extent permitted or required by applicable law.
• External advisors: our lawyers, advisors, auditors, consultants who we may engage from time to time to advise on any matter which requires them to gain access to personal data.
These third party service providers have access to personal data as needed to perform their functions, but they are not permitted to use it for other purposes. To ensure your personal data is secured, the Company exercises appropriate due diligence in the selection of such service providers and enters into contractual obligation requiring such service providers to maintain adequate technical and organizational security measures to safeguard the personal data, and process the personal data only as instructed by the Company (as applicable).
It may be required to transfer your personal data to service providers, authorities and affiliates in jurisdictions that are outside of the European Economic Area. The data protection and other laws of these countries may not be as comprehensive as those of the European Union. In these instances and where applicable, the Company is taking ongoing measures to ensure that such service providers and affiliates have implemented appropriate safeguards to protect the security of personal data. This includes standard contractual clauses that have been approved by the European Commission or in conducting of the transfer subject to an EU Commission adequacy decision. Your personal data will never be shared with third parties for their own marketing purposes (unless you give your explicit consent thereto).
Contacting Us
If you have any questions about this Policy, please contact our Data Protection Officer (DPO), by email at sales@buton.com or by post at Viktoros Ougko 8, 2107, Nicosia, Cyprus. Please ensure that your query is clear, particularly if it is a request for information about the data we process.
Changes to Our Privacy Policy
We may change this Privacy Policy from time to time. Please note that changes will be immediately posted on the website and will be deemed to have been accepted on your first use of the website following the alterations in the Privacy Policy. We recommend that you check this page regularly to remain up to date with any changes.
Scroll to top