PRIVACY POLICY
FirstNet is committed to protecting customers’ privacy. This Privacy Policy describes what information and Personal Data FirstNet collects, uses and processes about its customers and/or the users of its services and how this information and Personal Data is used in the course of FirstNet’s business.
1. Customer Data
FirstNet and its sales agents collect customer data for providing and operating electronic communication services and/or products ordered by the customer. Customer’s data includes the subscriber’s (natural person) name, address, telephone number(s), id/passport number, date of birth, contact number, email address (mandatory), direct debit details (where needed), billing address, credit check (for a possible guarantee), details of guarantors, the invoices issued per service per month, including payments made and disconnections, and customer’s preferences regarding inclusion in FirstNet’s telephone directory service databases. This data is processed by FirstNet throughout the validity period of the customer’s services in order to deal with customers’ services and products, customer’s billing, customer’s complaints and/or requests and/or enquiries, or fraud related matters. The following data is not erased: (a) Data maintained for law enforcement purposes when lawfully requested to do so by a Court of law (b) Data maintained for the purposes of taxation legislation (Law 95(I)/2000 and Law 4/1978), which are maintained for a period of six (6) years, (c) Data processed for the purposes of legitimate interest (e.g an action against a customer), which are maintained until the legitimate purpose is completed (d) Payment information referring to SEPA Direct Debit payments and information referring to the corresponding invoices settled which shall be maintained for a period of thirteen (13) months as per the SEPA rules.
2. Traffic and Billing Data
FirstNet processes traffic and billing data for the purposes of providing electronic communications services and/or products to its customers, for billing purposes and for suggesting discounts, new plans/programs, rewards or benefits on such services and/or products or to comply with FirstNet’s legal obligations. This data includes numbers called, location data, date, time and period of a call, network faults, IP addresses, email addresses, internet browsing, applications and features usage of the customer. Furthermore, FirstNet takes all necessary steps to safeguard the confidentiality, integrity and availability of its network and services.Traffic and billing data is stored by FirstNet for a period of six (6) months as provided by law. After the lapse of the six (6) month period this data is erased. The following data is not erased: (a) Data maintained for law enforcement purposes when lawfully requested to do so by a Court of law (b) Data processed for the purposes of legitimate interest (e.g an action against a customer), which are maintained until the purpose is completed. FirstNet does not intercept or monitor the content of the customer’s telephone conversations. Should a customer contact FirstNet via telephone (inbound call) or FirstNet contact a customer via telephone (outbound call), the conversations are recorded according to Law 112(I)/2004, solely for the purposes of proving that the commercial transaction between FirstNet and the customer took place. These recorded conversations are stored for a period of five (5) years unless there is a disputed transaction, in which case they shall be stored until the dispute is resolved.
3. Marketing
FirstNet uses customer data, traffic and billing data for communicating and/ or promoting: (a) FirstNet’s products and services (including discounts, competitions and special promotions that may be of interest to the customer), which are similar to those ordered by the customer, with the use of an automated profiling process. (b) Personalised offers and recommendations based on how the customer uses FirstNet’s products and services, location information and browsing information, with the use of an automated profiling process. (c) Third party products and services (including offers, discounts and/or social events that FirstNet organises for its customers), in case the customer has consented to be contacted about these. These communications and/or promotions shall be in the form of calls, post, fax and any form of electronic message (including, but not limited to, SMS, MMS, video, email, or apps). FirstNet customers may choose not to receive any marketing communications from FirstNet, or have their information used for creating personalised suggestions and recommendations, by visiting FirstNet’s privacy page or by using any other opt-out method provided by FirstNet. If the customer has a multi-line account, he/she should indicate his/her opt out choice for each line. If he/she adds a line or changes a telephone number, he/she will need to update his/her privacy settings. Additionally, the customer may separately opt-in to receiving third-party marketing, either through FirstNet’s privacy page or through specific promotions.
4. Internet Applications
FirstNet customers or users who download any internet applications (“apps”) are requested to verify their account details (where applicable). In these cases, FirstNet shall process their data usage, their IP numbers, any websites visited (where applicable) and the customers’ spending amount for billing purposes. Furthermore when an internet app creates a profile on customer’s preferences, customers shall be informed about it before downloading such an app and shall have the right to object to any future profiling. In addition to FirstNet’s Privacy Policy settings, specific privacy practices apply to FirstNet apps, which are provided in the informational pages of each app in the relevant application Sites. FirstNet uses customer personal information so that apps function as expected and to eliminate errors and disruptions. Such information include which function you use within the app, for how long, the apps’ functionality features etc.
5. Cookies Policy
FirstNet’s websites collect information about customer’s browsing preferences and settings with the use of cookies (=small text files stored on software’s) in order to show them adverts or similar products or services or provide them with a better experience during their interaction with FirstNet’s products and services. Browsing preferences are anonymous and are shared with the following content organizations : Mailchimp (USA), Vanilla Forum (Canada), Google Analytics (USA), Google Ads (Ireland) and Bing search (USA).
6. General Customers’ Rights According to European Regulation 2016/679, (“GDPR”) as from 25/5/2018
6.1 Right of Access
Customers may be informed in more detail about the Personal Data FirstNet processes about them by submitting an application form by visiting FirstNet’s Privacy page at www.firstnet.cy or by email. The right of access is subject to the provisions of the Cyprus data protection legislation, and the authentication of the legal subscriber.
6.2 Right to Erasure (“Right to be Forgotten”)
Customers may request the erasure any of their Personal Data that is no longer necessary for FirstNet’s purposes by submitting an application form by visiting FirstNet’s Privacy page at www.firstnet.cy or by email. The right to erasure is subject to the provisions of the Cyprus data protection legislation and the authentication of the legal subscriber.
6.3 Data Portability
Customers may exercise the right to data portability by submitting an application form through FirstNet website or by email. Data portability is subject to the provisions of the Cyprus data protection legislation and the authentication of the legal subscriber.
6.4 Right of Updating, Rectification or Minimization of Personal Data
Customers may update their Personal Data or request the correction of any inaccurate Personal Data or data minimization, by submitting an application form at www.firstnet.cy or by email. These rights are subject to the provisions of the Cyprus data protection legislation and the authentication of the legal subscriber.
7. Information Security Measures
FirstNet maintains solid information security measures and procedures to safeguard customers’ Personal Data, in line with its legal obligations.
8. Business Products and Confidentiality
Personal Data is data related to a natural person. However, some of FirstNet’s business products,designed for business customers (companies, enterprises, public authorities, governmental departments etc), such as cloud services, may contractually (through the terms and conditions of the service) give FirstNet the right to undertake the storing and/or otherwise the processing of Personal Data related to natural persons on behalf of the business customer and upon the business customer’s written instructions. In such a case the business customer remains the Data Controller of its Personal Data and FirstNet acts only as a Processor of this Personal Data. FirstNet as a Processor is committed to maintain the confidentiality of this Personal Data subject to the business customers’ instructions, the terms and conditions of the service ordered, and FirstNet’s Information Security System (according to section.7 above).
9. Duration of Personal Data Storage
FirstNet stores customers’ Personal Data for as long as mandated by the Laws of the Republic of Cyprus and/or throughout the validity period of the customer’s contract. Certain Personal Data may be stored after the termination of the customer’s contract according to the provisions of the applicable Cyprus legislation (paragraph 2 above).
10. Contact information / Complaints
Customers can contact FirstNet for any information, any inquiry or complaint on its Privacy Policy at tel. no. 135, at the website www.firstnet.cy.
11. Definitions
15.1 “Controller”:
means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State Law.
15.2 “Personal Data”:
means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
15.3 “Processing”:
means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
15.4 “Processor”:
means a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Controller.