Privacy Notification

This website is operated by CSRC International Ltd, Strovolou, 47, 4th Floor, 2018 Strovolou, Nicosia, Cyprus ("we" or "us"). This notice describes how we process your personal data in connection with this website.

1. What data we process about you

In the course of your visit to this website, we will collect the following information: The date and time of accessing a page on our website, your IP address, the name and version of your web browser, the website (URL) that you requested before calling this Website, certain cookies (see point 2 below) and the information you provide yourself by:

  • completing the contact form (your name and email address)

You can also submit any type of information (even personal information) using our FAQ form or the Message field on our Contact form. These fields were not intended for this purpose, therefore please make sure you don’t disclose more information than it is actually needed for us to answer your request.

There is no obligation to actually disclose any information that we ask you to submit on our website. However, if you do not, you will not be able to use all features of the Website.

2. Cookies

On this website so-called cookies are used. A cookie is a small file that can be stored on your computer when you visit a website. Basically, cookies are used to provide users with additional features on a website. For example, they may be used to help you navigate through a Web site, to allow you to continue to use a Web site where you left it, and / or to store your preferences and preferences when you visit the website again. Cookies can not access, read or modify any other data on your computer.

Most of the cookies on this website are called session cookies. You will be automatically deleted when you leave our website. Persistent cookies, on the other hand, stays on your computer until you manually delete it in your browser. We use such persistent cookies to recognize you when you next visit our website.

If you want to control cookies on your computer, you can choose your browser settings to get a notification when a web site wants to save cookies. You can also block or delete cookies if they have already been saved on your computer. If you would like to know more about how to set these steps, please use the "Help" function in your browser.

Please note that blocking or deleting cookies could affect your online experience and prevent you from using this website to the full.

You can find detailed information about how we use cookies on the website in our Cookie Policy.

We use Google Analytics in order to gather anonymous information about the pages you visit on our website, how long your visit lasted and other statistical details. You can read Google’s Policy here.

3. Purposes of data processing

We will process your personal information for the following purposes:

  • to make this website available to you and to further improve and develop this website;
  • to create usage statistics;
  • to detect, prevent and investigate attacks on our website;
  • to respond to your requests.

4. Legal basis of processing

The legal basis for the processing of your personal data is our overriding legitimate interest (pursuant to Article 6 (1) (f) of the EU General Data Protection Regulation), which is to achieve the purposes set out in point 3 above.

5. Transmission of your personal data

For the above purposes, we will provide your personal information to the following recipients:

  • IT service providers we use;
  • Our partners closer to your region.

Some of the above recipients are located outside your country or process your personal information there. The privacy level in other countries may not be the same as your country's. However, we only transfer your personal data to countries for which the EU Commission has decided that they have an adequate level of data protection or we take measures to ensure that all recipients have a reasonable level of data protection. For example, we conclude standard contractual clauses (2010/87 / EC and / or 2004/915 / EC). These are available upon request at office@csr-company.com.

You can consult the contract we are signing with all our clients/suppliers, so you can be sure your data is safe with us.

6. Duration of storage

We will always save your data for a period of three months. Longer storage will only be provided to the extent necessary to investigate identified attacks on our website.

Anonymized statistics data (Google Analytics data) will be stored for a period of 14 months.

7. Your rights

  • Right to information. This right provides you with the ability to ask for information about what personal data we collect and process and the reasons for such processing. 
  • Right to access. This right provides you with the ability to get access to your personal data that is being processed. This request provides you with the right to see or view your own personal data, as well as to request copies of the personal data.
  • Right to rectification. This right provides your with the ability to ask for modifications to your personal data in case you believe that this personal data is not up to date or accurate.
  • Right to withdraw consent. This right provides you with the ability to withdraw a previously given consent for processing of the personal data for a purpose. The request would then require us to stop the processing of the personal data that was based on the consent provided earlier.
  • Right to object. This right provides you with the ability to object to the processing of the personal data. Normally, this would be the same as the right to withdraw consent, if consent was appropriately requested and no processing other than legitimate purposes is being conducted. However, a specific scenario would be when a customer asks that his or her personal data should not be processed for certain purposes while a legal dispute is ongoing in court.
  • Right to object to automated processing. This right provides you with the ability to object to a decision based on automated processing. Using this right, you may ask that your request (for instance, a loan request) to be reviewed manually, because your believe that automated processing may not consider the unique situation of the customer.
  • Right to be forgotten. Also known as right to erasure, this right provides you with the ability to ask for the deletion of your data. This will generally apply to situations where a customer relationship has ended. It is important to note that this is not an absolute right, and depends on your retention schedule and retention period in line with other applicable laws.
  • Right for data portability. This right provides you with the ability to ask for transfer of your personal data. As part of such request, you may ask for your personal data to be provided back or transferred to another controller. When doing so, the personal data must be provided or transferred in a machine-readable electronic format.

8. Data protection by design and by default

According to GDPR Art. 25, The CSR Company implements the required principles:

  • we minimised the amount of personal data we collect from you as detailed in Art. 1 of this Policy;
  • we only process your personal data for the purposes we declared in Art. 3 of this Policy and the processing is happening only with your approval (eg. by filling the forms on the website);
  • we keep the personal data we collect from you for a determined period of time, as stated in Art. 6 of this Policy;
  • you can request at any time the personal information we have stored about you by writing an email at personal.data@csr-company.com.

9. Contact and support regarding to your personal data

You can use your rights by sending us a written request using one of the options below:

  • written letter sent at CSRC International Ltd, Strovolou, 47, 4th Floor, 2018 Strovolou, Nicosia, Cyprus
  • e-mail sent at personal.data@csr-company.com

Also, starting on the May 25, 2018, if you think we didn’t respect one of your rights, and we cannot repair our mistake between us, you can send a complaint to the appropriate authority in your country.

10. Specific regulations apply to the Whistleblower Hotline System „TellUs“. Any personal data received through the TellUs website will only be accessed by the CEO and the COO of CSR Company International Ltd. and will not be shared with any office. The only case this could happen is when the respective client requests an investigation of the reported incident and the CSR Company Office in the country of the incident conducts the investigation. In this case only the Country Manager will have access to the data. This applies only to reported incidents in which the reporter has filed the report under his or her name, which is considered as approval to sharing the data in this limited circle of people.