EFFECTIVE DATE: 25 August 2023 V03

PRIVACY POLICY – REMEDICA LIMITED

Dear External Associate and/or Partner,

In light of our present and/or ongoing business relationship, we, Remedica Ltd with Registration Number HE 144453, having our registered address at Aharnon Street, Limassol Industrial Estate, 3056 Limassol, Cyprus, (hereinafter “Remedica” or the “Company”) proceed with the processing of your personal data due to and/or as per your capacity and/or position as the duly authorized contact and/or designated person and/or legal representative, of the legal entity, on behalf of whom you act and/or duly represent, and, with which, Remedica maintains a commercial and/or business relationship.

Due to the processing of your personal data, under and/or as per the parameters of your ongoing commercial and/or business relationship with Remedica, and, as per the implementation of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of persons of these data and repealing Directive 95/46/EC (hereinafter referred to as “GDPR”), we would hereby like to inform you that Remedica, processes your personal data in order to and/or with the purpose of:

a. Entering into, executing, amending or terminating any contract whereby the contracting parties are Remedica, and, the legal entity which you duly represent (as per whichever lawful and/or authorized capacity as per above-mentioned);
b. Securing and/or maintaining compliance with all contractual and/or legal obligations attached upon Remedica as per the contractual terms of the contract signed between Remedica, and, the legal entity which you duly represent (as per whichever lawful and/or authorized capacity as per above-mentioned);
c. Adherence and/or compliance of Remedica with all and/or any legal and/or regulatory and/or legislative obligations and/or duties as these derive from the relevant legal and/or legislative and/or regulatory framework(s);
d. Lawfully and/or legally safeguarding Remedica’s rights and/or interest from any and/or all possible risks and/or threats, including, but not limited to money laundering or financing of terrorist acts, evaluation of commercial risks of all and/or any nature, etc.; infraction prevention, detection and investigations, etc.;

In instances where it is deemed as necessary, the processing of your personal date (for the purpose(s), as above, stated may be disclosed to Remedica’s affiliates and/or other contractual associates (i.e. lawyers, legal advisors, external auditors, etc.) which are directly and/or indirectly contributing, in any manner whatsoever, under the contractual and/or commercial and/or business parameters existing between Remedica, and, the legal entity which you duly represent.

Furthermore, in instances where the processing of your personal data is deemed necessary, for any purpose (s) other than those above-mentioned, then, such processing, shall take place in conformity and/or in compliance with the applicable legal and/or legislative data protection framework.

Remedica is committed to following the highest standards of ethics and conducting business responsibly, sustainably and with integrity, as set out in the Company’s Code of Ethics and Conduct. Remedica seeks to comply with the strictest national, European and global requirements and expects its associates too, to comply with applicable laws, rules and regulations.

In the process of evaluating whether applicable laws are adhered to and identifying potential financial, legal and reputational risks of working with an external associate, the Company carries out a due diligence procedure (hereinafter referred to as “DDP”). The DDP involves the completion of a KYC questionnaire and relevant due diligence documents, as well as screenings of key individuals such as directors, officers, owners and other beneficial owners.

The data collected during the DDP includes but is not limited to identification and contact details, residential address, citizenship information, business activity, economic status and financial statements, which according to the GDPR amounts to personal data.

Remedica processes the personal data derived from the DDP, in order to ensure compliance with its legal obligations, to take the necessary steps prior to entering a contract and for purposes associated with its legitimate interests i.e., protection of the Company’s reputation.

The personal data obtained via the DDP is maintained for monitoring procedures carried out throughout the duration of your business relationship with Remedica. The Department responsible for collecting, processing, storing and returning/destructing the personal data is the Compliance Department.

In its attempt to build strong relationships with associates and partners, Remedica uses the Customer Relationship Management software (hereinafter referred to as “CRM”), provided by Aqurance A.E., to collect data. The collected data includes your name, surname, field of expertise, job role, work address, work telephone number, mobile phone number and email address, which according to the GDPR is personal data, as it may lead to your identification.

Remedica processes the personal data collected in the CRM for purposes associated with its legitimate interests, such as calculating increases in sales and revenue, ensuring high levels of efficiency, customer service and satisfaction, as well as ensuring the effectiveness of marketing strategies.The data collected through the CRM shall be retained for a period of one (1) year. In case of termination of the cooperation between Remedica and Aqurance, all collected data shall be deleted within sixty (60) days from the date of termination.

With the intention of securing Remedica’s adherence to Law 6 (I)/2022 (Law associated with the Protection of Persons who Report Breaches to Union and National Law) Remedica has proceeded with acquiring a licence to use the whistle-blowing platform Speeki (internal reporting platform) through which associates and partners are in a position to file reports and/or concerns associated with illegal and/or unethical behaviour.

Remedica is the Controller of the personal data submitted to the platform (with the personal data which may possibly be uploaded being Name, middle name, surname, contact details and address, date of birth, nationality, employment history, educational records, business activities, credit history, passport number, national identification number, vehicle registration number, driver’s licence number, financial information, information on compliance indiscretions, job title, details regarding whether data subjects are on watch lists or sanctions lists or are politically exposed) and Speeki is the Processor. In order to safeguard that the personal data are to be collected, processed, stored and deleted as per the provisions and requirements of the GDPR, Remedica has entered into a Data Processing Agreement with Speeki.

Remedica shall process personal data submitted to the Speeki platform to the extent necessary so as to secure that Remedica complies with legal obligations imposed upon Remedica as per Law 6 (I)/2022 mentioned above and/or to the extent necessary for the legitimate interests pursued by Remedica and/or to the extent necessary to protect the associate or partner’s interests.

As per Law 6 (I)/2022 all personal data collected during the submission of a report/concern shall be deleted within three (3) months from the date of completion of the examination of the report/concern. In case that a judicial or disciplinary process begins against the individual reporting the incident or against the individual being reported, the personal data shall be preserved for 1 (one) year from the date of completion of the relevant process.

The Department responsible for assessing the report/concern, and, processing and deleting (as per above) of the personal data is the Compliance Department.

As per the relevant articles and/or principles of the GDPR, you have the following rights, in connection to which, you are kindly advised to proceed with further familiarization through reading the GDPR:

a. Right of access;
b. Right to rectification;
c. Right to erasure/right to be forgotten;
d. Right to restriction of processing if, and, when applicable;
e. Right to object (upon applicability assessment);
f. Right of data portability;
g. Right to lodge a complaint with the Cyprus Commission for Personal Data Protection;
h. Right not to be subjected to a decision, which shall only be the product of an automated processing.

Excluding the right referred in point (g) above, you may proceed with enforcing the above-mentioned rights provided to you, by communicating your intention and/or instructions, to Mrs. Elina Skoullou, Remedica’s Data Protection Offcier, by e-mail, at [email protected].

Furthermore, you are hereby informed that, the processing of your personal data (as per the purpose(s) herein mentioned) shall be materialized, inter alia, through the establishment of analogous operational mechanisms aiming at ensuring maximum prevention of, amongst others, unauthorized access and/or disclosure, use, collection, etc.

Lastly, please note that your personal data shall be stored by Remedica, for the period of time which is deemed as necessary in accordance with the analogous and/or applicable legal and/or legislative and/or regulatory and/or policy requirements.

For any questions and/or clarifications associated with the above-mentioned, please feel free to contact Mrs. Elina Skoullou Remedica’s Data Protection Officer by e-mail at [email protected].