Privacy Policy - MyMall Limassol

MYMALL LIMASSOL PRIVACY NOTICE

Contents
1. INTRODUCTION 1
2. DATA PROTECTION PRINCIPLES 2
3. HOW WE COLLECT AND USE YOUR DATA & TYPES OF DATA COLLECTED 2
4. USE OF CHILDREN’S DATA 4
5. LEGAL GROUNDS FOR PROCESSING YOUR DATA 4
If you fail to provide personal data 4
Change of purpose 5
6. SENSITIVE PERSONAL DATA 5
7. DIRECT MARKETING 5
8. AUTOMATED DECISION-MAKING 6
9. HOW DO WE SHARE YOUR DATA 6
10. DATA RETENTION 6
11. DATA SECURITY 7
12. YOUR RIGHTS IN RELATION TO YOUR PERSONAL DATA 8
No fee usually required 9
What we may need from you 9
13. PERSONAL DATA ABOUT OTHER PEOPLE WHICH YOU PROVIDE TO US 9
14. YOUR OBLIGATION TO INFORM US OF ANY CHANGES TO YOUR DATA 9
15. UPDATES TO THIS PRIVACY NOTICE 9
16. HOW TO CONTACT US 10

1.INTRODUCTION

This Privacy Notice (“Privacy Notice” or “Notice”) describes the type of personal data (“personal data” or “data”) collected on our website and at the premises of MYMALL Limassol (“MYMALL”), how we collect and use your personal data and which options and rights you have in this respect, in accordance with the General Data Protection Regulation (EC) 2016/679 (GDPR) and applicable data protection laws and regulations (“Data Protection Laws”).

MYMALL is a shopping center located at 285, Fragklinou Rousvelt, 3150 Limassol, Cyprus.

The data controllers of the data we collect from you are:

Tiffany Investments Limited (incorporated in Cyprus with company number HE146855 and registered office at 285, Fragklinou Rousvelt, 3150 Limassol, Cyprus ), which is the owner of MYMALL Limassol property and
MIM Services Limited (incorporated in Cyprus with company number HE214159 and registered office at 285, Fragklinou Rousvelt, 3150 Limassol, Cyprus), which is the management company of MYMALL Limassol.

(each a “data controller” and collectively referred to as “data controllers”, “we”, “us” or “our”).

This notice applies to tenants/licensees and their staff, clients and potential clients and their staff, visitors of MYMALL and members of their families, authorized parties and vendors, business associates, third party service providers and their staff, visitors of our website (https://mymall.com.cy/) and recipients of direct advertising.

The collection and processing of personal data through a CCTV system for the purposes of security is governed by a separate policy, which is available at here.

This data protection notice does not form part of any other contract. It is important that you read this privacy notice, together with any other data protection notice we may provide on specific occasions when we are collecting or processing personal data about you, so that you are aware of how and why we are using such data.

2.DATA PROTECTION PRINCIPLES

We are committed to protecting the privacy and security of your personal data and shall at all times comply with the applicable data protection laws when collecting and processing your data. This provides that the personal data we hold about you must be:

Used lawfully, fairly and in a transparent way.
Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
Relevant to the purposes we have told you about and limited only to those purposes.
Accurate and kept up to date.
Kept only as long as necessary for the purposes we have told you about.
Kept securely.

3.HOW WE COLLECT AND USE YOUR DATA & TYPES OF DATA COLLECTED

“Personal data” means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We may use and collect personal data of yours either through our website or when you physically visit the premises of MYMALL in the ways set out below.

Our Website

When accessing our website (https://mymall.com.cy/) your personal data may be collected and used in the following ways:

Subscribing to our mailing list: When you subscribe to our mailing list you will be required to provide your full name/or email address and/or phone number and/or birthday date for the purposes of obtaining your consent to subscribe to electronic marketing communications.
Cookies and similar technologies: We use cookies and similar technologies when you use our website. For more information on our use of cookies, including how to manage your cookie preferences, see our Cookie Notice at https://www.mymall.com.cy/cookies-policy/
Advertising. We use the data you provide us to help us tailor and show advertisements to you. We may partner with third parties to help us display relevant advertising and to manage our advertising across multiple channels. Our third-party partners may use cookies and non-cookie-based technologies in order to help us show you advertising based upon your browsing activities and interests.
If you apply for a job with us: If you apply for a job at MYMALL through our website, you will be provided with a detailed privacy notice for recruitment and selection as part of the application process.

Our website may contain links or references to other websites, companies, or social media (such as Facebook and Instagram) which are not operated or controlled by us. The policies and procedures described in this notice do not apply to those third parties. Links to third-party advertisements/campaigns found on our website do not imply that we endorse or that we have reviewed such third parties or their privacy practices. Visit those third parties’ websites or contact them directly for information on their privacy notices.

Collection of data at MYMALL

When visiting the premises of MYMALL, your personal data may be collected and used in the following ways:

Reception Services / MIM:

For complaints: customer’s name, telephone, email.
For lost and found items: customer’s name, telephone, address.
For use of MYMALL wheelchair: customer’s telephone and ID/driving license are kept temporarily until the wheelchair is returned.
For participation in MYMALL competitions: customer’s name, telephone, email, and confirmation that the participant is 18 years old and above in order to participate in the competition.
For luggage storing services: customer’s name, telephone, email, ID/Passport number, number of items stored.
CCTV Footage: In the course of running MYMALL, we may collect data on incidents and accidents that occur, as well as using CCTV and other security measures for your and our protection. Click here https://www.mymall.com.cy/cctv-policy/ to view MYMALL CCTV notice for further information on how we use your personal data for these purposes and your rights.

Collection of data of tenants/licensees and vendors

Tenants’/Licensees’ Data: We collect the following data from tenants/licensees of MYMALL: name, telephone, email, ID/Passport, address, corporate documentation (certificate of incorporation, certificate of registered address, certificate of directors and secretary, VAT certificate).
Vendors’ and Staff’s Data: We collect the following data from vendors and their staff: name, telephone, and email of all store managers and name, telephone, and email of the stores’ marketing department.

4.USE OF CHILDREN’S DATA

We understand the importance of protecting children’s privacy. We may collect personal data in relation to children provided that we have first obtained their parent’s or legal guardian’s consent or unless otherwise permitted under law. Our website is not designed for use by children, nor do we provide any online services to children. For the purposes of this privacy statement, “children” are individuals under the age of eighteen (18).

5.LEGAL GROUNDS FOR PROCESSING YOUR DATA

We may process your personal data on one or more of the following legal grounds:

To perform a contract we have entered into with you;
To comply with a legal obligation;
Where it is necessary for purposes of our legitimate interest (or those of any third party) and your interests and fundamental rights do not override those interests;
Where you have provided your consent; and/or
Where we need to process your personal data in order to protect your vital interests or those of another person.

If you fail to provide personal data

If you fail to provide certain data when requested, we may not be able to perform the contract we have entered into with you or we may not be able to satisfy your claim, or we may be prevented from complying with our legal obligations or otherwise not be able to enter into or carry out any contractual relationship with you.

Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

6.SPECIAL CATEGORIES OF SENSITIVE PERSONAL DATA

“Special categories” of particularly sensitive personal data require a higher level of protection. We need to have further justification for collecting, storing, and using this type of personal data. We have in place an appropriate policy document and safeguards which we are required by law to maintain when processing such data. We may process special categories of personal data in the following circumstances:

With your explicit written consent where you provided sensitive personal data if that is deemed necessary. For example, in the event of an accident or a medical emergency.
Where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent.

7.DIRECT MARKETING

Our Marketing Department may use your personal data to communicate via direct marketing channels and update you about our services that we feel you may be interested in. Our direct marketing channels involve: email, or display advertising that you may see on our website, third party websites or social media.

On many occasions your prior consent, when subscribing to our mailing list or entering a competition, will be requested in order to allow us to communicate with you in order to promote our services and send you data that we think you might be interested in based on the data we hold about you. When consent is needed and obtained then in every direct marketing communication you will always be given the right to ‘opt out’ of receiving future direct marketing data via unsubscribe links in email or you may ‘opt-out’ by contacting us immediately.

Moreover, and only with your consent we may share your personal data with our group companies or our third-party partners for their own marketing purposes. In case you do not wish any longer for your personal data to be shared within our group or our business partners, you may ‘opt-out’ by contacting us via telephone or email.

Any unsubscribe, stop instructions and general ‘opt-outs’ will be handled within a reasonable time.

AUTOMATED DECISION-MAKING

Automated decision-making takes place when an electronic system uses personal data to make a decision without human intervention. We do not use automated decision-making in any part of our operations.

HOW DO WE SHARE YOUR DATA

We may have to share your personal data with third parties, including third-party service providers and other entities, in order to provide our services and manage our business but shall always do so in compliance with the applicable data protection laws.

We require third parties to respect the security of your personal data and to treat it in accordance with the law.

All our third-party service providers and all other third-party entities, other than those which we are required under the law to disclose your personal data, are required to take appropriate security measures to protect your personal data in line with our policies and relevant contractual data sharing obligations. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions as per the GDPR.

In particular, we may disclose your personal data to third parties in the following circumstances:

Our affiliates or subsidiaries providing our offered services;
To process payments made;
In the management of email marketing;
To provide CCTV and security services within MYMALL; and/or
With contractors, consultants, and professional advisors.

Otherwise, we will only disclose your personal data when you direct us or give us your permission, when we are required by applicable law or regulations or judicial or official request to do so, or as required to investigate actual or suspected fraudulent or criminal activities.

10.DATA RETENTION

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including of the purposes of satisfying any legal, accounting or reporting requirements, or until you withdraw your consent in accordance with applicable law (where applicable).

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

We retain certain categories of data for the following periods:

Mailing list data: indefinitely, until a subscriber decides to unsubscribe from the mailing list.
General CCTV footage: 10-20 days. More details are available at the CCTV policy https://www.mymall.com.cy/cctv-policy/
CCTV footage in the case of an incident: until duly investigated and/or until completion of any legal proceedings and/or as required by law. More details are available at the CCTV policy https://www.mymall.com.cy/cctv-policy/
Session cookies: These cookies are temporary and expire once you close your browser or once your session ends.
Persistent cookies: This category encompasses all cookies that remain on your hard disk until you erase them, or your browser does, depending on the cookie’s expiration date. All persistent cookies have an expiration date written into their code, but their duration can vary. They should not last longer than 12 months, but in practice, they could remain on your device much longer if you do not take action.
Tenants’/Licensees’ data: Data of tenants or licensees is kept for the duration of their tenancy and once they cease to be tenants/licensees we keep their data for a period of 7 years.
Vendors’ data: Data of vendors is kept for as long as we maintain contractual relationship with them and once our contractual relations cease, their data are deleted immediately.
Potential tenants’ data: Data of persons interested to rent space in MYMALL, either temporarily and/or permanently, are maintained for as long they are needed in order to check space availability and/or for as long they are considered relevant for the purpose of finding appropriate space that could accommodate the specific concept, either in the short term or in the long term. If the concept is considered irrelevant and/or inappropriate and/or illegal and/or does not comply with the MYMALL objectives for any other reason whatsoever, all relevant data will be deleted immediately.
Customer complaints: 12 months.
Lost and found items: 6 months.
Luggage stored: For security reasons, any item that is forgotten or found but not claimed is destroyed within 10 days from the date that it was initially stored in MYMALL premises.
Contact details of participants and winners in MYMALL competitions: 6 months

11.DATA SECURITY

We have put in place appropriate security measures to prevent unauthorized loss, use, or access to your personal data, modification, or disclosure. In addition, we restrict access to your personal data to employees and other third parties who have business reasons to know this information. They will process your personal data only in accordance with our instructions and are subject to confidentiality obligations.

We have established procedures for dealing with any data breaches and will notify you and any supervisory authority of a potential breach where we will be legally obliged to do so.

12.YOUR RIGHTS IN RELATION TO YOUR PERSONAL DATA

Subject to certain legal conditions, you may have the right to:

Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing. In the circumstance where you may have provided your consent to the collection, processing, and transfer of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact the responsible person at [email protected] . Once we have received notification that you have withdrawn your consent, we will no longer process your data for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law. It is also noted that the processing based on the consent carried out prior to the withdrawal will remain lawful.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.

It is noted that in accordance with the legislation in force, your right to apply for the erasure of your personal data or to object to the processing of your personal data by us is not applicable or may be limited in the following instances where the processing of the data is carried out for the purpose of:

a) establishing, exercising, or supporting legal claims, and

b) maintaining a legal obligation that necessitates the processing on the basis of Cypriot or European Law, to which we and MYMALL are subject.

Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
Request the transfer of your personal data to another party.

No fee usually required

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

What we may need from you

We may need to request specific data from you to help us confirm your identity and ensure your right to access the data (or to exercise any of your other rights). This is another appropriate security measure we have put into place to ensure that personal data is not disclosed to any person who has no right to receive it.

13. PERSONAL DATA ABOUT OTHER PEOPLE WHICH YOU PROVIDE TO US

If you provide personal data to us about someone else (such as one of your employees, or someone with whom you have business dealings or a member of your family) you must ensure that you are entitled to disclose that personal data to us and that, without our taking any further steps, we may collect, use, and disclose that personal data as described in this Privacy Notice. In particular, you must ensure the individual concerned is aware of the various matters detailed in this Privacy Notice, as those matters relate to that individual, including our identity, how to contact us, our purposes of collection, our personal data disclosure practices (including disclosure to overseas recipients), the individual’s right to obtain access to the personal data and make complaints about the handling of the personal data, and the consequences if the personal data is not provided (such as our inability to provide services).

14.YOUR OBLIGATION TO INFORM US OF ANY CHANGES TO YOUR DATA

If any of the personal data that you have provided to us changes, for example if you change your email address, or if you become aware that we hold any inaccurate personal data about you, please let us know by sending an email to the responsible person at [email protected] . We will not be responsible for any losses arising from any inaccurate, inauthentic, deficient, or incomplete Personal Data that you provide to us.

15.UPDATES TO THIS PRIVACY NOTICE

This Privacy Notice was last updated in November 2023. We reserve the right to update and change this Privacy Notice from time to time in order to reflect any changes to the way in which we process your personal data or changing legal requirements. In case of any such changes, we will post the updated Privacy Notice on our website. The changes will take effect as soon as they are posted on this website.

16.HOW TO CONTACT US

We have appointed a Data Protection Officer (DPO) to oversee compliance with this data protection notice.

If you have any queries or complaints regarding our privacy practices or this notice, or you would like to exercise your privacy rights please contact the responsible person at [email protected] .

We will consider any requests or complaints which we receive and provide you with a response in a timely manner. If you are not satisfied with our response, you have the right to lodge a complaint with the Office of the Commissioner for Personal Data Protection, the Republic of Cyprus’ supervisory authority at:

1 Iasonos Street,
1082 Nicosia, Cyprus
Tel.: +357 22 818 456
Fax: +357 22 304565
E-mail: [email protected]

– END OF DOCUMENT –

Cookie	Type	Duration	Description
cookielawinfo-checkbox-necessary	persistent	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-non-necessary	persistent	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Non Necessary".
PHPSESSID	persistent	1 year	This cookie is native to PHP applications. The cookie is used to store and identify a users' unique session ID for the purpose of managing user session on the website. The cookie is a session cookies and is deleted when all the browser windows are closed.
viewed_cookie_policy	persistent	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
viewed_cookie_policy	persistent	1 year	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Type	Duration	Description
_ga	persistent	1 year	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, camapign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assigns a randoly generated number to identify unique visitors.
_gat_gtag	persistent	1 year	Identification code of website for tracking visits.
_gid	persistent	1 year	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the wbsite is doing. The data collected including the number visitors, the source where they have come from, and the pages viisted in an anonymous form.
_hjid	persistent	1 year	Hotjar cookie. This cookie is set when the customer first lands on a page with the Hotjar script. It is used to persist the random user ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID.
_hjIncludedInSample	persistent	1 year	This cookie is set to let Hotjar know whether that visitor is included in the sample which is used to generate Heatmaps, Funnels, Recordings, etc.
has_recent_activity	persistent	1 year	This cookie is used to signal to the code repository website if the user has browsed other website resources during the current session.
tk_ai	persistent	1 year	Gathers information for our own, first party analytics tool about how our services are used. A collection of internal metrics for user activity, used to improve user experience.
tk_lr	persistent	1 year	This cookie is set by JetPack plugin on sites using WooCommerce. This is a referral cookie used for analyzing referrer behavior for Jetpack
tk_or	persistent	1 year	This cookie is set by JetPack plugin on sites using WooCommerce. This is a referral cookie used for analyzing referrer behavior for Jetpack
tk_qs	persistent	1 year	Gathers information for our own, first party analytics tool about how our services are used. A collection of internal metrics for user activity, used to improve user experience.
tk_r3d	persistent	1 year	The cookie is installed by JetPack. Used for the internal metrics fo user activities to improve user experience

Cookie	Type	Duration	Description
_fbp	persistent	1 year	This cookie is set by Facebook to deliver advertisement when they are on Facebook or a digital platform powered by Facebook advertising after visiting this website.
fr	persistent	1 year	The cookie is set by Facebook to show relevant advertisments to the users and measure and improve the advertisements. The cookie also tracks the behavior of the user across the web on sites that have Facebook pixel or Facebook social plugin.

Opening Hours & Public Holidays

Shops:

Entertainment:

Dining:

cafes:

Public HOLIDAYS

Easter holidays

Stay up to date with our
latest news & updates.

Shops:

Entertainment:

Dining:

cafes:

Public HOLIDAYs

1/5 - SHOPS ARE CLOSED, DINING & ENTERTAINMENT IS OPEN

eASTER PERIOD:

3/5 & 4/5 - SHOPS CLOSE AT 6PM
5/5 - MYMALL IS CLOSED ( EASTER SUNDAY)
6/5 - SHOPS ARE CLOSED - DINING & ENTERTAINMENT IS OPEN

Opening Hours & Public Holidays

Shops:

Entertainment:

Dining:

cafes:

Public HOLIDAYS

Easter holidays

Stay up to date with our latest news & updates.

Shops:

Entertainment:

Dining:

cafes:

Public HOLIDAYs 1/5 - SHOPS ARE CLOSED, DINING & ENTERTAINMENT IS OPEN

eASTER PERIOD:3/5 & 4/5 - SHOPS CLOSE AT 6PM 5/5 - MYMALL IS CLOSED ( EASTER SUNDAY)6/5 - SHOPS ARE CLOSED - DINING & ENTERTAINMENT IS OPEN

Stay up to date with our
latest news & updates.

Public HOLIDAYs

1/5 - SHOPS ARE CLOSED, DINING & ENTERTAINMENT IS OPEN

eASTER PERIOD:

3/5 & 4/5 - SHOPS CLOSE AT 6PM
5/5 - MYMALL IS CLOSED ( EASTER SUNDAY)
6/5 - SHOPS ARE CLOSED - DINING & ENTERTAINMENT IS OPEN