Privacy Policy

General Information

The following Privacy Policy governs the online information collection practices of Affirma Consulting & Coaching (“Entity,” “we” or “us”). It outlines the types of information that we gather about (“You”, “Your”, “User”, or “Client”) while you are using www.affirmacy.com, and the ways in which we use this information. We, at Affirma, understand the importance of your privacy and are dedicated to securing your personal data. We process your data in accordance with the applicable laws and regulations.

Purpose & Scope

The Privacy Policy (“Policy”) applies primarily to information that we collect online through our website; however, it may apply to some of the data that you provide to us offline and/or through other means as well (for example, at a live event, via telephone, via social networking, in person, through the mail, or otherwise). This Privacy Policy explains how , to what extent and for what purposes we are collecting and subsequently processing data and information to administer your requests.

Who We Are

We at Affirma Consulting & Coaching provide an array of services to clients and other parties, including but not limited to: i) Management Consulting, ii) Business Coaching & Training, iii) Project Management and iv) Outsource Business Solutions, collectively, and among others our (“Services”). For additional information about our services please refer to our website www.affirmacy.com

Affirma as Data Controller or Data Processor

Affirma is a Data Controller or a Data Processor under the GDPR, with possible access to, and processing of personal data of multiple categories of physical living persons. Affirma is committed to performing such processing in transparent and fair ways, based on processes which are private by design and using appropriate technical and organizational measures in support of security and privacy objectives. This commitment is applicable throughout the lifecycle of personal data processing, including during collection, transmission, use and storage. Affirma also commits to taking all reasonable steps to ensure that personal data processing is based on a valid legal basis1 . When Affirma is the Data Processor, this commitment typically means that we rely on the Data Controller in each case, to establish a valid legal basis for the processing we perform in that capacity. We also depend on the Data Controllers to notify us in a timely manner when any changes to the status of such bases occur. In certain other cases, the processing we perform is dictated by legislation or may be based on our legitimate interests, especially those which emanate from our professional obligations and responsibilities and / or other regulatory frameworks subject to which we perform our work.

Types of Data We Collect

We may collect different data from or about you depending on how you use the Site.

  • Among the types of Personal Data that this Website collects, by itself or through third parties, there are: first name; surname at your will, company name, email address; Cookies; Usage Data;
  • Complete details on each type of Personal Data collected are provided in the dedicated sections of this privacy policy or by specific explanation texts displayed prior to the Data collection.
  • Personal Data may be freely provided by the User, or, in case of Usage Data, collected automatically when using this Website.
  • Unless specified otherwise, all Data requested by this Website is mandatory and failure to provide this Data may make it impossible for this Website to provide its services. In cases where this Website specifically states that some Data is not mandatory, Users are free not to communicate this Data without consequences to the availability or the functioning of the Service.
  • Users who are uncertain about which Personal Data is mandatory are welcome to contact the Entity.
  • Any use of Cookies – or of other tracking tools – by this Website or by the owners of third-party services used by this Website serves the purpose of providing the Service required by the User, in addition to any other purposes described in the present document and in the Cookie Policy, if available.
  • Users are responsible for any third-party Personal Data obtained, published or shared through this Website and confirm that they have the third party’s consent to provide the Data to the Entity.

Why We Process Your Personal Data

We describe below the key ways we use personal information, and the legal bases of processing on which we rely for such processing. We have also identified what our legitimate interests are where appropriate. In general terms, we use the personal information we collect to help Affirma better understand you and to enable us to personalize your experience with Affirma, including quotations, informative communication, newsletters and services to meet your needs. We use your information to:

  • deliver our services to you, in the most appropriate way possible, that is relevant and necessary for you
  • provide you with customer service such as responding to your queries, processing and executing your request/s
  • personalize our services, by understanding your unique needs and design a bespoke solution to administer our approach, methodologies, and contact frequency and to respond to your request
  • contact you about your account and tell you about important changes that affect you
  • provide, develop, and improve our products and services
  • manage information electronic or written, newsletters, customer surveys, and questionnaires
  • check and verify your identity, and prevent, mitigate or detect and investigate crime, fraudulent or illegal activities and
  • process quotations, memorandums of understanding, non-disclosure agreements, contractual agreements, invoices,  payments, customer support, and request fulfillment.

Kindly be aware that your personal data may be processed for more than one lawful purpose. If you need more information as to the specific legal basis on which we are relying to process your personal data, please send us your specific request to info@affirmacy.com

How Long We Keep Your Personal Data

Personal Data shall be processed and stored for as long as required by the purpose they have been collected for. Therefore:

  • Personal Data collected for purposes related to the performance of a contract between the Entity and the User shall be retained until such contract has been fully performed.
  • Personal Data collected for the purposes of the Entity’s legitimate interests shall be retained as long as needed to fulfill such purposes. Users may find specific information regarding the legitimate interests pursued by the Entity within the relevant sections of this document or by contacting the Entity.

The Entity may be allowed to retain Personal Data for a longer period whenever the User has given consent to such processing, as long as such consent is not withdrawn. Furthermore, the Entity may be obliged to retain Personal Data for a longer period whenever required to do so for the performance of a legal obligation or upon order of an authority.

Once the retention period expires, Personal Data shall be deleted. Therefore, the right to access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period.

Access & Sharing of Personal Data

a) Internally

Within our Organization, access to your data is limited to those persons who require access in order to provide you with the Services and Information, which you required from us and/or their processing to administer and process your request, to contact you, and to respond to your inquiries. Those staff members may be on teams such as: management, marketing, business development, executive, customer support and administration and/or associates. Employees only have access to data that is relevant to their team, on a “need to know” basis.

b) Externally

i) Processors: We may use service providers for operating and improving the Site, to assist with certain functions, such as payment processing, email transmission, conducting surveys or contests, data hosting, managing our ads, third-party solutions for marketing and analytics, and some aspects of our technical and customer support. We take measures to ensure that these service providers access, process, and store information about you only for the purposes we authorize, through the execution of Data Processing Agreements or Addenda. When necessary in the context of such personal data processing, our selection process and criteria for cooperation with 3rd parties (suppliers, vendors or other advisors), incorporate consideration and evaluation of those 3rd parties’ level of GDPR readiness and compliance. In this respect, we seek to ensure that 3rd parties who support Affirma’s operations or systems or who are otherwise involved in our personal data processing operations, have and operate necessary technical and organizational measures for protecting the security and privacy of personal data.

ii) Professional advisers: including lawyers, bankers, consultants, auditors and insurers based in the EEA who provide consultancy, banking, legal, insurance and accounting services.

iii) Authorities: We may access, preserve, and disclose information about you to third parties, including the content of messages, if we believe disclosure is in accordance with, or required by, applicable law, regulation, legal process, or audits. We may also disclose information about you if we believe that your actions are inconsistent with our Terms and Conditions or related guidelines and policies, or if necessary to protect the rights, property, or safety of, or prevent fraud or abuse of, Company, others and Tax and Customs authorities, regulators, law enforcement bodies and other authorities acting as processors or joint controllers based in the EEA who have the right to require reporting of processing activities in certain circumstances and otherwise in defense of legal claims.

iv) Transfer of Business: If we (or our assets) are acquired, or we may choose to sell, transfer, or merge parts of our business or our assets. or if we go out of business, enter bankruptcy, or go through some other change of control, personal information could be one of the assets transferred to or acquired by a third party. If such a change happens to our business, then the new owners may use your personal information in the same way as set out in this Privacy Policy

Your Rights Over Your Data

Users may exercise certain rights regarding their Data processed by the Entity.

Users entitled to broader protection standards may exercise any of the rights described below. In all other cases, Users may inquire with the Entity to find out which rights apply to them.

In particular, Users have the right to do the following:

  • Withdraw their consent at any time. Users have the right to withdraw consent where they have previously given their consent to the processing of their Personal Data.
  • Object to processing of their Data. Users have the right to object to the processing of their Data if the processing is carried out on a legal basis other than consent. Further details are provided in the dedicated section below.
  • Access their Data. Users have the right to learn if Data is being processed by the Entity, obtain disclosure regarding certain aspects of the processing and obtain a copy of the Data undergoing processing.
  • Verify and seek rectification. Users have the right to verify the accuracy of their Data and ask for it to be updated or corrected.
  • Restrict the processing of their Data. Users have the right, under certain circumstances, to restrict the processing of their Data. In this case, the Entity will not process their Data for any purpose other than storing it.
  • Have their Personal Data deleted or otherwise removed. Users have the right, under certain circumstances, to obtain the erasure of their Data from the Entity.
  • Receive their Data and have it transferred to another controller. Users have the right to receive their Data in a structured, commonly used and machine readable format and, if technically feasible, to have it transmitted to another controller without any hindrance. This provision is applicable provided that the Data is processed by automated means and that the processing is based on the Entity’s consent, on a contract which the User is part of or on pre-contractual obligations thereof.
  • Lodge a complaint. Users have the right to bring a claim before their competent data protection authority.

The Rights to Object to Processing

Where Personal Data is processed for a public interest, in the exercise of an official authority vested in the Owner or for the purposes of the legitimate interests pursued by the Owner, Users may object to such processing by providing a ground related to their particular situation to justify the objection.

Users must know that, however, should their Personal Data be processed for direct marketing purposes, they can object to that processing at any time without providing any justification. To learn, whether the Owner is processing Personal Data for direct marketing purposes, Users may refer to the relevant sections of this document.

How to exercise these rights

Any requests to exercise User rights can be directed to the Owner through the contact details provided in this document. These requests can be exercised free of charge and will be addressed by the Owner as early as possible and always within one month.

Applicability of broader protection standards

While most provisions of this document concern all Users, some provisions expressly only apply if the processing of Personal Data is subject to broader protection standards.

Such broader protection standards apply when the processing:

  • is performed by an Owner based within the EU;
  • concerns the Personal Data of Users who are in the EU and is related to the offering of paid or unpaid goods or services, to such Users;
  • concerns the Personal Data of Users who are in the EU and allows the Owner to monitor such Users’ behavior taking place in the EU.

Security

We implement a variety of administrative, managerial, and technical security measures to help protect your personal information. Our Company has various internal control standards which relate specifically to the handling of personal information. These include certain controls to help safeguard the information we collect online. Our employees are trained to understand and comply with these controls and we communicate our Privacy Policy, practices and guidelines to our employees. However, while we strive to protect your personal information, you must also take steps to protect your information. We urge you to take every precaution to protect your personal information while you are on the Internet.

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

We may allow third party organization’s to set cookies using this website in order to deliver services.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded Content from other Websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Queries & Complaints

Affirma is committed to acknowledge, consider and respond to all queries and complaints that it receives from any natural person who believes is affected by Affirma’s processing of his / her data. To communicate such queries or complaints please contact us on info@affirmacy.com, and we shall seek to respond to the substance of your query as soon as practical, within a 30 day window as stipulated by GDPR. If despite our responses and actions to address your concerns, you are not satisfied, you have the right to address the matter to the Cyprus Data Protection Commissioner whose offices are at Jason street 1, 2nd Floor, Nicosia 1082. The Commissioner’s office can be reached on +357 22818456 and their email address is commissioner@dataprotection.gov.cy.

Amendments to this Policy

From time to time we may change our business activities and/or our policies and procedures with respect to the Processing of Personal Information. Where appropriate in these cases, we will, subject to applicable law, revise, supplement, or replace this Policy. When the Policy changes, we will post the substitute version and change the effective date listed at the beginning of the Policy.

When required by applicable law, however, we may provide you with advance notice of any changes to this Policy and with an opportunity to object to such changes. If you exercise your right to object, the changes will not become effective with respect to your Personal Information, but your ability to use our Services may be terminated or impaired. We will explicitly notify you of the consequences of the objection or non-objection to the extent and in the manner required by law.