PRIVACY POLICY

  1. OVERVIEW

Who we are:

We are Whitestreet Investments Limited, a company incorporated and organized under the laws of the Republic of Cyprus, having its registered office at 6 Ioannou Stylianou, Floor 2, Flat 202, 2003 Nicosia, Cyprus, registration number HE251754 (“Whitestreet”).

We are a company that combines real estate assets with digital technology, providing connected working spaces and meeting spaces, spaces for lease, operation of facilities for common use (such as gym, kitchen, restaurant), premises management, support and cleaning services and well as LABS Tower Members Club Card and other benefit arrangements (our “Services“) in LABS Tower, a building located at Foti Pitta 4, 1065 Nicosia, Cyprus (our “Building”).

We value your privacy and want to be transparent with you in the way that we collect and use your personal information.

All references in this Notice to “Whitestreet“, “our“, “us” or “we” refer to Whitestreet Investments Limited, or our affiliated companies, as appropriate, as controllers of your personal information.  All references in this Privacy Notice to our “Website” are to the website www.labstower.cy.

 

  1. WHO THIS PRIVACY NOTICE APPLIES TO

Visitors to our Website and people who contact us with enquiries;

Customers/tenants/licensees and users of our Services (including people who access our Building);

Prospective customers/tenants/licensees/users; and

Our suppliers and employees of our suppliers.

Depending on our relationship, we will collect and use your information in different ways.

 

  1. COLLECTION OF YOUR PERSONAL INFORMATION AND HOW WE USE IT

We process personal data that we receive from you or a party on your behalf (for example your employer or family member) in the context of our business. To the extent necessary and in order to provide our Services and comply with our contractual, policies and/or other obligations we also process personal information that may be obtained from publicly available sources.

 

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (known as “anonymous data”).

 

Some types of information are classified as ‘sensitive’ for the purposes of European data protection law and there are additional restrictions on how we may use and hold this information.

VISITORS TO OUR WEBSITE AND PEOPLE WHO CONTACT US WITH ENQUIRIES

What personal information we collect about you

We, or third parties on our behalf, collect and use personal information which may include:

  • your first and last name;
  • Passport/ID details (including without limitation number, gender, nationality, date of birth, place of birth) and residential address details;
  • your company name;
  • your company’s date and place of incorporation, registration number and registered office, directors, shareholders, beneficial owners and their personal information as provided herein with respect to individuals;
  • your email address;
  • your telephone number;
  • your or your company line of business;
  • your inquiry and/or general information about your interest in our Services;
  • information you provide when you communicate with us by email, fax, phone or otherwise contact customer service. These communications may be recorded for purposes of quality assurance and training; and
  • any updates to information provided to us.

The following information is created and recorded automatically when you visit our Website or download our content:

Technical information. This includes: The Internet protocol (IP) address used to connect your computer,  phone or other web-connected device to the internet address; the website address and country from which you access information; the files requested; browser type and version; browser plug-in types and versions; operating system; and platform. We use this personal information to administer our Website, to measure the efficiency of our systems and to undertake an analysis on the locations from which people access our webpages; and

Information about your visit to our Website (for example, the pages that you click on).  This may include the website you visit before and after visiting our Website (including date and time), time and length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, traffic data, location data, weblogs and other communication data and information provided when requesting further service or downloads.

The Website uses Google Analytics as an analytics tool. For more information you can see Google’s Privacy & Terms

How we use your personal information

We will collect, use and store the personal information listed above for the following reasons:

  • to allow you to access and use our Website;
  • to receive enquiries from you through the Website and to arrange tours;
  • for improvement and maintenance of our Website and to provide technical support for our Website;
  • to ensure the security of our Website;
  • to evaluate your visit to the Website and prepare reports or compile statistics to understand the type of people who use our Website, how they use our Website and to make our Website more intuitive. Such details will be anonymized as far as reasonably possible and you will not be identifiable from the information collected;
  • If you have provided a personal email address or mobile phone number and consented or, otherwise, if it is in our legitimate interests, for business development and marketing purposes, to contact you (including by email or post) with information about our Services which either you request, or which we feel will be of interest to you (including newsletters).

CUSTOMERS/TENANTS/LICENSEES AND USERS OF OUR SERVICES (INCLUDING PEOPLE WHO ACCESS OUR BUILDING)

We, or third parties on our behalf, may collect and use any of the following information about you or your family members:

  • first and last name;
  • Passport/ID details (including without limitation number, gender, nationality, date of birth, place of birth), and residential address details;
  • details and copies of the documents confirming right and legality of entering / staying / residing / working in Cyprus (such as residence / employment permit or visa);
  • email address;
  • telephone number;
  • your job title and related rights relevant to the Building (such as access rights, facilities use rights, LABS Tower Members Club Card benefits);
  • date of birth;
  • gender;
  • health information, such as dietary, accessibility, disabilities, medical conditions, and allergy information;
  • your company’s/employer’s name, line of business, date and place of incorporation, registration number and registered office, directors, shareholders, beneficial owners and their personal information as provided herein with respect to individuals;
  • card/bank/payment details;
  • information about your interest in our Services;
  • details about how you use our Services;
  • social media usernames/handles;
  • information provided for verification of identity or residence (including copies of passport  or other personal document, utility bill);
  • information you provide when you communicate with us by email, fax, phone or otherwise contact customer service. These communications may be recorded for purposes of quality assurance and training;
  • information provided when you or your family members access our rooms and buildings (including your photo, entry and exit times);
  • any updates to information provided to us;
  • personal information we collect about you or your family members that we obtain from our third-party sources;
  • CCTV recordings (when you or your family members visit our buildings);
  • information you provide to help us provide you with improved Services, for example if we ask you to fill in a survey or questionnaire;
  • information about your marketing preferences;

We note that we may request to be provided with and subsequently store, use and process “special categories” of sensitive personal information necessary for the provision of our Services. In such a case we will notify you at the point of collection and obtain your written consent to allow us to process certain sensitive data. Where we do so, we will provide you with full details of the information that we would need and the reason we need it, so that you can carefully consider whether you wish to consent.

How we use your personal information

We will collect, use and store the personal information listed above for the following reasons:

  • to provide you with our Services (including LABS Tower Members Club Card, Meeting Room bookings, access control, use of gym, kitchen, restaurant facilities and infrastructure, building services and Wi-Fi as well as for purposes of due diligence, payment and expense reporting and financial audits) and Website and otherwise comply with our contractual and other obligations;
  • to comply with our internal policies;
  • to deal with any enquiries you have about our Services and Website;
  • to provide support for any issues you might have with our Services or Website, and undertake improvement and maintenance of our Services and Website;
  • to send you certain communications (including by email) about our Services such as service announcements and operational messages (for example, about down time or maintenance);
  • to ensure your safety and security and that of others, by the use of CCTV;
  • to carry out statistical analysis and market research on people who may be interested in our Services;
  • with your prior consent, to post a client testimonial to our Website;
  • if you have provided a personal email address and consented or, otherwise, if it is in our legitimate interests, for business development and marketing purposes, to contact you (including by email or post) with information about our Services which either you request, or which we feel will be of interest to you (including newsletters).

 Information we need to provide Services to you

We need certain types of personal information so that we can provide Services to you and perform contractual and other legal and regulatory obligations that we have.

Therefore, in the context of our relationship we may need to collect personal information by law, or under the terms of a contract we have with you. Without this data, we may, in principle, not be in a position to close or execute a contract with you.

 

If you choose not to give us this personal information, it may delay or prevent us from meeting our obligations. It may also mean that we cannot perform services needed to efficiently provide you with our Services.

 

Any data collection that is optional would be made clear at the point of collection.

 

PROSPECTIVE CUSTOMERS/TENANTS/LICENSEES AND USERS OF OUR SERVICES

We, or third parties on our behalf, may collect and use any of the following information about you and your family members:

  • first and last name;
  • Passport/ID details (including without limitation number, gender, nationality, date of birth, place of birth), and residential address details;
  • details and copies of the documents confirming right and legality of entering / staying / residing / working in Cyprus (such as residence / employment permit or visa);
  • email address;
  • telephone number;
  • job title;
  • date of birth;
  • gender;
  • health information, such as dietary, accessibility, disabilities, medical conditions, and allergy information;
  • your company’s/employer’s name, line of business, date and place of incorporation, registration number and registered office, directors, shareholders, beneficial owners and their personal information as provided herein with respect to individuals;
  • general information about your interest in our Services;
  • information provided for verification of identity or residence (including copies of passport or other personal document, utility bill);
  • information you provide when you communicate with us by email, fax, phone or otherwise contact customer service. These communications may be recorded for purposes of quality assurance and training;
  • any updates to information provided to us;
  • if you attend our buildings, CCTV recordings
  • personal information we collect about you or your family members that we obtain from our third-party sources; and
  • information about your marketing preferences.

How we use your personal information

We will collect, use and store the personal information listed above as follows:

  • to enable us to provide you with our Services (including performance of due diligence) and otherwise comply with our contractual and other obligations;
  • to comply with our internal policies;
  • to respond to your enquiries and communicate with you;
  • to ensure your safety and security and that of others, by the use of CCTV; and
  • if you have provided a personal email address and consented or, otherwise, if it is in our legitimate interests, for business development and marketing purposes, to contact you (including by email or post) with information about our products and Services which either you request, or which we feel will be of interest to you (including newsletters).

OUR SUPPLIERS AND EMPLOYEES OF OUR SUPPLIERS

We, or third parties on our behalf, may collect and use any of the following information about you provided by you or a party on your behalf (for example your employer):

  • your first and last name;
  • your date of birth;
  • your gender;
  • company or personal contact information (phone number, postal address, and email address);
  • your job title;
  • your health information, such as dietary, accessibility, disabilities, medical conditions, and allergy information;
  • your company’s/employer’s name, line of business, date and place of incorporation, registration number and registered office, directors, shareholders, beneficial owners and their personal information as provided herein with respect to individuals;
  • information provided for verification of your identity or residence (including copies of your passport or other personal document, utility bill);
  • details and copies of the documents confirming right and legality of entering / staying / residing / working in Cyprus (such as residence / employment permit or visa);
  • information about your work records and suitability to perform certain functions (including CVs, reference letters, criminal record, medical certificates and test results);
  • information you provide when you communicate with us by email, fax, phone or otherwise contact customer service. These communications may be recorded for purposes of quality assurance and training;
  • any updates to information provided to us;
  • if you attend our Building, CCTV recordings;
  • if you attend our Building, information provided when you access our rooms and Building (including your photo, entry and exit times);
  • other information or documents that may be provided by your employer, including for safety and security reasons; and
  • personal information we collect about you from third party sources such as LinkedIn.

How we use your personal information

We will collect, use and store the personal information listed above for the following reasons:

  • to enable us to receive and manage services from you (including supplier due diligence, payment and expense reporting and financial audits);
  • to comply with our internal policies;
  • to deal with enquiries from you;
  • for health and safety records and management; and
  • for CCTV monitoring and other means of ensuring security of company facilities.

Information we need to receive Services from you

Please note that we need certain types of personal information so that you or your employer can provide services to us. If you do not provide us with such personal information, or if you or your employer ask us to delete it, we may not be in a position to receive services from you.

FURTHER INFORMATION ON HOW WE USE PERSONAL INFORMATION

Whatever our relationship with you is, we may also collect, use and store personal information for the following additional reasons:

  • to deal with any enquiries or issues you have about how we collect, store and use your personal information, or any requests made by you for a copy of the information we hold about you. If we do not have a contract with you, we may process your personal information for these purposes where it is in our legitimate interests for customer services purposes;
  • for internal corporate reporting, business administration, ensuring adequate insurance coverage for our business, ensuring adequate bank financing for our business, ensuring the security and safety of company facilities, research and development, and to identify and implement business efficiencies. We may process your personal information for these purposes where it is in our legitimate interests to do so;
  • to comply with any procedures, laws and regulations which apply to us – this may include where we reasonably consider it is in our legitimate interests or the legitimate interests of others to comply, as well as where it is necessary for us to do so in order to comply with our legal obligations; and
  • to establish, exercise or defend our legal rights – this may include where we reasonably consider it is in our legitimate interests or the legitimate interests of others, as well as where we are legally required to do so.

Cookies

Some pages on our Website use cookies or similar technologies, which are small files placed on your internet browser when you visit our Website. We use cookies in order to offer you a more tailored experience in the future, by understanding and remembering your particular browsing preferences.

Where we use cookies on our Website, you may block these at any time. To do so, you can activate the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies), you may not be able to access all or parts of our Website or to use all the functionality provided through our Website. The following links will help you to set your cookies settings on your browser:

For more information about our use of cookies or similar technologies, and how to control them, see our Cookies Policy.

Legal basis for use of your personal information

We consider that the legal bases for using your personal information as set out in this Privacy Notice are as follows:

  • our use of your personal information is necessary to perform our obligations under any contract with you (for example, to provide Services to you, to fulfil an order which you place with us, and/or to comply with our contract to provide services to or receive services from you or your employer); or
  • our use of your personal information is necessary for complying with our legal obligations; or
  • our use of your personal information is necessary to protect your vital interests of those of another person
  • we will process your personal information in some cases on the basis of your consent, including but not limited to:
    • where you or a party on your behalf provided us with your health information (for example, to ensure your safety and that of others and proper provision of the Services related to gym, kitchen, restaurant facilities);
    • where you provide a client testimonial to us; and
    • where you have provided a personal email address or mobile phone number to us and we request your consent to use these details for marketing purposes. Insofar as you have granted us consent to the processing of personal data for marketing purposes, the lawfulness of such processing is based on your consent. Any such consent granted, may be revoked at any time by contacting us (as per the below provisions).

If we rely on your consent for us to use your personal information in a particular way you may withdraw your consent at any time by contacting us at [email protected].

Where none of the above apply, use of your personal information is necessary for our legitimate interests or the legitimate interests of others (for example, to ensure the security of our Website), except where these interests are overridden by your interests. Our legitimate interests include to:

  • run, grow and develop our business;
  • operate our Website;
  • select appropriately skilled and qualified suppliers;
  • marketing, market research and business development;
  • provide efficient and effective Services to our customers and make and receive payment for such Services;
  • place, track and ensure fulfilment of orders with our suppliers;
  • ensure the safety and security of our Building, customers and personnel; and
  • for internal group administrative purposes.

Please note that we will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at [email protected].

 

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

 

  1. HOW AND WHY WE SHARE YOUR PERSONAL INFORMATION WITH OTHERS

We may share your personal information with our group companies where it is in our legitimate interests to do so for internal administrative purposes (for example, ensuring consistent and coherent delivery of our Services to our customers, corporate strategy, compliance, auditing and monitoring, research and development and quality assurance).

We will share your personal information with the following third parties or categories of third parties:

  • our service providers and sub-contractors, including but not limited to payment processors, suppliers of technical, software and support services, suppliers of catering, security, cleaning, customer relations management, booking and reservations management, administration services, insurers, legal advisers, logistic providers, and cloud service providers;
  • any legal, regulatory or governmental body that we are required to disclose information to, credit control and debt collection agencies;
  • companies that assist us in our marketing, advertising and promotional activities;
  • Analytics and search engine providers, including Google, that assist Us in the improvement and optimization of the Website.
  • group companies, who may have access to shared databases;

We take steps to ensure that any third parties with whom we share your personal information are subject to privacy and security obligations consistent with this Privacy Notice and applicable laws. Where the party to whom we share your personal information is a legal entity, we hereby affirm that we will take all reasonable steps and/or actions to confirm that the employees and/or representatives of such a third party will execute their duties in accordance with the highest industry standards and will comply with all provisions and requirements of the provisions of this Privacy Notice and the local laws and regulations on the protection of personal data (as amended from time to time) and GDPR and any legislation to success it or complement it.

We will also disclose your personal information to third parties where it is in our legitimate interests to do so to run, grow and develop our business, such as:

  • if we sell or buy any business or assets, we may disclose your personal information to the prospective seller or buyer of such business or assets; and
  • if substantially all of Whitestreet’s or any of its affiliates’ assets are acquired by a third party, in which case personal information held by Whitestreet will be one of the transferred assets;
  • if we are under a duty to disclose or share your personal information in order to comply with any legal or regulatory obligation, any lawful request from government, regulator or law enforcement officials or prevent illegal activity;
  • in order to enforce or apply our terms and conditions or any other agreement or to respond to any claims, to protect our rights or the rights of a third party or to prevent any illegal activity; or
  • to protect the rights, property, or safety of Whitestreet, our staff, our customers or other persons.

We may also disclose and use anonymized, aggregated reporting and statistics about users of our Website or our products and Services for the purpose of internal reporting or reporting to our group or other third parties, and for our marketing and promotion purposes. None of these anonymized, aggregated reports or statistics will enable our users to be personally identified.

 

  1. HOW LONG WE STORE YOUR PERSONAL INFORMATION

We keep your personal information for no longer than necessary for the purposes for which the personal information is processed.  

The length of time for which we retain personal information for depends on the purposes for which we collect and use it and/or as required to comply with applicable laws and to establish, exercise or defend our legal rights.

We will keep your personal information for as long as you are a client and/or otherwise a person enjoying our Services.

After you stop being a client and/or a person enjoying our Services, we need to keep your personal information for a period of at least 7 years. We will ensure that your privacy is protected and the data are used only for the above-mentioned purposes and in case the retention period needs to be extended we will inform you accordingly in advance.

  1. YOUR RIGHTS

You have certain rights in relation to your personal information. If you would like further information in relation to these or would like to exercise any of them, please contact us via email at [email protected] at any time. You have the following rights:

Right of access:  You have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and certain information as required by applicable law.

Right to rectify/update your information:  You have a right to have any of your personal information rectified for example where it is out of date or incorrect.

Right to delete/erase your information:  You have a right to have personal information which we are holding about you erased in certain specific circumstances.  You can ask us for further information on these specific circumstances by contacting us.

Right to restrict processing of your information: You have a right to have us restrict the way that we process your personal information in certain specific circumstances.  You can ask us for further information on these specific circumstances by contacting us.

Right to stop marketing: You have a right to have us stop using your personal information for direct-marketing purposes.  If you exercise this right, we will stop using your personal information for this purpose.

Right to data portability: You have a right to data portability which includes a right to have us provide your personal information to a third- party provider of services.  This right only applies where we use your personal information on the basis of your consent or performance of a contract with you and where our use of your information is carried out by automated means.

Right to object:  You have a right to object to our use of your personal information where we process your personal information on the basis of our or another person’s legitimate interest subject as more particularly provided by applicable law.

Right to withdraw consent: In case the processing of the data is performed subject to your consent, you may withdraw consent at any time where we are relying on consent to process your personal data. However, we note that this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or Services to you. We will of course advise you if this is the case at the time you withdraw your consent.

We will consider all requests to exercise your rights and provide our response without undue delay (and in any event within one month of your request unless we tell you we are entitled to a longer period allowed by applicable law).

Certain personal information may be exempt from such requests in certain circumstances, for example if we need to keep using the information to comply with our own legal obligations or to establish, exercise or defend legal claims. If an exception applies, we will tell you this when responding to your request. 

We may request you provide us with information necessary to confirm your identity before responding to any request you make.

Note that we may charge you with an administrative fee, in cases where requests are deemed manifestly unfounded or excessive, in particular because of their repetitive character.

 

  1. MARKETING

We will obtain your consent to send direct marketing communications where we are required to do so by law (for example, if you have provided a personal email address to us) and if we intend to disclose your personal information to any third party for such marketing.

If you wish to stop receiving marketing communications, you can do this by clicking the “unsubscribe” link at the bottom of any email from us, or by contacting us at [email protected].

 

  1. WHERE WE MAY TRANSFER YOUR PERSONAL INFORMATION

Your personal information may be used, stored and/or accessed by staff operating outside of the European Economic Area (EEA) working for us, other members of our group or suppliers where this is required for us to provide the Services to you or otherwise to process your personal information as contemplated by this Privacy Notice.

If we provide any personal information about you to any such non-EEA members of our group or suppliers, we will take appropriate measures to ensure that the recipient protects your personal information adequately in accordance with this Privacy Notice.  These measures may include:

  • Relying on an adequacy decision (including in relation to the UK, Israel);
  • In the case of entities based outside the EEA, entering into approved standard contractual arrangements with them; or
  • The transfer is necessary for the performance of a contract with you (e.g., to implement a payment instruction).

Further details on the steps we take to protect your personal information in these cases is available from us on request by contacting us by email at [email protected] at any time.

 

  1. HOW WE KEEP YOUR PERSONAL INFORMATION SECURE

Whitestreet is committed to protecting your personal information from loss, theft and misuse.  We take all reasonable precautions to safeguard the confidentiality of your personal information, including through use of appropriate organisational and technical measures.

In the course of provision of your personal information to us, your personal information may be transferred over the internet.  Although we make every effort to protect the personal information which you provide to us, the transmission of information between you and us over the internet is not completely secure. As such, you acknowledge and accept that we cannot guarantee the security of your personal information while it is transmitted in this way and that any such transmission is at your own risk. Once we have received your personal information, we will use strict procedures and security features to prevent unauthorised access to it.

From our part we have put in place appropriate security measures to minimize the risk of your personal data being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

 

  1. SOCIAL MEDIA AND LINKS TO OTHER WEBSITES

Our Website includes social media features, such as the Facebook or Instagram “sharing” or “follow” buttons; and may contain links and pages to other websites operated by third parties.

Please note that this Privacy Notice applies only to the personal information that we collect through our Website and Services and we cannot be responsible for personal information that third parties may collect, store and use through third party features and websites.  You should always read the privacy notice of each website you visit carefully.

 

  1. CHILDREN’S PRIVACY AND ELIGIBILITY

The Services are not directed or intended for individuals under the age of 16, and we do not knowingly collect or solicit information from children. If we become aware that a child under that age has provided us with personal information, we take steps to remove such information from our servers. If you are aware that a child has provided us with personal information, please contact us at [email protected]

 

  1. TO WHAT EXTENT WE CARRY AUTOMATED DECISION MAKING AND PROFILING

In establishing and carrying out a business relationship, we generally do not use automated decision-making. If we use this procedure in individual cases, we will inform you of this separately.

 

  1. CHANGES TO OUR PRIVACY NOTICE

We may update our Privacy Notice from time to time. Any changes we make to our Privacy Notice in the future will be posted on this page and, where appropriate, notified to you by post or email. Please check back frequently to see any updates or changes to our Privacy Notice.

 

  1. FURTHER QUESTIONS OR HOW TO MAKE A COMPLAINT

If you have any queries or complaints about our collection, use or storage of your personal information, or if you wish to exercise any of your rights in relation to your personal information, please contact us at [email protected] or write to us at Whitestreet Investments Limited, 6 Ioannou Stylianou, Floor 2, Flat 202, 2003 Nicosia, Cyprus. We will investigate and attempt to resolve any such complaint or dispute regarding the use or disclosure of your personal information.

You also have the right to complain to an applicable data protection supervisory authority – for the purposes of Cyprus the relevant authority is the Office of the Commissioner for Personal Data Protection (http://www.dataprotection.gov.cy/).

This Privacy Notice was last updated on 25 August 2021