Privacy Policy

Privacy Policy

As of: 22 July 2019

Who are we?

We would like to assure you that the collection and processing of your personal data by Gunvor Group Ltd (“we”, “our”, “us”) as per the below will be always in full compliance with the EU General Data Protection Regulations 2016/679 (“GDPR”) and other applicable privacy laws.

You can find more information about our activities by clicking on the page “Who we are”.

This Privacy Policy applies to our website switch to the websites of other operators, their own data protection regulations and policies will apply.

This Privacy Policy (“Policy”) sets out how we collect, use, disclose and retain any personal data collected and how individuals (“you”, “your”) may interact with us about it.

On what legal basis do we collect your personal data?

You can visit our website without disclosing your identity. The collection and processing of your personal data takes place for the following purposes, in accordance with Art. 6 GDPR:

  • when necessary for our legitimate business interests given that it is not overridden by your rights;
  • based on your consent, when you use the online contact form or accept cookies; or for additional purposes not mentioned here;
  • necessary to fulfil our legal obligations.

For what purpose do we collect your personal data?

  • to enable the use of and connection to our websites;
  • to ensure that our websites function properly;
  • to ensure the security and stability of the system;
  • to enable us to optimize your online experience;
  • to compile statistics;
  • to interact with you where needed (ex. Contact form).

What kind of personal data do we collect and why?

Personal data is any information relating to an identified or an identifiable natural person who can be directly or indirectly identified by reference to an identifier.

Personal data includes, for example, information such as your name, location data, online identifier, address, telephone number and date of birth. Statistical information that cannot be directly or indirectly associated with you – such as measuring traffic on our website – is not considered personal data. In any case, your personal data is collected only to the extent necessary: it will be processed solely for the purposes mentioned above.

In addition, the use of our website may result in indirect personal data processing about you, for example:

  • technical connection data, such as the visited page of our website, your shortened IP address, date and time of the visited and the type of terminal used;
  • data collected as part of the website management and security purposes.

How do we collect your personal data?

Your personal data is obtained via the Contact form or otherwise on our website, emails, phone calls/voicemail; when initial requests or enquiries are made and subsequently processed by our teams. Such contact may be made directly or indirectly.

We could also collect your personal data when you apply directly for any individual jobs via our contact details on the Culture & Jobs page on our website. Interested applicants can also use our LinkedIn page in case of specific opportunity.

Our website is not intended for minors and we do not knowingly collect personal information from minors. If persons under the age of 16 transfer personal data to us, it will only be processed if the parent or guardian/legal representative has consented or validated the minor’s consent. For this purpose, the contact details of the legal representative must be communicated to us in accordance with Art. 8 para. 2 GDPR.

Do we share your personal data with third parties?

We may share the personal data you provide to us within the Gunvor Group, always in accordance with the GDPR and any other applicable privacy laws.

We may perform some of our operations by relying on third-party suppliers. The personal data that you provide may be shared with these suppliers in order to enable them to perform the required tasks. However, these suppliers are required to exclusively use the received information for the respective services on behalf and as instructed by us and they are obliged to comply with the applicable data protection regulations.

Third parties may have access to your personal data without your consent if there is a legal basis for it.

How do we transfer your personal data?

Where a data transfer may be necessary, we will take necessary steps to ensure that your personal data has the level of protection required by the GDPR. We will notify you and seek your consent to processing, in each case if required.

In any situations where a job application is received for another location outside of our job vacancy designated jurisdiction, that application will be transferred, via email to the appropriate location for processing. In case of transfer to an entity located outside the European Economic Area we will act appropriately to ensure the personal data has the level of protection as required by the GDPR.

Where is your personal data stored?

We store your personal data in various locations and with different service providers (i.e. external datacenters).

How long will your data be stored for?

As a matter of principle, personal data is retained (1) for as long as needed to achieve the purposes as described in this Policy, or (2) if we have another legal basis that requires a longer storage period.

We will delete or anonymise personal data (or equivalent) once they are no longer necessary to achieve the purposes for which they have been collected, subject however (i) to any applicable legal or regulatory requirements to store personal data for a longer period, or (ii) to establish, assert, exercise and/or defend actual or potential legal claims, investigations or similar proceedings, including legal holds.

Your privacy rights

You have the right, subject to the applicable local data protection legislation, to:

  • request access to, and receive a copy of, the personal data we hold about you (‘Right to access’, Art. 15 GDPR);
  • if appropriate, request rectification or erasure of the personal data that are inaccurate (‘Right to rectification’, (Art. 16 GDPR);
  • request the erasure of the personal data, subject however to applicable retention periods (‘Right to be forgotten’, Art. 17 GDPR);
  • request a restriction of processing of the personal data where the accuracy of the personal data is contested, the processing is unlawful, or if the Data Subjects have objected to the processing (‘Right to restriction of processing’, (Art. 18 GDPR);
  • object to the processing of the personal data (‘Right to object’, Art. 21 GDPR);
  • receive the personal data in structured, commonly used and machine-readable format (‘Right to data portability’, Art. 20 GDPR);
  • complain in relation to the processing of the personal data and, absent a satisfactory resolution of the matter, file a complaint in relation to the processing of the personal data with the relevant European data protection supervisory authority.

If you object to the processing of your personal data, we will no longer process the personal data unless we have compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

Subject to the limitations set forth herein and/or in applicable local data protection laws, you can exercise the above rights free of charge by contacting us at: [email protected]

How do we protect your personal data?

We have established the security in accordance with the GDPR principles. The measures taken are technical and organizational measures relating to data security in order to guarantee an adequate level of protection regarding confidentiality, integrity, availability of the data and resilience of the systems.

Technical measures are those that directly involve the IT system. Organizational measures, on the other hand, are related to the system’s environment and processes; and particularly to the people using it. The combination of both types of measures can prevent data from being destroyed or lost by mistakes, fakes and unauthorized access from occurring.

These measures are part of the life cycle of our organisation and are implemented at every level of the system. Furthermore, security is an ongoing process, not a static element. In this perspective, the technical and organizational measures are subject to technical progress and further development as risks and threats do.


We use Google Analytics, a web analytics service made by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are small text files are placed on your computer’s hard drive when visiting our website. Once you agree for the file to be added, the cookie helps analyze web traffic or your visit/use of a particular website (including your IP address) and will be transmitted and stored by Google servers. This web application gather data on your interests and save your personal preferences. By doing so, you do not have to re-enter your preferences each time you visit the website.

Cookies help us to provide you with a better website, by enabling us to monitor which pages of our website that you find useful and which you do not. Cookies do not provides us with access to your computer.

We will not use this information in connection with any personally identifiable information you have provided. Before cookies are placed on your computer or device, you may choose to accept or decline, following an automatic prompt which will appear requesting you to do so.

Most web browsers automatically accept cookies by default, but you can modify your browser setting to decline cookies if you would prefer, however this may prevent you from availing full advantage of our website.

Please keep in mind that in case of complete cookies removal from your browser, you may have to reset this when you visit our website again. Cookies are also browser specific, which means they must be set separately for each browser you use on each device you use.

Reviews/changes to this Policy

We reserve the right to review this Policy periodically and where necessary, due to changes in business operations or data protection regulations or applicable employment legislation. Any updated version of this Policy will be uploaded on our website. By doing so, you are consistently aware of what and how data is processed. We recommend that you check our website from time to time to ensure that you remain satisfied with any such changes at time you send us new or additional information. You will find the date of the latest version at the beginning of the present Policy.

Further information

Feel free to contact us for more information. In addition to the Contact page on our website, should you have any enquiries, concerns or requests regarding this Policy, how your personal data is processed, please use the contact details below. You can address your questions, comments or request regarding privacy.


Gunvor Group Ltd

48 Themistokli Dervi Avenue, Athienitis Centennial Building, Flat/Office 501, 1066 Nicosia, Cyprus

E-mail: [email protected]