Privacy Policy Statement

SPS SECURITY, from now on referred to as ‘the company’, is a private security company that provides security services such as safeguarding, cash in transit (CIT), patrolling, monitoring and alarm receiving center, cash counting, processing and storage services, Very Important Persons’ escort and protection services (VIP Protection), the installation of deposit machines as well as cleaning services, from now on referred to as ‘Services’. Any party affected, in order to exercise any of their rights or for further clarifications regarding the usage of personal data, may contact the company's Data Protection Officer – DPO with the following contact details:

  • SPS Private Security Services Ltd
  • Data Protection Officer
  • 6 Theotoki, 1055 Nicosia
  • P.O. Box 27339, 1644 Nicosia, Cyprus
  • Tel. No.: 22265200
  • Fax: 22751023
  • E-mail address:

Statement of Commitment

SPS Security is committed to protecting the privacy of its personnel, customers and associates while handling their personal data in a transparent manner. The personal data collected and/or processed by the company is strictly associated with the provision of its services.

The company will protect personal data in accordance with the Privacy Policy and in accordance with the legal and regulatory framework, including the Law Providing For The Protection Of Natural Persons With Regard To The Processing Of Personal Data And For The Free Movement Of Such Data as amended from time to time and the General Data Protection Regulation 2016/679 – GDPR.

The Personal Data that the Company Processes and on what Grounds

The company is obliged to collect the minimum amount of personal data possible from its customers/associates and personnel, data obtained in the context of the provision of services that is in accordance with the current customer/associate contract or in the context of the employer - employee relationship. The personal data collected, without restriction, is namely: mobile phone number, work telephone number, fax number, personal e-mail address and/or work e-mail address, home address (where appropriate), work address, professional data such as work title/ranking/occupation field, call logs (incoming and outgoing), installation of geolocation systems (where appropriate), recording of images from a closed circuit television and bank data.

It is necessary that the specific personal data is retrieved, processed and stored in a file for:

  • the implementation of any contract between the company and the customer/associate/personnel
  • the facilitation of communication between the company and the customer/associate, due to customer or other relationship
  • proof of the existence of a specific conversation and its specific content
  • the protection of the company's personnel, assets and clientele

Provided that the client/associate/employee have given their explicit and specific consent to the processing of personal data for specific purposes other than those mentioned above, the legality of this processing is based on that particular consent.

The client/associate reserves the right to withdraw their consent at any time. However, any revocation will not affect the legality of the data processing prior to the revocation.

In addition to the abovementioned, where deemed needed, the company may collect and manage data beyond what is necessary to perform its contractual and/or legal obligations, to protect its legitimate interests or the legitimate interests of third parties related to the company.

The data and/or information are processed accordingly regarding the business and/or commercial interests of the company, taking into account the interests, fundamental rights, freedoms and reasonable expectations of its customers/associates/personnel.

Such types of processing may be:

  • The creation of legal claims and defending the company in legal and judicial proceedings
  • Market and services quality research for the company, provided that the customer or associate has not objected to the processing of their data for this purpose.
  • Processing for the protection of copyright (photos and videos for advertising and promotional material of the company in printed and electronic form).
  • For the purposes of determining credit risks, consultation and data exchange with creditworthiness mechanisms (Artemis).
  • Consultation and exchange of data with the Police, for the purposes of risk management and protective measures against criminal acts.
  • Processing to prevent theft, various crimes prevention and investigation in cooperation with the Police.
  • Taking all necessary measures and undergoing the right procedures for security reasons (closed video surveillance circuit, access control system and measures against trespassing on company property).

Personal Data Recipients

Within the company, the personal data of those that are subject to being processed, undergo the relevant processing only by the departments and/or the personnel of the company that have the duty to do so due to the nature of their work that is to process them and have signed a relevant agreement of non-disclosure and confidentiality with the company, provided that it is necessary for the fulfilment of the contractual and legal obligations of the company or when consent has been granted by the customer/associate/personnel for that specific processing or where the company partakes a legal interest.

Customer/associate personal data may be obtained by service providers and/or suppliers with whom the company has entered into contractual relations, through which they undertake to maintain confidentiality and data protection in accordance with the applicable legal data protection framework, always with the associated party’s consent. Under no circumstances will the company disclose personal data of its customers/ associates/personnel to third parties, for the purposes of their own commercial promotion and/or advertising.

The company may disclose the personal data of its customers/associates/ personnel to a government authority, in the specific case of having a legal obligation to do so or when this is permitted by specific legislation or when consent to do so is granted by the customers/associates/ personnel or when there is a court order that dictates to do so.

The Police may also receive personal data of the company’s customers/ associates when during the proceedings of the execution of our contract, the police must be notified due to malicious actions and actions against the property of the customers/associates and the security of both the individuals as well as their property.

Personal Data Protection Time Frame

Due to the reasons described above, personal data will be kept by the company in physical and electronic form for the amount of time that the contract between its customer/associate/ personnel indicates, unless otherwise stated by the law which forces the company to maintain this data and if the company deems it appropriate to establish, exercise and support relevant legal claims.

The company undertakes to carry out the appropriate technical and organizational measures for the security of the personal data of its customers/associates/ personnel during the time they are being stored by the company.

Automated Decision Making Process

Automated decision-making takes place when an electronic system processes personal data for decision-making without human interference. The company does not apply such a procedure and in case such a procedure is implemented the customers/associates/ personnel will promptly be informed.


Cookies are small text files that are sent and stored on an electronic device used when visiting a website. The company does not apply such a procedure and in case such a procedure is implemented the customers/ associates/ personnel will promptly be informed.

The rights provided by the Legislation/Regulation to the customer/associate of the company include the following:

To have access to personal data. This allows you to receive a copy of the personal data held. In order to request and receive the relevant copy, the customer/associate may contact the company.

To request the correction of personal data kept. This allows the correction of any incomplete or inaccurate data.

To request the removal of personal data which concern them (known as the "right to be forgotten"). This allows them to request that personal data be deleted when it is believed that the company does not want to continue to adhere to it, unless the company is acting legitimately through other ways.

To oppose the observance of the personal data kept (known as the "right of objection") when there is something unique regarding the situation of the client/associate, which calls for the need to oppose their observance. If the customer/associate files an objection, the personal data kept for the specific customer/associate will no longer be kept by the company unless the company is able to prove that the processing is done in a lawful manner, which prevails over their interests, rights and freedoms. They also reserve the right to object in the event that the processing is done for the purpose of promoting the company's services.

To request a restriction on the processing of personal data. This grants them the right to request that the processing of personal data be restricted, i.e. that they be used by the company only under certain circumstances, provided that:

  • it is inaccurate, until their accuracy is eastablished
  • it has been illegally used but does not wish its removal
  • it is no longer needed, but wishes for it to be kept for use in possible legal claims,
  • the company has already been asked to suspend its compliance with relevant personal data regulations, but is currently waiting for confirmation of the existence of legal reasons to be justified.

To demand to receive a copy of the personal data related to them in a structured, commonly used and machine-readable format, to transfer this data to other organizations and/or companies or for any personal use. They also have the right to request the transfer of their personal data, directly from the company to other organizations and/or companies they will name (known as the right to data portability).

To revoke the consent they had given for the processing of their personal data at any time. It should be noted that any revocation of the consent does not affect the legality of the processing based on the consent, before it is withdrawn or revoked by the customer/associate.

In order to exercise any of the rights or if there are any other questions regarding the use of the personal data of the company's customers/ associates, the customer/associate of the company may contact the company via phone or the e-mail email address

The right to file a complaint to the supervisory authority.

If any or all of the rights regarding personal data protection have been exercised but the company's customer/associate still has concerns about how their personal data is stored or has not been adequately handled by the company, they have the right to file a complaint with the Data Protection Officer of the company, by calling the company’s telephone number or sending e-mail using the following address:

You also reserve the right to file a complaint with the Office of the Commissioner for Personal Data Protection.

Alterations to the current Privacy Policy

The company reserves the right to always modify/revise this Policy at a time when the company deems it necessary. In the event that the company makes a change/modification to its relevant policy, its customers/ associates will instantly be notified and the date of modifications will be accordingly revised.

The company recommends that its customers/associates regularly review this specific policy of the company so that they remain aware of how the company processes and protects their personal data.