1. Introduction
1.1
We, MICHAELIDOU & CONSTANTINOU L.L.C, take privacy, and the security of your personal data, very seriously, and the directors are committed to ensuring that we safeguard your personal data at all times and in the best way possible.
This Privacy Policy does not apply to any third party websites that may have links to our own website.
Key terms
It would be helpful to start by explaining some key terms used in this policy:
|
We, us, our, the Firm |
MICHAELIDOU & CONSTANTINOU L.L.C |
|
|
Personal data |
Any information relating to an identified or identifiable individual |
|
|
Processing |
means any operation or actions performed on personal data; for example collection, recording, organisation, structuring, storing, altering, deleting or otherwise using personal data. |
|
|
Special category personal data |
Personal data revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership, Genetic data, Biometric data (where used for identification purposes), Data concerning health, sex life or sexual orientation |
|
|
you, yours, data subject |
The individual who the personal data relates to |
|
1.2
This privacy policy contains important information for you. It explains:
1.2.1
who we are;
The Firm is a boutique law firm in Cyprus operating out of its offices at Kallipoleos 17, Office 303, Nicosia. The Firm is dedicated to protect personal data. We apply high standards of conduct with regards to privacy issues. Our Firm makes certain that its employees and servants are delivered with the appropriate training in order to handle personal data promptly and in accordance with the applicable laws. Furthermore, the Firm makes sure that all parties with whom it co-operates apply the same high standards with regards to data protection and privacy as the Firm. The firm does not usually give acces to data to third parties and also it does not usually transfer data outside Cyprus. In case this is required to be done we will do so in full compliance with the provisions of the applicable legislation and inform you accordingly as provided by the applicable laws and regulations.
1.
1.2.2
what personal information we collect about you;
The Firm processes data in the context of providing legal and other services to its clients. The categories of data it may collect and process, according to the particulars of each case, include:
• contact details (including names, postal addresses, email addresses and telephone numbers);
• information required by the Firm to meet legal and regulatory requirements, in particular in respect of anti-money laundering legislation, including information on source of funds and source of wealth;
• information provided in the course of the provision of legal and other services (for example,
· information on professional relationships and background, financial wealth and assets held,
· transactions entered into, tax status, disputes and court proceedings engaged in);
• financial information, such as payment related information;
• meetings attended and visits to our offices;
• any other information you may provide to the Firm.
Important notice on Special Category Data
In certain instances, the personal data that the Firm processes may include "Special Category Data" (which includes information on a person's race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data processed for the purpose of uniquely identifying a natural person, health data, data on a person's sex life or sexual orientation or data relating to a person's criminal record or alleged criminal activity). In such instances, legal bases for processing that data may include explicit consent (where the Special Category Data has been provided to the Firm by the data subject for any of the above-listed purposes) or the processing is being necessary for compliance with a legal obligation or for the purposes of legal proceedings or legal advice.
The table below sets out the personal data we will or may collect in the course of providing services to you.
|
Personal data we will collect |
Personal data we may collect depending on why you have instructed us |
|
Your name, address and telephone number Information to enable us to check and verify your identity, eg your date of birth or passport details Electronic contact details, eg your email address and mobile phone number Information relating to the matter in which our client isseeking our advice or representation Information to enable us to undertake a credit or other financial checks on you Your financial details so far as relevant to your instructions, eg the source of your funds if you are instructing on a purchase transaction Information about your use of our IT, communication and other systems, and other monitoring information, eg if using our secure online client portal |
Your National Insurance and tax details Your bank and/or building society details Details of your professional online presence, eg LinkedIn profile [Details of your spouse/partner and dependants or other family members, eg if you instruct us on a family matter or a will] [Your employment status and details including salary and benefits, eg if you instruct us on matter related to your employment or in which your employment status or income is relevant. ] [Your nationality and immigration status and information from related documents, such as your passport or other identification, and immigration information, eg if you instruct us on an immigration matter. ] [Details of your pension arrangements, eg if you instruct us on a pension matter or in relation to financial arrangements following breakdown of a relationship] [Your employment records including, where relevant, records relating to sickness and attendance, performance, disciplinary, conduct and grievances, e.g. if you instruct us on matter related to your employment or in which your employment records are relevant.] [Your racial or ethnic origin, gender and sexual orientation, religious or similar beliefs, e.g. if you instruct us on discrimination claim. ] [Your trade union membership, eg if you instruct us on a discrimination claim or your matter is funded by a trade union.] [Your medical records, e.g. if we are acting for you in a personal injury claim.]
|
We collect and use this personal data to provide services to you. If you do not provide personal data we ask for, it may delay or prevent us from providing those services1.2.3
how, when and why we collect, store, use and share your personal data;
We make sure that all data collected and processed is relevant to one or more one or more processing activities. Under no circumstances do we collect or process more or less data that are reasonably nessesacry in order to achieve the propose of each processing activity. Furthermore, for each purpose of processing, there is always at least one lawful basis to secure that the rights of individuals are safeguarded by all means.
The purposes of processing and the lawful basis of each processing activity are the following:
|
To establish a client relationship and for providing the services of the Firm |
In cases where an individual has been provided with this Privacy
Notice and provides personal data thereafter, the processing may be carried
out on the basis of consent. Consent may be withdrawn at any time by writing
to constantinou.a@cymclawyers.com
|
|
For identity verification
and record and for |
purpose of
uniquely identifying a natural person, health data, data on a person's sex
life or sexual orientation or data relating to a person's criminal record or
alleged criminal activity). In such instances, legal bases for processing
that data may include explicit consent (where the Special |
|
To meet all legal, regulatory and ethical |
Processing is
necessary for compliance with a legal obligation to which the Firm is subject
or for the exercise of functions of public authorities It is in the
legitimate interests of the Firm as a provider of legal services to process
data to the extent necessary to ensure that it meets all legal, |
|
For the purposes of internal know-how and |
It is in the legitimate interests of the Firm as a provider of legal services to process data for internal know how and staff training. |
|
To follow up on comments, enquiries and |
In cases where
an individual has been provided with this Privacy Notice and provides
personal data thereafter, the processing may be carried out on the basis of
consent. Consent may be |
|
To promote, improve and further the provision |
In cases where
an individual has been provided with this Privacy Notice and provides personal data thereafter, the processing may be carried out on the basis of consent. Consent may be withdrawn at
any time by writing to
|
|
For marketing purposes including sending |
In cases where
an individual has been provided with this Privacy Notice and provides
personal data thereafter, the processing may be carried |
|
Any other purpose(s) which has been agreed by |
|
|
Collection of data when consent is not required by law |
As lawyers we should advise our clients on whether they could file an action or take legal measures and also to take legal actions against other people. In this content we will collect only the necessary data in order to advise our client and or in order to take legal measures. Those data other than the element of consent will be treated in the same way that all other data under this policy |
We collect most of the above information from you. However, we may also collect information:
• from publicly accessible sources, e.g. Registrar of Companies;
• directly from a third party, e.g.:
– sanctions screening providers;
– credit reference agencies;
– client due diligence providers;
• from a third party with your consent, e.g.:
– your bank or building society, another financial institution or advisor;
– your employer and/or trade union, professional body or pension administrators;
– your doctors, medical and occupational health professionals;
• via our website—we use cookies and similar technologies on our website (for more information on cookies, please see our [insert link] cookie policy)
• via our information technology (IT) systems e.g.:
– via our case management, document management and time recording systems;
– from door entry systems and reception logs;
– through automated monitoring of our websites and other technical systems, such as our computer networks and connections, CCTV and access control systems, communications systems, email and instant messaging systems;
1.2.4
how we keep your personal data secure;
The sources of data may include clients, intermediaries, data subjects directly, third parties connected to the data subject (for example, their employer or another service provider who provides services to the data subject) or open-source material. Reasonable endeavours are made to ensure that data is only accessible by those with a need for access to fulfil the purposes set out above. Requests for access to be restricted in any particular manner should be made to info@cymclawyers.com and will be considered and, where possible with reference to legal and regulatory obligations, actioned.
The following is a list of potential recipients of data (in each case including respective employees, directors and officers):
• employees of the Firm who are acquainted with the GDPR and have signed the Firm’s Confidentiality and Non-Disclosure Statement of the Firm;
• other service providers (legal, governance or otherwise, including any bank or financial institution providing services in relation to any matter on which the Firm is instructed) where disclosure to that provider of services is considered necessary to fulfil the purposes set out above;
• any sub-contractors, agents or service providers of the Firm;
• courts or tribunals;
• law enforcement agencies where considered necessary for the Firm to fulfil legal obligations applicable to it;
• regulators or other governmental or supervisory bodies with a legal right to the material or a legitimate interest in any material;
• any registrar of a public register where the data is to be included in a public registry.
Unless expressly declared in this Privacy Notice or with the prior consent of the individual, personal data collected from an individual will not be disclosed to any third party other than the above-named parties.
Where the Firm is entering into an engagement with a third party pursuant to which data may be processed by that third party, the Firm will seek to enter into an agreement with that third party setting out the respective obligations of each party and it will seek to be reasonably satisfied that the third party has measures in place equal to those of the Firm to protect data against unauthorised or accidental use, access, disclosure, damage, loss or destruction. In the event that any such third party is outside of the European Union and where the data being transferred would include personal data which would be protected under applicable Data Protection regulation the Firm will ensure that it meets the relevant requirements of that Data Protection
regulation prior to carrying out any such transfer. This may include only transferring the data where
the Firm is satisfied that:
• the non-European Union country has Data Protection laws similar to the laws in the European Union;
• the recipient has agreed through contract to protect the information in the same Data Protection standards as the European Union;
• we have obtained consent from relevant data subjects to the transfer;
• if transferred to the United States of America, the transfer will be to organizations tha the transfer will be to organizations that are part of the Privacy Shield
1.2.5
how and for how long we keep your personal data;
We have put in place appropriate security measures to prevent your personal data from unauthorized access, use, disclosure, alteration or destruction in accordance with data protection law requirements.
In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business that need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We will not keep your personal data for longer than we need it for the purpose for which it was collected or as required by law.
As a general rule, we will keep your personal data for up to seven years from the conclusion of your matter or termination of our business relationship. However, different retention periods apply for different types of personal data and for different services and your data may be kept for longer than seven years.
After the fulfilment of the purposes
for which the personal data was collected, such data
will be destroyed, and a Destruction Certificate
will be retained in the Firm’s records, unless
destruction is prohibited for legal, regulatory or technical reasons.
Any requests for further information in
relation to the continued processing of specific data and
requests for destruction of data should be made to
info@cymclawyers.com.
1.2.6
your rights in relation to your personal data, and how to contact us, or the relevant supervisory authorities, should you have a complaint.
You have certain rights in respect of their personal data. Any such data subject wishing to exercise any rights under applicable data protection laws (including the right to withdraw any consent to processing previously given; the right of access to data; or to have data corrected, updated, rectified or erased; or for access to data to be restricted or provided to any third party; or to object to any particular processing; or to lodge a complaint with the relevant supervisory authority; or the right o data portability) should send the request in the first instance to constantinou.a@cymclawyers.com . In response to such requests, the Firm reserves the right to require the individual making the request to provide certain details about himself/herself so that the Firm can validate that the individual is indeed the person whom the data refers to. The Firm is required to respond to the request of the
1.3
Marketing
We may use your personal data to send you updates (eg by email, text message, telephone, post or social media channels) about our services, including exclusive offers, promotions or new services.
We have a legitimate interest in using your personal data for marketing purposes (see above ‘How and why we use your personal data’). This means we do not usually need your consent to send you marketing information. Where this is not the case, we will always ask for your consent.
In all cases, you have the right to opt out of receiving marketing communications at any time by:
• contacting us at constantinou.a@cymclawyers.com ;
• using the ‘unsubscribe’ link in emails or ‘STOP’ number in texts; or
We may ask you to confirm or update your marketing preferences if you ask us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.
We will always treat your personal data with the utmost respect and never sell or share it with other organisations for marketing purposes.
1.4
If you have any questions about the use to which we put your data, please email us at constantinou.a@cymclawyers.com
1.5
This policy applies in all circumstances, but in particular where you (or someone or an organisation on your behalf):
1.5.1
instruct us to act on your behalf and/or to provide you with advice and/or information;
1.5.2
enquire about instructing us;
1.5.3
visit our website;
1.5.4
submit an enquiry, make contact with us or sign-up to receive our newsletter;
1.5.5
request information from us or provide information to us; and
1.5.6
attend events or seminars hosted by us.
1.5.7
When you are the counter party of our client and those data are the minimum required in order to fulfill our obligations
1.6
This policy will also apply where we:
1.6.1
conduct searches about you on public sources in connection with our marketing or business acceptance processes;
1.6.2
agree to provide legal services to you or to the organisation for whom you work; or
1.6.3
add you to a mailing or marketing list.
1.7
In other words, this policy will apply where we are acting as a data controller in relation to your personal data, and where we have a supervisory role in relation to how personal data is collected, stored, used and shared.
1.8
Please note that in general the services that we provide are not principally aimed at children. This is because children are generally represented by their parent(s) or guardian(s). If you are a child and you require further advice or explanation about how we will use your data, or if you represent the interests of a child and you would like the child to receive further advice and explanation, please contact us using the details set out in paragraph 1.4 above.
1.9
Please note that we use cookies on our website. Therefore, this policy should be read in conjunction with our cookie policy.
1.10
We are committed to preserving the privacy of your data so that we can:
1.10.1
deliver services of a high quality to all our clients;
1.10.2
at all times comply with the law and the various regulations that we are subject to;
1.10.3
preserve the confidentiality of your personal data in compliance with the provisions set out with the laws and regulations of our profetion and
1.10.4
meet the expectations of customers/clients, employees and third parties; and
1.10.5
protect our reputation.
Your personal data
2.1
We may collect, store, use and share personal data relating to you in the course of acting for or advising you. The data we need to collect from you in order for us to be able to act for, or advise, you may include the following:
2.1.1
Your name, id or passport number and contact details including address, telephone number, mobile telephone number, email address and or any other contact detail necessary.
2.1.2
Information about your gender.
2.1.3
Where you are located
2.1.4
Information about your online presence (for example LinkedIn, Twitter), whether you have linked to us or our Facebook or LinkedIn page.
2.1.5
Professional or trade-related information.
2.1.6
Information required by us in order to enable us to check and verify your identity (for example for anti-money laundering purposes or generally as a means of helping to prevent fraud). This may include passport details, driving licence details, date of birth, cv, source and size of wealth and criminal record
2.1.7
Information as to the matter in which we are acting or advising you.
2.1.8
Information required by us in order to carry out a financial or credit check.
2.1.9
Financial details relating to you, including details of your bank account if money is sent to you or is likely to need to be sent to you, billing information and credit card details.
2.1.10
The source of any funds being supplied
by you in relation to any transaction that involves a purchase
2.1.11
Your national insurance number and/or tax details.
2.1.12
Details of your spouse/partner and dependants or other family members. This applies where, for example, you have instructed us on a family matter or in connection with a will, trust or similar arrangement.
2.1.13
Details of your employment status and other related details including, but not limited to, salary and benefits, records relating to sickness and attendance, performance, disciplinary action taken in relation to you, conduct and grievances (including relevant special category personal data). This applies where, for example, you instruct us on a matter related to your employment, or where your employment status, income or employment records are relevant.
2.1.14
Details of your racial or ethnic origin, gender and sexual orientation, religious or similar beliefs. This applies where, for example, you instruct us in relation to a discrimination or other similar claim.
2.1.15
Details of your nationality and immigration status, and information from related documents, such as your passport or other identification and immigration information. This applies where, for example, you instruct us on an immigration matter or for AML reasons
2.1.16
Details of your pension arrangements. This applies where, for example, you instruct us on a pension matter or in relation to financial arrangements following the breakdown of a relationship.
2.1.17
Details of your trade union membership. This applies where, for example, you instruct us on a discrimination claim, or your matter is funded by a trade union.
2.1.18
Details of your medical records and of any injuries, and other personal, physical, mental or medical details. This applies where, for example, we are acting for you in a personal injury claim.
2.1.19
Marketing and communications data including, where relevant, your preferences in relation to receiving marketing and communications from us.
2.1.20
Transaction data, including details about any payments to and from you.
2.1.21
Technical data, including internet protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technological data relating to your use of our website.]
2.2
Note that failure to provide the personal data requested may prevent us from acting for you or may delay the provision of services.
2.3
Please note that it is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
2.4
We may also obtain personal data about you in relation to your use of our website. This information may include your computer’s IP address and the operating system and web browser that you use to access our website. It enables us to identify who has visited our website. This information is used to produce statistical data on the use of our website and to help us to enhance the user experience in the future.
3
The purposes for which your information is used
3.1
Data protection law requires that we only use your personal data for the purposes for which it was acquired, or where we have a proper reason for using it. Those reasons may include the following:
3.1.1
Where you have given consent to the use of your personal data for one or more specific purposes.
3.1.2
Where the use is necessary for the performance of a contract to which you are party, or in order to take steps at your request prior to entering into a contract.
3.1.3
Where the use is necessary for compliance with a legal obligation that we are subject to.
3.1.4
Where the use is necessary in order to protect your vital interests or those of another person.
3.1.5
Where the use is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
3.1.6
Where the use is necessary for the purposes of our legitimate interests or those of a third party, except where those interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data, in particular where you or the relevant person is a child.
3.2
The reasons set out above represent the general position as to the purposes for which your personal data may be used. The specific position in relation to your personal data, however, is that we may use it for the following purposes:
3.2.1
To provide you with legal services, advice or representation OR provition of any other legal service that we are allowed to offer so that we can comply with our contract with you and/or take any steps that it is necessary for us to take before entering into a contract with you.
3.2.2
To prevent or detect fraud, either against you or against any other person involved in any matter in which you are involved. This will help to prevent any damage either to you, a third party or to us.
3.2.3
To carry out identity checks and undertake information gathering and audits as required by the laws that regulates our profetion or other regulatory bodies to comply with any legal and/or regulatory obligations to which you or we are subject.
3.2.4
To carry out anti-money laundering checks.
3.2.5
To undertake financial, embargo/sanction list and other security checks, and such other processing activities as are required for legal and regulatory compliance generally or specifically by your or our regulator(s).
3.2.6
To gather and provide any information required by or relating to audits, enquiries or investigations by your, or our, regulator(s).
3.2.7
To preserve the confidentiality of commercially sensitive information, and for our legitimate interests or those of a third party in relation to the protection of our, or another’s, intellectual property, and other commercially valuable information.
3.2.8
To comply with our legal and regulatory obligations.
3.2.9
To comply with our internal business policies, and for operational reasons such as security, confidentiality, competency and efficiency control, training and client care. This will help us to deliver the best service to you.
3.2.10
For audits and external quality reviews in relation to standards adopted by us).
3.2.11
For statistical analysis to enable us better to manage our business, for example in relation to our financial performance, client base, range of services etc.
3.2.12
For maintaining and updating records to ensure accuracy of processing and preventing unauthorised access and modifications to systems, and to prevent and detect criminal activity that could be damaging for us and for you.
3.2.13
To comply with legal and regulatory obligations, and to make information returns to regulators and legally constituted bodies.
3.2.14
To ensure safe working practices, and for staff administration and assessment purposes.
3.2.15
For marketing our services to existing and former clients and third parties.
3.2.16
For credit control and credit reference checks in relation to the services that we perform.
3.3
The purposes set out above will not
apply to what is termed ‘special category personal information’. This includes
personal information revealing racial or ethnic origin, political opinions,
religious or philosophical beliefs, or trade union membership, and the
processing of genetic and biometric data capable of identifying you, and data
concerning health, sex life or sexual orientation. We will only ever process
information of that nature with your explicit consent.
A legitimate interest is when we have a business or commercial reason to use your personal data, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our interests against your own.
4
Contacting you
4.1
In addition to the general matters dealt with in paragraph 3.2 above, we may also need to send you updates concerning legal and other relevant developments in relation to you, the matter in connection with which we are instructed, your personal business or family interests, or other related matters which might concern you, or be of interest to you. This may be by post, telephone, email or text, and may include information about the legal and other services that we offer, and information relating to changes in those services.
4.2
We regard ourselves as having a legitimate interest in processing your personal data for these purposes, and we take the view that we do not require your consent in order to do so. From time to time we undertake what are known as ‘legitimate interest assessments’ in order to balance our interests in contacting you with your interests in relation to your data. Where we believe that consent is required, we will contact you specifically for this and will do so in a clear and transparent manner.
4.3
Be assured that we treat your personal data with the utmost respect and will never share it with others for marketing or promotional purposes. You have, at all times, the right to request that we do not contact you for any purpose other than carrying out the matter which we are instructed to undertake. We may, however, require that you confirm your marketing preferences from time to time so that we can be sure that your views remain the same, especially in relation to issues such as legal or market and regulatory updates.
5
Sharing your data with others
5.1
Notwithstanding the fact that we will not share your personal data for marketing purposes, it may be necessary for us to share your personal data with others. This may be in order to:
5.1.1
carry out our services for you;
5.1.2
provide advice, assistance and representation to you;
5.1.3
comply with our contractual obligations to you; or
5.1.4
comply with any legal or regulatory obligations to which you or we are subject.
5.2
Those with whom we may share your personal data include:
5.2.1
professional advisers used in connection with the matter in which we are instructed by you, for example solicitors, barristers or other lawyers, accountants, advisers, experts, medical professionals, search agents, service officers;
5.2.2
third parties involved in the matter in which we are instructed by you, for example financial services providers, banks, building societies, insurers and registrars;
5.2.3
government and similar organizations such as Land Registry, Registrar of Companies and Revenue and Customs;
5.2.4
others within our business;
5.2.5
your/our regulator(s);
5.2.6
credit reference agencies in connection with our contract with you, as well as third party providers of platforms for AML checks to be performed in accordance with the applicable legislation;
5.2.7
our bank, insurers and insurance brokers;
5.2.8
external auditors in relation to the audits and external quality reviews referred to above;
5.2.9
suppliers of services required in relation to your matter.
5.3
When sharing your personal data, we will ensure at all times that those with whom it is shared process it in an appropriate manner and take all necessary measures in order to protect it. In doing so we impose contractual obligations on all providers of services to ensure that your personal data is kept secure. We will only ever allow others to handle your personal data if we are satisfied that the measures which they take to protect your personal data are satisfactory.
5.4
Please be aware that, from time to time, we may be required to disclose personal data and exchange information about you, or relating to you, with government, law enforcement and regulatory bodies and agencies in order to comply with our own legal and regulatory obligations.
5.5
During the course of, and sometimes following the conclusion of, our instructions from you we may need to share your personal data with other third parties, for example those involved in a relevant or related transaction. We will only share that information which it is necessary and relevant to share.
5.6
We may also need to share some personal information with other parties, such as potential buyers of some or all of our business or during a restructuring. Usually, information will be anonymised, but this may not always be possible. The recipient of the information will be bound by confidentiality obligations.
5.7
From time to time it may be necessary for us to share data for statistical purposes, for example with our regulatory body. We will always take steps to try to ensure that information shared is anonymised; and where this is not possible we will require that the recipient of the information keeps it confidential at all times. Steps will be taken at such time to ensure that the sharing of this information does not lead to a conflict between your interests and those of another client, third party or ourselves.
5.8
Other than as set out above, we will not share your personal data with any other third party.
6
How your personal data is kept
6.1
Your personal data will be kept secure at all times.
6.2
Your personal data may be held at our offices,
6.3
We operate various security measures in order to prevent loss of, or unauthorized access to, your personal data. In order to ensure this, we restrict access to your personal data to those with a genuine business need to access it, and we have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
6.6
Personal data that is processed by us
will not be retained for any longer than is necessary for that processing, or
for purposes relating to or arising from that processing.
6.7
Where your personal data is retained after we have finished providing our services to you, or where the contract with you has ended in any other way, this will generally be for one of the following reasons:
6.7.1
so that we can respond to any questions, complaints or claims made by you or on your behalf;
6.7.2
so that we are able to demonstrate that your matter was dealt with adequately and that you were treated fairly; or
6.7.3
in order to comply with legal and regulatory requirements.
6.8
In general, we will retain your data for only so long as is necessary for the various objectives and purposes contained in this policy. Please note, however, that different periods for keeping your personal data will apply depending upon the type of data being retained and the purpose of its retention.
6.9
We will retain your personal data as follows:
6.9.1
contact details—so that we can inform you of updates concerning our services and about relevant developments in relation to you, the matter about which you instructed us, or other related matters which might concern you, or be of interest to you;
6.9.2
accounts data, money laundering checks data documents and identification data—for such period as they continue to be required in order adequately to conclude all of your matters; and
6.9.3
for such time as is necessary for compliance with a legal obligation that we are subject to, or in order to protect your vital interests or the vital interests of another natural person.
6.9.3
In the instance that we hold personal data for which consent is not necessary, we will destroy or anonymize those data when the reason for holding them has ceased to exist and we are allowed to delete them or anonymize them by the statute of limitations and the relevant laws and regulations that regulate our profession.
6.10
We will delete and/or anonymise any personal data which it is no longer necessary for us to retain.
7
Transferring your data outside the EEA OR CY
7.1
In order for us to provide you with the services in connection with which we have been instructed, it may be necessary for us to share your personal data with those who are outside the EEA OR CY; where, for example, those persons have offices outside the EEA OR CY, are based outside the EEA OR CY, where electronic services and resources are based outside the EEA OR CY or where there is an international element to the instructions we have received from you. Where this is the case, special rules apply to the protection of your data.
7.4
For further information please contact Antonis Constantinou - constantinou.a@cymclawyers.com
8
Your rights in relation to your data
8.1
Data protection legislation gives you, the data subject, various rights in relation to your personal data that we hold and process. These rights are exercisable without charge, and we are subject to specific time limits in terms of how quickly we must respond to you. Those rights are, in the main, set out in the GDPR Act “Ο περί της Προστασίας των Φυσικών Προσώπων Έναντι της Επεξεργασίας των Δεδομένων Προσωπικού Χαρακτήρα και της Ελεύθερης Κυκλοφορίας των Δεδομένων αυτών Νόμος του 2018 (Ν. 125(I)/2018)”. They are as follows:
8.1.1
Right of access the right to obtain, from us, confirmation as
to whether or not personal data concerning you is being processed, and, where
that is the case, access to that personal data and various other information,
including the purpose for the processing, with whom the data is shared, how
long the data will be retained and the existence of various other rights (see
below).
8.1.2
Right to rectification the right to obtain from us, without undue
delay, the putting right of inaccurate personal data concerning you.
8.1.3
Right to erasure sometimes referred to as the ‘right to be
forgotten’, this is the right for you to request that, in certain
circumstances, we delete data relating to you.
8.1.4
Right to restrict processing the right to request that, in certain
circumstances, we restrict the processing of your data.
8.1.5
Right to data portability the right, in certain circumstances, to
receive the personal data which you have provided to us, in a structured,
commonly used and machine-readable format, and the right to have that personal
data transmitted to another controller.
8.1.6
Right to object the right, in certain circumstances, to object
to personal data being processed by us where it is in relation to direct
marketing, or in relation to processing supported by the argument of legitimate
interest.
8.1.7
Right not to be subject to automated
decision making the right not to be subject to a decision
based solely on automated processing, including profiling, which produces legal
effects concerning you or similarly significantly affects you.
8.2
Full details of these rights can be found in the GDPR Regulation, the GDPR Act (Ο περί της Προστασίας των Φυσικών Προσώπων Έναντι της Επεξεργασίας των Δεδομένων Προσωπικού Χαρακτήρα και της Ελεύθερης Κυκλοφορίας των Δεδομένων αυτών Νόμος του 2018 (Ν. 125(I)/2018)) or by reference to guidance produced by the Information Commissioner’s Office.
8.3
In the event that you wish to exercise any of these rights you may do so:
8.3.1
by contacting us at constantinou.a@cymclawyers.com ;
8.3.2
by completing a form which we can supply to you for this purpose; or
8.3.3
through a third-party whom you have authorised for this purpose.
8.4
Please bear in mind that there are some restrictions on your rights to exercise the rights set out above and that, in some cases, if you choose to exercise those rights we will be unable to perform the instructions you have given us. If that is the case, we may need to cease to act for you.
9
Keeping your data secure
9.1
In order to ensure that data is kept secure, and to prevent there being any breach of confidentiality, we have put in place security measures which are intended to prevent your personal data from being accidentally lost or used or accessed unlawfully. Access to your personal data is restricted to those with a need to access it, and regard will be had to the need for confidentiality when that personal data is processed.
9.2
Our systems are subject to rigorous testing
9.3
In the event that there is a suspected data security breach you will be notified. Where relevant we will also inform the appropriate regulator (including the Information Commissioner’s Office) of a suspected data security breach where we are legally required, or have a regulatory obligation, to do so.
9.4
Please note that the transmission of information via the internet is not completely secure. Although we will do our best to protect personal data, we cannot guarantee the security of any data transmitted to us via our website, or to or from us via email. Any transmission using these methods is at your risk. Once we have received your information, we will be able to set up procedures and security features,to try to prevent unauthorised access.
9.5
We also take appropriate steps to keep your personal data safe from unauthorised access, improper use or disclosure, unauthorised modification, or unlawful destruction or accidental loss consistent with applicable law. This applies both to electronic and physical data, and to that end our premises are access controlled and electronic data requires users to use login and password authentication.
9.6
All of our directors staff and third-party service providers who have access to your personal data are subject to confidentiality obligations.
Making a complaint
10.1
If you have any queries as to the acquisition, use, storage or disposal of any personal data relating to you please contact as at constantinou.a@cymclawyers.com and Antonis Constantinou who is the person responsible for data protection within the firm. In the event that your email has not being replyed in order to ascertain that it did not end into our junk box please call at 22678600 and request to talk for this matter with the person responsible for data protection within the firm.
10.2
We can be contacted at constantinou.a@cymclawyers.com
10.3
Notwithstanding our best efforts, inevitably sometimes things do go wrong. If you are unhappy with any aspect of the use and/or protection of your personal data, you have the right to make a complaint to the Information Commissioner’s Office, details may be found here https://www.dataprotection.gov.cy/dataprotection/dataprotection.nsf/page1i_en/page1i_en?opendocument .
11
This policy
11.1
This privacy policy was issued on 01/06/2018 and last updated on 06/04/2023.
11.2
The terms and provisions of this
privacy policy may be changed, updated, and amended from time to time. If we do
so during the time when we are providing you with services, then we will inform
you of those changes.