For the purpose of the Data Protection laws (the ‘data controller’ is N. Pirilides & Associates LLC of 5 Amathountos Str., Pirilides Building, 3105, Limassol- Cyprus (Reg. No.: 247707).
For the purpose of the Data Protection laws ‘personal data’ is any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;’. ‘Sensitive personal data’ is data concerning a specific set of “special categories” that must be treated with extra security. These categories are:
- Racial or ethnic origin;
- Political opinions;
- Religious or philosophical beliefs;
- Trade union membership;
- Genetic and biometric data
Data concerning health, sex life or sexual orientation
Our use of your personal data is subject to your instructions, the EU General Data Protection Regulation (GDPR), other relevant Cyprus and EU legislation and our professional duty of confidentiality.
The relevant Data Protection laws are the European Union Regulation on the Protection of Natural Persons with regard to the Processing of Personal Data and on the Free Movement of such Data ΕΕ 2016/679 and the Processing of Personal Data (Protection of the Individual) Law of 2001, as amended by 105(I)2012.
PERSONAL DATA WE COLLECT ABOUT YOU
The table below sets out the personal data we will or may collect in the course of offering our services, advising or acting for you.
Personal data we will or may collect depending on why you have instructed us:
- Your full name, address and telephone number;
- Information to enable us to check and verify your identity;
- Electronic contact details;
- Information relating to the matter in which you are seeking our advice or representation;
- Information to enable us to undertake a credit or other checks, i.e. your date of birth and identity or passport details;
- Your financial details so far as relevant to your instructions;
- Your Social Insurance and Tax details;
- Your bank details;
- Details of your professional online presence;
- Your employment status and details including salary and benefits;
- Details of your pension arrangements;
- Your racial or ethnic origin, gender and sexual orientation, religious or similar beliefs;
- Personal identifying information.
HOW YOUR PERSONAL DATA IS COLLECTED
Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your Web browser (if you allow) that enables the sites or service providers systems to recognize your browser and capture and remember certain information.
Please note that opting-out or blocking cookies may impair your use of this (and other) websites.
HOW AND WHY WE USE YOUR PERSONAL DATA
We will only use your information when it is fair and lawful to do so. Most commonly, we will use your personal information in the following circumstances:
1. Where we need to perform the contract that we have entered into with you;
2. Where we need to comply with a legal obligation;
3. Where it is necessary for our legitimate interests (or those of a third party) namely to provide you with advice and assistance or in facilitating and enabling the management of all matters relating to our business, but only where your interests and fundamental rights do not override those interests;
4. Where you have given your consent and that consent has not subsequently been withdrawn by you.
We may also use your personal information in the following circumstances, which are likely to be rare:
5. Where we need to protect your interests (or someone’s interests).
6. Where it is needed in the public interest.
The situations where we will process your personal data are listed below:
- to fulfil our contract with you;
- to provide you with our services;
- making payments to and on your behalf;
- creating a client account for you;
- to prevent fraud and to satisfy our legal obligations under The Money Laundering Regulations 2017 and corresponding financial crime legislations;
- to provide you with information about our services;
- to invite you to events or seminars that may be of interest to you;
- to provide you with updates about the law and other topics that may be of interest to you;
- for marketing and advertising purposes;
- for intra group transfer or transfers to third party administrators for administration purposes; and
- the enforcement of legal claims including debt collection including via out-of-court procedures.
Failure to provide personal information
Failure to provide certain information when requested may result in us being unable to perform both our legal obligations and our contractual duties to you, such as making payments to and on your behalf.
Sensitive Personal Information
We may also collect, store and use, exercise or defence of legal claims the below “special categories” of more sensitive personal information:
- Information about health, including sickness records, medical conditions and other records.
- Information about race or ethnicity, religious beliefs, trade union membership, sexual orientation and political opinion.
- Information about criminal convictions and offences.
We will only process these ‘special categories of personal data’ in the following exceptional circumstances:
- to the extent necessary for the establishment, exercise or defence of legal claims; or
- with your explicit written consent which you can withdraw at any time.
We may use your personal data to send you updates (by email or post) in relation to legal, tax or other areas of practice that might be of interest to you and/or information about our services.
We have a legitimate interest in processing your personal data for promotional purposes (see above ‘How and why we use your personal data’). This means we do not usually need your consent to send you promotional communications. However, where consent is needed, for example for electronic marketing communications, we will ask for this consent separately and clearly.
We will always treat your personal data with the utmost respect and never sell it to other organisations for marketing purposes.
You have the right to opt out of receiving promotional communications at any time by contacting us at firstname.lastname@example.org.
We may ask you to confirm or update your marketing preferences if you instruct us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.
WHO WE SHARE YOUR PERSONAL DATA WITH
We routinely share personal data with:
- professional advisers who we instruct on your behalf or refer you to, e.g. accountants, auditors, tax advisors or other experts;
- other people involved in your matter (including the other side) and their advisers;
- other third parties where necessary to carry out your instructions, e.g. Registrar of Companies, Land Registry etc.;
- our insurers and brokers;
- our bank;
- any other bank to carry out your instructions; and
- our IT providers;
We only allow our service providers to handle your personal data if we are satisfied they take appropriate measures to protect your personal data. We also impose contractual obligations on service providers to ensure they can only use your personal data to provide services to us and to you.
We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.
WHERE YOUR PERSONAL DATA IS HELD
Information may be held at our offices and those of the third party agencies, service providers, representatives and agents as described above (see above ‘Who we share your personal data with’). Some of these third parties may be based outside the European Economic Area. For more information, including on how we safeguard your personal data when this occurs, see below: ‘Transferring your personal data out of the EEA’.
HOW LONG YOUR PERSONAL DATA WILL BE KEPT
We will keep your personal data after we have finished advising or acting for you for any such period deemed reasonable and necessary by us. We will do so for one of these reasons:
- to respond to any questions, complaints or claims made by you or on your behalf;
- to enable us to carry out checks for conflicts of interest in the future;
- to show that we treated you fairly; and
- to keep records required by law.
TRANSFERRING YOUR PERSONAL DATA OUTSIDE THE EU
The personal information you provide to us will be transferred and stored outside of the EEA for the purposes of carrying out administration and other functions necessary to provide our legal services to you. Any personal information transferred will receive an adequate level of protection as required by the Data Protection laws. Third parties will only process your personal information on our instructions and in the agreement that the information is kept secure and confidential.
Where any transfer is made to a third party supplier (for example to someone that we have outsourced an administrative function to or a provider of storage) outside of the EEA and the European Commission has not made an adequacy decision in relation to the laws of that country we will ensure that appropriate safeguards are in place prior to any transfer of your data. Those safeguards are likely to consist of either the use of standard data protection clauses adopted or approved by the European Commission or transfer to a US based recipient which is a member of the EU-US Privacy Shield self-certification arrangement or an equivalent regime.
Where any transfer is made to another lawyer, adviser or expert witness outside of the EEA we will usually do this on the basis that the transfer is necessary for the performance of our contract with you.
Data Subject Rights
Under certain circumstances, you have the right to:
- Access your information
You are entitled to request access to the information we hold about you (known as a ‘data subject access request’). You are entitled to receive a copy of the personal information we hold about you and to check that it is being lawfully processed.
- Correct your information
If the information we hold for you is incomplete or incorrect, you have the right to request a correction.
- Request erasure
Where there are no reasons for continuing the processing of your personal information, you are able to request the removal or deletion of the personal information.
- Object to processing
Where the firm relies on legitimate interest for the processing of your personal information, or for the purposes of direct marketing, you have the right to object to the processing.
- Request the restriction of processing
You are entitled to request for a suspension for the processing of your personal information, for example, if you are awaiting the reasons for the processing of the information or require us to establish its accuracy.
- Transfer your personal information
You are able to request the transfer of your personal information to another party.
It is important that the personal information we hold for you is accurate and up to date. If you would like to review, verify, correct or request erasure of your personal information, object to the processing of your personal data or request that we transfer a copy of your personal information to another party, please contact us by email email@example.com.
For further information on your rights, including the circumstances in which they apply, please visit the website of the Cyprus’ Information Commissioner’s Office.
If you would like to exercise any of those rights, please:
- email, call or write to our data protection officer - see below: ‘How to contact us’; and
- let us have enough information to identify you (your full name, address and client or matter reference number);
- let us have proof of your identity and address (a copy of your ID or passport and a recent utility bill); and
- let us know what right you want to exercise and the information to which your request relates.
No fee usually required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
KEEPING YOUR PERSONAL DATA SECURE
We have appropriate security measures to prevent personal data from being accidentally lost, or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
HOW TO COMPLAIN
We hope that we can resolve any query or concern you may raise about our use of your information. The General Data Protection Regulation also gives you the right to lodge a complaint with a supervisory authority, in particular in the European Union or EEA state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in Cyprus may be contacted by email at commissionerdataprotection.gov.cy or telephone: +357 22818456.
This privacy notice was published on 17.05.2018 and last updated in May 2018. We will provide you with reasonable prior notice of substantial changes in how we use your information, including by email at the email address you provide.
HOW TO CONTACT US
By email at firstname.lastname@example.org.