This Policy is based on the provisions of the Protection of Physical Persons against the Processing of the Personal Data and the Free Movement of these Data Law 125(I)/2018 and the provisions of the General Data Protection Regulation 679/2016 (hereinafter referred to as the “GDPR”), which came into force in the Republic of Cyprus on the 25th day of May, 2018. Under the GDPR, in order for the processing to be lawful, we must maintain a uniformed documented privacy program, to maintain a documented legal basis for processing activities, and to maintain the ongoing data lifecycle management. Our Firm has an implemented GDPR Framework for the evaluation of the existing privacy operations and the development of our Compliance & Regulatory framework.
“Personal Data” and / or “Personal Information”:
Data by which you can be specifically and personally identified. They include, among others, your name, address, identification number, telephone number, date of birth, occupation and family status.
The collection, protection and storage of your Personal Data.
- “Special Categories of Personal Data”:
Information revealing your physical or mental health, religious or philosophical beliefs, racial or ethnic origin, political opinions, trade union memberships, sex life or sexual orientation, as well as genetic and biometric data.
WHAT PERSONAL DATA WE COLLECT:
Depending on the service that we provide to you, we may collect and process the following Personal Data, which are hereby listed (indicatively):
- Identification Data including your surname, name, gender, date and place of birth, email and your signature;
Curriculum Vitae including your current position, profession and employer, employment address, background and details on whether you hold any directorships and / or ownerships of shares equal to or over 25% of total share ownership;
“Know Your Client” (KYC) information including your VAT number, tax jurisdiction, source of wealth, source of funds, utility bills, curriculum vitae, income tax number, economic activities and references;
- Financial Data including your bank account number, statements and data necessary for processing payments;
- Contact Data including your phone number, address, email address and fax number;
Information pertinent to fulfilling our services to you including information provided in the course of the contractual or client relationship between you and your organisation and the Firm, or otherwise voluntarily provided by you or your organisation;
- Criminal record data;
- Physical access data e.g CCTV images of your visits to our offices;
- Special categories of Personal Data.
PERSONAL DATA ABOUT OTHER PEOPLE:
In the context of providing our services, we may ask for Personal Data of individuals who are not aware of our involvement or of our processing of their Personal Data (such as family members, customers, counterparties, employees, directors, shareholders or beneficial owners). In these cases, you must ensure that the relevant persons have read or have been informed of our Policy.
We understand the importance of protecting children’s privacy. We may collect personal data in relation to children, only provided that we have first obtained their parents’ or legal guardian’s consent or unless otherwise permitted under the Law.
DATA COLLECTION FAILURE:
We are obliged under the Laws of the Republic of Cyprus in force from time to time and the Directives of the Cyprus Bar Association which is our Regulatory Body, prior to processing your instructions, to collect and assess certain information / Personal Data. This duty cannot be complied with, if we do not have your full support and co-operation. If you fail to provide these data fully and on a timely manner set, we shall not be able to carry out providing our services to you. In this case, we reserve the absolute right to cancel our engagement, having provided the relevant Notice in advance to you for compliance.
WE COLLECT PERSONAL DATA IN THE FOLLOWING WAYS:
We obtain your Personal Data from many sources, but mainly through:
- Our website (www.fidustarscorporateservices.com);
- Information you provide directly to us;
- Information provided by third parties;
- Google Analytics;
- Social Media Applications (e.g Facebook);
- Other publicly available sources.
REASONS AND PURPOSES OF COLLECTING PERSONAL INFORMATION:
We will only use and share your information where it is necessary for us to lawfully carry out our business activities as a Legal Firm.
The purposes of the collection of Personal Information have the following legal grounds:
- LEGAL DUTIES:
We may process your Personal Data in order to comply with legal and / or regulatory obligations that we are subject to, including any obligations imposed on us by the Cyprus Bar Association and the government Unit for Combating Money Laundering (MOKAS), as well as to keep records of our compliance processes.
- CONTRACTUAL NECESSITY:
We may process your information where it is necessary to enter into an engagement with you, for the provision of our legal services or to perform our obligations under that engagement, to carry out orders, to execute and manage your requests, to secure, evaluate, protect, support, promote and improve our co-operation.
- LEGITIMATE INTERESTS:
We may process your Personal Information where it is in our legitimate interests to do so as a Firm and without prejudicing your rights and freedoms. In particular we may process your Personal Information in the day-to-day running of our business and financial affairs and to ensure that our processes and systems operate effectively. This may include processing, for example, in order to defend our legal rights, to enable a sale, transfer or other transaction relating to our business, to identify new business opportunities and develop enquiries into proposals for new business and to develop our relationship with you and / or assess the quality of our customer services and to provide staff training.
- EXERCISE / DEFENCE OF LEGAL CLAIMS:
We may process special categories of Personal Data that you may disclose to us, in order to be able to act on your behalf in court proceedings or any administrative or out-of-court procedures.
INFORMATION ABOUT CRIMINAL CONVICTIONS:
We may only use information relating to criminal convictions where the Law allows us to do so, as part of the Firm’s initial and period review of our relationship with our Clients. We may also use information relating to criminal convictions where it is necessary in relation to legal claims, such as when we are acting on your behalf in criminal proceedings.
WHO WE SHARE YOUR PERSONAL DATA WITH:
The Firm is obligated by domestic legislation and by the Cyprus Bar Association’s directions and rules to share your Personal Data to: all the Supervisory Authorities in the Republic of Cyprus, the Tax Department of the Republic of Cyprus, the Police Department of the Republic of Cyprus, the Unit of Combating Money Laundering (MOKAS) in the Republic of Cyprus and the Customs and Excise Department of the Republic of Cyprus upon the receipt of a prior written official request or by any Court Order addressed to us, issued by the any of the Courts of the Republic of the Cyprus.
We may share your Personal Data with:
- Our appointed licensed Accountant / Audit / Tax Advisors (who processes your Personal Data on our behalf);
- Other members and / or subsidiaries of our Firms and their respective employees;
Certain Service Providers we have retained in connection with the legal services we provide, such as consultants, experts and other legal specialists such as Law Firms for obtaining specialist foreign legal advice;
If we have collected your Personal Data in the course of providing legal services to any of our clients, we may disclose it to that client, and where permitted by Law to others for the purpose of providing those services;
With any competent Law enforcement body, Regulator, Government Agency, Court or other third party where we believe disclosure is necessary as a matter of applicable Law or regulation or in order to exercise, establish or defend our legal rights;
Service Providers who support our business, including IT, communication suppliers, File Storage, archiving and / or records management companies and security solutions Companies;
If we sell / buy any of your assets, we may disclose your Personal Data to the prospective Seller or Buyer of such assets;
To any person you have given us your explicit consent to disclose to.
We will only transfer your Personal Data to countries that, according to our best knowledge, provide an adequate level of protection for Personal Data by the European Commission;
If we engage Service Providers outside the European Economic Area, we may put in place standard contractual clauses approved by the European Commission which give Personal Data the same protection it has in the European Union;
We may additionally, transfer your Personal Data to a party outside the European Economic Area, where we have your prior explicit consent to do so or where such transfer is necessary for the provision of our services to you.
DURATION OF STORAGE:
We will keep your Personal Data for as long as we have a business relationship with you.
Once our business relationship has been terminated, we may keep your Personal Data for five (5) years, at least.
To determine the retention period of your Personal Data for more years, we shall consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from authorized use and whether we can achieve those purposes through other means, however we will make sure that your privacy is protected and that your Personal Data are only used for those purposes.
We are committed to ensuring that your Personal Information is secure with us and with the third parties who act on our behalf. Specifically, we have put in place appropriate security measures to prevent your
Personal Data from being accidentally lost, processed or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your Personal Data only to those employees, agents, contractors and other third parties who need to know. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality.
Lastly, we have put in place procedures to deal with any incident that may lead to a security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
You have the following rights in terms of the Personal Data we hold about you:
- To obtain a copy and access your Personal Data held by the Firm;
- To request correction of your Personal Data;
- To request erasure of your Personal Information, if you believe that:
1. We no longer need to process your information for the purposes for which it was provided;
2. Deletion is required by Law;
3. You have successfully objected to the processing of the data by the Firm;We have requested your permission to process your Personal Information and you wish to withdraw your consent; or
4. We are not using your information in a lawful manner. (In such a case, please note that we may have to suspend the services we provide to you).