Privacy Policy

24 May 2018

COSTAS TSIRIDES & CO LLC respects your privacy and your personal data and is committed to protecting them. This policy explains to you how we process and use the personal data we collect and lists, inter alia, your rights and our obligations for such collection, process and use of your personal data under the law.

About us

COSTAS TSIRIDES & CO LLC was established in 1970 and since then it has been established as one of the most reputable and respected law firms in Cyprus. Today our firm offers our clients a large variety of services covering all aspects of the law.

Controller of your personal data

The controller of the personal data we keep in order to provide you with our services is COSTAS TSIRIDES & CO LLC with address at 276 Arch. Makariou III Ave., 3105 Limassol, Cyprus and telephone number +357 25 266 500.

Type of Personal Data we collect

In the case that you are one of our clients or an authorised representative, officer, registered shareholder and/or beneficial owner of a legal entity or other body we deal with in business, we may collect your personal data including: name and surname, residential address, telephone numbers, email address, identification data (identity and/or passport numbers), date of birth, authentication data (e.g. signature). Depending on the kind of the service(s) we provide to you we may collect additional personal data such as: profession, current employment position, other professional activities (e.g. as per corporate certificates of directors/shareholders), current income and expenses, property ownership and other banking relationship details, tax residence and tax ID, curriculum vitae etc. Additionally, when it is deemed necessary, we may also collect some of your more sensitive personal data such as: your marital status, religion or ethnicity. Furthermore, we may collect other personal data which may not be obvious to you such as: your internet protocol address and/or your current geo-location.

How we collect your Personal Data

Personal data may be obtained by us:

  • Directly from you by filling data forms and/or through our communication;
  • From our clients in person or via their representatives or via our associates, in the context of our business relationship;
  • From other entities or other third parties including companies that introduce you to us
  • From other entities that provide information for regulatory and/or legal compliance;
  • From publicly available sources (e.g. the Department of Registrar of Companies and Official Receiver, commercial registers/catalogues, the internet, adverts etc.)

What are your rights?

According to the GDPR, you, as the data subject, have the following rights:

  1. The right to be informed about our collection and use of your personal data. This Privacy Policy should tell you everything you need to know but you can always ask for additional information and/or clarifications.
  2. The right to access the personal data we hold about you. This means that you can ask us details of your personal data and for a copy of it if this is available.
  3. The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete.
  4. The right to erase your personal data (partially or in total), subject to the limitations referred to in the present Policy and/or of any law or regulation.
  5. The right to be informed regarding rectification, erasure or restriction of data processing that affect your personal data.
  6. The right to object to us using your personal data for a particular purpose or purposes subject to the limitations referred to in the present Policy and/or of any law or regulation.
  7. The right to object to processing your personal data for direct marketing and/or automated processing including profiling which is related to direct marketing.
  8. The right to data portability meaning that you can ask to obtain a copy of your personal data in a structured, commonly used and machine-readable format. You also have the right to ask for your personal data to be transmitted directly to another data controller in case such transmission is technically feasible.
  9. The right to revoke the consent at any time if we use your personal data based on your written consent. It is clarified that any processing prior to the receipt of such revocation will not be affected.
  10. The right to be notified in case of high risk of data breach which affects your personal data.

All above rights – with the exception of the right in paragraph (j) – can be exercised by placing a request in writing as described in the Contact Us section of this Privacy Policy. You can also request clarifications or lodge a complaint against the way we process your personal data.

Upon receiving your request, we will respond to your request (free of charge but in case that your request is ‘manifestly unfounded or excessive’ a fee for our administrative costs may be charged) within reasonable time not exceeding one month.

In the case where we have not complied with your request or you are not satisfied with our response you have the right to lodge a complaint with the Office of the Data Protection Commissioner.

All above rights are limited and subject to the provisions of Regulation (EU) 2016/679 and/or limited and subject to the provisions of the current Privacy Policy.

Your Obligation to provide Personal Data

You need to provide us with Personal Data which are absolutely necessary in order to:

  1. commence and proceed with a business relationship with you or with the legal entity or body for which you are the authorized representative, officer or owner and provide you or such legal entity or body with legal, advisory, administrative, arbitration, consultation or other services and/or
  2. perform of our contractual obligations and/or
  3. comply with our legal or regulatory or statutory obligation including the money laundering laws which require that we verify your identity before we enter into a contract or a business relationship with you or the legal entity for which you are the authorized representative, officer or owner.

We inform you that if you do not provide us with the required data, then we will not be able to commence or continue our business relationship either with you as an individual or as the authorized representative, officer or owner of a legal entity or body.

Ways of Use of Your Personal Data

Your personal data may be used for the following purposes:

Performance of a contract

We process personal data in order to provide our services based on contracts with our clients but also to be able to complete our procedures including due diligence and know your client procedure so as to enter into a contract with prospective clients. The purposes of processing personal data are relevant to the requested services and the contract terms and conditions.

Compliance with legal, regulatory and law enforcement request

We process personal data in order to comply with a number of laws, statutory requirements and regulations to which we are subjects including Tax laws and Anti-Money Laundering Laws in accordance with periodic amendments.

Also, we are subject of several supervisory authorities e.g. The Cyprus Bar Association.

Such obligations and requirements impose on us necessary personal data processing activities for identification, identity verification, compliance with such authorities’ decisions or orders, compliance with court decisions/ court orders or other reporting obligations and anti-money laundering controls.

We hereby inform you that we cooperate, and shall cooperate with government and law enforcement officials and private parties to enforce and comply with the law and/or regulations to which we are subjects. This means that we will disclose –as is procedure – any information about you and any personal data of you to such government or law enforcement officials or private parties as we believe necessary or appropriate in order to respond to claims and legal process to protect our property and rights or the property and rights of a third party, to protect the safety of the public or any person, or to prevent or stop activity we consider to be illegal.

In such case and only if we are legally entitled to notify you, we will take reasonable steps to give notice to you for the disclosure of your personal data to such third parties as part of legal process.

Safeguarding or servicing legitimate interests

We advise you that we may process personal data so as to safeguard our legitimate interests or those of any third party. In simple words, legitimate interest is when we have a business or commercial reason to use your data always respecting the principle of proportionality and necessity.

Protection of vital interests

We can process your personal data if it is necessary to protect and service your Vital Interests and/or the Vital Interests of your Organisation (Company) and/or the Vital Interests of another natural person(s).

Acquisition of data subject consent

We have the right to process your personal data for any reasons other than the reasons referred to above provided that you have given us your specific consent for such process.

Retention Policy

We will keep your personal data for as long as we have a business relationship with you as an individual or in respect of our dealings with a legal entity or body you are authorized to represent as an authorised representative, officer, registered shareholder and/or beneficial owner. After the expiry of such business relationship, we may keep your data for as long as we are obliged and/or entitled to keep such data in accordance to any law or regulation to which we are subjects.

For prospective clients (or authorized representatives, officers or owners of a legal entity that are prospective clients) we shall keep your personal data for six (6) months from the date of conclusion of all communications which did not lead to cooperation or provision of services.

Cookies

A Cookie is a piece of data stored on your computer device containing some information. Our website uses Cookies to store your preferences, such as language and time zone settings, in order to customise the content delivered to you. We may also use Cookies to record and maintain your login session. We do not use Cookies to track and/or record your online browsing behaviour and we do not intend to do so. You can configure your browser to reject Cookies from our website. In such case certain parts of our website will not be available to you and some other parts might not behave as expected. We reserve the right to use Cookies for other purposes as we may deem necessary.

Sharing of Personal Data

  1. As already mentioned herein, we may share certain personal data with third parties if a legal obligation, court or authority order, legitimate public or private interest, contract or consent exists. Some examples are:
  2. Supervisory and other regulatory and public authorities
  3. Our employees and our subsidiary and affiliated companies and their employees
  4. Other firms, management or trust companies, mainly our subsidiary or connected companies
  5. According to our procedures for combating money laundering and financing of terrorism, the entities that provide information on regulatory compliance, e.g. LexisNexis World Compliance
  6. External legal or other consultants and associates.
  7. Auditors
  8. Companies that developed, host and maintain our information technology infrastructure and/or other systems
  9. Companies which cooperate with us or help us in order to provide you with an effective provision of our services by offering technological expertise, compliance expertise, solutions and support and facilitate trading

If any of your personal data is acquired by a third party as described in the paragraph above, we will take reasonable steps to ensure that your personal data is safely processed.

How to contact us

If at any time you have questions about our practices or any of your rights described above, you may reach our Data Protection Officer (“DPO”) and our dedicated team that supports this office by contacting us at dataprotection@tsirides.com.

Amendments

We reserve the right to change or amend this Privacy Policy from time to time. This could happen, for example, as a result of changes in the law, or if we change our business or our practices.

You shall be deemed to have accepted such amendments and thus we encourage that you read our Privacy Policy https://tsirides.com/privacy-policy periodically.