24 May 2018
COSTAS TSIRIDES & CO LLC respects your privacy and your personal data and is committed to protecting them. This policy explains to you how we process and use the personal data we collect and lists, inter alia, your rights and our obligations for such collection, process and use of your personal data under the law.
COSTAS TSIRIDES & CO LLC was established in 1970 and since then it has been established as one of the most reputable and respected law firms in Cyprus.
Today our firm offers our clients a large variety of services covering all aspects of the law.
Controller of your personal data
The controller of the personal data we keep in order to provide to you our services is COSTAS TSIRIDES & CO LLC with address at 276 Arch. Makariou III Ave., 3105 Limassol, Cyprus and phone number +357 25 266 500.
Type of Personal Data we collect
In case that you are one of our clients or an authorised representative, officer, registered shareholder and/or beneficial owner of a legal entity or other body we deal with it in business, we may collect your personal data including: name and surname, residential address, telephone numbers, email address, identification data (identity and/or passport numbers), date of birth, , , authentication data (e.g. signature). Depending on the kind of the service(s) we provide to you we may collect additional personal data such as: place of birth,, profession, current employment position, other professional activities (e.g. as per corporate certificates of directors/shareholders), current income and expenses, property ownership and other banking relationship details, tax residence and tax ID, curriculum vitae etc. Also, when it is necessary, we may additionally collect some of your sensitive personal data such as: your marital status, religion or ethnicity. Also we may collect other personal data which may not be obvious to you such as: your internet protocol address and/or your current geo-location.
How we collect your Personal Data
Personal data may be obtained by us:
- Directly from you by filling data forms and/or through our communication;
- from our clients in person or via their representatives or via our associates, in the context of our business relationship;
- from other entities or other third parties including companies that introduce you to us
- from other entities that provide information for regulatory and/or legal compliance;
- from publicly available sources (e.g. the Department of Registrar of Companies and Official Receiver, commercial registers/catalogues, the internet, adverts etc)
What are your rights?
According to the GDPR, you, as data subject, have the following rights:
- The right to access the personal data we hold about you. This means that you can ask us details of your personal data and for a copy of it if this is available.
- The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete.
- The right to erase your personal data (partially or in total), subject to the limitations referred to in the present Policy and/or of any law or regulation.
- The right to be informed regarding rectification, erasure or restriction of data processing that affect your personal data.
- The right to object to us using your personal data for a particular purpose or purposes subject to the limitations referred to in the present Policy and/or of any law or regulation.
- The right to object to processing your personal data for direct marketing and/or automated processing including profiling which is related to direct marketing.
- The right to data portability meaning that you can ask to obtain a copy of your personal data in a structured, commonly used and machine readable format. You also have the right to ask for your personal data to be transmitted directly to another data controller in case such transmission is technically feasible.
- The right to revoke the consent at any time if we use your personal data based on your written consent. It is clarified that any processing prior to the receipt of such revocation will not be affected.
- The right to be notified in case of high risk of data breach which affecting your personal data.
Upon receiving your request we will respond to your request (free of charge but in case that your request is ‘manifestly unfounded or excessive’ a fee for our administrative costs may be charged) within reasonable time not exceeding one month.
In case we have not complied with your request or you are not satisfied with our response you have the right to lodge a complaint with the Office of the Data Protection Commissioner.
Your Obligation to provide Personal Data
You need to provide us with Personal Data which are absolutely necessary in order to:
- commence and proceed with a business relationship with you or with the legal entity or body for which you are the authorized representative, officer or owner and provide you or such legal entity or body with legal, advisory, administrative, arbitration, consultation or other services and/or
- perform of our contractual obligations and/or
- comply with our legal or regulatory or statutory obligation including the money laundering laws which require that we verify your identity before we enter into a contract or a business relationship with you or the legal entity for which you are the authorized representative, officer or owner
We notify you that if you do not provide us with the required data, then we will not be able to commence or continue our business relationship either to you as an individual or as the authorized representative, officer or owner of a legal entity or body.
Ways of Use of Your Personal Data
Your personal data may be used for the following purposes:
Performance of a contract
We process personal data in order to provide our services based on contracts with our clients but also to be able to complete our procedures including due diligence and know your client procedure so as to enter into a contract with prospective clients. The purposes of processing personal data are relevant to the requested services and the contract terms and conditions.
Compliance with legal, regulatory and law enforcement request
We process personal data in order to comply with number of laws, statutory requirements and regulations to which we are subjects including Tax laws and Anti-Money Laundering Laws as amended from time to time.
Also, we are subject of several supervisory authorities e.g. Cyprus Bar Association.
Such obligations and requirements impose on us necessary personal data processing activities for identification, identity verification, compliance with such authorities’ decisions or orders, compliance with court decisions/ court orders or other reporting obligations and anti-money laundering controls.
We hereby inform you that we cooperate and we shall cooperate with government and law enforcement officials and private parties to enforce and comply with the law and/or regulations to which we are subjects. This means that we will disclose – which is kind of process – any information about you and any personal data of you to such government or law enforcement officials or private parties as we believe necessary or appropriate to respond to claims and legal process to protect our property and rights or the property and rights of a third party, to protect the safety of the public or any person, or to prevent or stop activity we consider to be illegal.
In such case and only if we are legally entitled to notify you, we will take reasonable steps to give a notice to you for the disclosure of your personal data to such third parties as part of legal process.
Safeguarding or servicing legitimate interests
We advise you that we may process personal data so as to safeguard the legitimate interests of us or of any third party. In simple words, legitimate interest is when we have a business or commercial reason to use your data always respecting the principle of proportionality and necessity.
Protection of vital interests
We can process your personal data if it is necessary to protect and service your Vital Interests and/or the Vital Interests of your Organisation (Company) and/or the Vital Interests of another natural person(s).
Acquisition of data subject consent
We have the right to process your personal data for any reasons other than the reasons referred above provided that you have given us your specific consent for such process.
We will keep your personal data for as long as we have a business relationship with you as an individual or in respect of our dealings with a legal entity or body you are authorized to represent as an authorised representative, officer, registered shareholder and/or beneficial owner. After the expiry of such business relationship, we may keep your data for as long as we are obliged and/or entitled to keep such data in accordance to any law or regulation to which we are subjects.
For prospective clients (or authorized representatives, officers or owners of a legal entity prospective clients) we shall keep your personal data for six (6) months from the date of conclusion of all communications which did not lead to cooperation or provision of services.
Sharing of Personal Data
As already mentioned herein, we may share certain personal data with third parties if a legal obligation, court or authority order, legitimate public or private interest, contract or consent exists. Some examples are:
- Supervisory and other regulatory and public authorities
- Our employees and our subsidiary and affiliated companies and their employees
- Other firms, management or trust companies, mainly subsidiary or connected companies of us
- According to our procedures for combating money laundering and financing of terrorism, the entities that provide information on regulatory compliance, e.g. LexisNexis World Compliance
- External legal or other consultants and associates.
- Companies that developed, hosting and maintaining our information technology infrastructure and/or other systems
- Companies which cooperate with us or help us in order to provide you with an effective provision of our services by offering technological expertise, compliance expertise, solutions and support and facilitating trading.
If any of your personal data is acquired by a third party as described in the paragraph above, we will take reasonable steps to ensure that your personal data is safely processed.
How you can contact us
If at any time you have questions about our practices or any of your rights described above, you may reach our Data Protection Officer (“DPO”) and our dedicated team that supports this office by contacting us at firstname.lastname@example.org.