This Policy is based on the provisions of the Protection of Physical Persons against the Processing of the Personal Data and the Free Movement of these Data Law 125(I)/2018 and the provisions of the General Data Protection Regulation 679/2016 (hereinafter referred to as the “GDPR”), which came into force in the Republic of Cyprus on the 25th day of May, 2018. Under the GDPR, in order for the processing to be lawful, we must maintain a uniformed documented privacy program, to maintain a documented legal basis for processing activities, and to maintain the ongoing data lifecycle management. Our Firm has an implemented GDPR Framework for the evaluation of the existing privacy operations and the development of our Compliance & Regulatory framework.
- “Personal Data” and / or “Personal Information”:
- Data by which you can be specifically and personally identified. They include, among others, your name, address, identification number, telephone number, date of birth, occupation and family status.
The collection, protection and storage of your Personal Data.
- “Special Categories of Personal Data”:
Information revealing your physical or mental health, religious or philosophical beliefs, racial or ethnic origin, political opinions, trade union memberships, sex life or sexual orientation, as well as genetic and biometric data.
WHAT PERSONAL DATA WE COLLECT:
Depending on the service that we provide to you, we may collect and process the following Personal Data, which are hereby listed (indicatively):
- Identification Data including your surname, name, gender, date and place of birth, email and your signature;
- Contact Data including your phone number, address, email address and fax number;
- Information pertinent to fulfilling our services to you including information provided in the course of the contractual or client relationship between you and your organisation and the Firm, or otherwise voluntarily provided by you or your organisation;
- Physical access data e.g CCTV images of your visits to our offices;
- Special categories of Personal Data.
PERSONAL DATA ABOUT OTHER PEOPLE:
In the context of providing our services, we may ask for Personal Data of individuals who are not aware of our involvement or of our processing of their Personal Data (such as family members, customers, counterparties, employees, directors, shareholders or beneficial owners). In these cases, you must ensure that the relevant persons have read or have been informed of our Policy.
We understand the importance of protecting children’s privacy. We may collect personal data in relation to children, only provided that we have first obtained their parents’ or legal guardian’s consent or unless otherwise permitted under the Law.
FAILURE TO COLLECT PERSONAL DATA:
We are obliged under the Laws of the Republic of Cyprus in force from time to time and the Directives of the Cyprus Bar Association which is our Regulatory Body, prior to processing your instructions, to collect and assess certain information / Personal Data. This duty cannot be complied with, if we do not have your full support and co-operation. If you fail to provide these data fully and on a timely manner set, we shall not be able to carry out providing our services to you. In this case, we reserve the absolute right to cancel our engagement, having provided the relevant Notice in advance to you for compliance.
WAYS OF COLLECTING YOUR PERSONAL DATA:
We obtain your Personal Data from many sources, but mainly through:
- Our website (www.itsolutionandservicescy.com);
- Information you provide directly to us;
- Information provided by third parties;
- Google Analytics;
- Social Media Applications (e.g Facebook);
- Other publicly available sources.
REASON & PURPOSES OF COLLECTING PERSONAL DATA:
We will only use and share your information where it is necessary for us to lawfully carry out our business activities as a Legal Firm.
The purposes of the collection of Personal Information have the following legal grounds:
- LEGAL DUTIES:
We may process your Personal Data in order to comply with legal and / or regulatory obligations that we are subject to, including any obligations imposed on us by the Cyprus Bar Association and the government Unit for Combating Money Laundering (MOKAS), as well as to keep records of our compliance processes.
- CONTRACTUAL NECESSITY:
We may process your information where it is necessary to enter into an engagement with you, for the provision of our legal services or to perform our obligations under that engagement, to carry out orders, to execute and manage your requests, to secure, evaluate, protect, support, promote and improve our co-operation.
- LEGITIMATE INTERESTS:
We may process your Personal Information where it is in our legitimate interests to do so as a Firm and without prejudicing your rights and freedoms. In particular we may process your Personal Information in the day-to-day running of our business and financial affairs and to ensure that our processes and systems operate effectively. This may include processing, for example, in order to defend our legal rights, to enable a sale, transfer or other transaction relating to our business, to identify new business opportunities and develop enquiries into proposals for new business and to develop our relationship with you and / or assess the quality of our customer services and to provide staff training.
- EXERCISE / DEFENCE OF LEGAL CLAIMS:
We may process special categories of Personal Data that you may disclose to us, in order to be able to act on your behalf in court proceedings or any administrative or out-of-court procedures.
INFORMATION ABOUT CRIMINAL CONVICTIONS:
We may only use information relating to criminal convictions where the Law allows us to do so, as part of the Firm’s initial and period review of our relationship with our Clients. We may also use information relating to criminal convictions where it is necessary in relation to legal claims, such as when we are acting on your behalf in criminal proceedings.
WHO WE SHARE YOUR PERSONAL DATA WITH:
We may share your Personal Data with:
- Our appointed licensed Accountant / Audit / Tax Advisors (who processes your Personal Data on our behalf);
- Other members and / or subsidiaries.
- Certain Service Providers we have retained in connection.
- If we have collected your Personal Data in the course of providing legal services to any of our clients, we may disclose it to that client, and where permitted by Law to others for the purpose of providing those services;
- With any competent Law enforcement body, Regulator, Government Agency, Court or other third party where we believe disclosure is necessary as a matter of applicable Law or regulation or in order to exercise, establish or defend our legal rights;
- Service Providers who support our business, including IT, communication suppliers, File Storage, archiving and / or records management companies and security solutions Companies;
- If we sell / buy any of your assets, we may disclose your Personal Data to the prospective Seller or Buyer of such assets;
- To any person you have given us your explicit consent to disclose to.
- We will only transfer your Personal Data to countries that, according to our best knowledge, provide an adequate level of protection for Personal Data by the European Commission;
- If we engage Service Providers outside the European Economic Area, we may put in place standard contractual clauses approved by the European Commission which give Personal Data the same protection it has in the European Union;
- We may additionally, transfer your Personal Data to a party outside the European Economic Area, where we have your prior explicit consent to do so or where such transfer is necessary for the provision of our services to you.
DURATION OF STORAGE:
We will keep your Personal Data for as long as we have a business relationship with you. Once our business relationship has been terminated, we may keep your Personal Data for five (5) years, at least.
To determine the retention period of your Personal Data for more years, we shall consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from authorised use and whether we can achieve those purposes through other means, however we will make sure that your privacy is protected and that your Personal Data are only used for those purposes.
We are committed to ensuring that your Personal Information is secure with us and with the third parties who act on our behalf. Specifically, we have put in place appropriate security measures to prevent your
Personal Data from being accidentally lost, processed or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data only to those employees, agents, contractors and other third parties who need to know. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality.
Lastly, we have put in place procedures to deal with any incident that may lead to a security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
You have the following rights in terms of the Personal Data we hold about you:
- To obtain a copy and access your Personal Data held by the Firm;
- To request correction of your Personal Data;
- To request erasure of your Personal Information, if you believe that:
1. We no longer need to process your information for the purposes for which it was provided;
2. Deletion is required by Law;
3. You have successfully objected to the processing of the data by the Firm;We have requested your permission to process your Personal Information and you wish to withdraw your consent; or
4. We are not using your information in a lawful manner.
(In such a case, please note that we may have to suspend the services we provide to you).
- To object to the processing of your Personal Data: You have the right to object to the Firm’s use of your Personal Data and ask the Firm to stop using your data in any of the following circumstances:
1. You have the right to object on grounds relating to your particular situation. If you lodge an objection, the Firm will no longer process your Personal Data, unless the Firm can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or unless the processing is for the establishment, exercise or defence of legal claims.
2. You have the right to object to the processing of your Personal Data for marketing purposes. If you lodge such an objection, your data will no longer be processed for such purposes.
- To receive your Personal Data from the Firm in a format that can be easily re-used. You can also ask the Firm to pass on your Personal Data in this format to other organisations, where this is technically feasible. This right relates to the data which you have provided to the Firm and which the Firm processes electronically in reliance on your consent or for fulfilling the engagement between you and the Firm;
- To request the restriction of processing your Personal Data, if:
1. It is not accurate; or
2. It has been used unlawfully, but you do not wish for us to delete it; or
3. It is not relevant any more, but you want us to keep it for use in possible legal claims; or
4. You have already asked us to stop using your Personal Data, but you are waiting for us to confirm if we have legitimate grounds to use your data.
(Please note that if you request us to restrict processing your Personal Data, we may have to suspend the services we provide to you).
- Where the Firm requests your consent for the processing of your data, you can withdraw your consent at any time, thus the Firm may not be able to provide certain services to you;
- If you have concerns about the use of your Personal Data by us and / or if you wish to obtain ad hoc information as regards to the treatment of your Personal Data by us – since this Policy is general – you have the right to contact us at:
Tel: (+357) 25 – 361333
CHANGES TO THIS POLICY:
This Policy sets out the information that the Firm must provide to you for the purposes of the GDPR, which is applicable in the Republic of Cyprus as of the 25th day of May, 2018. We reserve the right to update and change this Privacy from time to time, in order to reflect any changes to the way in which we process your Personal Data or changing legal requirements. The new version of this Policy will be available on the Firm’s website (www.itsolutionandservicescy.com). In case of significant changes (such as in relation to the reasons for which the Firm uses personal data or to the way in which you may exercise the rights described above), the Firm will bring these changes to your attention.