Dr. K. Chrysostomides & Co LLC (the “Firm”) is committed to protecting privacy and making sure that any personal data it collects are processed in accordance with the EU General Data Protection Regulation (the “GDPR”) and applicable Cyprus laws and regulations.
References in this policy to “we”, “us” and “our” are references to the Firm. References to “you” and “your” are to the individual/s who is/are providing personal data to us.
When we Collect Personal Data
Personal data may be collected by the Firm in a number of circumstances, including:
• when you contact us to seek legal advice or services from us;
• when you make an enquiry via the Website or by email;
• when you apply for employment (job applicants);
• when you offer to provide or provide goods or services to us;
• information collected, via the Website, using cookies, unless you have disabled cookies (see relevant section below).
If you choose to withhold any personal data requested by us on any of the above-mentioned circumstances, it may not be possible for us to respond to your legal or other query, process your application for employment, offer the legal services requested, or in the case of cookies, use certain functionalities of the Website.
In some circumstances, we may collect personal data about you from a third-party source. For example, we may collect personal data from your organisation, other organisations with whom you have dealings, to include banks and other professional service providers or other organisations in the context of the provision of our services to you or generally in the context of any other dealings we may have with you. In any case, such collection from third parties is always carried out in line with our legal obligations.
Types of Personal Data We Collect
Depending on the reason why you communicate with us, we may collect the following data:
• Personal Details, such as your name, date of birth, personal contact details (postal address, email address, telephone number, fax), job title/profession and/or job description;
• Identification Information, such as ID number and/or passport number;
• Recruitment/Selection Data, such as academic qualifications, professional background and any other information contained in your CV, application form, record of interview or interview notes and/or any other assessment material;
• Payment Data, such as data necessary for processing payments to include bank account details, details of beneficiaries and other related billing information;
• Further information necessarily processed in a project or client contractual relationship with the Firm or voluntarily provided by you, such as instructions given, payments made, requests that you address to us.
• Special categories of personal data (sensitive data): In connection with the provision of legal services to you, we may on some occasions need to ask for certain sensitive information (e.g. information about your health etc.). The processing of sensitive data will only be carried out by us in full compliance with the GDPR and applicable national legislation, on the basis of your explicit prior consent.
• Visits. Details of your visits to our premises.
Purposes and Legal Bases for the Processing of Personal Data
The Firm uses your Personal Data for the purposes for which you have supplied it to us, to include:
• for responding to your requests for legal advice and/or other enquiries;
• for providing legal advice and/or other corporate and/or administrative services you may have requested;
• for ensuring compliance with our legal obligations (e.g. for compliance with our obligations under applicable anti-money laundering laws);
• for complying with court orders and/or defending our legal rights, where applicable;
• for the purposes of processing your application if you are a candidate for employment with the Firm;
• for any purpose related and/or ancillary to any of the above or any other purpose for which your personal data were provided to us;
• where you have provided us with your explicit prior consent, we may also use the information to provide you with newsletters, briefings and other publications about legal developments and matters which we believe may be of interest to you.
Our main legal bases for the processing of your personal data are the following:
• the processing is necessary for the performance on our part of the contract concerning the provision of legal services to you or to take steps at your request prior to entering into such contract, or the processing is necessary for the performance of any other contract or generally in the context of any other dealings we may have with you;
• the processing is necessary for us to comply with a legal obligation (for example under applicable Anti-Money Laundering laws);
• the processing is in our legitimate interests and our interests are not overridden by your interests, fundamental rights or freedoms;
Our legal bases for the processing of special categories of personal data (sensitive data) are the following:
• you have provided your explicit consent to the processing of such sensitive personal data for specified purposes;
• processing of such data may be necessary for the establishment, exercise or defence of legal claims.
Sharing Your Personal Data
We will not disclose your personal data, except:
• to third parties who provide services on our behalf, e.g. third parties providing document management services or software developers;
• to collaborators, to include instructing counsel, banks, accountants and auditors;
• where we are required to do so by law or where it is necessary for the purpose of, or in connection with, legal proceedings or in order to exercise or defend legal rights;
• upon your instructions or your express consent.
We may also share your personal data with any third party to whom we assign or novate any of our rights or obligations.
Personal data about other individuals which you provide to us
Retention of Personal Data
The Firm will generally retain personal data for the period necessary to fulfil the purposes for which it was originally collected and thereafter as required or permitted by law or as is necessary in order for the Firm to be able to defend, respond to or conduct prospective or actual legal claims or proceedings.
In light of the above general rule:
• Client data shall generally be retained for the duration of their business relationship with the Firm and thereafter for a further period of 6 years.
• With regard to candidates’ data, these shall be kept for the whole of the duration of the recruitment process and where their relevant application has been unsuccessful the data will be deleted immediately, except where the candidate has provided his/her explicit consent for holding the date for a longer period.
• Personal data in the context of other contractual relations or dealings with you shall be retained for the duration of our contractual relationship or dealings and thereafter for a further period of 6 years.
Security and Confidentiality of your Personal Data
The Firm strives to maintains appropriate technical and organisation security measures to protect your personal data against unauthorised or unlawful processing and against accidental loss, destruction or damage.
Whenever any third party service provider handles or processes your data on our behalf, we require them to do the same.
You may find below a list of your legal rights insofar as your personal data are concerned. Please note that some of these rights may not be applicable to your situation.
• You have the right to gain access to the personal data that we hold about you.
• You have the right of rectification, that is, to request the correction, without undue delay, of any personal data that we hold about you and are either inaccurate or incomplete.
• You have the right to obtain the erasure of your personal data, without undue delay, provided, amongst others, the personal data in question are no longer necessary in relation to the purposes for which they were collected.
• You have the right to restrict our processing activities or to object to the processing of your personal data.
• You have the right to data portability, that is, to request from us that we send your personal data in a structured, commonly used and machine-readable format, and to transmit those data to another controller.
• If we rely on your consent as our legal basis for the processing of your personal data, you have the right to withdraw that consent at any time.
In addition to the above, you also have the right to lodge a complaint to the Office of the Commissioner for Personal Data Protection in Cyprus, at the following postal and email address:
1 Iasonos str., 1082 Nicosia
P.O.Box 23378, 1682 Nicosia
Tel: +357 22818456
Fax: +357 22304565
Email: [email protected]