This Data Protection Policy (‘Policy’) sets out the basis on which George Y. Yiangou LLC (‘we’, ‘us’, ‘our’), being a Data Controller, registered in the “Registry of Lawyers Companies” of the Cyprus Bar Association under registration number 373, may collect, use or otherwise process Personal Data in accordance with the Law. This Policy applies to all Personal Data in our possession or under our control.
We have used the following terms in this Policy
- Data Controller means the person or organization which determines when, why and how to process Personal Data and implements appropriate technical and organizational measures to comply with the Law;
- Data Processor means a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Data Controller;
- Data Protection Officer means the person who is formally appointed with the purpose of ensuring that we are aware of and comply with our data protection responsibilities and obligations according to the Law;
- Data Subject means a living, identified or identifiable natural person about whom we hold Personal Data;
- European Economic Area (EEA) means the EU countries and also Iceland, Liechtenstein and Norway;
- Personal Data means data about the Data Subject who can be identified:
- from that data; or
from that data and other information to which we have or are likely to have access.
The Personal Data we may collect and use includes, without limitation, names and identification information such as email address, telephone numbers, copy of your passport, utility bill.
- Processing means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaption or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure or destruction;
- Special Categories of Personal Data means the information revealing racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health conditions, sexual life, sexual orientation, biometric or genetic data;
- the Law means the General Data Protection Regulation (2016/679) (GDPR) and the Data Protection Laws of the Republic of Cyprus.
Why do we process your Personal Data?
The purpose of the Processing of your Personal Data is largely based on each of the services that you have requested or that have been agreed with you. In general, your Personal Data is processed, within the scope of our business relationship with you.
On what legal basis do we process your Personal Data?
- we may have a contractual arrangement with you and we need to process your Personal Data in order to fulfil our obligations (e.g. you are a client);
- there may be a legal obligation for us to process your Personal Data (e.g. compliance with relevant anti-money laundering legislation);
- we may want to fulfil a legitimate interest pursued by us or by a third party, in a manner that does not override your rights and freedoms;
- you may have expressly asked us to do something or have otherwise given your clear consent to us to process your Personal Data (e.g. responding to a question you may have asked us).
Who we share your personal data with?
Personal Data may be shared to the extent that this is necessary for the performance of the obligations in the course of or in connection with our provision of the services requested by you or any other business purposes related to or in connection with the accomplishment of the services assigned to us (e.g. to our agents located in various jurisdictions where we do business, financial institutions, public authorities) and in accordance with your specific instructions.
In addition, we may be required by applicable laws or by a court or upon governmental/public/supervisory/regulatory/competent authority requests to disclose certain Personal Data.
Transferring your Personal Data outside EEA
We generally do not transfer Personal Data to countries outside of EEA, (except where required by the purposes set out in this Policy). If we need to transfer your Personal Data outside the EEA for any other purpose, we will obtain your consent for the transfer to be made and we will take all steps required to ensure that your Personal Data continues to receive our standards of protection.
How long will we store your Personal Data?
We will cease to retain your Personal Data or remove the means by which the Personal Data can be associated with you, after seven years (7) where your relationship with us has been terminated and/or as soon as it is reasonable to assume that such retention no longer serves the purposes for which the Personal Data were collected and are no longer necessary for legal or business purposes (except where retention is permitted or required by the Law and/or other applicable laws).
What are your rights in relation to your Personal Data?
- Right to access (commonly known as a “data subject access request”): You have the right to request a copy of the Personal Data we hold about you at any time;
- Right to rectification: You have the right to ask us to correct any inaccurate Personal Data we hold about you;
- Right to erasure: You have the right to ask us to delete your Personal Data from our records (Please note that we will not be able to delete your Personal Data when there is a legal obligation to keep that data / e.g. compliance with relevant anti-money laundering legislation or tax laws).
- Right to restrict processing: You have the right to ask us to restrict the use of your Personal Data;
- Right to object: You have the right to object to the collection and use of your Personal Data;
- Right to data portability: You have the right to request the transfer of your Personal Data to another party;
- Right to lodge a complaint: You have the right to lodge a complaint about the use of your Personal Data directly with us by contacting our Data Protection Officer on one of the contact details below or directly with the Office of the Commissioner for Personal Data Protection in Cyprus.
How can you exercise your rights in relation to your Personal Data?
You can exercise all of your rights by contacting our Data Protection Officer on any of the contact details below:
A: 12 Kennedy Avenue, 2nd Floor | 1087, Nicosia, Cyprus | P.O. BOX: 24293, 1703, Nicosia, Cyprus
E: Data Protection Officer at firstname.lastname@example.org
How do we protect your Personal Data?
To safeguard your Personal Data from unauthorized access, collection, use, disclosure, copying or similar risks, we have introduced appropriate administrative, physical and technical measures such as up to date antivirus protection, encryption and the use of privacy filters to secure the storage, disclosure and transmission of Personal Data.
You should be aware, however, that no method of transmission over the internet or method of electronic storage is completely secure. While security cannot be guarantee, we try to protect the security of the Personal Data by constantly reviewing and enhancing our information security measures.
Changes to this Policy
We may revise this Policy without any prior notice. Therefore, it is important to consult this page from time to time.