1.1 This privacy statement and policy is given in accordance and in conformity with the provisions of the General Data Protection Regulation (EU) 2016/679 (the “Regulation”) in relation to the collection and processing of personal data. Reference to “us”, “we” or the “Firm” is a reference to, and to any member of Anthimos Leonidou & Partners Ltd. Further details on our Firm and its members can be found on our web-site, including under the “Disclaimer” section. References to “you” or the “client” means any person or entity dealing with us in any capacity whatsoever.
2.0 Collection of Data
2.1 We collect personal information about you when you, your associates, employees or representatives (with or without your express consent) voluntarily disclose such information to us directly or indirectly. This includes (without limitation) contacting us for employment purposes, to retain us, cooperate with us or enquire about our services. If you provided personal data to the Firm about someone else you acknowledge and undertake that you did so with the express consent of that other person(s) and that receipt of any personal data by us is lawful.
2.2 We may also collect data from other sources, including cookies on its or other websites, data vendors or any public or private sources.
2.3 We expect data provided voluntarily to be up to date, complete and accurate. It provides no assurance, undertaking or guarantee for the quality of data collected, whether provided voluntarily or collected from public or private sources.
3.0 Use and Purpose of Collection
3.1 The collection and processing of your personal data is necessary and lawful for the Firm’s activities as provided by article 6(1)(c) of the Regulation and is provided to the Firm freely and voluntarily for the aforesaid activities, including (without limitation):
ii. Representation or advisory;
iii. Provision of any other services offered or that may be offered by the Firm, its affiliates or associates whether on its own or jointly with any third party;
iv. Enquiries about its services or any of the above, including business opportunities.
3.2 Personal data may be collected for the purposes of identifying of person(s), whether clients or their affiliates including for the purposes of Law 188(I)/2007 on “The Prevention and Combating of Money Laundering Activities”, the Law on Provision of Administrative Services 196(I)/2012 or any other applicable law or regulation in Cyprus or abroad as each time are in force (the “Compliance Framework”). The personal data may include (without limitation): name and surname, residential and business address, contact details (email, telephone, fax, skype etc.) business associates, business activities, place and date of birth, marital and family status and circumstances (including family members), nationality, passport or ID number, tax residency and tax identification number, educational and occupational background, source and accumulation of income / wealth, past private or public positions. Personal data collected may include summaries of aforesaid personal data (in a form or document produced or signed by you) as well as copies of any primary document verifying any of the above.
3.3 Personal data may be kept in paper (hard) copy or electronically on servers or personal computers or backup devices (including on portable devices) on our network or off site, including third party data storage facility(ies) or data center(s) (including cloud services) and may be copied or transmitted by any means and in any form or format.
3.4 The Firm may (and shall be entitled to) use personal data to perform a search with any public or private database or sources in order to assess the personal data it holds and to comply with the Compliance Framework and shall be entitled to retain any personal data for not less than 5 years or as may be required for the said purposes.
3.5 The Firm collects, records, stores, organizes, structures, adapts or alters (upon being informed of any change), retrieves, discloses by transmission or otherwise makes available, aligns or combines, restricts, erases or destructs personal data for the purpose of providing services to its clients, receiving services from third parties, communicating with authorities or third parties and for its operations.
3.6 You acknowledge, agree and consent to any disclosure of personal data that is requested by any third party which is nominated or required (directly or indirectly) for the provision of services to you or by implication for the provision of any services or response by us.
3.7 By continuing to communicate or transact with, or retain the services of, the Firm you:
i. agree and undertake to provide to the Firm any other personal data as may be requested by the Firm as part of its ongoing obligations pursuant to the Compliance Framework. You also acknowledge that the Compliance Framework restricts rights granted pursuant to the Regulation, such as the “right to be forgotten” and of “portability of data”;
ii. acknowledge, accept and consent to the provision of access to all or some of your personal data to the Firm, its members, associates and any third party, body or authority pursuant to the Compliance Framework or as may be required in order to allow the Firm to provide its services and carry out its duties, including without limitation to its clients, yourselves or to your associates.
3.8 The Firm treats personal data as confidential. The rules of the profession as well as relevant confidentiality obligations bind the Firm, its members and employees. We may be obliged to disclose personal data if ordered by a court of law or any authority or body pursuant to the Compliance Framework or applicable law.
3.9 The Firm takes reasonable measures to protect personal data from misuse, interference, and unauthorized loss, access, modification or disclosure. We apply customary data protection practices, including by having installed a variety of commercially available software and hardware security tools. However, despite such measures, security breaches may occur and no data transmitted over the Internet and no database or other depository of information can be totally secure. As a result, despite our efforts to protect personal data we cannot and do not guarantee or warrant its security and we will not be and are not liable for disclosures of your personal data due to errors in transmission, networks that we do not control, or unauthorized acts of third parties.
3.11 Personal data shall be accessible to members, employees and associates of the Firm to allow them to carry out their duties and be provided to third party(ies) which are or will be involved in the provision of such services, directly or indirectly, to you, your associates or the Firm.
3.12 The Firm will not sell, trade, or rent your personal data.
4.0 Data Retention Period
4.1 We retain personal data and records for as long as we are engaged or the duration of an ongoing relationship or transaction and for a period of at least six (6) years thereafter. We may maintain such records for longer periods as the Firm considers necessary in order to comply with the Compliance Framework and applicable laws (including without limitation the data retention obligations inherent in Cyprus tax laws) as well as for any period required in order to protect our interests in the case of claims or disputes.
5.0 Right to access personal data
5.1 You have the right to access and rectify personal data held by the Firm which was provided by you (subject to the Compliance Framework).
5.2 Your rights may be exercised by contacting the Firm’s data manager who is the designated person for addressing any issues pertaining to personal data at firstname.lastname@example.org
6.0 Contact details