MARIOS HARTSIOTIS & CO LLC (“the Firm”) are committed to protecting your privacy. We ensure that the Firm’s employees are provided with the appropriate training in order to handle personal data duly and in accordance with the laws. Furthermore, we take appropriate measures to ensure that any parties with whom we co-operate apply the same high standards when it comes to personal data protection and privacy.
We will only use the information that we collect about you lawfully and in accordance with the General Data Protection Regulation (GDPR) (EU 2016/679).
This Privacy Notice sets out the basis on which we collect and process your personal data. Please read this privacy notice (“Privacy Notice”) carefully as it describes our collection, use, disclosure, retention and protection of your personal information and the lawful basis for such collection, use, disclosure and retention. It also sets out your rights in respect of our processing of your personal information.
- INFORMATION WE COLLECT AND PROCESS
We may collect personal information from you in the course of our business, when you contact or request information from us, when you engage our legal or other services, filling out engagement letters, retainers, or by correspondence by phone, email, fax, in person or otherwise. The information is stored and encrypted locally in the Firm’s internal server as well as in servers located in Cyprus and/or Member-States of the European Union and which are administered by third-party service providers with whom we collaborate in order to maintain our electronic database and back-up the data we collect (e.g. software service providers). Your client files are stored in hard copy and are securely held in our Firm’s premises. Although we have taken all appropriate measures and security procedures, programs and features we cannot guarantee that certain email communications and/or data transmitted to us over email and/or other means of electronic transfer of documents is secure.
Our primary goal in collecting personal information from you is to help us:
- verify your identity
- carry out our Services in accordance with your instructions
- carry out our legal obligations with local and foreign governmental Authorities
- safeguard the Firm’s legitimate interests
- resolve any complaints, disputes and claims
- for legal proceedings, legal advice or to establish, exercise or defend legal rights
- carry out our contractual obligations
- improve, develop and market new Services
- carry out requests made by you in relation to our Services
- investigate or settle court cases, claims, inquiries or disputes
- comply with any applicable law, court order, other judicial process, or the requirements of a regulator
- enforce our agreements with you
- protect the rights, property or safety of us or third parties, including our other clients
- Internal record keeping (The Firm may periodically send important announcement emails, news and articles, invitations or other information)
- Ensure the security level of the Firm’s employees and premises (use of CCTV equipment in the areas of the premises).
- To meet all legal, regulatory and ethical obligation of the Firm
- For internal training purposes
- use as otherwise required or permitted by law.
To undertake these goals, we may process the following personal information:
- Contact information including but not limited to names, postal addresses, email addresses, telephone numbers, the company you work for, social media accounts.
- Professional information
- Financial information.
- Information that you provide to us as part of the provision of our legal and other services which depends on the nature of your instructions to our Firm.
- Relevant information as required by Know Your Client and/or Anti-Money Laundering legislation and regulations and as part of our client intake procedures. This may possibly include evidence of source of funds, at the outset of and possibly from time to time throughout our relationship with clients, which we may request and/or obtain from third party sources. The sources for such verification may comprise documentation which we request from you.
- Meetings and visits to our offices
- Other information relevant to the provision of our Services.
Marios Hartsiotis & Co LLC also engages with corporate/legal entities and as such those instructors are not data subjects. However, as part of such instructions personal information may be provided to us. If you are an individual whose personal information is processed by us as a result of providing the Services to others (including individual clients and corporate clients) we will process a variety of different personal information depending on the Services provided.
This is a non-exhaustive list which is reflective of the varied nature of the personal information processed as part of a law firm providing legal services.
Special Category Data
“Special Category Data” includes information on a person’s race, health data or data relating to a person’s criminal record. In such instances, lawful basis for processing such special category data may include explicit consent or the processing is being necessary for compliance with a legal obligation or for the purposes of legal proceedings or legal advice. We will only process special category data in compliance with GDPR.
- DISCLOSURE OF PERSONAL DATA
We conduct an appropriate level of due diligence and put in place contractual documentation in relation to any disclosure of your personal data to third parties to ensure that they process personal data appropriately and according to our legal and regulatory obligations.
You agree that we have the right to share your personal data with:
- Any member of our Firm
- We may share your information in the extend required or permitted to do so with personnel, advisers, lawyers, banks, public authorities, Courts and Court personnel, clients, auditors, service providers, business associates, partners and any other third person or entity in connection with our services who are also obligated to comply with the European data protection standards and to provide appropriate safeguards in relation to your personal data.
- Regulators/tax authorities/corporate registries.
- Governmental or regulatory authorities.
- Third parties to whom we outsource certain services such as, without limitation, document service, processing and translation services, IT systems or software providers, IT Support service providers, document and information storage providers.
- Third parties engaged in the course of the services we provide to clients such as counsel, arbitrators, mediators, witnesses, cost draftsmen, court, opposing party and their lawyers, medical practitioners and experts.
- Third party postal or courier providers who assist us in delivering documents.
The above information will be disclosed where necessary for the performance of your instructions to our Firm.
Please note this list is non-exhaustive and there may be other examples where we need to share data with other parties in order to provide the Services as effectively as we can.
- LAWFUL BASIS FOR COLLECTION AND PROCESS OF PERSONAL DATA
We process your personal data in accordance with the GDPR and the local data protection law for one or more of the following reasons which provide a lawful basis:
- For the performance of a contract or services where necessary in order to carry out our contractual obligations.
- For compliance with a legal obligation to use your personal data to comply with any legal obligations imposed upon us.
- For the purposes of safeguarding our legitimate interests and to ensure that we provide our Services in the best way that we can.
- Where explicit consent has been provided.
- HOW LONG WE KEEP YOUR PERSONAL DATA FOR
We will retain your personal data for as long as necessary for the performance of our services and contractual obligations between you and our Firm. We may also retain relevant personal data in compliance with our obligations under the EU General Data Protection Regulation or for longer as we are required to do so according to our legal, regulatory obligations or professional indemnity obligations or for the maximum time as allowed by applicable law in effect at the relevant time.
- CONFIDENTIALITY AND SECURITY OF YOUR PERSONAL INFORMATION
We are committed to keeping the personal data provided to us secure and we have implemented appropriate information security policies, rules and technical measures to protect the personal information that we have under our control from unauthorised access, improper use or disclosure, unauthorised modification and unlawful destruction or accidental loss.
All of our partners, employees, consultants, workers and data processors (i.e. those who process your personal information on our behalf, for the purposes listed above), who have access to, and are associated with the processing of personal information, are obliged to respect the confidentiality of such personal information.
- YOUR RIGHTS
You have the following rights in relation to the personal data we hold about you:
- Your right of access
If you ask us, we’ll confirm whether we’re processing your personal information and, if necessary, provide you with a copy of that personal information. We may need to charge a reasonable fee.
- Your right to rectification
If the personal information we hold about you is inaccurate or incomplete, you are entitled to request to have it rectified.
- Your right to erasure
You can ask us to delete or remove your personal information in some circumstances such as where we no longer need it or if you withdraw your consent (where applicable).
- Your right to restrict processing
You can ask us to ‘block’ or suppress the processing of your personal information in certain circumstances, such as where you contest the accuracy of that personal information or you object to us.
- Your right to data portability
You have the right, in certain circumstances, to obtain personal information you’ve provided us with (in a structured, commonly used and machine readable format) and to reuse it elsewhere or to ask us to transfer this to a third party of your choice.
- Your right to object
You have the right to object the processing of your personal information if you provide a reasonable basis for the objection. We will address your objection duly and according to the GDPR regulation and relevant applicable law.
- Your right to withdraw consent
If we rely on your consent (or explicit consent) as our legal basis for processing your personal information, you have the right to withdraw that consent at any time.
- Your right to lodge a complaint with the supervisory authority
If you have a concern about any aspect of our privacy practices you have the right to complain to the Office of the Commissioner for Personal Data Protection (http://www.dataprotection.gov.cy), 1 Iasonos Street, 1082 Nicosia, P.O.Box 23378 Nicosia, Tel: 35722818456 Fax: 35722304565.
Please note that some of these rights may be limited where we have an overriding interest or legal obligation to continue to process the data or where data may be exempt from disclosure due to reasons of legal professional privilege or professional secrecy obligations.
- ENQUIRIES OR COMPLAINTS
The Firm has appointed a Data Protection Officer and all enquiries in respect to this Privacy Notice or to exercise any of the rights set out above you can contact our Data Protection Officer at email@example.com or by post at 10, Omirou Str., 3095, Limassol, Cyprus, marked “Confidential – For the attention of the Data Protection Officer” at Marios Hartsiotis & CO LLC.
- WEBSITE COOKIES
May 25th, 2018