As from 25 May 2018 we are committed to comply with the General Data Protection Regulation 2016/679 as supplemented by the Cyprus Protection of Natural Persons Against the Processing of their Personal Data and the Free Movement of such Data Law of 2018 L.125(I)/2018 (hereinafter “the Data Protection Laws”).
Ierotheou, Kamperis & Co. LLC is a lawyers' limited liability company incorporated at the Republic of Cyprus with registration number HE284147 and registered office at Andrea Patsalidi 1, 3rd Floor, Office 301, 2362 Agios Dometios, Nicosia, Cyprus.
For the purposes of this policy ‘Controller’, ‘Processors’, ‘Data Subjects’, ‘Personal Data’, ‘Processing’ and ‘Personal Data Breach’, shall have the meanings given to them in the Data Protection Laws.
During the course of our business interaction we might collect different pieces of information such as your name and surname, home address, an email address, an identification card number, phone number, social insurance number, copy of your passport, bank account details (IBAN number), CV, information relating to health problems, and more which collected together can lead to your identification. Please note that this list is not exhaustive.
We collect your Personal Data from registration, interviews, questionnaires and surveys, direct observations, telephone, email, fax, post, documents and other records.
We process Personal Data only if at least one of the following applies:
(a) you have given consent to us for the processing of your personal data.
(b) processing is necessary for the performance of a contract that we have between us during the course of our business or in order to take steps at your request prior to entering into a contract such as our due diligence checks.
(c) processing is necessary for any legal obligations imposed upon us;
(d) processing is necessary in order to protect your vital interests or the interests of another natural person
(e) processing is necessary for the public interests
(f) processing is necessary for our legitimate interests or a third party’s legitimate interest.
We process only personal data which are necessary for specific purposes, where further processing is necessary for a purpose other than that for which your Personal Data were collected, we shall provide you with information on the purpose and with any other relevant information and we shall request your consent.
You have the right to withdraw your consent at any time by simply sending an email to email@example.com, because now decisions are made by you.
It must be clear that you have the absolute control of your life and you have a say on how your Personal Data are used. You have the right:
- to be informed about the processing of your Personal Data;
- of access to the Personal Data we hold about you;
- to rectification of your Personal Data;
- to erasure of your Personal Data (if we are not obligated by any other relevant law to have them);
· to restrict processing;
· to data portability by receiving your Personal Data in a machine-readable format and send it to another controller;
· to object to processing
To exercise your rights you just need to contact us through email to firstname.lastname@example.org and address your request to our Data Protection Officer “Ms. Evi Stavrou”. We would be happy to answer any enquiry or concerns you may have regarding the processing of your Personal Data.
You should also know that you have the right to lodge a complaint to the Commissioner for Personal Data Protection, but we would appreciate if you would give us the opportunity to resolve the matter swiftly and to your satisfaction.
We normally respond to all requests without undue delay and at the latest within 1 month as we are obligated by the Data Protection Laws. However, if we need more time or your request is complicated, we will inform you about it within one month. We retain our right to refuse to comply with your request if we believe that your request is manifestly unfounded or excessive, but you can always consult with the commissioner for Personal Data Protection.
Before you exercise your rights, we may ask you to provide us with further information in order to confirm your identity.
We have a professional and legal obligation to keep your Personal Data confidential. We agree that all your Personal Data disclosed to us shall be treated as confidential. However, there may be circumstances in which we are compelled by law to provide information regarding you or your affairs to regulatory or other authorities, and we may not be permitted to inform you that we have done so. Whenever your legal privilege excuses us from doing so, we will claim it. If you require further advice on this area, please feel free to contact our DPO.
To ensure the appropriate security of your Personal Data, including the protection against unauthorised or unlawful processing and against accidental loss, destruction or damage we have implemented appropriate technical and organisational measures such as pseudonymisation, data minimisation and much more.
We have put in place suitable physical, electronic and managerial procedures and we are able to prevent any Personal Data Breach. Nevertheless, as the technology changes and the creation of Data and information grow this might be impossible in some situations. For that reason, we have a breach response plan in order to protect you and your Personal Data from being harmed.
You should be aware that, from time to time, we may need to transfer or share your information to public and governmental authorities, credit institutions, third parties, business partners, service providers that are located in and outside the territories of the European Economic Area ("EEA"). When we are doing this, we ensure you that we will comply with the Data Protection Laws. Please note that the above is non-exhaustive list of persons and entities with whom we share your Personal Data.
If you or others on your behalf give us any Personal Data about another person, you take full responsibility for complying with any relevant Data Protection Laws which apply to the provision of that information to us, and our use of it.
We shall not keep your Personal Data for longer than is necessary to fulfil the purposes for which we collected it. Where we no longer require your Personal Data we shall delete, destroy or return them to you (and any copies of it), unless we are required by applicable law to retain such personal data.