Constantina Mitsingas & Associates LLC
Legal Insight. Business Instinct. Boutique Law firm in Limassol, Cyprus

Privacy Policy

Privacy Policy

25th May 2018

Constantina Mitsingas & Associates LLC is a lawyers’ limited liability company established in Cyprus with registration number ΗΕ368208 (also referred to herein as ‘we’, ‘us’, our’ or the ‘Firm’) which is committed to the maintenance of your privacy and the handling of your personal data in an open and transparent manner.

TO WHOM THIS PRIVACY NOTICE IS ADDRESSED TO:

This Privacy Notice is addressed to natural persons who may be one or more of the following:

  • Current and potential customers of our Firm or persons who have had a business relationship with our Firm in the past;

  • Authorized representatives or agents of beneficial owners of legal entities administered by the Firm;

  • Officers or employees of legal entities to whom we provide services

PURPOSE OF THIS NOTICE

The purpose of the Privacy Notice is to :

  • Provide information about the nature of the personal data which we may collect and process from you and the purposes of such processing;

  • Inform you about your rights with respect to the data concerning yourself that you communicate to us under the EU General Data Protection Regulation and Cypriot data protection law;

  • Inform you with respect to the instances whereby we may transmit your personal data.

WHAT CONSTITUTES ‘PERSONAL DATA’?

Personal data means any information relating to an identified or identifiable natural person. Examples of such personal data are your name, address and identification number and the form of such data may be hard copy, electronic, or other form.

WHAT CONSTITUTES ‘PROCESSING’ OF PERSONAL DATA?

By ‘processing’ of personal data, we refer to any operation which is performed upon them by us, for example their collection, recording, organization, storage, disclosure, transmission, erasure or destruction.

WHAT PERSONAL DATA WE PROCESS AND WHERE WE COLLECT IT FROM

We collect and process different types of personal data, depending on the type of service that you requested to receive, be it legal, corporate or administration or other relevant or ancillary services and our legal and regulatory obligations in the field of anti-money laundering legislation and tax legislation and other applicable national or international legislation.

Personal data may be collected either from the client directly, or from their representatives, employees or agents. We may also collect and process personal data from publicly available sources, such as governmental agencies, the internet, or the press.

For the above purposes, the types of personal data that we collect customarily include, but are not limited to the following:

  • Name, address, contact details (telephone/email), identification data, birth date, place of birth, marital status, CV, source of wealth, tax registration codes/numbers, employment status, information on business activities, data concerning any criminal convictions, information on whether you hold/held a prominent public function, FATCA/CRS information.

DATA OF MINORS (CHILDREN)

We acknowledge that safeguarding the privacy children/minors is of particular importance. Any personal data concerning children will be collected only to the extent necessary depending on the type of service that you requested to receive and provided that we obtained the consent of the parents/guardians of such children or otherwise permitted by applicable law. 

WHY YOUR PERSONAL DATA IS COLLECTED AND THE LEGAL GROUNDS FOR DOING SO

It follows from the above, that in order that we may be in a position to provide any of our services to you, you must provide us with such personal data which are necessary in order to enable us to do so, but also in order to abide by the legal obligations which we are bound by, as mentioned above.

Specifically, the legal grounds based on which we may collect and process personal data are determined by the EU General Data Protection Regulation and Cypriot data protection law and may be based on one or more of the following reasons:

i. For the performance of the purpose of our engagement by you, i.e. to provide legal, corporate administration or other relevant or ancillary services as per our engagement and complete our client acceptance/KYC/anti-money laundering procedures.

ii. For compliance with a legal obligation: As a lawyers limited liability company and the provider of other relevant or ancillary services to local and international clients, we are bound to abide by several pieces of legislation, including but not limited to the Anti-Money Laundering Law, Tax Laws, Cyprus Banking Law and other pieces of legislation which are directly relevant to our activities. We are also licensed and supervised by the Cyprus Bar Association and as such we are obliged to adhere strictly to its guidelines on several matters pertaining to our business.

iii. The above impose on us necessary data processing activities concerning our clients and their agents/representatives such as KYC/due diligence obligations, tax laws, reporting obligations and compliance with directives and court-orders.

iv. For the safeguard of our legitimate interests such as initiating legal claims or assistance in connection therewith, preparation of our defence in litigation procedures, internal management of systems and organization of our work, prevention of anti-money laundering.

v. You have provided us with your specific consent for such processing other than for any of the reasons set out above, in which case your consent constitutes the lawful ground of processing of personal data. You have the right to revoke such consent at any time.

WHO MAY BE RECIPIENTS OF YOUR DATA/ TRANSFERS OF DATA OUTSIDE EUROPEAN UNION

We may transmit your personal data in the context of us providing the agreed services to you or in accordance with statutory obligations imposed on ourselves and/or the third-party recipients.

We may disclose personal data to:

• Third parties to the extent that such disclosure has been expressly and in writing authorized by you;

• Third parties to the extent that the data disclosed has already entered the public domain in circumstances not engaging our liability;

• Third parties to the extent that such disclosure is required pursuant to applicable law;

• Third parties in the context of any judicial proceedings for the settlement of any dispute arising out of or in connection with any agreement with you (including a dispute relating to the existence, validity or termination of such agreement or any non-contractual obligation arising out of or in connection with such agreement), so long as the disclosure is made in good faith;

• Third parties in the course of defending ourselves in the context of any administrative and/or disciplinary and/or civil and/or criminal proceedings anywhere in the world, to the extent that, acting in good faith and reasonably, we resolve that such disclosure is necessary for properly defending ourselves;

• Third party providers of accounting and/or actuarial and/or auditing and/or banking and/or business consulting and/or company administration/management and/or human resources and/or insurance and/or technology and/or legal and/or security (such as data security etc.) and/or tax services to the Firm, to the extent necessary for the purposes of such providers’ provision of such services to the Firm and provided that the relevant provider is subject to a duty of confidentiality;

• Third parties where it is necessary to protect the vital interests of the data subject or another natural person.

Examples of types of governmental authorities and/or service providers and/or vendors where we may transmit your data  include:

  • The Cyprus Registrar of Companies;

  • The Cyprus Commissioner of Taxation;

  • Accountants and Auditors;

  • Credit institutions in Cyprus and abroad where you requested the opening of bank accounts/provision of banking facilities or that need to be provided with information in the context of a transaction relating to yourselves personally or companies owned legally and/or beneficially by you;

In the context of the above, we may transfer your personal data to countries outside the European Union for the purposes mentioned above, if required by law, or if you have given us your consent to do so. Recipients located in countries which are deemed not to afford an adequate level of protection of personal data are obligated to maintain appropriate safeguards in relation to the transfer of your data to them as per the relevant provisions of the EU General Data Protection Regulation.

RETENTION OF PERSONAL DATA

We may process personal data for the period(s) necessary to fulfill the purpose(s) for processing that is/are relevant to such data and as for as long as we maintain a business relationship with you and we provide you with services.

Once our business relationship stops and we cease to provide you with any services, then the data shall be kept for a period of 5 years from such cessation, as per the relevant anti-money laundering legislation.

In this regard, we recall that, in Cyprus, following the filing of a tax return by a local company, the authorities can, under certain circumstances, raise an inquiry vis-à-vis such tax return during the period extending to the end of the 12th year after the tax year which the tax return concerns; inquiries can range from simple information requests to detailed technical challenges.

YOUR RIGHTS

You have the following rights in terms of your personal data we hold about you:

i. Receive access to your personal data. This enables you to e.g. receive a copy of the personal data we hold about you and to check that we are lawfully processing it. In order to receive such a copy you can contact us at the email: cmitsingas@cmitsingasllc.com

ii. Request correction [rectification] of the personal data we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected.

iii. Request erasure of your personal information. This enables you to ask us to erase your personal data [known as the ‘right to be forgotten’] where there is no good reason for us continuing to process it.

iv. Object to processing of your personal data where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground. If you lodge an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms.

v. Request the restriction of processing of your personal data. This enables you to ask us to restrict the processing of your personal data, i.e. use it only for certain things, if:

  • it is not accurate,

  • it has been used unlawfully but you do not wish for us to delete it,

  • it is not relevant any more, but you want us to keep it for use in possible legal claims,

  • you have already asked us to stop using your personal data but you are waiting us to confirm if we have legitimate grounds to use your data.

vi. Request to receive a copy of the personal data concerning you in a format that is structured and commonly used and transmit such data to other organizations. You also have the right to have your personal data transmitted directly by ourselves to other organizations you will name [known as the right to data portability].

vii. Withdraw the consent that you gave us with regard to the processing of your personal data at any time. Note that any withdrawal of consent shall not affect the lawfulness of processing based on consent before it was withdrawn or revoked by you.

To exercise any of your rights, or if you have any other questions about our use of your personal data, please contact cmitsingas@cmitsingasllc.com .

You have a right to lodge a complaint in the instance that your concerns about how we use your personal data have not been adequately addressed by us. You may inform Us of this by sending an email to cmitsingas@cmitsingasllc.com or directly lodge a complaint with the Office of the Commissioner for Personal Data Protection at http://www.dataprotection.gov.cy. 

AMENDMENTS TO THIS NOTICE

To the maximum extent permitted by applicable law, we reserve the right to change this Privacy Notice from time to time at our sole discretion. If we make any changes, we will post those changes here and update the “Last Updated” date at the bottom of this Privacy Notice. However, if we make material changes to this Privacy Notice, we will notify you by means of a prominent notice on the website at least 21 days prior to the change becoming effective.

Please review this Privacy Notice periodically for updates.

To the maximum extent permitted by applicable law, you shall be bound by any changes to this Privacy Statement as of the time that such changes become effective. We will communicate any updates or amendments to this Notice to you as may be necessary.

ENQUIRIES/ REQUESTS/ CONCERNS

Any enquiries, requests or concerns regarding this Notice or relating to the processing of your personal data should be addressed to cmitsingas@cmitsingasllc.com

Last Updated 5th September 2019