INTRODUCTION
Y. Vasiliou & Co LLC, hereinafter referred as “Vasiliou Law”, “We”, “us”, a Cyprus bar member, is a law firm based in Larnaca. Vasiliou Law is one of the fastest-growing law firms with expert lawyers in Cyprus, providing legal services with extensive and expanding clientele, ranging from private individuals and international clients to global organizations.
Vasiliou Law respects the rights and freedoms of individuals such as our clients, employees and people work with, and especially the right of privacy and the right to the protection of personal data. Vasiliou Law processes your personal data in accordance with the provisions of the General Data Protection Regulation (“GDPR”) and is considered as the Controller of your personal data meaning that it has the authority to determine the purposes and the means of the processing activities.
GDPR defines personal data as any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. In simple words information about yourself are personal data if it can allow us to identify you, for example name, surname, ID number, images, telephone number, student id etc.
We wish to be transparent about the data we collect and the ways we use them in order to ensure that you have the control of your personal data. This document explains how we handle and treat the personal data we hold, the purposes for which we process your personal data, your rights in respect of our processing of your personal data and in general all necessary information that you need. Please take a moment to read and understand it.
PERSONAL DATA AND INFORMATION WE COLLECT FROM YOU
The personal data that we collect may include but not limited to the following:
- Identification and contact Information such as name, maiden name, surname, ID number and/or passport number, country of birth, phone number, job title/profession, date of birth, postal address, including your home address, where you have provided this to us, business address, fax number and email address;
- Bank details such as Bank account number, IBAN, Account holder name, credit/debit card numbers, other related billing information;
- Further financial and/or business information necessarily processed in a project or client contractual relationship with the Firm or voluntarily provided by you, such as instructions given, payments made, requests and projects;
- Information collected from publicly available resources, integrity data bases and credits agencies where this is relevant to the services offered to you;
- Special categories of personal data (sensitive data): in connection with the provision of legal services to you, may on some occasions need to ask for certain sensitive information (e.g. information about your health, racial or ethnic origin etc.). The processing of sensitive data will only be carried out by us in full compliance with the GDPR and applicable national legislation, on the basis of your explicit prior consent.
- Recruitment/selection data, such as academic qualifications, professional background and any other information contained in your CV, application form, record of interview or interview notes and/or any other assessment material;
- Other personal data regarding your preferences where it is relevant to legal services that we provide; and/or
- Details of your visits to our premises;
- Technical information, including the Internet Protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting.
While most of the personal data you provide to us is mandatory, some is provided on a voluntary basis. There are generally no detrimental effects for you if you choose not to consent or to provide personal data. However, there are circumstances in which We cannot act without certain of your personal data, for example because the collection of personal data is required to process with your instructions or orders or to carry out a legally required compliance screening. In these cases, it will unfortunately not be possible 3 for us to provide you with what you request without first obtaining the relevant personal data and we will notify you accordingly.
When collecting data, Vasiliou Law will inform you whether you are required to provide this data or if your consent is needed. Where consent is required, we will provide you with specific information with regards to the reasons the data is being collected and how the data will be used.
HOW WE PROCESS THE PERSONAL DATA
Vasiliou Law may collect and process Personal Data that pertain to you for the following purposes:
- for providing legal advice on litigation and/or real estate and/or immigration and/or corporate matters and/or to provide other relevant administrative services to you upon your request;
- upon your request to respond by providing legal advice and/or other relevant services to your enquiries;
- for ensuring compliance with our legal obligations (e.g. for compliance with our obligations under applicable anti-money laundering laws and other domestic laws);
- for the purposes of processing your application if you are a candidate for employment with the Firm;
- for complying with a court order and/or defending our legal rights, where applicable;
- for insurance purposes;
- for any purpose related and/or ancillary to any of the above or any other purpose for which your Personal Data were provided to us;
- where you have provided to us with your explicit prior consent, we may also use the information to provide you with newsletters, briefings and other publication about legal developments and matters which we believe may be of interest to you; • to carry out our obligations arising from any contracts entered into between you and us and to provide you with information, products and services that you request from us;
- to provide you with information about other service we offer that are similar to those you have already enquired about;
- to notify you about changes to our service; 4
- to administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
THE LEGAL BASIS FOR OUR INTENDED PROCESSING OF PERSONAL DATA
Our intended processing of personal data has the following legal basis:
- The processing is necessary for the performance of the contract for providing legal and other relevant services or in order to take steps at your request prior to entering into the contract.
- The processing is necessary for compliance with legal obligations to which we are subject (e.g. The Anti- Money Laundering law, etc.)
- The data subject has given consent to the processing of his/her personal data for one or more specific purposes.
- The processing is necessary for the protection of data subjects’ s vital interests (or someone else’s interests).
- The processing is necessary for the purpose of legitimate interest pursued by us. Such interest include, to ensure the safety and security of our personnel, premises and equipment and to detect and prevent criminal actions, Vasiliou Law legitimate interest to establish, exercise or defend complaints and legal claims, etc.
Where we have obtained consent to use employee’s or client’s personal data, this consent can be withdrawn at any time. You may withdraw your consent at any given time without any consequence to the provision of our services. We will make this clear when we ask for consent and explain how consent can be withdrawn.
SOURCE OF PERSONAL DATA COLLECTED
We may collect your personal data directly from you or from other sources.
- Information provided from you. This is information about you that you give us by filling our client forms, engagement letters, retainers or by corresponding with us by phone, e- mail, in person or otherwise. It includes information you provide when you choose to use our services and/or become an affiliate to our firm, participate in any firm event and when you send any information to us under any capacity.
- Information we receive from other sources. This is information we receive about you if you use any of the websites we operate or the services we provide and/or from other affiliates and/or professionals. In this case, we will have informed you when we collected 5 that data and if we intend to share those data internally. We will also have told you for what purpose we will share and combine your data. We are working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies). We will notify you when we receive information about you from them and the purposes for which we intend to use that information.
STORING PERSONAL DATE
Vasiliou Law holds your personal data for as long as necessary in order to (a) meet our legal obligations, (b) to deal with complaints, queries and to protect our legal rights in the event of a claim being made, (c) to fulfil the purposes for which it was originally collected (d) assess the Law firm’s activity and the quality of services provided etc.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In the absence of specific legal, regulatory or contractual requirements, our baseline retention period for records and other documentary evidence created in the provision of services is 5 years.
When we no longer need your personal data, we will securely delete or destroy it.
WITH WHOM WE SHARE PERSONAL DATA
We recognize that your persona data is valuable, and we take all reasonable measures to protect them while it is in our care. Access to your personal data is granted to the staff of the Law Firm on a need-to-know basis, additionally, any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined under the Cyprus Companies’ Law.
In order for us to be able to operate we use third party providers. Therefore, your personal data may be disclosed to other professionals including but not limited to third parties to whom we outsource certain services, such as document processing and translation, confidential waste disposal, provision of IT systems, support or software, document and information storage, providers of information technology, counsel, arbitrators, mediators, clerks, witnesses, courts, opposing parties and their lawyers, as well as experts such as tax advisors or expert valuers, credit reference agencies and/or banking/financial institutions for the purpose of assessing your credit score where this is a condition of us entering into a contract with you.
Also, we may share your Personal Data to our subsidiaries or affiliates to the extent this is necessary for the purposes of provision of services, to foreign law firms for the purpose of obtaining foreign legal advice upon your instructions and we may also share your personal data with any third party to whom we assign or novate any of our rights or obligations.
Vasiliou Law may disclose your personal information to third parties If we are under a duty to disclose or share your personal data in order to comply with any legal and/or regulatory obligation, or in order to enforce or apply our terms of use and other agreements; or to protect the rights, property, or safety of Y. Vasiliou & Co LLC, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection, anti-money laundering and credit risk reduction.
TRANSFER OF PERSONAL DATA OUTSIDE EEA
During the provision of legal or ancillary services we may transfer your data outside the EEA. For this purpose, we choose only vendors which are in compliance with the data protection laws and are able to ensure a high level of security of your personal data and always upon ensuring that requirements of Data Protection Laws in relation to transfers to third countries or international organisations are being satisfied. For example, we will proceed with such transfer if there is an adequacy decision meaning that the third country ensures an adequate level of protection. In the absence of such decision we use appropriate safeguards such as binding contracts with third parties (standard data protection clauses).
COLLECTION OF DATA UNDER MONEY-LAUNDERING POLICIES AND PROCEDURES
Vasiliou Law conducts client due diligence enquiries on each new client and persons connected with them and conducts ongoing monitoring of existing clients. These enquiries are based on the FATF Recommendations, and the EU Third Money Laundering Directive, although if additional information is required, that information will also be obtained. Where necessary for these purposes, we may seek relevant information from third party data suppliers. Where individuals have supplied personal data for this purpose, we will only use it for that purpose and will keep it only if the relevant AML and data protection legislation requires.
CONFIDENTIALITY AND SECURITY OF YOUR PERSONAL DATA
Vasiliou Law is committed to protect your Personal Data, to this end, we have implemented information security policies, rules and technical measures to protect the personal information data under our control from unauthorized access, improper use and/or disclosure, unauthorized modification and/or unlawful destruction and/or accidental loss.
YOUR LEGAL RIGHTS
You have the following rights in relation to the personal data we hold about you:
a. Request access and information in relation to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
b. Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
c. Request erasure of your personal data. This enables you to ask us to delete or remove personal data under certain circumstances
d. Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your 8 particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
e. Object to automated decision-making including profiling, that is not to be subject of any automated decision-making by us using your personal information or profiling of you.
f. Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
g. Request transfer of your personal information in an electronic and structured form to you or to another party (commonly known as a right to “data portability”). This enables you to take your data from us in an electronically useable format and to be able to transfer your data to another party in an electronically useable format.
h. Withdraw consent in circumstances where you may have provided your consent to the processing of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
i. Lodge a complaint with the supervisory authority. If you have a concern about any aspect of our privacy practices, including the way we have handled your personal data, you can report it to the relevant Supervisory Authority.
Please note that some of the above rights may be limited where we have an overriding interest or legal obligation to continue to process the data or where data may be exempt from disclosure due to professional secrecy obligations.
If you want to exercise any of these rights, then please use our contact details provided below.
COMPLAINTS
If you have a concern about the way we are collecting or using your personal data or wish to make an internal complaint, you may contact us using the contact details provided 9 below or directly raise your concern to the Data Protection Commissioner’s Office at www.dataprotection.gov.cy.
CHANGES TO OUR PRIVACY POLICY
We may make changes to this Privacy Policy from time to time. To ensure that you are always aware of how we use your personal data we will update this Privacy Policy from time to time to reflect any changes to our use of your personal data. Where it is practicable we will notify you by email of any significant changes. However, we encourage you to review this Privacy Policy periodically to be informed of how we use your personal data.
CONTACT INFORMATION:
If you have any questions about this Privacy Policy or want to exercise your rights sets out in this Privacy Policy, please contact us by:
E-mail to: [email protected]
Call us on: +357 24 727313
Find us on: Pavlou Valdaseridi 2A, Floor 1, Larnaca 6018, Cyprus
You may send all Data Protection and Privacy related Inquiries to our address, marked “Confidential – For the attention of the Y. Vasiliou & Co LLC – Data Protection Officer”.