Data Protection Policy

Our Endeavour for Protection of Personal Data

We endeavor to protect our clients’ privacy. In this document we set out how we collect our clients’ personal data, how we use it, and what rights our clients have in relation to the personal data which is collected, held and /or processed by us, as lawyers.

It is to be noted that our obligation to protect our clients’ policy is in addition to the duty of confidentiality we may owe to our clients.  

Persons Responsible for Collecting and Processing Clients’ Personal Data

The personal data of our clients is collected and controlled by the officers of Chriso Savva LLC on the basis of the business relationship which has been established between a client and CHRISO SAVVA LLC or on the basis of instructions given for the provision of legal services by Chriso Savva LLC.

The Type of Personal Data Which May Be Collected

• Information which is needed for identifying our clients, such as our clients’ name, postal address, home address, business address, telephone number, mobile number, facsimile number and email address.

• Other personal information, such as curriculum vitae, job title, source of income, tax information or employment details.

• Information on business or corporate or legal transactions which shall be provided at the time of our engagement for the purposes of advising them or assisting them on the completion of such corporate or legal transactions.

• Information on any assets whatsoever our clients may hold or any investments they have made or are planning to make.

• Information on payment transactions and data necessary in order for us to able to make or process payments on behalf of our clients but the same time implement fraud prevention measures, including credit / debit card numbers, security code numbers and other such relevant billing details.

• Any data or information which we are legally bound to collect in order that we are in compliance with the due diligence and know your client regulations and the laws of the Republic of Cyprus.

• Information collected from publicly available resources or forums, including but not limited to information collected from databases we use to carry out compliance checks or credit rating agencies.

• Information about our clients relating to an interest or office which they may hold or relating to certain relationships our clients may have with a corporate entity, a partnership, trust or other vehicle to which we provide services. 

• Where necessary, we may collect information about our clients which may include sensitive information such as in relation to their health history. The processing of such data shall be based entirely on our clients’ providing their consent and in them having the right to request that we do not process such data.

At What Stage Do We Collect Personal Data

• When any client, (whether a physical person or an entity) seeks our services, such as any type legal advice, corporate services or our fiduciary services.

• When any client makes an enquiry through our website, in person, over email or over the telephone.

• When a third party entity, (including professional firms or business entities, whether within the EU or outside the EU), engages Chriso Savva LLC to provide services to any of their own clients or associates or where such clients or associates either hold an office, or are affiliated or have any other business relationships with such third party entity.

• When our clients request that we file any type of application on their behalf before any government agency in the Republic of Cyprus.

• When we seek to engage the services of any of our associates, whether in Cyprus or overseas.

 For What Purposes will the Personal Data be Used, (“the Permitted Purposes”)

• In order for us to protect our clients’ personal data and to prevent unauthorized disclosure or to prevent breach of our legal obligations with respect to the protection of personal data of any of clients’ personal data, we shall request from our clients to provide us with a copy of a valid form of identification.

• To provide legal advice or other legal services as may be requested by our clients.

• To manage and /or administer our clients’ companies or business relationship with our office, including processing payments, invoicing, or providing any ancillary services to our clients.

• For the purposes of compliance with our legal obligations (such as record keeping obligations), compliance screening or recording obligations (such as under antitrust laws, export controls, trade sanction and embargo laws, for anti-money laundering, financial and credit check and fraud and crime prevention and detection purposes), which may include automated checks of our clients ‘contact data or other information our clients have provided us with in order to ensure that such a client is not on an applicable sanctioned-party lists.

• Our clients may be contacted in order for us to confirm their identity where such action is relevant for compliance purposes.

• To provide updates, reminders, requests and directions relevant to the legal duties we have undertaken towards our clients and in compliance with the laws.

• To protect the security of communication systems, websites and other systems, and to detect security threats, fraud or other criminal or malicious activities against our office or our clients.

• For insurance purposes.

• To ensure compliance with our policies and standards.
• To identify persons authorized to trade and/or act on behalf of our clients, customers, suppliers and/or service providers.

• Upon receipt of instruction or request from our clients or any third party authorized by our clients.

• For the purposes of communication with our clients through approved channels of communications and where necessary to keep our clients up to date on the latest legal developments, announcements, and other information.

• To comply with court orders and exercises and/or defend our legal rights.

• To comply with our legal obligations, such as keeping pension records or records for tax purposes).

• For any purpose related and/or ancillary to any of the above or any other purpose for which the personal data of our clients is required by our office.

We may further process information of clients for the following purposes:

• Where processing is necessary for the purposes of our legitimate interest or those of any third party recipients that receive our clients’ personal data, provided that such interests are not contrary to our clients’ rights and interests and protection of privacy.
• Where this is necessary for the introduction to a new client or a third party, at the request of such third party and with the consent of the new client.
• Where our clients’ consent has been explicitly given we may provide them with newsletters, legal updates and other general communications. Our clients have the option to request that we do not send any such communication to them.

Note:    Our clients’ personal data will not be used for the purposes of taking any automated decisions affecting our clients in any way. 

How Will We Share Our Clients’ Personal Data

• We may share our clients’ personal data with any of our associates on a confidential basis where this is required for the purpose of providing legal advice and services, as well as for administrative, invoicing, accounting, auditing and other business purposes.

• We may share our clients’ personal data with any government agency in the Republic of Cyprus for the purposes of fraud and crime prevention purposes, including financial institutions and regulatory bodies.

• We may convey our clients’ personal data with any government agency in the Republic of Cyprus for the purposes processing an application on behalf of any of our clients.

• We may share our clients’ personal data with any third party to whom we assign or novate any of the rights or obligations of Chriso Savva LLC.

• We may share our clients’ personal data with courts, law enforcement authorities, regulators or attorneys or other parties where it is reasonably necessary for the establishment, exercise or defense of a legal or equitable claim, or for the purposes of a confidential alternative dispute resolution process.

• We will otherwise only disclose our clients’ personal data when our client direct us or give us permission to do so, when we are required by applicable law or regulations or judicial or official request to do so, or as required to investigate actual or suspected fraudulent or criminal activities.

• We may also use aggregated personal data and statistics for the purpose of monitoring website usage in order to help us develop our website and our services.

Can Clients Refuse To Share Their Personal Data With Us

Personal Data is received by our office on a voluntary basis and upon request from us on the basis of us being in compliance with the laws of the Republic of Cyprus.

Where however clients may refuse to provide us with the personal data requested by our office we shall not be able to provide any services because we are legally required to adhere to compliance screening or require such data in order for us to process the instructions or otherwise to provide our clients with our services.

How Do we Keep Personal Data Safe

We take appropriate technical and organizational measures to keep our clients’ personal data confidential and secure, in accordance with our internal policies and procedures regarding storage of, access to and disclosure of personal data. Our clients personal data is kept in the electronic systems of our office, in back storage systems and on paper files.

Personal Data We Receive From Our Clients About Third Parties

It is required by us that, where our clients provide us with the personal data of third parties, such as their employees, directors of their companies, or other persons they may have dealings with, they must ensure that they are entitled divulge the personal data to us as their lawyers.

Our clients are further required that they should ensure that any disclose by us of the personal date of such third parties, is permitted and no further steps are required by our office for such disclosure.

More specifically, it is a requirement that when our clients disclose any personal data of third parties to us, such third parties should be aware of this disclosure, they should be made aware as to who we are, how their personal data will be used, what disclosure practice we have in place and the rights of any such third party to contact our office and to inquire about the purposes for which we collect data, what our disclosure practices are and the rights of the any such third party in relation to our holding of their data.

Conveyancing Of Personal Data Abroad (Including To Non-EU Countries)

There may cases where the personal data of our clients will need to be conveyed to a third parties abroad and this may include conveyancing and /or sharing such personal data with persons which are situated in countries which do not offer the same legal system in place for the protection of personal data.

When making such transfers, we shall ensure that they are subject to appropriate safeguards in accordance with the General Data Protection Regulation (Regulation 2016/679), (“GDPR”), or other applicable data protection legislation.

It will be our obligation to alert our clients at the time of our engagement that depending on the scope of our engagement, that the need may arise during our engagement for us to convey and /or transfer personal data to any third parties outside the EU.

The consent of our clients must be given for such transfer of personal data and our clients should not hold us liable for the manner in which their personal data is held or processed by any third parties which are situated outside the EU and which are outside the scope of the GDPR.

Conveyancing of Personal Data to any Government Agencies

Where our clients instruct us to file any applications before any government authorities, whether in the Republic of Cyprus or before any other authorities, (within the EU or outside the EU) and where for the purposes and in the course of processing of any such applications, we shall be obliged to transfer any personal data, we shall do so with the consent of our clients. We shall not however held liable for the manner in which personal data shall be processed and/ or be used by any such government agencies.

Duration of the period for which we can keep the personal data of our clients

 In accordance with the provisions of the PREVENTION AND SUPPRESION OF MONEY LAUNDERING AND TERRORIST FINANCING LAWS OF 2007, (as amended) we must keep your personal data on record for five years.

What Are The Rights Of Our Clients With Respect To The Data Protection

 Subject to certain conditions under applicable legislation, you have the right to:
Request access to your personal data (commonly known as a “Data Subject Access Request”).

• Request correction of the personal data that we hold about you. This enables you, as our client, to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

• Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. Please note however that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request. In such a case, your data will be stored but not processed until expiration of the retention obligation.

• Subject to the legal basis on which the processing activity is based, you may object to processing of your personal data. Please note that in some cases, we may have compelling legitimate grounds to process your information which we need to comply with.

• Request restriction of processing of your personal data:

(a) if it is not accurate;

(b) where processing may be unlawful but you do not want us to erase your data; (c) where you need us to hold the data even if we no longer require it; or

(d)   where you may have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

• Request the transfer of your personal data to you or to a third party.

• In case the processing of the data is performed subject to your consent, you may withdraw consent at any time where we are relying on consent to process your personal data. However, we note that this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will of course advise you if this is the case at the time you withdraw your consent.

To do any of the above, please contact us at: chriso@legal-corporate.com

or via facsimile at 00357-22766386 or by sending a letter addressed to: Chriso Savva, 8, Katsoni Street, 2^nd Floor, Office 202, Nicosia, Cyprus.

Please note that we may charge you with an administrative fee, in cases where requests are deemed manifestly unfounded or excessive, in particular because of their repetitive character.

It is the policy of our office to promptly respond to any requests or complaints. In the event that any of our clients are unhappy with the response of our office, they may submit a complaint to the relevant privacy regulator. The details of the relevant regulator shall be provided upon request.

Correcting And Updating Your Personal Data

Our clients must inform us immediately where our clients’ personal data which has been provided has changed, or where our clients believe that the personal data we hold is inaccurate. We should be notified in writing at: chriso@legal-corporate.com

It is the obligation of our clients or of any third party with whom our clients have a contractual or a business relationship with such a third party and to whom our office provides services, to inform us of the existence of such relationship.

Our office will not be held responsible for any loss that may arise due to us having any inaccurate, incomplete, inauthentic or otherwise deficient personal data which any client or any third party entity  have provided to us.

Changes To This Data Protection Policy

This Privacy Policy was last updated on 23^rd of May 2018. We reserve the right to update and /or amend the contents of this Privacy Policy from time to time to reflect any changes in the way in which we process the personal data of our clients or to reflect changes in the law.