GDPR stands for General Data Protection Regulation which replaces the previous Data Protection Directives by introducing new standards and principles in regards to the protection for the processing of personal data of natural persons as a fundamental right.
Our intention is to be of meaningful legal service and advice to our customers, by providing what we deem as valuable information.
In the present Privacy Notice, A. DIMITRIOU & ASSOCIATES LLC, may be referred to as “us”, “we” and “our”.
Your rights as data subject
Under the GDPR you have the following rights:
(a) to access your personal data
(b) to be provided with information about how your personal data is processed
(c) to have your personal data corrected
(d) to have your personal data erased in certain circumstances
(e) to object to or restrict how your personal data is processed
(f) to have your personal data transferred to a Data Protection Officer of another business in certain circumstances
(g) You have the right to make a complaint at any time to a supervisory Authority. The Cyprus Data Protection Commissioner is the lead data protection supervisory Authority in Cyprus.
Please note that the above rights are not absolute, and we may be entitled to refuse requests where exceptions apply.
To find out more about your rights please refer to the EU regulator in the place where you are located (in the EU).
In case you have any questions about how we process your personal data, or in case you wish to exercise any of the rights set out above, please contact us.
What personal data we collect
Personal data means any information relating to you which allows us to identify you, such as your name, contact details, requirement details and information about your access to our website.
We may collect personal data from you when you commence your co-operation with us (either directly or indirectly through our trusted third party partners), if you use our website, or when you contact us either via e-mail correspondence, via telephone, via facsimile etc.
Specifically, we may collect the following categories of information:
What do we use your personal data for, why and for how long
Your data may be used for the following purposes:
We will only process your personal data where we have a legal basis to do so. The legal basis will depend on the reasons we have collected and need to use your personal data for.
In most cases we will need to process your personal data so we can enter into our engagement letter for the commencement of our business relationship with you.
We may also process your personal data for one or more of the following:
Only children aged 16 or over can provide their own consent. For children under this age, consent of the child’s parents or legal guardians is required.
We will not retain your data for longer than is necessary to fulfil the purpose it is being processed for. To determine the appropriate retention period, we consider the amount, nature and sensitivity of the personal data, the purposes for which we process it and whether we can achieve those purposes through other means.
We also consider periods for which we might need to retain personal data in order to meet our legal obligations or to deal with complaints, queries and to protect our legal rights in the event of a claim being made.
When we no longer need your personal data, we will securely delete or destroy it. We will also consider if and how we can minimize over time the personal data that we use, and if we can anonymize your personal data so that it can no longer be associated with you or identify you, in which case we may use that information without further notice to you.
Security of your personal data
We follow strict security procedures in the storage and disclosure of your personal data, and to protect it against accidental loss, destruction or damage. The data you provide to us is protected using SSL (Secure Socket Layer) technology. SSL is the industry standard method of encrypting personal information and credit card details so that they can be securely transferred over the Internet.
International Data Transfer
A. Dimitriou & Associates LLC does not operate in other jurisdictions, whether located within or outside the European Economic Area (EEA). However, in instances where you will require the transfer of your personal data for specified and legitimate reasons, we will require all services providers to process your information in a secure manner and in accordance with EU law on data protection. We utilize standard means under EU law to legitimize data transfers outside the EEA.
Sharing your personal data
Your personal data will not be shared with anybody, unless with your prior written consent and only for specific purposes, in assisting your needs and processing of your requirements, e.g. your personal data may be shared with other Authorities and/or professionals for example, banks for the opening of your bank account, immigration authorities for the submission and completion of your application, our Associates, our Agents and/or our trusted partners.
When our use of your personal data is based on your consent, you have the option to withdraw your consent to our processing and delete your personal data at any time by contacting our law office.
We will delete any information collected without consent, as soon as we become aware of it.
We keep your personal information contained in your file which can be either in hard copy format, electronic format or both, or even Archived, for as long as you keep your business relation with us and also we maintain record keeping of all your data for 5 years after the termination of our business relation with you, subject to the Anti Money Laundering Applicable Laws of the European Union, harmonized with Cyprus Laws and relevant legislation and/or for 7 years as per Tax Law requirements.