Hadjianastassiou, Ioannides LLC (hereinafter referred to as the “Firm” or “we” or “us” or “our”) is committed to protecting the privacy and security of the personal data it receives from its clients in an open and transparent manner. The personal data that the Firm, as a data controller, collects and processes will vary depending on the services provided to you.
This privacy statement (“Privacy Statement”):
For the purposes of this Privacy Statement:
1. Who we are
Hadjianastassiou, Ioannides LLC is a private lawyers’ limited liability company registered in Cyprus with registration number HE227297, regulated by the Cyprus Legal Council and the Cyprus Bar Association (CBA Reg. No. 22), having its registered office at 23 Themistokli Dervis Street, STADYL House, 1066 Nicosia, Cyprus.
The Firm is an affiliate firm of Deloitte Limited, a private company, registered in Cyprus with registration number HE162812.
2. Other websites
Our webpage may contain links to other websites run by Deloitte Touche Tohmatsu Limited, its member firms and their related entities and/or other organisations which we do not control. This Privacy Statement does not apply to these other websites. We are not responsible for the privacy policies and practices of other websites and apps (even if you access them using links that we provide) as we provide links to those websites solely for your information and convenience. We specifically disclaim responsibility for their content, privacy practices and terms of use, and we make no endorsements or representations about their accuracy, content or thoroughness. When you leave our webpage, we encourage you to read the privacy policy of every website you visit.
3. Personal Data we collect
Depending on the service that we provide to you, we may collect and process the following personal data from you:
4. Children
We may process children’s personal data when we act for you in relation to certain private matters (for instance, when we are advising you regarding inheritance matters). We process such personal data only where necessary for the specific client services we are providing.
5. Personal data about other people
On certain occasions, in the course of our client services, you may provide us with personal data of individuals who are not aware of our involvement or of our processing of their personal data (such as family members, customers, counterparties, employees, directors, shareholders or beneficial owners). In such cases, we are likely to not have direct contact with individuals whose personal data we are processing or, it may for other reasons (such as, for example, to maintain confidentiality) not be appropriate for us to provide them with a privacy notice setting out how we handle their personal data. Before you disclose any such personal data to us, you must ensure that the relevant individuals have received this Privacy Statement or have otherwise been informed of our client services.
6. If you fail to provide personal data
Where we need to collect personal data by law in order to process your instructions (for instance in relation to anti-money laundering or other KYC checks) or perform a contract we have with you and you fail to provide that data when requested, we may not be able to carry out your instructions or perform the contract we have or are trying to enter into with you. In this case, we may have to cancel our engagement with you, but we will notify you if this is the case at the time.
7. How we collect your personal data
We obtain your personal data mainly through any information you provide directly to us, through information provided by third parties or through publicly available sources, as follows:
Direct interactions with you: We may collect personal data about you through the completion of our KYC forms by you, or by corresponding with us by email, fax or post, by speaking to us in person or over the telephone or whilst visiting our offices. These interactions may include instances when you:
Third-party sources: We receive personal data about you from third parties when:
Publicly available sources: We collect personal data concerning you from:
8. Why we need your personal data
We will only use and share your information where it is necessary for us to lawfully carry out our business activities. We may process your personal data in connection with any of the purposes set out below on one or more of the following legal grounds:
A. CONTRACTUAL NECESSITY
We may process your information where it is necessary to enter into an engagement with you for the provision of our legal services or to perform our obligations under that engagement. This may include processing to:
Please note that if you do not agree to provide us with the requested information, it may not be possible for us to provide you with our services.
B. LEGAL OBLIGATIONS
We may process your personal data in order to comply with legal and/or regulatory obligations that we are subject to, including any obligations imposed on us by the Cyprus Bar Association and the government Unit for Combating Money Laundering (MOKAS), as well as to keep records of our compliance processes. Such processing may include KYC and anti-money laundering checks as well as politically exposed persons and sanctions screenings.
C. LEGITIMATE INTERESTS
We may process your personal information where it is in our legitimate interests to do so as an organisation and without prejudicing your interests or fundamental rights and freedoms. In particular we may process your personal information:
(i) monitor, maintain and improve internal business processes, information and data and technology solutions and services;
(ii) ensure business continuity and disaster recovery and respond to information technology and business incidents and emergencies;
(iii) to protect the security of our communications and other systems and to prevent and detect security threats or other malicious activities;
(iv) perform general, financial and regulatory accounting and reporting;
(v) to manage access to our premises for security and crime prevention purposes;
(vi) to exercise or defend our legal rights, or to comply with court orders;
(vii) enable a sale, reorganisation, transfer or other transaction relating to our business.
(i) identify new business opportunities and develop enquiries into proposals for new business and to develop our relationship with you;
(ii) communicate with you to keep you up-to-date on the latest developments, announcements, and other information about our services and solutions (including briefings, newsletters and other information), events and initiatives, and
(iii) assess the quality of our customer services and to provide staff training.
D. ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS
We may process special categories of personal data that you may disclose to us in order to be able to act on your behalf in court proceedings or any administrative or out-of-court procedures.
9. Information about criminal convictions
We may only use information relating to criminal convictions where the law allows us to do so.
We may also use information relating to criminal convictions where it is necessary in relation to legal claims, such as when we are acting on your behalf in criminal proceedings.
10. Who we share your personal data with
We may share your personal data with:
11. International transfers
From time to time, your personal data may be transferred to and stored at a destination outside the European Economic Area (“EEA”) depending on the nature of the services we provide to you. When such transfer occurs, we will use, share and safeguard that information as described in this Privacy Statement and will ensure that at least one of the following safeguards is implemented:
a) We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
b) If we engage service providers outside the EEA, we may put in place standard contractual clauses approved by the European Commission which give personal data the same protection it has in the European Union.
We may additionally, in rare occasions, transfer your personal data to a party outside the EEA where we have your prior explicit consent to do so or where such transfer is necessary for the provision of our services to you.
12. How long we keep your personal data for
We will keep your personal data for as long as we have a business relationship with you. Once our business relationship with you has ended, we may keep your personal data for the longest of the following periods: (i) any retention period set out in our retention policy which is in line with regulatory requirements relating to retention; or (ii) the end of the period in which any legal action or investigations might arise in respect of the services provided.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from authorised use and whether we can achieve those purposes through other means, and the applicable legal requirements.
We may keep your data for longer if we cannot delete it for legal, regulatory or technical reasons. If we do, we will make sure that your privacy is protected and that your personal data are only used for those purposes.
We are committed to ensuring that your personal information is secure with us and with the third parties who act on our behalf.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, processed or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have further been accredited with ISO 27001 which is an international standard in relation to information security management, certifying that we have the relevant procedures in place as well as the software, hardware and physical measures to protect data that are being processed by us. These measures are monitored, reviewed and regularly enhanced in order to meet our professional responsibilities and the needs of our clients.
We have put in place procedures to deal with any incident that may lead to a security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
14. Your data protection rights
We want to make sure you are aware of your rights in relation to the personal data we process about you. We have described those rights and the circumstances in which they apply further below.
You have the following rights in terms of the personal data we hold about you:
a) we no longer need to process your information for the purposes for which it was provided;
b) we have requested your permission to process your personal information and you wish to withdraw your consent; or
c) we are not using your information in a lawful manner.
Please note that if you request us to delete your information, we may have to suspend the services we provide to you.
Depending on the circumstances, we may need to restrict or cease processing your personal data altogether or, where requested, delete your personal information. Please note that if you object to us processing your personal data, we may have to suspend the services we provide to you.
a) it is not accurate; or
b) it has been used unlawfully but you do not wish for us to delete it; or
c) it is not relevant any more, but you want us to keep it for use in possible legal claims; or
d) you have already asked us to stop using your personal data but you are waiting for us to confirm if we have legitimate grounds to use your data.
Please note that if you request us to restrict processing your personal data, we may have to suspend the services we provide to you.
To exercise any of your rights, or if you have any other questions about our use of your personal data, please contact us at cylegal@deloitte.com.
We will endeavour to address all of your requests promptly.
15. Right to complain
If you have exercised any or all of your data protection rights, or otherwise still feel that your concerns about the use of your personal data have not been adequately addressed by us, you have the right to complain by contacting us at cylegal@deloitte.com.
16. Changes to this privacy statement
We reserve the right to update and change this Privacy Statement from time to time in order to reflect any changes to the way in which we process your personal data or changing legal requirements.
We will notify you by email or otherwise when we make material changes to this Privacy Statement and we will amend the revision date at the top of this page. We do encourage you to review this statement periodically so as to be always informed about how we are processing and protecting your personal data.