The General Data Protection Regulation (GDPR) represents a change the law relating to Personal Data and replaces existing data protection laws. The aim of GDPR is to increase transparency in relation to the way in which personal data is collected, stored and used. GDPR will give individuals more control of how their personal information is used. The GDPR comes into effect on 25 May 2018.
Our Privacy Notice provides our clients with information about the processing of your personal data by Alexis A. Demetriou & Co Ltd and your rights in relation to the GDPR to be aware on how we collect and process their personal data.
WHO WE ARE
Alexis A. Demetriou & Co Ltd (hereinafter referred as `AAD`, `we`, `us` or `our`), is a Cyprus Based, firm offering accounting and audit services.
Our principle place of business and registered office is 47, 1st April, 3117 Limassol , tel. 25102271.
AAD gathers and processes your personal information in accordance with this privacy notice and in compliance with the relevant data protection Regulation and Laws. This notice provides you with the necessary information regarding your rights and obligations, and explains how, why and when we collect and process your personal data.
How do we collect Personal Data?
We collect and process different types of personal data which are received by our clients via our website, online form and/or via email.
We may also collect, and process personal data lawfully obtained both from 3rd parties such as other service providers.
We may also collect and process personal data from publicly available sources (e.g. Department of Registrar of companies, the bankruptcy archive)
Information that we collect:
We collect information from the following: –
Counterparty Questionnaire, passport, utility bill, bank statement, 3rd party service providers (e.g. LexisNexis Compliance Online screening) and publicly available sources (e.g. Department of Registrar of companies, the bankruptcy archive)
What categories of personal data do we collect?
The personal data that we collect: –
- First and last name
- Telephone Number
- Date of Birth
- Mobile Telephone Number
- Home Address
- National Insurance Number/Personal Tax Reference
- Email/ Skype Address
- Passport / ID Card/ Driver’s License
What lawful reasons do we have for collecting, processing and disclosing personal data?
AAD processes your personal information to meet our legal, statutory and contractual obligations and continue providing you with our services. We will never collect any unnecessary personal data from you and do not process your information in any way, other than already specified in this notice.
In accordance with GDPR we may rely on the following lawful reasons when we collect and process personal data to operate our business.
- Compliance with Legal obligation: We may process your personal data to meet legal and regulatory obligations such as Anti-Money Laundering Law, Tax Law and the regulations of various supervisory authorities that we are subject to for anti-money laundering purposes and due to diligence purposes.
- Contract: We request and process your data to establish a co-operation with us.
- Consent: We rely on your freely given consent at the time you provide your personal data to us to establish co-operation with us. You have the right to withdraw consent at any time. However, any processing of personal data will not be affected prior to the receipt of the withdrawal.
- Legitimate Interests: We rely on the legitimate interests based on the evaluation that the processing of your personal data is private, reasonable and sensible. A legitimate interest translates to when there is a business reason to use our client’s information.
How we use your Personal data
AAD takes your privacy very seriously and will never disclose, share or sell your data without your consent, unless required to do so by law.
The purposes and reasons for processing your personal data are detailed below: –
- We collect your personal data to ensure that we comply with our Regulatory Requirements when providing a service.
- We collect and store your personal data as part of our legal obligation for business, accounting and tax purposes
What are your rights under GDPR?
GDPR law gives you certain rights regarding the personal data we collect, process or disclose and that is related to you, including the:
- Right to access your personal data
- Right to correct personal data concerning you
- Right to receive the Personal Data provided by you in a structured, commonly used and machine-readable format and to transmit those Personal Data to another data controller
- Right to object to the use of your personal data where such use is based on our legitimate interests or on public interests
- Right in some cases to restrict the processing of your personal data
- Right to withdraw the consent given to us regarding the processing of your personal data at any time.
You can request the information we hold about you at firstname.lastname@example.org
If we receive a request from you to exercise any of the above rights, we may ask you to verify your identity before acting on the relevant request; this is to ensure that your data is protected and kept secure.
How Long We Keep Your Data
AAD only ever retains personal information for as long as is necessary and we have strict review and retention policies in place to meet these obligations.
Consequences of Not Providing Your Data
You are not obligated to provide your personal information to AAD however, as this information is required for us to provide you with our service, we will not be able to offer our services without it.
We might request for specific information from you to confirm your identity and ensure your right to access the information or to exercise any of your rights. This is to ensure that your personal data is not disclosed to any non-related person
Changes to our policy
Lodging a Complaint
AAD only processes your personal information in compliance with this privacy notice and in accordance with the relevant data protection laws. If, however you wish to raise a complaint regarding the processing of your personal data or are unsatisfied with how we have handled your information, you have the right to lodge a complaint with the supervisory authority.
Commissioner for Personal Data Protection
1 Iasonos str., 1082 Nicosia
P.O.Box 23378, 1682 Nicosia
Tel: +357 22818456
Fax: +357 22304565
For more information about the GDPR, you can visit the Information Commissioner’s Office website at http://www.dataprotection.gov.cy/
The Information Commissioner’s Office is the independent organisation that upholds information rights in the public interest.