Privacy Policy

PRIVACY POLICY

Last updated: February 2019

Papadopoulos, Lycourgos & CO LLC (the "Firm") is committed to protecting your privacy and making sure that any personal data it collects are processed in accordance with the EU General Data Protection Regulation (the "GDPR") and applicable Cyprus laws and regulations.

This Privacy Policy describes how we collect and use your personal data and which rights and options you have in this respect.

In this Privacy Policy, "Personal Data" means any information that enables you to be identified as an individual or recognized directly or indirectly by reference to an identifier such as a name, an identification number, location data.

References in this policy to "we", "us" and "our" are references to the Firm. References to "you" and "your" are to the individual/s who is/are providing Personal Data to us.

Who we are and who is responsible for your Personal Data?

The Firm is a lawyer’s limited liability company registered in the Republic of Cyprus, with registration no. HE 243954. The Firm is the data controller of the Personal Data we process and is therefore responsible for ensuring that the systems and processes we use are compliant with data protections laws, to the extent applicable to us. You may find our contact details further below.

When we collect Personal Data?

We may collect Personal Data about you in a number of circumstances, including:

  • when you or your organization contact us to seek legal advice or services from us;
  • when you or your organization, make an enquiry or otherwise interact on our website;
  • when you or your organization offer to provide or provide services to us and/or clients;
  • when you apply for employment (job applicants).

In some circumstances, we collect Personal Data about you from a third party source. For example, we may collect personal data from your organization, other organizations with whom you have dealings, government agencies, an information or service provider or from a publicly available record.

What kind of Personal Data we collect?

The Personal Data we collect may include:

  • Personal Details, such as your name, maiden name, surname, job title/profession, date of birth;
  • Contact information, such as postal address, including your home address, where you have provided this to us, business address, telephone number, mobile phone number, fax number and email address;
  • Identification information, such as ID number and/or passport number;
  • Recruitment/selection data, such as academic qualifications, professional background and any other information contained in your CV, application form, record of interview or interview notes and/or any other assessment material;
  • Payment data, such as data necessary for processing payments, including credit/debit card numbers, bank account, security code numbers and other related billing information;
  • Further financial and/or business information necessarily processed in a project or client contractual relationship with the Firm or voluntarily provided by you, such as instructions given, payments made, requests and projects;
  • Information collected from publicly available resources, integrity data bases and credits agencies where this is relevant to the services offered to you;
  • Special categories of personal data (sensitive data): in connection with the provision of legal services to you, may on some occasions need to ask for certain sensitive information (e.g. information about your health, racial or ethnic origin etc.). The processing of sensitive data will only be carried out by us in full compliance with the GDPR and applicable national legislation, on the basis of your explicit prior consent.
  • Other personal data regarding your preferences where it is relevant to legal services that we provide; and/or
  • Details of your visits to our premises.

Are you required to provide Personal Data?

As a general principle, you will provide us with your Personal Data entirely voluntarily; there are generally no detrimental effects for you if you choose not to consent or to provide personal data. However, there are circumstances in which the Firm cannot take action without certain of your personal data, for example because the collection of personal data is required to process with your instructions or orders or to carry out a legally required compliance screening. In these cases, it will unfortunately not be possible for us to provide you with what you request without first obtaining the relevant personal data and we will notify you accordingly.

Purposes and Legal Basis for Processing of Personal Data

The Firm uses your Personal Data for the purposes for which you have supplied it to us, to include:

  • for providing legal advice and/or other corporate and/or administrative services you may have requested;
  • for responding to your requests for legal advice and/or other enquiries;
  • for ensuring compliance with our legal obligations (e.g. for compliance with our obligations under applicable anti-money laundering laws);
  • for the purposes of processing your application if you are a candidate for employment with the Firm;
  • for complying with a court order and/or defending our legal rights, where applicable;
  • for insurance purposes;
  • for any purpose related and/or ancillary to any of the above or any other purpose for which your Personal Data were provided to us;
  • where you have provided to us with your explicit prior consent, we may also use the information to provide you with newsletters, briefings and other publication about legal developments and matters which we believe may be of interest to you.

Depending on for which of the above purposes we use your Personal Data, we may process your Personal Data on one or more of the following legal grounds:

  • the processing is necessary for the performance of a client instruction or other contact with you or your organization;
  • the processing is necessary for us to comply with a legal obligation (for example under applicable Anti-Money Laundering laws);
  • the processing is in our legitimate interests and our interests are not overridden by your interests, fundamental rights or freedoms.

Data Sharing

We may share your Personal Data in the following circumstances:

  • to our subsidiaries or affiliates to the extent this is necessary for the purposes of provision of services;
  • to third parties to whom we outsource certain services, such as document processing and translation, confidential waste disposal, provision of IT systems, support or software, document and information storage;
  • to third parties engaged in the course of services provided to clients such as counsel, arbitrators, mediators, clerks, witnesses, courts, opposing parties and their lawyers, as well as experts such as tax advisors or expert valuers;
  • to other lawyers, other legal specialists, consultants or experts duly engaged with your instructions in your matter;
  • to foreign law firms for the purpose of obtaining foreign legal advice upon your instructions;
  • where we are required to do so by law or where it is necessary for the purpose of, or in connection with, legal proceedings or in order to exercise or defend legal rights;
  • we may also share your personal data with any third party to whom we assign or novate any of our rights or obligations;

Otherwise, we will only disclose your personal data when you direct us or give us your express consent.

Personal data about other individuals

If you provide us with Personal Data about another individual, you must ensure that you are entitled to disclose such personal data to us and that you have provided the relevant data subjects of all mandatory data privacy notifications and information under the GDPR and applicable legislation and regulation, to include a notification as to their legal rights as data subjects. For that purpose, you must also ensure that the individual concerned is aware of the contents of the present Privacy Policy, as those matters relate to that individual, to include our identity, how to contact us, the purposes of collection of the data, how we may use and/or share the data and his/her relevant rights.

Confidentiality and Security of your Personal Data

The Firm is committed to protect the personal information you provide to us; to this end, we have implemented information security policies, rules and technical measures to protect the personal information data under our control from unauthorized access, improper use and/or disclosure, unauthorized modification and/or unlawful destruction and/or accidental loss. Personal data may be kept on our personal data technology systems or in paper files.

Data Retention

The Firm will generally retain Personal Data for the period necessary to fulfil the purposes for which it was originally collected and thereafter as required or permitted by law or as is necessary in order for the Firm to be able to defend, respond to or conduct prospective or actual legal claims or proceedings.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Cookies

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site.

Cookies are small amounts of data that are stored on your browser, device, or the page you are viewing. Some cookies are deleted once you close your browser, while other cookies are retained even after you close your browser so that you can be recognized when you return to a website.

You may block cookies by reviewing your internet browser settings, to exercise choices you have for certain cookies. If you disable or delete certain cookies in your internet browser settings, you might not be able to access or use important functions or features of our site.

Your rights

In relation to the Personal Data we hold about you, you have rights under the data protection laws. If you would like to exercise, or discuss, any of these rights, please do contact us using the details set out below. At our discretion we may require you to prove your identity before providing the requested information.

You have the right to:

Right to access: upon your request, we will provide confirmation as to whether or not your personal data are being processed and where that is the case, access to the personal data. This enables you to receive a copy of the personal data we hold about you. If you require multiple copies of your personal data, we may charge a reasonable administration fee.

Right to rectification: you have the right to require that any incomplete or inaccurate personal data that we process about you is amended.

Right to erasure (‘right to be forgotten’): you are entitled to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. There are also certain exceptions where we may not always be able to comply with your request for erasure, for specific legal reasons which will be notified to you, if applicable, at the time of your request. One example is where the personal data is required for compliance with law or in connection with claims;

Right to restriction of processing: you have the right to request that we restrict our processing of your Personal Data in certain circumstances, such as where you believe such data to be inaccurate, our processing is unlawful or we no longer need to process such data for a particular purpose, but where we are not able to delete the data due to a legal or other obligation.

Right to data portability: you have the right to request that we transmit the Personal Data we hold in respect of you to another data controller.

Right to object to processing: where we are processing your personal data based on legitimate interests (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms.  However, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms. You also have the right to object where we are processing your personal information for direct marketing purposes.

Right to withdraw consent: if you have consented to our processing of your Personal Data, you have the right to withdraw you consent at any time, free of charge.

Right to lodge a complaint: if you are concerned about any aspect of our privacy practices, including the way we’ve handled your personal information, you have the right to lodge a complaint with the supervisory authority in Cyprus, the Office of the Commissioner for Personal Data Protection (www.dataprotection.gov.cy).

Direct marketing

We may use the information you give us for direct marketing from us only if you give us your consent. You can opt-out of receiving direct marketing from us at any time by sending an email to dataprivacy@paplyclaw.com.

Links to third party websites

Our website, newsletters, email updates and other communications, if any, may from time to time, contain links and references to other websites administered by unaffiliated third parties. This Privacy Policy does not apply to such third party websites. When you click a link to visit a third party website, you will be subject to that website’s privacy practices.

Updates to this Privacy Policy

We reserve the right to update and change this Privacy Policy from time to time in order to reflect any changes to the way in which we process your personal data or changing legal requirements. In case of any such changes, we will post the changed Privacy Policy on our website or publish it otherwise. The changes will take effect as soon as they posted on this website.

How to contact us

If you have questions or comments regarding this Privacy Policy or our privacy practices or you want to exercise any of your legal rights, please contact us using the details set out below:

Email: dataprivacy@paplyclaw.com

Post: 2-4 Archbishop Makarios III Avenue

         Capital Center, 7th floor

         1065, Nicosia

         Cyprus

 

Contact number: +357 22676126