This Policy provides you with the necessary information regarding your rights and our obligations, and explains how, why and when we process your personal data as a website visitor or client (“your”, “you”, “data subject”).
Personal data means any information about a physical person from which that person can be directly or indirectly identified. It does not include information concerning legal persons and data where the identity has been removed (anonymised data).
SP processes your personal information to meet our legal, statutory and contractual obligations and to provide you with our services. We will never collect any unnecessary personal data from you and do not process your information in any way, other than as specified in this Policy.
The type of data we may collect and process includes:
• Personal information: your fist name(s), maiden name, surname, title, photograph, nationality, date of birth, gender, relationship to a person, position, role, company or organization, employer, copy of passport or national identity, utility provider details, bank statements;
• Contact information: telephone number(s) (including mobile phone number(s) where provided), fax numbers as well as email and postal/residential address;
• Financial information: payment related information and financial information required for anti-money laundering or compliance purposes;
• Business information: data identifying you in relation to matters on which you instruct us or in which you are involved;
• Payment details: billing address, payment method, bank account number, accountholder name, account security details, invoice records, payment records, SWIFT details, IBAN details, payment amount, payment date, records of cheques;
• Identification and background information provided by you or collected by us as part of our business acceptance processes, anti-money laundering and compliance obligations;
• Information from publicly available sources and screening providers;
• Information in connection with investigations or proceedings: where this is necessary to provide our services to you;
• Attendance records: details of your visits to our premises;
• Personal information provided to us by or on behalf of our clients and partners or generated by us in the course of providing services, which may include special categories of data. Special category data in the EU refers to sensitive data such as your racial or ethnic origin, religious beliefs or health data;
• Preferences: when you give your consent to receive newsletters, legal updates or other communications from us;
• Consent records: records of any consents you may have given us, together with the date, means of consent and any related information (e.g. the subject matter of the consent);
• Supplier data: contact details and other information about you or your company or organisation where you provide services to SP;
• Criminal record data: where permitted by national law and appropriate to do so, such as existence of prior criminal offences (or confirmation of clean criminal record);
• Any other information relating to you which you may provide to us, for example health personal data, if required by us in order to be able to provide legal and other services to you e.g. to defend you in legal proceedings against you
A. Due to the nature of our services and responsibility placed upon us when providing legal consulting, corporate administration and legal services, we collect and process personal data mainly in order to:
o Perform our obligations in accordance with any contract that we may have with you.
o Fulfil our or a third party’s legitimate interest to process personal data.
o Carry out our legal obligation to use your personal information to comply with any legal obligations imposed upon us.
B. SP may process special categories of personal data where necessary to comply with legislation, regulations, and for the establishment, exercise or defence of legal claims.
C. Where required, we will obtain all appropriate consents in accordance with the law.
SP takes your privacy very seriously and will never disclose, share or sell your data without your consent; unless required to do so by law, whereby we may share some of your personal data with different categories of third-parties in order to perform our legal obligations.
Such third parties may include (a) Courts, (b) Registrars of Public Records, (c) any Government or regulatory authority, including for anti-money laundering (AML), conflict, reputational and financial checks, (d) Tax authorities, (e) Licensed Credit Institutions, (f) Insurance companies, (g) Arbitrators, mediators, clerks, witnesses and opposing counsels (in legal consulting and advocacy services)
SP may also share personal data with other third-party service providers, including IT advisors and auditors. These service providers (processors) may process personal data solely under our instructions. When engaging with such processors, we set out the safeguards and the parties’ obligations to comply with the applicable EU data protection law.
Data subjects in the European Union (or any jurisdiction with equivalent legislation to the European Union General Data Protection Regulation) have certain rights in respect of their personal data.
Under certain circumstances, you have rights under data protections laws in relation to your personal data. If you would like to exercise, or discuss, any of these rights, please contact us at firstname.lastname@example.org . We may require proof of your identity before we can give effect to these rights.
You have the right to:
• Request Access: you are entitled to ask us if we are processing your data and, if we are, you can request access to your personal data. This enables you to receive a copy of the personal data we hold about you and certain other information about it;
• Request Correction: you are entitled to request that any incomplete or inaccurate personal data we hold about you is corrected, though we may need to verify the accuracy of the new data you provide to us;
• Request Erasure: you are entitled to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. There are also certain exceptions where we may not always be able to comply with your request for erasure, for specific legal reasons which will be notified to you, if applicable, at the time of your request. One example is where the personal data is required for compliance with law or in connection with claims;
• Object to processing: where we are processing your personal data based on legitimate interests (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. However, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms. You also have the right to object where we are processing your personal information for direct marketing purposes;
• Request Restriction of Processing: you are entitled to ask us to suspend the processing of certain of your personal data, in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds or a legal obligation to use it;
• Request Transfer: you may ask us to help you request the transfer of certain of your personal data to another party;
• Withdraw Consent at any time: where we are processing personal data with consent, you can withdraw your consent at any time;
• Right to lodge a complaint with the supervisory authority in Cyprus, the Office of the Commissioner of Personal Data (www. dataprotection.gov.cy).
We do not share or disclose any of your personal information outside the EEA. If required to do so, for the purposes specified in this Policy or where there is a legal requirement, we will undertake to implement all legal transfer mechanisms required by Cyprus and EU data protection law, and to inform the data subjects in advance.
SP only keeps data for as long as necessary to fulfil the purposes (as set out in this Policy) for which we collected it and as otherwise specified in record retention periods specifically determined by legislation.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
SP may modify this Policy at any time as required, for example, to comply with changes in laws, regulations or guidance introduced by the Office of the Commissioner for Personal Data Protection.
If we change anything important about this policy, we will highlight those changes at the beginning of the policy.
If you have any questions or want to exercise your rights set out in this Policy, please contact us at email@example.com, Tel No.: +357 22668800, Fax No.: +357 22 666548. Postal Address: 31 Gladstonos Street, 1095 Nicosia, Cyprus.