IOANNIDES DEMETRIOU LLC PRIVACY POLICY

Summary

IOANNIDES DEMETRIOU LLC considers issues relating to Personal Data to be of utmost importance. Our Privacy Policy lays down rules and dictates how we handle information in relation to what information we collect or receive about you; what the purpose of collection is; what the lawful basis of processing data is; who we may share your information with; what the retention period for data is; how we keep your information safe; your rights regarding the personal information you provide to us; who you can contact if you have questions or complaints about how we process your information.

The lawful basis of processing, the means of collection, disclosure and retention periods may differ depending on the purpose of processing as set out below.

We’ refers to Ioannides Demetriou LLC a limited liability company registered with the Department of the Registrar of Companies under registration number HE250276, having its registered office at 17-19 Themistokli Dervi Street, The City House, CY-1066 Nicosia, Cyprus as well as other subsidiaries of affiliated companies of ours as (1) may act as a service provider following a contractual agreement with us or (2) have a role or relationship with.
The term ‘Personal Data’ means any information identifying a Data Subject or information relating to a Data Subject that we can identify (directly or indirectly) from that data alone or in combination with other identifiers we possess or can reasonably access. Personal Data includes Special Categories of Personal Data and Pseudonymised Personal Data but excludes anonymous data or data that has had the identity of an individual permanently removed.
The term ‘Data Subject’ means a living, identified or identifiable individual about whom we hold Personal Data.
The term ‘Special Categories of Personal Data’ refers to information revealing racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health conditions, sexual life, sexual orientation, biometric or genetic data.
References to ‘you’ or ‘your’, relate to the relevant individual who is the subject of the Personal Data.

Individual Clients’ Personal Data

We generally collect Personal Data from our clients or from a third party acting on the instructions of the relevant client.  Where individual clients are required to provide us with Personal Data of other Data Subjects, which are also required for the purposes of our engagement, we ask such clients to inform other Data Subjects concerned, such as family members, of the particulars of this policy.

Types of Data

Personal details (including name, age/date of birth, gender, marital status, country of residence); contact details (e.g. email address, contact number, postal address); Financial details (e.g. salary and other income and investments, benefis, tax status); job details (e.g. role, grade, experience and performance information); other data considered necessary for the purposes of the engagement.

Depending on the particulars of our engagement we may also collect special categories of Personal Data.

Purpose of processing
Any personal data supplied to us by you may be used for the express purposes for which that information is provided to us, to provide advice and deliverable, for compliance with our legal obligations, to analyse and improve our services and communications to you, for insurance purposes, to identify persons authorized to represent our clients, to comply with court orders and/or defend our legal rights, to process invoices to and payments from you and for any purposes related to or ancillary to the above or as deemed necessary for the purpose of carrying out and/or providing services under any other engagement agreement or other agreement entered between us and/or pursuant to your instructions.

Legal Basis for Processing Data
The legal basis for processing personal data vary depending on the purpose of processing. Personal data may be processed on one or more of the following legal grounds: (i) for the performance of our engagement agreement or client instruction or other agreement with you; (ii) to comply with our legal obligations (e.g. for compliance with the Prevention of Money Laundering and Terrorist Financing (AML) legislation applicable from time to time); (iii) to comply with court orders and exercises and/or defend our legal rights; (iv) for legitimate interests pursued by us in providing professional services and running an effective business; (v) on the basis of your consent where you have expressly provided such to us; (vi) where we process special categories of Personal Data, we rely on the collection of such data being authorised by European Union or Cyprus law, on a relevant public interest condition, or on express consent.

Data retention
In the absence of specific legal, regulatory or contractual requirements, our baseline retention period for records and other documentary evidence created in the provision of services to you is 10 years.

Personal Data may be held for longer periods where extended retention periods are required by law or regulation and in order to establish, exercise or defend our legal rights. Personal Data may also be held for longer periods where clients expressly require us to retain / store their records for extended periods of time.

Types of data
The types of Personal Data processed by us in relation to the services provided to corporate or unincorporated entities may include all or any of the following with regard to the authorised representatives, directors, employees (as applicable), individual shareholders and ultimate beneficial owners:

Personal details (including name, age/date of birth, gender, marital status, country of residence); contact details (e.g. email address, contact number, postal address); Financial details (e.g. salary and other income and investments, benefis, tax status); job details (e.g. role, grade, experience and performance information); other data considered necessary for the purposes of the engagement.

-Depending on the particulars of our engagement we may also collect special categories of Personal Data.

Purpose of processing
Any personal data supplied to us by you may be used for the express purposes for which that information is provided to us, to provide advice and deliverable, for compliance with our legal obligations, to analyse and improve our services and communications to you, for insurance purposes, to identify persons authorized to represent our clients, to comply with court orders and/or defend our legal rights, to process invoices to and payments from you and for any purposes related to or ancillary to the above or as deemed necessary for the purpose of carrying out and/or providing services under any other engagement agreement or other agreement entered between us and/or pursuant to your instructions.

Legal Basis for processing
The legal basis for processing personal data vary depending on the purpose of processing. Personal data may be processed on one or more of the following legal grounds: (i) for the performance of our engagement agreement or client instruction or other agreement with you; (ii) to comply with our legal obligations (e.g. for compliance with the Prevention of Money Laundering and Terrorist Financing (AML) legislation applicable from time to time); (iii) to comply with court orders and exercises and/or defend our legal rights; (iv) for legitimate interests pursued by us in providing professional services and running an effective business; (v) on the basis of your consent where you have expressly provided such to us; (vi) where we process special categories of Personal Data, we rely on the collection of such data being authorised by European Union or Cyprus law, on a relevant public interest condition, or on express consent.

Data retention
In the absence of specific legal, regulatory or contractual requirements, our baseline retention period for records and other documentary evidence created in the provision of services to you is 10 years.

Personal Data may be held for longer periods where extended retention periods are required by law or regulation and in order to establish, exercise or defend our legal rights. Personal Data may also be held for longer periods where clients expressly require us to retain / store their records for extended periods of time.

Types of data

The types of Personal Data processed by us in relation to career applicants generally include any Personal Data voluntarily provided to us by the applicant by way of the applicant’s curriculum vitae and through any professional references attached or accompanying such applicants curriculum vitae or provided during interviews and assessments. 
In general, the data processed include contact details of the applicant (name, surname, email and telephone number), experience, education and professional qualifications, information provided as part of interviews and assessments, social mobility data, assessment and interview results and feedback, offer details.

Purpose of processing

The collection of Personal Data from us shall be restricted to the collection of Personal Data necessary or deemed necessary for the purpose of considering your career application with us.

Legal Basis for Processing Personal Data of Career Applicants

We process Personal Data of career applicants for our legitimate interests, for securing the best applicants to work for us and help us in running our business more efficiently.

Data Retention

We retain the Personal Data processed by us for as long as is considered necessary for the purpose for which it was collected (including as required by applicable law or regulation).   In the absence of specific legal, regulatory or contractual requirements, our baseline retention period for records of unsuccessful career applicants is approximately 6 months from the date when of submission of such Personal Data to us. Personal Data of successful career applicants will be retained as part of such person’s employee data.

Types of Data

Types of Personal Data processed by us in relation to Our employees, including existing employees and individuals who have been employed by us in the past, may include all or any of the following:

Full name and surname of the employee, date of birth of the aforementioned persons, contact details (including phone, fax, email), residential address, identity card number, passport number, social insurance number, tax identification number, record of promotions, record of income, bank account details.

– any Personal Data voluntarily provided to us by the employee by way of the employee’s curriculum vitae and through any professional references attached or accompanying such employee’s curriculum vitae or provided during interviews and assessments. This may include the employee’s experience, education and professional qualifications, social mobility data, assessment and interview results and feedback, offer details.

– any records and information in relation to the professional licensing and qualifications of the employee, memberships in professional bodies, including the Cyprus Bar Association.

– any records and information collected in the context of the of the Investors In People programme, including evaluation forms.

-we may also process Special Categories of Personal Data, including medical history information and records, social insurance applications for medical leave or maternity/paternity leave.

Purpose of processing

The processing of Personal Data by us shall be restricted to the collection of Personal Data necessary or deemed necessary for the purpose of carrying out our obligations under the employment agreement which the employee is a party to, including the evaluation of the employees and the granting of various benefits, and/or for to enable us to comply with our legal obligations. We may also process employee data in providing and pursuing professional services, for the purpose of processing payments to employees and for defending our legal rights.

The processing of the Special Categories of Personal Data by us, shall be restricted to the processing of such data necessary or deemed necessary for the purpose of providing employees with private medical insurance or as otherwise expressly consented by employees.

Legal basis for processing data

The processing is necessary for (i) the performance of a contract to which the Data Subject is party and, (ii) for compliance with a legal obligation to which we are subject (iii) for compliance with court orders and exercises and/or defend our legal rights; (iv) for legitimate interests pursued by us in providing professional services and running an effective business; (v) on the basis of your consent where you have expressly provided such to us.

Data retention

We retain the Personal Data processed by us for as long as is considered necessary for the purpose for which it was collected (including as required by applicable law or regulation).   In the absence of specific legal, regulatory or contractual requirements, our baseline retention period for records and other documentary evidence created in the provision of services is 7 years following the termination of employment.

Personal Data may be held for longer periods where extended retention periods are required by law or regulation and in order to establish, exercise or defend our legal rights. Personal Data may also be held for longer periods where clients expressly require us to retain / store their records for extended periods of time.

 

Types of Personal Data processed in relation to individuals who get in touch with us with a question, complaint, comment or feedback, including prospective clients, may include, subject to the particulars of the relevant correspondence, all or any of the following:

-Full name and surname of the individual contacting us, name and surname of other individuals associated with the Data Subject, whether on a business or private nature and provided that such individuals are relevant to our correspondence with the Data Subject, contact details (including phone, fax, email), residential address, description of the business activities or of the specifics and nature of the Data Subject’s inquiry.

Purpose of processing

The collection of Personal Data by us shall be restricted to the collection of Personal Data necessary or deemed necessary for the purpose of responding to the inquiry of the Data Subject.

Legal basis for processing data

The processing is necessary in order to take steps at the request of the Data Subject prior to entering into a contract for the provision of services requested of us.

Data retention

We retain the Personal Data processed by us for as long as is considered necessary for the purpose for which it was collected (including as required by applicable law or regulation).   In the absence of specific legal, regulatory or contractual requirements, our baseline retention period for records and other documentary evidence created in the provision of services is 8 years. In relation to the data of persons who get in touch with us with whom we do not eventually enter into a business relationship, will be retained for 6 months.

Personal Data may be held for longer periods where extended retention periods are required by law or regulation and in order to establish, exercise or defend our legal rights. Personal Data may also be held for longer periods where clients expressly require us to retain / store their records for extended periods of time.

Visitors to our website

Personal Data of visitors to our webpage are automatically collected via the use of cookies and analytics tools on our website. Please refer to the Cookies section within our policy for further information on what data we collect automatically when you visit our page.

Any further Personal Data collected by us is collected via its voluntary submission by you.  Such may include name, title, company address, email address, and telephone and fax numbers from website visitors; for example, when an individual registers to our newsletters and updates.

Visitors are also able to send an email to us through the website. Their messages will contain the user’s screen name and email address, as well as any additional information the user may wish to include in the message.    

We ask that you do not provide Special Categories of Personal Data to us when using our website.

Purpose of processing

When you provide Personal Data to us, we may use it for any of the purposes described in this privacy statement or as stated at the point of collection (or as obvious from the context of collection), including the provision of newsletters and updates on our business (where such was the purpose at the point of collection).  Should visitors subsequently choose to unsubscribe from mailing lists or any registrations, we will provide instructions on the appropriate webpage, in our communication to the individual, or the individual may contact us by email at [email protected] ; to administer and manage our website, including to confirm and authenticate your identity and prevent unauthorised access to restricted areas of the site or premium content; to communicate with you in order to distribute requested materials or ask for further information; to sort and analyse user data (such as determining how many users from the same organisation have subscribed to or are using our websites); to develop our businesses and services, including aggregating data for website analytics and improvements; aggregating data to conduct benchmarking and data analysis including, for example, regarding usage of our websites; to conduct quality and risk management reviews; to understand how people use the features and functions of our websites in order to improve the user experience; to monitor and enforce compliance with our terms, including acceptable use policies; and any other purposes for which you provided the information to us (such as to subscribe you to our updates and newsletters).

Data retention

Personal Data collected via our websites will be retained by us for as long as it is necessary (e.g. for as long as we have a relationship with the relevant individual).

Personal Data of visitors to our webpage are automatically collected via the use of cookies and analytics tools on our website. Please refer to the Cookies section within our policy for further information on what data we collect automatically when you visit our page.

Any further Personal Data collected by us is collected via its voluntary submission by you.  Such may include name, title, company address, email address, and telephone and fax numbers from website visitors; for example, when an individual registers to our newsletters and updates.

Visitors are also able to send an email to us through the website. Their messages will contain the user’s screen name and email address, as well as any additional information the user may wish to include in the message.    

We ask that you do not provide Special Categories of Personal Data to us when using our website.

Purpose of processing

When you provide Personal Data to us, we may use it for any of the purposes described in this privacy statement or as stated at the point of collection (or as obvious from the context of collection), including the provision of newsletters and updates on our business (where such was the purpose at the point of collection).  Should visitors subsequently choose to unsubscribe from mailing lists or any registrations, we will provide instructions on the appropriate webpage, in our communication to the individual, or the individual may contact us by email at [email protected] ; to administer and manage our website, including to confirm and authenticate your identity and prevent unauthorised access to restricted areas of the site or premium content; to communicate with you in order to distribute requested materials or ask for further information; to sort and analyse user data (such as determining how many users from the same organisation have subscribed to or are using our websites); to develop our businesses and services, including aggregating data for website analytics and improvements; aggregating data to conduct benchmarking and data analysis including, for example, regarding usage of our websites; to conduct quality and risk management reviews; to understand how people use the features and functions of our websites in order to improve the user experience; to monitor and enforce compliance with our terms, including acceptable use policies; and any other purposes for which you provided the information to us (such as to subscribe you to our updates and newsletters).

Data retention

Personal Data collected via our websites will be retained by us for as long as it is necessary (e.g. for as long as we have a relationship with the relevant individual).

Security

Once we have received your information, we will take appropriate technical and organisational measures to safeguard your Personal Data against loss, theft and unauthorised use, access or modification. We adhere to policies and procedures and our staff is trained to provide services with outmost care and confidentiality. The organisational and technical measures adhered to are regularly reviewed and updated as required.

Your rights in relation to the personal information we hold about you, are detailed below. Some of these only apply in certain circumstances as set out below. Information on how such rights may be exercised is also included in the table below. Prior to responding to any of your requests please be advised that we may require you to verify your identity. We must respond to a request by you to exercise those rights without undue delay and at least within one month (although this may be extended by a further two months in certain circumstances). To exercise any of your rights, please contact our data protection officer via email at [email protected] or via telephone at +357 22 022 999.

Right of access

You have the right to know whether we process personal information about you, and if we do, to access information we hold about you and certain information about how we use it and who we share it with.

If you require more than one copy of the information we hold about you, we may charge an administration fee. We may not provide you with certain personal information if providing it would interfere with another Data Subject’s rights (e.g. where providing the personal information we hold about you would reveal information about another person) or where another exemption applies.

Right to rectification

The accuracy of the information we hold about you is important to us. Under the GDPR you have the right to access the information we hold about you and have any inaccuracies corrected. Where you request correction, please explain in detail why you believe the Personal Data we hold about you to be inaccurate or incomplete so that we can assess whether a correction is required. Please note that whilst we assess whether the Personal Data we hold about you is inaccurate or incomplete, you may exercise your right to restrict our processing of the applicable data as described below.

Right to erasure

This is also known as the “right to be forgotten”.

You may request that we erase the Personal Data we hold about you in the following circumstances:

  • you believe that it is no longer necessary for us to hold the Personal Data we hold about you;
  • we are processing the Personal Data we hold about you on the basis of your consent, and you wish to withdraw your consent and there is no other ground under which we can process the Personal Data;
  • we are processing the Personal Data we hold about you on the basis of our legitimate interest and you object to such processing. Please provide us with details as to your reasoning so that we can assess whether there is an overriding interest for us to retain such Personal Data;
  • you believe the Personal Data we hold about you is being unlawfully processed by us;
  • you object to the processing of your Personal Data for direct marketing purposes; or
  • deletion of your Personal Data is sought for the purpose of complying with a legal obligation to which we are subject.

Also note that you may exercise your right to restrict our processing the data whilst we consider your request as described below.

Please provide as much detail as possible on your reasons for the request to assist us in determining whether you have a valid basis for erasure. Please note, however, that we may retain the Personal Data if there are valid grounds under law for us to do so (e.g., for the defence of legal claims, where such deletion would obstruct or interfere with the purpose for which your information was collected and processed, where the deletion would impede with our contractual obligations or freedom of expression) but we will let you know if that is the case.

Where you have requested that we erase data that we have made public and there are grounds for erasure, we will use reasonable steps try to tell others that are displaying the data or providing links to the data to erase the data too, however such erasure is not guaranteed nor should it be considered to be up to us.

Right to portability

You have the right to receive a copy of the Personal Data we collect from you in a structured, commonly used and machine-readable format and a right to request that we transfer such Personal Data to another party. To exercise this right please send an email to our data protection officer, details of which appear below. When sending an email we suggest using the subject ‘PORTABILITY REQUEST’.

If you wish for us to transfer the Personal Data to another party, please ensure you detail that party and note that we can only do so where it is technically feasible. We are not responsible for the security of the Personal Data or its processing once received by the third party.

Please be advised that we may not provide you with certain data if providing it would interfere with another’s rights (e.g. where providing the Personal Data we hold about you would reveal information about another person or our trade secrets or intellectual property).

Right to withdraw consent

Where Personal Data based is processed on the basis of consent, individuals have a right to withdraw consent at any time.  We do not generally process Personal Data based on consent as we generally rely on alternate legal basis. Please email us at [email protected] to notify us of any consent withdrawals. If you are on our mailing list for the purpose of receiving newsletters and updates then please be advised that by clicking on the unsubscribe link in the relevant email your consent with regard to this type of processing will automatically be considered to have been withdraw and no further email shall be required to be sent.

Restriction of Processing to Storage Only

You have a right to require us to stop processing the Personal Data we hold about you other than for storage purposes in certain circumstances. Please note, however, that if we stop processing the Personal Data, we may use it again if there are valid grounds under data protection law for us to do so (e.g. for the defence of legal claims or for another’s protection).

You may request we stop processing and just store the Personal Data we hold about you where:

  • you believe the Personal Data is not accurate for the period it takes for us to verify your claim;
  • we wish to erase the Personal Data as the processing we are doing is unlawful but you want us to retain the Personal Data for storage but not further process it;
  • we wish to erase the Personal Data as it is no longer necessary for our purposes but you require it to be stored for the establishment, exercise or defence of legal claims; or
  • you have objected to us processing Personal Data we hold about you on the basis of our legitimate interest, and you wish us to stop processing the Personal Data whilst we determine whether there is an overriding interest in us retaining such Personal Data.

You also have the right to object to our processing of data about you and we will consider your request in other circumstances as detailed below by contacting our data protection officer at [email protected] .

You may object where:

  • we are processing the data we hold about you on the basis of our legitimate interest or public interest, and you object to such processing. Please provide us with detail as to your reasoning so that we can assess whether there is a compelling overriding interest in us continuing to process such data or we need to process it in relation to legal claims. Also note that you may exercise your right to request that we stop processing the data whilst we make the assessment on an overriding interest by informing us accordingly via email at [email protected];
  • we are processing the data on the basis of historical research or statistics and you have a particular reason to object. Your right would not apply where we have been tasked with and it is necessary for us to undertake such processing in the public interest.

Right to Object

You have the right to object to the processing of your data when the legal basis for the processing of your data is necessary for a legitimate interest pursued by us or a third party or where processing of your personal details is carried out for direct marketing purposes. Should you exercise your right to object we will take appropriate steps to ensure that your request is complied. To object to our processing please email us at [email protected] .

  

Personal Data collected and processed by us will not be sold, leased or rented to any person. We may however share your Personal Data with others, provided that we are legally permitted to do so. Appropriate contractual arrangements and security measures shall be applied in cases where your data is shared so as to protect your data and to maintain compliance with our data protection policy, confidentiality and security standards.

Personal Data held by us may be transferred to the following categories of recipients:

Third parties providing functionality services to us 
Third parties are widely used by us for the purpose of providing support to us and to generally help us provide, run and manage our internal IT systems.  This includes providers of information technology, cloud-based software, website hosting and management providers, data analysis, data back-up, security and storage services, payment providers including banking institutions.  The servers powering and facilitating cloud infrastructure are located in secure data centres in Europe, and Personal Data may be stored in any one of them.

Further details of the majority of this category of service providers is included below. The below list is non-exhaustive:

Name of Recipient /Purpose
SOFT1 / Communication, document management
IZIDOCS / Document storage and management, including a record of emails
MICROSOFT OFFICE 365 / Business applications, such as email, calendar and contacts

Third party organisations that otherwise assist us in providing goods, services or information
On certain client engagements, we may engage or otherwise work with other professional providers to help carry out the services which we have been engaged to provide. In such case the client will be notified of the name and details of such service provider and will be urged to consider the privacy policy of such professional.
This type of transfer may include or require transfers to countries outside the European Union and/or countries that do not comply to the standard of protection and safety of Personal Data provided by the GDPR.  In such cases we shall take steps to ensure all Personal Data is provided to such parties with adequate protection and done lawfully in accordance with the requirements of the GDPR.

Auditors, insurers and professional advisers
Our auditors are Grant Thornton (Cyprus) Ltd.  We have a number of business insurance policies in place and we may need to share Personal Data with the insurer, for example, in the event of a claim.  We may use other professional advisers, for example, law firms, as necessary to establish, exercise or defend our legal rights and obtain advice in connection with business related operations.  Personal Data may be shared with these advisers as necessary in connection with the products and services they have been engaged to provide.

Law enforcement agencies or other public authorities and regulatory agencies or to other third parties as required by, and in accordance with, applicable law or regulation
Occasionally, we may receive requests from law enforcement agencies, regulatory or other public authorities which relate to or require the disclosure of Personal Data and we may proceed with such disclosures in good faith where we deem such disclosure to be reasonably necessary in order to comply with a legal obligation, to detect, prevent, investigate or otherwise address security, alleged crime, fraud or technical issues, to protect our rights, the rights of our partners, employees or as required by law.

Employee personal data to clients / potential clients
Personal Data relating to employees may be transmitted to clients and or potential clients.

Deliverables
For the purposes of our engagement, we may be required to process Personal Data and such Personal Data may be included in our deliverables (e.g. in court documentation or due diligence reports).

Anonymised/ Pseudonymised Sharing
We are members to several legal and professional networks of legal firms. Anonymised or pseudonymised data regarding yourself may be transferred to such other legal or professional networks, or participant firms, in good faith, for statistical purposes.

Queries and Complaints
In the event that you wish to be provided with further information on any of the particulars of this Privacy Policy or where you wish to make a complaint about how we process your Personal Data, please contact us at [email protected]and we will endeavour to deal with your request as soon as possible.

This does not interfere with your right to raise a complaint with the data protection supervisory authority:

Data Protection Commissioner
1 Iasonos street, 1082 Nicosia
P.O. Box 23378, 1682 Nicosia
Tel:+35722919456 
Fax:+35722304565
Email: [email protected]

Any changes we make to our Privacy Policy in the future will be posted on our website and we will notify our clients accordingly. Please check back frequently to see any updates or changes to our Privacy Notice. Any changes to this Privacy Policy will become effective when we post the revised Privacy Policy on our website, save as otherwise expressly agreed between us. Your use of the website, or continued participation in accordance with the purpose for which your data is being processed, following these changes means that you accept the revised Privacy Notice. This Privacy Notice was last updated in May 2018