• Telephone: +(357) 22 361000
  • Fax: +(357) 22 678011
  • 37 Metochiou Street, CY-1101
  • Agios Andreas Nicosia, Cyprus
  • Monday - Friday
  • 8:00 a.m. - 5:00 p.m.

Chryssafinis & Polyviou LLC

Privacy

This Privacy Statement sets out how we, Chryssafinis & Polyviou LLC (hereafter, “C&P”), as a data controller, may collect and process personal data about:

  • individuals who we communicate or interact with in the course of our business
  • individuals whose personal data is provided to us in connection with the provision of our services
  • visitors to our website
  • individuals who apply for jobs through our website
  • subscribers to or users of our online services, if any.

Our "website" includes this website, any associated sites of ours (such as any knowledge sites and blogs of ours) and any social media pages of ours.

This Privacy Statement also sets out information about data subject rights and our obligations under data protection law.

We do not use cookies on our websites.

SECTION 1. INFORMATION THAT WE COLLECT
There are instances where we invite or request individuals to provide us with their personal data, including through our website. In addition, individuals may volunteer their personal data to us by various means of communication, e.g. by telephone, email or via our website.

In the course of our business, we may also receive personal data indirectly. Categories of such personal data include: names, addresses, contact information and other information that is relevant to the conduct of our business.

Information communicated in connection with the provision of our services is subject to client confidentiality obligations and may be protected by legal professional privilege.

SECTION 2. HOW WE USE PERSONAL DATA
Subject to any agreement in writing between the personal data provider and us, the purposes for which we use personal data and the indicative legal bases for why that processing is necessary or permitted are:

We may process personal data for the period(s) necessary to fulfill the purpose(s) for processing that is/are relevant to such data.

Provided that in the case of clients, we shall, to the maximum extent permitted by applicable law and independently of any other provision of this Privacy Statement, have the right to retain personal data until the end of February of the 13th year following the year during which the client shall have fully and finally settled all of the client’s debts in connection with our engagement, unless we are required by European Union or European Union Member State law to otherwise delete or retain the personal data.

Provided further that in the case of persons providing us with goods and/or services (including any employees), we shall, to the maximum extent permitted by applicable law and independently of any other provision of this Privacy Statement, have the right to retain personal data until the end of February of the 13th year following the year during which the provision of goods and/or services to us by the relevant provider shall have fully and finally ended, unless we are required by European Union or European Union Member State law to otherwise delete or retain the personal data.

Provided lastly that in the case of job applicant candidates, we shall, to the maximum extent permitted by applicable law and independently of any other provision of this Privacy Statement, have the right to retain personal data for no more than one year. However if a job applicant candidate wishes their personal data to be removed from our database, they should send an email to andreas@icsi.co.uk with subject 'Database Removal'.

SECTION 3. DISCLOSURE OF YOUR INFORMATION
We may disclose personal data to:

  • Third parties to the extent that such disclosure has been expressly and in writing authorized by you;
  • Third parties to the extent that the data disclosed has already entered the public domain in circumstances not engaging our liability;
  • Third parties to the extent that such disclosure is required pursuant to applicable law;
  • Third parties in the context of any judicial proceedings for the settlement of any dispute arising out of or in connection with any agreement with you (including a dispute relating to the existence, validity or termination of such agreement or any non-contractual obligation arising out of or in connection with such agreement), so long as the disclosure is made in good faith;
  • Third parties in the course of defending ourselves in the context of any administrative and/or disciplinary and/or civil and/or criminal proceedings anywhere in the world, to the extent that, acting in good faith and reasonably, we resolve that such disclosure is necessary for properly defending ourselves;
  • Third party providers of accounting and/or actuarial and/or auditing and/or banking and/or business consulting and/or human resources and/or insurance and/or technology and/or legal and/or security (such as data security etc.) and/or tax services to C&P, to the extent necessary for the purposes of such providers’ provision of such services to C&P and provided that the relevant provider is subject to a duty of confidentiality;
  • Third parties where it is necessary to protect the vital interests of the data subject or another natural person.

To the extent that it is necessary to transfer personal data outside of the European Union, we will ensure appropriate safeguards are in place to protect the privacy and integrity of such personal data pursuant to applicable law.

SECTION 4. LINKS TO OTHER WEBSITES
Our website may, from time to time, contain links to and from other websites. If you follow a link to any of those websites, please note that those websites have their own privacy policies and we do not accept any responsibility or liability for those policies. Please check those policies before you submit any personal data to those websites.

SECTION 5. DATA SUBJECT RIGHTS
To the extent that we are a controller of your personal data you may request access to, rectification, or erasure of your personal data, or restriction of processing or object to processing of your personal data, as well as the right to data portability. In each case, these rights are subject to restrictions as laid down by law and, to the maximum extent permitted by applicable law, this Privacy Statement as well as any agreement in writing between you and us.

The following is a summary of your rights (which, as stated above, are or may be subject to restrictions):

  • The right of access enables you to receive a copy of your personal data
  • The right to rectification enables you to correct any inaccurate or incomplete personal data we hold about you
  • The right to erasure enables you to ask us to delete your personal data in certain circumstances
  • The right to restrict processing enables you to ask us to halt the processing of your personal data in certain circumstances
  • The right to object enables you to object to us processing your personal data on the basis of our legitimate interests (or those of a third party)
  • The right to data portability enables you to request us to transmit personal data that you have provided to us, to a third party without hindrance, or to give you a copy of it so that you can transmit it to a third party, where technically feasible.

You have the right to lodge a complaint with the Data Protection Authority, in particular in the European Union Member State of your residence, place of work or place of an alleged infringement, if you consider that the processing of your personal data infringes the General Data Protection Regulation (Regulation (EU) 2016/679).

If you wish to exercise any of these rights, please contact us (see Section 8, below). We will respond to your request within one month. That period may be extended by two further months where necessary, taking into account the complexity and number of requests. We will inform you of any such extension within one month of receipt of your request. We may request proof of identification to verify your request. We have the right to refuse your request where there is a basis to do so in law, or if your request is manifestly unfounded or excessive, or to the extent necessary for important objectives of public interest.

SECTION 6. SECURITY
We employ technical and organizational security measures appropriate to the risks of C&P’s processing of personal data. Unfortunately, however, no physical or electronic security system is entirely secure. We cannot guarantee the complete security of our database, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the Internet or otherwise, such transmission being at your own risk. Where we have given you a password which enables you to access certain parts of our website, you are responsible for keeping that password confidential. We ask you not to share your password with anyone.

SECTION 7. CHANGES TO THIS PRIVACY STATEMENT
To the maximum extent permitted by applicable law, we reserve the right to change this Privacy Statement from time to time at our sole discretion. If we make any changes, we will post those changes here and update the “Last Updated” date at the bottom of this Privacy Statement. However, if we make material changes to this Privacy Statement, we will notify you by means of a prominent notice on the website at least 21 days prior to the change becoming effective.

Please review this Privacy Statement periodically for updates.

To the maximum extent permitted by applicable law, you shall be bound by any changes to this Privacy Statement as of the time that such changes become effective.

SECTION 8. CONTACT US
Questions, comments, requests and complaints regarding this Privacy Statement and the personal data we hold are welcome and should be addressed by email to andreas@icsi.co.uk or by letter to Chryssafinis & Polyviou LLC, Att. Andreas Christoforides, 37 Metochiou str. CY-1101, Nicosia, Cyprus. We will seek to deal with all requests promptly and efficiently.

Please note that at this point in time our data protection officer (“DPO”) is Mr. Andreas Christoforides who may be contacted at the email address: andreas@icsi.co.uk

Rationale for the said period: In Cyprus, following the filing of a tax return by a company such as C&P, the authorities can, under certain circumstances, raise an enquiry vis-à-vis such tax return during the period extending to the end of the 12th year after the tax year which the tax return concerns. Inquiries can range from simple information requests to detailed technical challenges.

Last Updated: January 16th, 2019