This Privacy Statement sets out how we, Chryssafinis & Polyviou LLC (hereafter, “C&P”), as a data controller, may collect and process personal data about:
Our "website" includes this website, any associated sites of ours (such as any knowledge sites and blogs of ours) and any social media pages of ours.
This Privacy Statement also sets out information about data subject rights and our obligations under data protection law.
SECTION 1. INFORMATION THAT WE COLLECT
There are instances where we invite or request individuals to provide us with their personal data, including through our website. In addition, individuals may volunteer their personal data to us by various means of communication, e.g. by telephone, email or via our website.
In the course of our business, we may also receive personal data indirectly. Categories of such personal data include: names, addresses, contact information and other information that is relevant to the conduct of our business.
Information communicated in connection with the provision of our services is subject to client confidentiality obligations and may be protected by legal professional privilege.
SECTION 2. HOW WE USE PERSONAL DATA
Subject to any agreement in writing between the personal data provider and us, the purposes for which we use personal data and the indicative legal bases for why that processing is necessary or permitted are:
We may process personal data for the period(s) necessary to fulfill the purpose(s) for processing that is/are relevant to such data.
Provided that in the case of clients, we shall, to the maximum extent permitted by applicable law and independently of any other provision of this Privacy Statement, have the right to retain personal data until the end of February of the 13th year ⃰ following the year during which the client shall have fully and finally settled all of the client’s debts in connection with our engagement, unless we are required by European Union or European Union Member State law to otherwise delete or retain the personal data.
Provided further that in the case of persons providing us with goods and/or services (including any employees), we shall, to the maximum extent permitted by applicable law and independently of any other provision of this Privacy Statement, have the right to retain personal data until the end of February of the 13th year ⃰ following the year during which the provision of goods and/or services to us by the relevant provider shall have fully and finally ended, unless we are required by European Union or European Union Member State law to otherwise delete or retain the personal data.
Provided lastly that in the case of job applicant candidates, we shall, to the maximum extent permitted by applicable law and independently of any other provision of this Privacy Statement, have the right to retain personal data for no more than one year. However if a job applicant candidate wishes their personal data to be removed from our database, they should send an email to email@example.com with subject 'Database Removal'.
SECTION 3. DISCLOSURE OF YOUR INFORMATION
We may disclose personal data to:
To the extent that it is necessary to transfer personal data outside of the European Union, we will ensure appropriate safeguards are in place to protect the privacy and integrity of such personal data pursuant to applicable law.
SECTION 4. LINKS TO OTHER WEBSITES
Our website may, from time to time, contain links to and from other websites. If you follow a link to any of those websites, please note that those websites have their own privacy policies and we do not accept any responsibility or liability for those policies. Please check those policies before you submit any personal data to those websites.
SECTION 5. DATA SUBJECT RIGHTS
To the extent that we are a controller of your personal data you may request access to, rectification, or erasure of your personal data, or restriction of processing or object to processing of your personal data, as well as the right to data portability. In each case, these rights are subject to restrictions as laid down by law and, to the maximum extent permitted by applicable law, this Privacy Statement as well as any agreement in writing between you and us.
The following is a summary of your rights (which, as stated above, are or may be subject to restrictions):
You have the right to lodge a complaint with the Data Protection Authority, in particular in the European Union Member State of your residence, place of work or place of an alleged infringement, if you consider that the processing of your personal data infringes the General Data Protection Regulation (Regulation (EU) 2016/679).
If you wish to exercise any of these rights, please contact us (see Section 8, below). We will respond to your request within one month. That period may be extended by two further months where necessary, taking into account the complexity and number of requests. We will inform you of any such extension within one month of receipt of your request. We may request proof of identification to verify your request. We have the right to refuse your request where there is a basis to do so in law, or if your request is manifestly unfounded or excessive, or to the extent necessary for important objectives of public interest.
SECTION 6. SECURITY
We employ technical and organizational security measures appropriate to the risks of C&P’s processing of personal data. Unfortunately, however, no physical or electronic security system is entirely secure. We cannot guarantee the complete security of our database, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the Internet or otherwise, such transmission being at your own risk. Where we have given you a password which enables you to access certain parts of our website, you are responsible for keeping that password confidential. We ask you not to share your password with anyone.
SECTION 7. CHANGES TO THIS PRIVACY STATEMENT
To the maximum extent permitted by applicable law, we reserve the right to change this Privacy Statement from time to time at our sole discretion. If we make any changes, we will post those changes here and update the “Last Updated” date at the bottom of this Privacy Statement. However, if we make material changes to this Privacy Statement, we will notify you by means of a prominent notice on the website at least 21 days prior to the change becoming effective.
Please review this Privacy Statement periodically for updates.
To the maximum extent permitted by applicable law, you shall be bound by any changes to this Privacy Statement as of the time that such changes become effective.
SECTION 8. CONTACT US
Questions, comments, requests and complaints regarding this Privacy Statement and the personal data we hold are welcome and should be addressed by email to firstname.lastname@example.org or by letter to Chryssafinis & Polyviou LLC, Att. Andreas Christoforides, 37 Metochiou str. CY-1101, Nicosia, Cyprus. We will seek to deal with all requests promptly and efficiently.
Please note that at this point in time our data protection officer (“DPO”) is Mr. Andreas Christoforides who may be contacted at the email address: email@example.com
⃰ ⃰ Rationale for the said period: In Cyprus, following the filing of a tax return by a company such as C&P, the authorities can, under certain circumstances, raise an enquiry vis-à-vis such tax return during the period extending to the end of the 12th year after the tax year which the tax return concerns. Inquiries can range from simple information requests to detailed technical challenges.
Last Updated: January 16th, 2019