PRODROMOU ASSOCIATES LLC
Privacy Notice (GDPR)
Published on 24th of May 2018
On May 25th, 2018, the EU’s General Data Protection Regulation (GDPR) becomes effective, which in effect replaces the 1995 Data Protection Directive and by which new significant data protection legislation is introduced. In this regards, here in G. Prodromou Associates LLC, we are committed in protecting our customer privacy and we take our responsibility regarding the security of customer information very seriously.
The present Privacy Notice clearly states how G. Prodromou Associates LLC applies data protection principles to processing data.
Data Protection Officer (DPO)
‘G. Prodromou Associates LLC’, referred to as “us”, “we” and “our”, in this Privacy Notice, primarily refers to G. Prodromou Associates LLC the main operating company, Data Protection Officer, subject to the EU General Data Protection Regulation 2016/679 and the Personal Data Privacy Ordinance (Cap. 486), is the data protection officer of all personal information that is collected and used in regards to G. Prodromou Associates LLC’s clients, associates and agents for the purposes of keeping our clients informed. G. Prodromou Associates LLC is a lawyers limited liability company duly registered and existing under the Laws of Republic of Cyprus with company’s registration number HE230155 and Registration of Lawyers’ Companies No. 050 and is licensed to practice Law and carry on all legal business according to the Laws of Republic of Cyprus and European Union.
You can directly contact our Data Protection Officer (DPO) through the following methods of communication:
Ms. Antri Dimitriou,
Prodromou Associates LLC,
20 Charalambou Mouskou Str,
ABC Business Center, Office 101,
8010, Paphos, Cyprus
Under the GDPR you have the following rights:
- (a) to access your personal data
- (b) to be provided with information about how your personal data is processed
- (c) to have your personal data corrected
- (d) to have your personal data erased in certain circumstances
- (e) to object to or restrict how your personal data is processed
- (f) to have your personal data transferred to a Data Protection Officer of another business in certain circumstances
- (g) You have the right to make a complaint at any time to a supervisory Authority. The Cyprus Data Protection Commissioner is the lead data protection supervisory Authority in Cyprus.
Please note that the above rights are not absolute, and we may be entitled to refuse requests where exceptions apply.
To find out more about your rights please refer to the EU regulator in the place where you are located (in the EU).
In case you have any questions about how we process your personal data, or in case you wish to exercise any of the rights set out above, please contact us.
How we collect your data
We collect your personal data in a number of ways, for example:
- From the information you provide to us when you meet us;
- From information provided to us by your company or an intermediary;
- When you communicate with us by telephone, fax, email or other forms of electronic communication. In this respect, we may monitor, record and store any such communication;
- When you complete (or we complete on your behalf) client on-boarding or application or other forms;
- From other companies handled by us;
- From your agents, advisers, intermediaries, and custodians of your assets;
- From publicly available sources or from third parties, most commonly where we need to conduct background checks about you.
The categories of personal data we collect
We collect the following categories of personal data about you:
- Your name and contact information such as your home or business address, email address and telephone number;
- Biographical information which may confirm your identity including your date of birth, tax identification number and your passport number or national identity card details, country of domicile and/or your nationality;
- Information relating to your financial situation such as income, expenditure, assets and liabilities, sources of wealth, as well as your bank account details;
- Information about your knowledge and experience in the investment field;
- An understanding of your goals and objectives in procuring our services;
- Information about your employment, education, family or personal circumstances, and interests, where relevant; and
- Information to assess whether you may represent a politically exposed person or money laundering risk.
The basis for processing your personal data (other than with your consent), how we use that personal data and whom we share it with
(i) Performance of a contract with you
We process your personal data because it is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract.
In this respect, we use your personal data for the following:
- To prepare a proposal for you regarding the services we offer;
- To provide you with the services as set out in our Terms of Engagement with you or as otherwise agreed with you from time to time;
- To deal with any complaints or feedback you may have;
- For any other purpose for which you provide us with your personal data.
In this respect, we may share your personal data with or transfer it to the following:
- Your agents, advisers, intermediaries, and custodians of your assets who you tell us about;
- Third parties whom we engage to assist in delivering the services to you,
- Our professional advisers where it is necessary for us to obtain their advice or assistance, including lawyers, accountants, IT or public relations advisers;
- Other third parties such as intermediaries who we introduce to you. We will wherever possible tell you who they are before we introduce you;
- Our data storage providers
(ii) Legitimate interests
We may process your personal data for one or more of the following:
- Where it is necessary for our legitimate interests as lawyers;
- In order to comply with a legal obligation;
- You have consented to us using your personal data;
- To protect your legitimate interests or those of another person (e.g. in case of a medical emergency).
Only children aged 16 or over may provide their own consent. For children under this age, consent of the children’s parents or legitimate guardians is required.
In this respect, we use your personal data for the following:
- For marketing to you. In this respect, see the separate section on Marketing below;
- Training our staff or monitoring their performance;
- For the administration and management of our business, including recovering money you owe to us, and archiving or statistical analysis;
- Seeking advice on our rights and obligations, such as where we require our own legal advice;
In this respect we will share your personal data with the following:
- Our advisers or agents where it is necessary for us to obtain their advice or assistance;
- With third parties and their advisers where those third parties are acquiring, or considering acquiring, all or part of our business.
(iii) Legal obligations
We also process your personal data for our compliance with a legal obligation which we are under.
In this respect, we will use your personal data for the following:
- To meet our compliance and regulatory obligations, such as compliance with anti-money laundering laws;
- As required by tax authorities or any competent court or legal authority.
In this respect, we will share your personal data with the following:
- Our advisers where it is necessary for us to obtain their advice or assistance;
- Our auditors where it is necessary as part of their auditing functions;
- With third parties who assist us in conducting background checks;
- With relevant regulators or law enforcement agencies where we are required to do so.
We will send you marketing about similar services we provide, as well as other information in the form of alerts, newsletters and invitations to events or functions which we believe might be of interest to you.
We will communicate this to you in a number of ways including by post, telephone, email, SMS or other digital channels.
If you object to receiving marketing from us at any time, please contact us.
Transfer and processing of your personal data outside the European Union
When sharing your personal data with third parties as set out in this Privacy Notice, it may be transferred outside the European Union.
In these circumstances, your personal data will only be transferred on one of the following bases:
- the country that we send the personal data to is approved by the European Commission as providing an adequate level of protection for personal data;
- the transfer is to a recipient in the United States of America who has registered under the EU/US Privacy Shield;
- the recipient has entered into European Commission standard contractual clauses with us;
- you have explicitly consented to the same.
To find out more about transfers by us of your personal data outside the European Union and the countries concerned please contact us.
Retention of your data
We will only retain your personal data for as long as we have a lawful reason to do so.
where we have collected your personal data as required by anti-money laundering legislation, including for identification, screening and reporting, we will retain that personal data for five years after the termination of our relationship, unless we are required to retain this information by another law or for the purposes of court proceedings;
or otherwise, we will in most cases retain your personal data for a period of seven years after the termination of our contractual or other relationship with you in case any claims arise out of the provision of our services to you.