“COLP” means Our Firm’s Compliance Officer for Legal Practice.
“Commissioner” means the Cyprus Data Protection Commissioner, the Cyprus supervisory authority for data protection issues.
“DPO” means Our Firm’s Data Protection Officer.
“GDPR” and “Applicable Legislation” means the new Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, including the applicable local legislation as amended from time to time.
“Notice” means this Privacy Notice.
“Our Personnel” means Our Firm’s prospective, present and past partners, employees, consultants and agency staff, affiliated firm, affiliated firms’ personnel and people connected to such persons.
“Personal Data” means information about individuals (including you), being information from which such individuals could be identified.
“We”; “Us”; “Our Firm”; and “Hadjikyprianou Law” means G.C. Hadjikyprianou & Associates LLC a regulated lawyers’ limited company supervised by the Cyprus Bar Association and incorporated under the laws of the Republic of Cyprus, with Registration No. ΗΕ 402271. For the avoidance of any reference to “We”; “Us”; “Our”; “Our Firm”; and “Hadjikyprianou Law” shall also include Our Firm’s affiliated companies.
“You” means individuals whose Personal Data are collected and processed by Our Firm including, but not limited to Our Firm’s clients, Our Firm’s clients’ personnel, counter-parties, counter-parties’ personnel, other solicitors/advisors/advocates, witnesses, suppliers, suppliers’ personnel, job applicants and individuals to whom we market.
We know that you care how information about you is used and shared and we appreciate your trust in us to do that carefully and sensibly. We hereby confirm that we are committed to protecting your personal information. Hadjikyprianou Law will collect, process and use your personal data exclusively in compliance with the principles of the Applicable Legislation.
This Notice describes how G.C. Hadjikyprianou & Associates LLC collects and processes your Personal Data in accordance with the GDPR. It informs you as to what kind of Personal Data Hadjikyprianou Law collects, why we need it, how we use it and what protections are in place to keep it secure.
This Notice is provided in a structured form covering specific areas in relation to your personal data. It is important that you read this Notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This Notice supplements the other notices and/or terms and is not intended to override them. We recommend that you print a copy of this Notice for future reference.
Hadjikyprianou Law is the Data Controller in relation to your Personal Data and is committed to protecting the privacy rights of individuals, including your rights.
Data Protection Officer
Hadjikyprianou Law is not required under the GDPR to appoint a Data Protection Officer. We have however appointed a DPO who is responsible for overseeing questions in relation to this Notice as well as for overseeing Our Firm’s compliance with the GDPR and any other applicable data protection legislation and regulation. In addition, our COLP oversees compliance with our professional responsibilities and with legislative requirements.
If you have any questions or would like to have more details about this Notice or on how we use your personal information, please contact our DPO.
As explained hereunder, you have the right to make a complain at any time to the Commissioner. We would, however, appreciate the chance to deal with your concerns before you approach the Commissioner so please contact us in the first instance.
How does Hadjikyprianou Law obtain your Personal Data?
In some circumstances, we may obtain your Personal Data from you directly including through job applications made through this website but, more typically, we will obtain your Personal Data from a third-party source, for example, we may collect information from our clients/our clients’ personnel, agents and advisors, other law firms/advisors which represent you, the company for whom you work, other organisations/persons with whom you have dealings, government agencies, credit reporting agencies, recruitment agencies information or service providers and publicly available records.
What about Third Party’s Personal Data which you provide to Hadjikyprianou Law?
If you provide information to us about someone else (such as one of your associates, directors or employees, or someone with whom you have business dealings) you must ensure that you are entitled to disclose that information to us and that we may process that information in accordance with this Notice.
What Personal Data does Hadjikyprianou Law collect from and about you?
We collect and use different types of Personal Data about you, which will vary in type and detail depending on the circumstances and purpose of processing. Please consider the following illustrative and non-exhaustive examples:
- Personal Data about you: name, address, date of birth, marital status, nationality, race, gender, preferred language, job title etc;
- Personal Data to contact you at work or home: name, address, telephone, and e-mail addresses;
- Personal Data which may identify you: photographs and video, passport and/or driving license details, electronic signatures;
- Personal Data to process any payment we might need to make to you such as bank account details;
- Personal Data to monitor your use of our website: IP address, traffic and location information, weblogs and other communication information.
Why do we need to collect and use your Personal Data?
We need to collect and use your Personal Data for a number of reasons, the primary purpose being to provide legal advice and services to our clients and which may involve the use of your Personal Data in the following (non-exhaustive) ways:
- to contact you if you are involved in a matter we are undertaking for a client, whether in your professional or personal capacity;
- to carry out investigations, risk assessments and client due diligence;
- to analyze the practices of your employer or other organisations and/or persons with whom you have dealings;
- to review, draft and disclose correspondence and other documents, including court documents;
- to instruct third-parties on behalf of our clients; and
- for comparison/analytical purposes and to formulate legal opinions and provide advice.
We may also process your Personal Data for effective business management purposes which may involve the use of your Personal Data in the following (non-exhaustive) ways:
- to engage and contact suppliers;
- to carry out internal reviews, investigations, audits;
- to conduct business reporting and analytics;
- to help measure performance and improve our services;
- to recruit personnel;
- to promote and market the services that we provide;
- for regulatory and legislative compliance and related reporting; and
- for the prevention and detection of crime.
What is Hadjikyprianou Law’s legal basis for processing your Personal Data?
Under the GDPR, Hadjikyprianou Law must identify a lawful basis for processing your Personal Data which may vary according to the type of Personal Data processed and the individual to whom it relates.
– Performance of a contract with you (where applicable):
Hadjikyprianou Law is entitled to process the Personal Data it requires in order to fulfil its obligations under its contract with you. This will be the relevant legal basis if you are an individual client or supplier/other individual with a direct contractual relationship with Us.
– Legitimate interests of Hadjikyprianou Law or a third-party:
Hadjikyprianou Law processes some of your Personal Data on the basis that it is in its legitimate interests and/or the legitimate interests of a third-party to do so. This will primarily concern the processing of Personal Data that is necessary to provide legal advice and services to our clients. Hadjikyprianou Law’s legitimate business interest in such instances is the proper performance of its function as an authorized and regulated provider of legal services. Hadjikyprianou Law’s clients’ also have a legitimate interest (and more general right in law) in obtaining legal advice and services.
Hadjikyprianou Law’s broad interest in the provision of legal services as a basis for processing your Personal Data, and our clients’ corollary interest in the receipt of such services, can be broken down into more discreet categories which may include, but are not limited, to:
- the interest in contacting individuals relevant to Hadjikyprianou Law’s work and our clients’ matters, which may involve the use of your Personal Data;
- the interest in reviewing documents and correspondence that have been disclosed to Hadjikyprianou Law, Hadjikyprianou Law’s clients and third-parties which may contain your Personal Data;
- the interest in reviewing and analyzing all evidence available to Hadjikyprianou Law and its clients, which may contain your Personal Data;
- the interest in adducing legal arguments, creating documents and correspondence, which may contain your Personal Data;
- the interest in disclosing documents and correspondence, which may contain your Personal Data, to various parties in the furtherance of Hadjikyprianou Law’s clients’ objectives;
- the interest in instructing third-parties on behalf of Hadjikyprianou Law’s clients;
- the interest in receiving payment from Hadjikyprianou Law’s clients and third-parties and to facilitate payments to and from Hadjikyprianou Law’s clients and third-parties; and
- in order to allow for all of the above, the secure management and storage of your Personal Data, within our IT environment and hard-copy filing systems.
Hadjikyprianou Law may also process your Personal Data on the basis that it is necessary for its legitimate business interests in the effective management and running of Hadjikyprianou Law which may include, but is not limited to: engaging suppliers and supplier personnel; ensuring that its systems and premises are secure and running efficiently; marketing/promoting our services; for recruitment purposes; for regulatory and legislative compliance, and related auditing and reporting; for insurance purposes; and to facilitate, make and receive payments.
– Compliance with a legal obligation to which Hadjikyprianou Law is subject:
In certain circumstances, Hadjikyprianou Law must process your Personal Data in order to comply with its legal obligations. This might include, but is not limited to, Personal Data required: for tax and accounting purposes; for conflict checking purposes as required by the common law and Hadjikyprianou Law’s regulators; and for Hadjikyprianou Law to fulfil its compliance and other obligations under relevant legislation/regulation.
Special category and criminal records Personal Data
If Hadjikyprianou Law processes your criminal records Personal Data or special category Personal Data relating to your racial or ethnic origin, political opinions, religious and philosophical beliefs, trade union membership, health data, biometric data or sexual orientation, we will obtain your explicit consent to those activities unless this is not required by law (because, for example, it is processed for the purpose of exercising or defending legal claims) or the information is required to protect your health in an emergency. Where we are processing Personal Data based on your consent, you have the right to withdraw that consent at any time.
We may use your contact details to send you marketing materials, provided we are permitted to do so by law. You always have the right to unsubscribe from any marketing by contacting our DPO.
Who receives your Personal Data?
We may disclose your Personal Data to third-parties if, but only when, we have a legal basis to do. Such recipients include but are not limited to: co-counsel, other solicitors/barristers/experts/foreign law firms whom we instruct on your behalf; Hadjikyprianou Law’s insurance brokers and underwriters; Hadjikyprianou Law’s bank, auditors and accountants; Hadjikyprianou Law’s outsourced IT providers and other suppliers; the other side/other parties on any given matter.
How do we protect your Personal Data?
We have security arrangements in place to guard against unauthorised access, improper use, alteration, destruction or accidental loss of your Personal Data. We take appropriate organisational and technical security measures and have rules and procedures in place to ensure that any Personal Data we hold is not accessed by anyone unauthorised to access it. We have in place, and abide by, a specific information security policy about the security standards used to protect your Personal Data.
When we use third-party organisations to process your Personal Data on our behalf, they must also have appropriate security arrangements, must comply with our contractual requirements and instructions and must ensure compliance with the GDPR and any other relevant data protection legislation.
Is your Personal Data transferred to “third countries” and, if so, what safeguards are in place?
In accordance with this Notice and the provisions of the GDPR, we may transfer your Personal Data to organisations located in “third countries” (those outside of the EEA). In addition to the security arrangements mentioned above in relation to our engagement of third-party organisations, where such transfers are required we will ensure that your Personal Data is adequately protected, for example, by using a contract for the transfer which contains specific data protection provisions that have been adopted by the European Commission or a relevant data protection authority.
How long will your Personal Data be retained by Hadjikyprianou Law?
It is our policy to retain your Personal Data for the length of time required for the specific purposes for which it is processed by Hadjikyprianou Law and which are set out in this Notice. However, we may be obliged to keep your Personal Data for a longer period, for example, where required by our legal and regulatory obligations or in order to ensure we have effective back-up systems. In such cases, we will ensure that your Personal Data will continue to be treated in accordance with this Notice, restrict access to any archived Personal Data and ensure that all Personal Data is held securely and kept confidential.
What are your rights?
The following are the rights you have pursuant to the provisions of the Applicable Legislation in relation to the data protection:-
- Request access to your personal data (commonly known as a “data subject access request”).
- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. Please note however that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request. In such a case, your data will be stored but not processed until expiration of the retention obligation.
- Subject to the legal basis on which the processing activity is based, you may object to processing of your personal data. Please note that in some cases, we may have compelling legitimate grounds to process your information which we need to comply with.
- Request restriction of processing of your personal data (a) if it is not accurate;(b) where processing may be unlawful but you do not want us to erase your data; (c) where you need us to hold the data even if we no longer require it; or (d) where you may have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Request the transfer of your personal data to you or to a third party.
- In case the processing of the data is performed subject to your consent, you may withdraw consent at any time where we are relying on consent to process your personal data. However, we note that this will not affect the lawfulness of any processing carried out before you withdraw your consent. Kindly note however that if you withdraw your consent, we may not be able to provide certain products or services to you. We will of course advise you if this is the case at the time you withdraw your consent.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). Kindly note however that we may charge you with an administrative fee, in cases where requests are deemed manifestly unfounded or excessive, in particular because of their repetitive character.
If you wish to know more and/or exercise any of the rights set out above, please contact us or our DPO.
Our website may use technologies such as “cookies” to provide visitors with tailored information upon each visit. Cookies are a common part of commercial websites that allow small text files to be sent by a website, accepted by a web browser and then placed on your hard drive in order to recognise repeat visits to the website. Every time you visit our website, our servers, through cookies, pixels and/or GIF files, collect basic technical information such as your domain name, the address of the last URL visited prior to clicking through to the website, and your browser and operating system. If you like, you can set your browser to notify you before you receive a cookie so you have the chance to accept or reject it and you can also set your browser to turn off all cookies. The website www.allaboutcookies.org (run by the Interactive Marketing Bureau) contains step-by-step guidance on how cookies can be switched off by users. You do not need to enable cookies to visit our website – however, some parts of the website and some services may be more difficult or impossible to use if cookies are disabled.
For the avoidance of any doubt Cookies do not contain any information that could identify the individual user personally.
Lodging a Complain
Please let us know if you are unhappy with how we have used your personal information. As stated above you can always contact us or our DPO.
You also have the right to make a complaint at any time to the Commissioner which is the supervisory authority for data protection issues. We would, however, appreciate the chance to deal with your concerns before you approach the Commissioner so please contact us in the first instance.
Thank you very much.
Hadjikyprianou Law Data Management Team