This Privacy Statement sets out how M. HADJITOFI LLC (hereinafter called the “Law Firm”, “our Law Firm”, “we”, “us”) processes personal data, whether on individuals (including personal data in respect of individuals who are clients, job applicants, summer intern applicants, trainee lawyer applicants, website visitors, contacts, office visitors, office staff, intermediaries or other third parties that the Law Firm interacts with, or any individual who is connected to those parties) or otherwise. This Privacy Statement also sets out the rights of the individuals in respect of the personal data that the Law Firm holds and processes.
This Privacy Statement is in line with the provisions of EU Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter called the “General Data Protection Regulation” and/or “GDPR”). The Law Firm and each of its partners, consultants and employees of the Law Firm shall comply with the GDPR in relation to the holding and processing of personal data, particularly in the context of the provision of legal services.
WHAT PERSONAL DATA DO WE HOLD?
“Personal data” is any information that relates to you and that identifies you either directly from that information or indirectly, by reference to other information that we have access to. The Law Firm processes personal data in the context of providing legal and other services to its clients. The categories of personal data we may collect and process, according to the particulars of each case, include:
- Contact information: Information such as your name, job title, postal address, home address (utility bill), business address, telephone numbers, mobile numbers, Skype address, fax number and email addresses.
- Payment data & financial information: Data necessary for us to process payments and implement fraud prevention measures, including bank account details, VAT Numbers, Tax Identification Numbers and other such relevant billing details.
- Business details: Business information which we necessarily process as part of our instructions or projects we are involved in or otherwise provided by you voluntarily.
- Compliance details: Information we are legally required to collect for compliance purposes, such as ‘know your client’ information, details relevant to international sanctions and restrictive measures and information about relevant and significant litigation, which may impact our ability to provide our services. Furthermore, information required by the Law Firm to meet legal and regulatory requirements, in particular in respect of anti-money laundering legislation, including information on source of funds, employment details and source of wealth. Please note that for these purposes, we may also request a clean criminal record from our clients.
- On-going information: Information provided in the course of the provision of legal services (for example, information on professional relationships and background, financial wealth and assets held, transactions entered into, tax status, disputes and court proceedings engaged in).
- Publicly available information: Information collected from publicly available resources, including but not limited to information collected from databases we use to carry out compliance checks (such as Google, LexisNexis).
- Statutory Register Information: Information about you on account of an interest or office you may hold in or certain relationships you may have with a corporate entity, partnership, trust or other vehicle to which we provide services (each such entity, a Third-Party Entity).
- Details for events: In some cases, we may collect information about you, which may include sensitive information in relation to your health, for the purpose of tailoring our events to your needs. The processing of such data is based entirely on your consent; in the event that you do not want us to maintain such data, we may not be able to take the necessary precautions.
- General: any other information you may provide to the Law Firm.
PERSONAL DATA WE COLLECT FROM YOU
We collect personal data directly from you, for example, as follows:
- When you accept an invitation to attend one of our events, we will ask you to provide your contact, guest and other relevant information including meal preferences.
- When you use our website, we collect information about your visit and how you interact with our website.
- When a client uses our legal services, we will ask for the information that we need to provide those services; this information includes inter alia contact details, billing information, information necessary to conduct pre-clearance checks, all information about your case and information relevant to the services we provide. Information provided by a client may include personal data that relates to persons whose information is relevant to the instructions we receive from such client; for example, when we advise on a business transaction.
- When a Third-Party Entity engages us to provide services and you hold an office or an interest in or have certain relationships with that Third-Party Entity.
- When you apply for a job or a traineeship position or a summer intern position or any other position at our Law Firm, we will ask you for information relevant to your application.
- If you visit the Law Firm’s office, we may collect information that we need in order to identify you and complete necessary security checks, such as your identity card or passport.
- If you provide information to us about another individual, you must ensure that you comply with any legal obligations that may apply to your provision of the information to us, and to allow us, where necessary, to share that information. In particular, you must ensure that prior authorization was obtained to disclose such personal data to us and the client must ensure that the individual whose personal data the client is sharing with us is aware of the matters discussed in this Privacy Statement, as these are relevant to that individual, including how to get in touch with our Law Firm, the purposes for which our Law Firm processes personal data as well as our disclosure practices and the rights of such individual under the GDPR. Our Law Firm shall bear no responsibility in the event the client has not obtained the necessary authorization(s) from such individual, and shall proceed to collect, use and disclose such data in the manner described in this Privacy Statement without being required to take any action regarding the necessary authorization the client is required to obtain from such individual.
- When you or your organization seek our services.
- When you or your organization make an enquiry in person, over email or over the telephone.
- When you attend one of our seminars or other events we may organize.
- When you or your organization provide services to us, or otherwise offer to do so.
- In some circumstances, we may collect personal data about you from third parties, for example, we may collect personal data from your organization, other organizations with whom you have dealings, including government agencies, an information or service provider or from a publicly available record or regulatory bodies. We may also collect data from publicly available sources of information. We may also receive information about you from various internet search engines.
CAN YOU REFUSE TO SHARE YOUR PERSONAL DATA WITH US?
In general, we receive your personal data where you provide this on a voluntary basis, and there will typically be no detrimental effect for you if you wish not to provide this or otherwise withhold your consent for it to be processed. However, there are certain cases where we will unfortunately be unable to act without receiving such data, for example where we need to carry out legally required compliance screening or require such data to process your instructions or orders.
Where it is not possible for us to provide you with what you request without the relevant personal data, we will let you know accordingly.
HOW WE USE PERSONAL DATA WE COLLECT FROM YOU
The Law Firm determines why and how we process your personal data. In each case, your personal data will be controlled by our Law Firm which you have given instructions to. We will only use your personal data fairly and where we have a lawful basis to do so. We are allowed to use your personal data if we have your consent or another legally permitted reason applies. These include to fulfil a contract with you, when we have a legal duty to comply with, or when it is in our legitimate business interest to use your personal data. We can only rely on our legitimate business interest, if it is fair and reasonable to do so. Our use of your personal data depends on how and where you interact with us. See below a list of the ways that we use your personal data, and which of the reasons we rely on to do so.
We may process special category data (such as a clean criminal record) only where the processing is necessary for the purposes of providing our client with a legal advice or legal assistance and/or where this is necessary in order to comply with regulatory requirements such as client identification and knowledge, money laundering prevention and abatement of terrorism financing and fraud prevention arising from the Prevention and Suppression of Money Laundering and Terrorist Financing Law of 2007, as amended, or any other laws and regulations applicable in the Republic of Cyprus as well as any regulations issued by a competent organ of the European Union), always aiming to observe the conditions imposed by the GDPR on the lawfulness of personal data processing.
|USES OF PERSONAL DATA
||OUR LAWFUL BASIS FOR THE USE OF YOUR PERSONAL DATA
|To improve our website.
||Where we have your consent or where it is necessary so that we can deliver our website effectively.
|To conduct client due diligence and compliance checks when on-boarding a new client.
||To comply with our legal and regulatory obligations including compliance with anti-money laundering legislation, fraud and crime prevention.
|To provide legal advice and related services, to manage and administer our business relationships, including to communicate with our clients, their employees and representatives, to manage billing and payments and to keep records.
||To fulfil our contract with our client(s) and to comply with legal and regulatory obligations including accounting, tax and data privacy.
|To fulfil instructions received from the client and provide our services. Personal data may be processed by each of our partners, consultants and employees.
||To fulfil our contract with our client(s).
PRINCIPLES WE ADHERE TO
Our Law Firm is committed to and adhering to the following principles of processing personal data in accordance with Article 5 of the GDPR. In particular, the personal data we collect is:
- Processed lawfully, fairly and in a transparent manner in relation to the individual concerned;
- Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
- Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- Accurate and, where necessary, kept up to date;
- Kept in a form which permits identification for no longer than it is necessary or as required by relevant international or national legislation;
- Processed in a manner that ensures appropriate security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical and organizational measures.
How do we keep your personal data safe?
We take appropriate technical and organizational measures to keep your personal data confidential and secure, in accordance with our internal policies and procedures regarding storage of, access to and disclosure of personal data. We may keep your personal data in our electronic systems and/or in paper file
SHARING AND TRANSFERRING YOUR PERSONAL DATA
We treat your personal data with respect and confidentiality and do not share it with third parties except as described below:
- We may disclose your personal data to other entities connected to the Law Firm for the purpose of our internal business processes (such as administration and billing) and for the purpose of providing legal advice and services.
- Where it is necessary to transfer data from us to anywhere outside of the EU and EEA, we will comply with any transfer requirements applicable under GDPR and national legislation. Please note that we do not transfer any personal data outside of the EU and EEA. In case where such transfer is necessary, we will inform you accordingly prior to such transfer taking place.
- We may share personal information when necessary with law enforcement and regulatory authorities.
- We may also share your personal data when you have consented to us doing so.
- The following is a list of potential recipients of data (in each case including respective employees, directors and officers):
- Employee, partners and consultants of the Law Firm. Please note that all the employees of the Law Firm are subject to a duty of confidentiality;
- Other service providers (legal, governance or otherwise, including any bank or financial institution providing services in relation to any matter on which the Law Firm is instructed) where disclosure to such provider is necessary to fulfil a contract with our client;
- Any sub-contractors, agents or service providers of the Law Firm;
- Law enforcement agencies where this is necessary in order for the Law Firm to fulfil legal obligations;
- Regulators or other governmental or supervisory bodies with a legal right to the material or a legitimate interest in any material;
- Any registrar of a public register where the data is to be included in a public registry.
KEEPING YOUR PERSONAL DATA
We do not keep your personal data for any longer than is necessary to fulfil the purpose for which we collected it, or to comply with any legal, regulatory or reporting obligations or to assert or defend against legal claims.
YOUR RIGHTS REGARDING YOUR PERSONAL DATA
You have certain rights regarding how we use and keep your personal data. These are:
- The right to information: the right to be informed about the contact details of our Law Firm, the purposes of processing, the categories of data processed, the recipients of the data, the existence of the rights provided by the GDPR and the conditions in which the same can be exercised;
- The right to access to personal data: the right to access the personal data we use and process about you;
- The right to rectification: the right to request and obtain inaccurate data rectification, as well as the completion of incomplete data, concerning you. Please note that our Law Firm takes reasonable steps to check the accuracy of and correct the information, even in case this right is not exercised by you. Nevertheless, please let us know if any of your information changes so that we can keep it accurate and up to date.
- The right to data deletion: the right to request the deletion of your personal data where there is no compelling reason for its continued processing by our Law Firm;
- The right to restriction of processing: the right to ‘block’ or suppress the processing of your personal data;
- The right to object: the right to object at any time the processing of your personal data, for grounded and legitimate reasons;
- The right to data portability: the right to receive personal data concerning you in a structured manner, commonly used and easily readable format, as well as the right that these data be transmitted by us to another data controller;
- The right not to be subject to an automated decision: the right to request and obtain withdrawal, cancellation or reassessment of any decision based exclusively on processing by automated means which produces legal effects or similarly affects you to a significant extent. Please note that our Law Firm does not carry out processing activities which produce automated decisions. If at any time our Law Firm carries such processing activities, we will inform you before such processing takes place;
- The right to lodge a complaint with an authority or to address justice: the right to complain to the relevant privacy regulator for personal data processing and the right to address the courts for the defence of any rights guaranteed by the GDPR which have been violated. We can provide you with the details of the relevant regulator upon request.
Please note that under GDPR these rights are subject to certain conditions. You can learn more for exercising any of these rights by contacting us at email@example.com
To enable us to process your request, we will require you to provide satisfactory proof of your identity in order to ensure that your rights are respected and protected. This is to ensure that your personal data is disclosed only to you.
AMENDMENTS TO THIS PRIVACY STATEMENT/COMPLAINTS
This Privacy Statement is governed by Cyprus law.
This Privacy Statement was last updated on 5th April 2021. For any complaints or further information please contact us at firstname.lastname@example.org