Clients' Privacy Policy of D.H. Nominees Limited

Για την Ελληνική έκδοση της Πολιτικής Προστασίας Προσωπικών Δεδομένων των Πελατών παρακαλώ ακολουθείστε αυτό το σύνδεσμο.

 24/05/2018 ver. 1.02

 1. INTRODUCTION

This Privacy Policy (the “Policy”) set out below will govern the protection and processing of your personal data which is collected and processed by D. H. Nominees Limited (“we” or “us”) in case you are a Client or Prospective Client (“you”).

D. H. Nominees Limited, is an Administrative Services Provider registered at Kyriakou Matsi 16, Eagle House, 8th Floor, 1082, Agioi Omologites, Nicosia, Cyprus.

Please read this Policy carefully. By accepting the provision of services from us and by signing any relevant documents directing you to this policy, you are deemed to have read, understood, agreed to and consented to this Policy.

Controller

Any information (including personal data) submitted to us by a Client or Prospective Client, will be handled by us and transmitted to us.

Definitions

Client means an existing client of the law firm who has signed a retainer or engagement letter with us or who has orally or by conduct agreed to the provision of legal services by us.

Prospective Client is a client who has not yet agreed to the provision of services by us and of whom we have collected personal data either directly or through another party.

Personal data includes personal data of a Client, a Prospective Client or any person authorising the Client or Prospective Client to disclose such data.

2. DATA PROTECTION PRINCIPLES

We will comply with data protection law. This says that the personal information we hold about you must be:

  1. Used lawfully, fairly and in a transparent way.
  2. Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
  3. Relevant to the purposes we have told you about and limited only to those purposes.
  4. Accurate and kept up to date.
  5. Kept only as long as necessary for the purposes we have told you about.
  6. Kept securely.

3. COLLECTION OF PERSONAL DATA

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Where we need to perform the contract we are about to enter into or have entered into with you.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where we need to comply with a legal obligation.
  • Where the processing is necessary to protect your vital interests

We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.

Data retention: How long will you use my personal data for?

We will only retain your personal data for as long as reasonably necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

Purpose/Activity Type of Data Lawful Basis Retention Period
Receiving Personal Data from a Prospective Client Any data submitted by the Client including special categories of data. (Please see under title Special Categories of Data in this Section) (a) Necessary in order to take steps at the request of the data subject prior to entering into a contract Up to two years provided that the Prospective Client does not become a Client
Contacting a Prospective Client First and Last name, e-mail address, Subject, message ’’ Up to two years provided that the Prospective Client does not become a Client
Opening a File for a Client Name, surname, address, telephone, email and fax as well as the type of case we will be handling, when you sign our New Client Form. (a) Processing is necessary for the performance of a contract to which the data subject is party

(b) Processing is necessary in order to protect the vital interests of the data subject.

(c) Processing is necessary for the purposes of the legitimate interests pursued by the controller

(d) processing is necessary for compliance with a legal obligation to which the controller is subject (namely under the Law of Administrative Service Providers)

10 years after the issuance of a judgement where the judgement remains unsatisfied if you remain a Client or

6 years from the day you request your file or terminate our services.

Collecting KYC Information for the purpose of providing administrative services. Full name, ID, Date of Birth, Place of Birth, Permanent residential Address, Postal Address, Work Address, telephone numbers. Email, citizenship and residency information, occupation, business activities, capital/assets/income information, employment, tax number, Passport Copy, Utility bill, reference letter from bank, CV (details on a CV vary), nature and purpose of the company, financing and expected turnover, geographical location of the business activities of the company. (a) Processing is necessary for the performance of a contract to which the data subject is party

(b) Processing is necessary in order to protect the vital interests of the data subject.

(c) Processing is necessary for the purposes of the legitimate interests pursued by the controller

(d) processing is necessary for compliance with a legal obligation to which the controller is subject (namely under the Law of Administrative Service Providers and Anti-Money Laundering Law)

6 years after termination of our services or 6 years from full settlement of any amounts due to us whichever is later.
Carrying risk intelligence data searches for due diligence purposes Full name, Passport ID, Date of Birth, Place of Birth. (a) Processing is necessary for the performance of a contract to which the data subject is party

(b) Processing is necessary for the purposes of the legitimate interests pursued by the controller

(d) processing is necessary for compliance with a legal obligation to which the controller is subject (namely under the Law of Administrative Service Providers and Anti-Money Laundering Law)

6 years after termination of our services or 6 years from full settlement of any amounts due to us whichever is later.

Marketing

We do not currently market or advertise our services.

Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Special Categories of Data

We may collect special categories of data in case these relate to the services we may provide such as data about your race or ethnicity, religious or philosophical beliefs and political opinions).

For example, we may use your race, ethnicity, religious, philosophical beliefs, political opinions data for the purposes of carrying out a risk intelligence data due diligence.

The above list is by way of example only as we cannot predict the full spectrum of cases where we will be processing special categories of data.

Furthermore we may collect data about your criminal convictions or offences in case we are representing you in criminal litigation and the convictions relate to the legal services we offer or in where the representation results in your conviction. This is because the data may be used in order to represent you in further proceedings against you as provided by the laws of the Republic of Cyprus.

How is your personal data collected

We use different methods to collect data from and about you including through:

  • Direct interactions for Prospective Clients: You may give us your name, surname, telephone, email by contacting us through the post, telephone, e-mail or through any other means. This includes personal data you provide when you communication with us.
  • Direct interactions for Clients: You may give us your name, surname, address, telephone, email and fax as well as the type of case we will be handling, when you sign our New Client Form.
  • By 3rd parties such as Thomson Reuters World Check or the internet: We may collect persona data about you through 3rd party providers such as World Check. This is in line with our obligations under the Anti Money Laundering Laws of Cyprus.

 4. DISCLOSURES OF YOUR PERSONAL DATA

We will share your personal data with the parties set out below for the purposes set out in the table above:

  • D. Hadjinestoros & Co LLC (HE 298870), a company related to us which is a Lawyers Limited Company regulated under Cap 2 of the Law. The data which will be shared with D. Hadjinestoros & Co LLC are all data of the data mentioned in the table. D. Hadjinestoros & Co LLC will use this data in order to provide our services You can read D. Hadjinestoros & Co LLC privacy policy and how it treats your data here.
  • Third parties, to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy.

 5. INTERNATIONAL TRANSFERS

We take care so as not to transfer any of your data outside the European Economic Area. In case we do transfer your data outside of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least that we use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.

6. DATA SECURITY

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

7. CHANGES TO THE POLICY

We reserve the right, at our discretion, to make changes to any part of this Policy. Should this Policy be amended, we will publish details of the amendments on the Website.

8. SEVERABILITY

If this Policy or any part of it should be determined to be illegal, invalid or otherwise unenforceable under the laws of any country in which this Policy is intended to be effective, then to the extent that it is determined to be illegal, invalid or unenforceable, it shall in that country be treated as severed and deleted from this Policy and the remaining terms of this Policy shall survive and remain in full force and effect and continue to be binding and enforceable in that country.

9. EVENTS BEYOND OUR CONTROL

We are not responsible for any breach of this Policy caused by circumstances beyond its reasonable control.

10. YOUR RIGHTS

 If you submit or have already provided us with personal data about you, then you have the following rights under this Policy and the relevant legislation on the protection on personal data.

You may at any time cancel the consent you have given us to process your personal data:

You may at any time send us any of the following requests:

  • A request for us to permanently delete all or some of your personal data from our records.
  • A request for you to access your personal data that are in our records.
  • A request for us to provide you with a copy of your personal data that are in our records, in digital or hard copy form.
  • A request for us to update or correct your personal data that are in our records.
  • A request for us to forward to another party of your choosing, a copy of all or some of your personal data that are in our records.
  • A request for us to limit what we do with your personal data or to stop all processing of your personal data.

The above requests will be processed by D. Hadjinestoros & Co LLC. Please contact us in case you wish to learn more on how D. Hadjinestoros & Co LLC will process such requests.

If you wish to exercise any of the above rights or if you wish to notify us of a breach of your personal data you will be able to do so by contacting us at any of the following:

Address: Kyriakou Matsi 16, Eagle House, 8th Floor, 1082, Agioi Omologites, Nicosia, Cyprus.

Tel: +357 22510165

Fax: +357 22318214

Email: dataprotection@dhadjinestoros.com

You also have a right to lodge a complaint with the supervisory authority, The Office of the Commissioner for the protection of personal data, however we would appreciate the chance to deal with your concerns before you approach the supervisory authority.

At any time after providing your consent, you will have a right to withdraw it by visiting any of our stores or by contacting us electronically or in writing using the above contact details.

11. CONTACTING OUR DPO OR THE OFFICE OF THE COMMISSIONER

Our appointed Data Protection Officer is Mr Evripides Hadjinestoros who can be contacted at:

Address: Kyriakou Matsi 16, Eagle House, 8th Floor, 1082, Nicosia, Cyprus

Tel: +357 22510165

Fax: +357 22318214

Emailevripidesh@dhadjinestoros.com

The competent authority in Cyprus for the enforcement of personal data protection legislation is:

The Office of the Commissioner for the protection of personal data

Address: Iasonos 1, 1082 Nicosia Cyprus or P.O.Box 23378, 1682 Nicosia Cyprus

Telephone: +357 22818456

Fax: +357 22304565

Emailcommissioner@dataprotection.gov.cy