RIVACY POLICY
Last updated: June 2018
What is the purpose of this document?
Chrysses Demetriades & Co. LLC, and all its subsidiaries and affiliates, is committed to protecting your privacy. This Privacy Policy explains how we collect and use your personal data and which rights and options you have in this respect. Chrysses Demetriades & Co. LLC is responsible for your personal data.
The kind of information we hold about you
The personal data we collect may include:
- Identity data such as your name, job title, postal address, including your home address, where you have provided this to us, business address, telephone number, mobile phone number, fax number and email address;
- Financial data, such as data necessary for processing payments, including credit/debit card numbers, bank account, security code numbers and other related billing information;
- Further financial and/or business information necessarily processed in a project or client contractual relationship with Chrysses Demetriades & Co LLC or voluntarily provided by you, such as instructions given, payments made, requests and projects;
- Information collected from publicly available resources, integrity data bases and credit agencies where this is relevant to the services offered to you;
- Further identity data such as marital status, date of birth, passport number, photographic identification and gender if legally required for KYC/compliance purposes or relevant and significant litigation or other legal proceedings against you or a third party related to you and in interaction with you;
- Other personal data regarding your preferences where it is relevant to legal services that we provide; and/or
- Details of your visits to our premises.
How is your personal information collected?
We may collect personal data about you in a number of circumstances, including:
- When you or your organisation seek legal advice or any other legal and/or corporate and administrative services from us including but not limited to company secretarial services;
- When you or your organisation browse, make an enquiry or otherwise interact on our website;
- When you or your organisation offer to provide or provide services to us and/or clients.
In some circumstances, we collect personal data about you from a third party source. For example, we may collect personal data from your organisation, other organisations with whom you have dealings, government agencies, an information or service provider or from a publicly available record.
If you fail to provide personal information
As a general principle, you will provide us with your personal data entirely voluntarily; there are generally no detrimental effects for you if you choose not to consent or to provide personal data. However, there are circumstances in which Chrysses Demetriades & Co. LLC cannot take action without certain of your personal data, for example because the collection of personal data is required to process with your instructions or orders or to carry out a legally required compliance screening. In these cases, it will unfortunately not be possible for us to provide you with what you request without first obtaining the relevant personal data and we will notify you accordingly.
How will we use your personal data?
We may use your personal data for the following purposes only (“Permitted Purposes”):
- Providing legal advice or other services or things you may have requested that relate to our offered services;
- Managing and administering your or your organisation’s business relationship with Chrysses Demetriades & Co. LLC, including processing payments, accounting, auditing, billing and collection, support services;
- Compliance with our legal obligations (such as record keeping obligations), compliance screening or recording obligations (e.g. for anti-money laundering, financial and credit check and fraud and crime prevention and detection purposes), which may include automated checks of your contact data or other information you provide about your identity against applicable sanctioned-party lists and contacting you to confirm your identity in case of a potential match or recording interaction with you which may be relevant for compliance purposes;
- To analyse and improve our services and communications to you;
- Protecting the security of and managing access to our premises, IT and communication systems, preventing and detecting security threats, fraud or other criminal or malicious activities;
- For insurance purposes;
- For monitoring and assessing compliance with our policies and standards;
- To identify persons authorised to trade on behalf of our clients, customers, suppliers and/or service providers;
- To comply with our legal and regulatory obligations and requests anywhere in the world, including reporting to and/or being audited by national and international regulatory bodies;
- To comply with court orders and exercises and/or defend our legal rights; and
- For any purpose related and/or ancillary to any of the above or any other purpose for which your personal data was provided to us.
Where you have expressly given us your consent, we may process your personal data also for communicating with you through the channels you have approved to keep you up to date on the latest legal developments, announcements, and other information about our services, products and technologies (including client briefings, newsletters and other information) as well as our events and projects.
With regard to marketing-related communication, we will – where legally required – only provide you with such information after you have opted in and provide you the opportunity to opt out anytime if you do not want to receive further marketing-related communication from us. We will not use your personal data for taking any automated decisions affecting you or creating profiles other than described above.
Depending on for which of the above Permitted Purposes we use your personal data, we may process your personal data on one or more of the following legal grounds:
- Because processing is necessary for the performance of a client instruction or other contract with you or your organisation;
- To comply with our legal obligations (e.g. for compliance purposes); or
- Because processing is necessary for purposes of our legitimate interest or those of any third party recipients that receive your personal data, provided that such interests are not overridden by your interests or fundamental rights and freedoms.
In addition, the processing may be based on your consent where you have expressly given that to us.
Data Sharing
We may share your personal data in the following circumstances:
- If you are a client of Chrysses Demetriades & Co. LLC, or are contracted to or are an agent of a client of Chrysses Demetriades & Co. LLC, we may disclose your personal data to:
- Our affiliates or subsidiaries providing our offered services;
- Other lawyers, other legal specialists, consultants or experts duly engaged with your instructions in your matter; or
- Foreign law firms for the purpose of obtaining foreign legal advice upon your instructions;
- If we have collected your personal data in the course of providing legal services to any of our clients, we may disclose it to that client, and where permitted by law to others for the purpose of providing those services;
- We may share your personal data with companies providing services for money laundering checks, credit risk reduction and other fraud and crime prevention purposes and companies providing similar services, including financial institutions, credit reference agencies and regulatory bodies with whom such personal data is shared;
- We may share your personal data with courts, law enforcement authorities, regulators or lawyers or other parties where it is reasonably necessary for the establishment, exercise or defence of a legal or equitable claim, or for the purposes of a confidential alternative dispute resolution process;
- We may also instruct service providers within or outside of Chrysses Demetriades & Co. LLC, domestically or abroad, e.g., to process personal data for the Permitted Purposes on our behalf and in accordance with our instructions only. Chrysses Demetriades & Co. LLC will retain control over and will remain fully responsible for your personal data and will use appropriate safeguards as required by applicable law to ensure the integrity and security of your personal data when engaging such service providers.
Otherwise, we will only disclose your personal data when you direct us or give us permission, when we are required by applicable law or regulations or judicial or official request to do so, or as required to investigate actual or suspected fraudulent or criminal activities.
Personal data about other people which you provide to us
If you provide personal data to us about someone else (such as one of your directors or employees, or someone with whom you have business dealings) you must ensure that you are entitled to disclose that personal data to us and that, without our taking any further steps, we may collect, use and disclose that personal data as described in this Privacy Policy. In particular, you must ensure the individual concerned is aware of the various matters detailed in this Privacy Policy, as those matters relate to that individual, including our identity, how to contact us, our purposes of collection, our personal data disclosure practices (including disclosure to overseas recipients), the individual’s right to obtain access to the personal data and make complaints about the handling of the personal data, and the consequences if the personal data is not provided (such as our inability to provide services).
Data Security
In addition to our legal duties to keep your information confidential in the course of offering legal services, Chrysses Demetriades & Co. LLC will take appropriate technical and organisational measures to keep your personal data confidential and secure in accordance with our internal procedures covering the storage, disclosure of and access to personal data. Personal data may be kept on our personal data technology systems or in paper files.
Up-to-date personal data
If any of the personal data that you have provided to us changes, for example if you change your email address or if you wish to cancel any request you have made of us, or if you become aware we have any inaccurate personal data about you, please let us know by sending an email to dataprotection@demetriades.com. We will not be responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete Personal Data that you provide to us.
Data Retention
We will only retain your personal information for as long as necessary to fulfil the Permitted Purposes or you withdraw your consent in accordance with applicable law (where applicable). We will, in particular, retain your personal data where required for Chrysses Demetriades & Co. LLC to potentially assert or defend against legal claims until the end of the relevant retention period or until the claims in question have been settled or by virtue of obligations that we have under national or European law.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Your rights
Subject to certain legal conditions, you have the right to request a copy of the personal data which we hold about you, to have any inaccurate personal data corrected and to object to or restrict our using of your personal data. You may also make a complaint to us if you have a concern about our handling of your personal data.
If you wish to do any of the above please send an email to dataprotection@demetriades.com. We may request that you prove your identity by certain acts (e.g. by providing us with a copy of a valid means of identification) in order for us to comply with our security obligations and to prevent unauthorised disclosure of data. We reserve the right to charge you a reasonable administrative fee for any manifestly unfounded or excessive requests concerning your access to your data, and for any additional copies of the personal data you request from us.
We will consider any requests or complaints which we receive and provide you with a response in a timely manner. If you are not satisfied with our response, you may take your complaint to the Data Protection Commissioner Office, the Republic of Cyprus’ supervisory authority at:
1 Iasonos Street,
1082 Nicosia, Cyprus
Tel.: +357 22 818 456
Fax: +357 22 304565
E-mail: commissioner@dataprotection.gov.cy
Updates to this Privacy Policy
This Privacy Policy was last updated in June 2018. We reserve the right to update and change this Privacy Policy from time to time in order to reflect any changes to the way in which we process your personal data or changing legal requirements. In case of any such changes, we will post the changed Privacy Policy on our website or publish it otherwise. The changes will take effect as soon as they are posted on this website.
How to contact us
If you would like to contact us with any queries or comments, please send an email to dataprotection@demetriades.com.
Top of Form