Who we are
‘We’, ‘us’ or ‘our’ refers to Y. Georgiades & Associates LLC a limited liability company registered with the Department of the Registrar of Companies under registration number ΗΕ 312944, having its registered office at 2 Agiou Pavlou & Kadmou Street, Wisdom Tower, 3rd Floor, 1105, Nicosia, Cyprus. We are the data controller in relation to the personal data processed in accordance with this policy (except where this policy explains otherwise). Our contact and other details are set out at the end of this policy.
We are a Cyprus-based law firm offering legal, tax, personal, and business services.
The purpose for which we collect personal data
We collect and process personal data as follows:
If you are an individual client of ours or if you have individually provided your contact details for any purpose via our website or have signed up to receive any of our newsletters:
We may collect your individual contact and other information that you give to us to enable us to communicate with you in relation to the services by us. Information that you give us may include (apart from your name and contact information such as your email address, postal address or phone number and IP address) credit card, bank account or other financial details relevant to payments made by you and other information relating to you that is included in any communications between us and you in the course of the provision by us of our services.
If you are (or you work for) a business customer of ours, such as a partnership, private or public company:
we may collect your individual contact and other information that you give to us to enable us to communicate with you in relation to the provision of services by us to you or the person that you work for. Information that you give us may include (apart from your contact information such as your email address, postal address or phone number) credit card, bank account or other financial details relevant to payments made by you or the person that you work for and other information relating to you or the person that you work for that is included in any communications between us and you in the course of provision by us of our services.
If you use or browse any of our websites, or otherwise participate in any activities via our website:
If we wish to send you advertising, marketing or promotional material:
We may collect your individual contact details in order to send you direct marketing material in order to advertise, market or promote our goods and services (this will be subject to your prior consent where appropriate). For example, you may sign up to receive one or more of our regular newsletters. We may combine this with other information we obtain about the things you are interested in and that are relevant to the services provided by us (for example, when you browse our website and view particular content) in order to help us ensure that marketing material that we send you is relevant to what you are interested in.
If you provide goods or services (or you work for someone who supplies goods or services) to us:
We may collect your individual contact information to enable us to communicate with you in relation to the provision of goods or services by you or the person that you work for (for example, in relation to the management and administration of the provision of the relevant goods or services) and other personal information relating to you to in the course of provision of the goods or services concerned. This may include, for example, bank account or other financial details, and other information relating to you that is included in any communications between us and you or anyone you work with in the course of provision of the goods or services.
If you apply for a position with us
We may collect personal information in relation to you in connection with any application by you for a position with us. In that case, we will explain in more detail at the time how and for what purposes we intend to process the relevant personal information. We retain the Personal Data processed by us for as long as is considered necessary for the purpose for which it was collected (including as required by applicable law or regulation). In the absence of specific legal, regulatory or contractual requirements, our baseline retention period for records of unsuccessful career applicants is approximately 6 months from the date when of submission of such Personal Data to us. Personal Data of successful career applicants will be retained as part of such person’s employee data.
Where we process your personal data
We normally process personal data only in the Republic of Cyprus or elsewhere in the EU.
Security of your personal data
All personal data processed by us is stored securely (the level of security being appropriate to the nature of the data concerned and the other relevant circumstances).
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website and any transmission is at your own risk. Once we have received your information, we will use appropriate procedures and security features to try to prevent unauthorised access
The servers powering and facilitating cloud infrastructure that we use are located in secure data centres in Europe and the USA and Personal Data may be stored in any one of them. Our CRM cloud program is ISO/IEC 27001 and ISO/IEC 27017 certified, and the data stored is encrypted.
Who we share your personal data with
We may where appropriate share your personal data with:
- Appropriate third parties including:
- our business partners and sub-contractors for the performance of any contract we enter into or other dealings we have in the normal course of business with you or the person that you work for;
- payment processing service providers (such as Paypal) in connection with payments you make to us;
- our auditors and other professional advisors or service providers;
- credit or other similar reference agencies for the purpose of assessing your suitability or ability where this is in the context of us entering (or proposing to enter) into a contract with you or the person that you work for.
- In relation to information obtained via our website:
- analytics and search engine providers that assist us in the improvement and optimisation of our site and subject to the cookie section of this policy.
Other disclosures we may make
We may disclose your personal data to third parties:
- Third parties are widely used by us for the purpose of providing support to us and to generally help us provide, run and manage our internal IT systems. This includes providers of information technology, cloud-based software, website hosting and management providers, data analysis, data back-up, security and storage services.
- If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of service and other agreements with you or the person that you work for; or to protect the rights, property, or safety of our business or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection, or credit risk reduction.
The legal basis for our processing of personal data
The legal basis on which we process your personal data is as follows:
- Where it is necessary to obtain your prior consent to processing in order for us to be allowed to do it, we will obtain and rely on your consent in relation to the processing concerned (in relation to any processing we are carrying out with your consent, see below for how to withdraw your consent).
- Otherwise, we will process your personal data where the processing is necessary:
- for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into such a contract;
- for compliance with a legal obligation to which we are a subject; or
- for the purposes of the legitimate interests pursued by us or another person, provided that this will only be in circumstances in which those legitimate interests are not overridden by your interests or fundamental rights and freedoms which require protection of personal data.
How long we keep your personal data
We process personal data only for so long as is necessary for the purpose(s) for which it was originally collected, after which it will be deleted or archived except to the extent that it is necessary for us to continue to process it for the purpose of compliance with legal obligations to which we are subject or for another legitimate and lawful purpose.
You have the following rights in relation to personal data relating to you that we process:
- You may request access to the personal data concerned.
- You may request that incorrect personal data that we are processing be rectified.
- In certain circumstances (normally where it is no longer necessary for us to continue to process it), you may be entitled to request that we erase the personal data concerned.
- Where we are processing your personal data for marketing purposes or otherwise based on our legitimate interests, you may in certain circumstances have a right to object to that processing.
- Where we are processing personal data relating to you on the basis of your prior consent to that processing (such as in relation to marketing by email), you may withdraw your consent, after which we shall stop the processing concerned.
To exercise any of your rights (including withdrawing relevant consents or obtaining access to your personal data), you should contact us as set out below. To unsubscribe from any electronic newsletters or other marketing communications, you can click on the unsubscribe link in the relevant communication.
If you have a complaint about any processing of your personal data being conducted by us, you can contact us or lodge a formal compliant with the Date Protection Commissioner.
Contacting the regulator
The Data Protection Commissioner is the supervisory authority in the Republic of Cyprus and can provide further information about your rights and our obligations in relation to your personal data, as well as deal with any complaints that you have about our processing of your personal data:
Data Protection Commissioner
1 Iasonos street, 1082 Nicosia
P.O. Box 23378, 1682 Nicosia
If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact us using the details set out below.
Our contact details are:
Y.Georgiades & Associates LLC 2 Ayiou Pavlou & Kadmou Street, Nicosia, 1105, Cyprus, Company Number ΗΕ 312944
Contact: Stephanie Georgiadou
Updates to this policy
Date of this policy
This policy was last updated on September 2022.