PRIVACY POLICY
Petros Kiteos LLC (the Firm) respects your privacy and is committed to protecting your personal data. This privacy policy will inform you how the Firm collects and processes your personal data and what rights you have in relation to the personal data we hold and process in connection with our engagement with our clients, job applicants, service providers and guests.
This privacy policy is separate and in addition to General Terms of Business and any other agreement which may be concluded with the Firm.
1. Definition of personal data
Personal data is given the definition any information that relates to an identified or identifiable living individual. Different pieces of information, which collected together can lead to the identification of a particular person, also constitute personal data.
2. Control and processing of your personal data
The Firm determines why and how your personal data will be processed and controlled.
3. Data that may be collected
The Firm collects different types of personal data for different reasons. The data collected may include:
Contract Information and Identification
Information such as your name, passport details, date of birth, educational background, employment and professional history, job title, postal address, home address, business address, telephone number, mobile number, and email address and other information concerning your preferences.
Financial and Payment Data
The data we require to process payments and implement fraud prevention measures, including bank account, credit/debit card numbers, security code numbers and other such relevant billing details.
Business Details
The business information that you voluntarily provide or the information that we are required to process as part of our instructions or projects.
Compliance Details
We are required by law to collect certain information for compliance purposes, such as client due diligence information, details relevant to anti-money laundering laws and regulations, international sanctions and restrictive measures, and information about relevant and significant litigation that may affect our ability to act.
Marketing and Communication Preferences
Where it is relevant to the services we provide, information about your preferences.
Technical / Platform Information
This includes data gathered from your visit to our website. Your IP address, device type, operating system and platform, time zone, browser type and version are all included in this information.
Publicly Available Information
Information gathered from publicly available sources, such as databases used to conduct compliance checks or credit rating agencies.
Statutory Register Information
Information about you obtained as a result of an interest or office you may hold, or certain ties you may have with a corporate entity, partnership, trust, or other vehicle to whom we provide services. (each referred to as a Third Party).
Details for Events
In some situations, we may collect information about you, including sensitive health-related information, in order to better adapt our events to your requirements. Your consent is required for the processing of such data. If you do not want us to keep such data, we may not be able to take the appropriate measures and/or precautions.
Sensitive / Special Category Information
Such information is processed where required by law or when you have provided us with the information required for the service we are delivering to you.
4. When we collect your personal data
We may collect your personal data for the following purposes:
(a) when you or your organisation seek our services;
(b) when you or your organisation make an enquiry through our website, in person, over email or over the telephone;
(c) when you provide information for recruitment purposes;
(d) when a Third Party engages us to provide services and you hold an office or an interest in or have certain relationships with that Third Party;
(e) when you or your organisation provide services to us, or otherwise offer to do so;
(f) when you or organisation provide information to us in connection with services to be provided to you;
(g) when the Firm is required to comply with legal and / or regulatory obligations.
We may obtain personal data about you from third parties in some instances. In some instances, personal data may be collected from your organization, other organizations with which you have contacts, such as Third Parties, government agencies, a credit reporting agency, information or services offered, or a publicly available record.
5. How is your personal data used
Your personal data will be used by the Firm for the following purposes (the Permitted Purposes):
(a) to provide legal advice or other services or things you may have requested, including legal services, as instructed or requested by you or your organisation;
(b) to manage and administer your or your organisation’s business relationship with us, including processing payments, billing and collection or support services;
(c) for compliance with our legal obligations (such as record keeping obligations), compliance screening or recording obligations (such as under antitrust laws, export controls, trade sanctions and embargo law, for anti-money laundering, financial and credit check and fraud and crime prevention and detection purposes), which may include contacting you to confirm your identity in case of potential match or recording interaction with you which may be relevant for compliance purposes;
(d) to provide updates, reminders, requests and directions relevant to the role or capacity in which you are interested in a Third Party;
(e) to analyse and improve our services and communications to you;
(f) to protect the security of and managing access to our premises, IT and communication systems, website, preventing and to detect security threats, fraud or other criminal or malicious activities;
(g) for insurance purposes;
(h) to monitor and assess compliance with our policies and standards;
(i) to comply with our legal and regulatory obligations and requests, including reporting to and/or being audited by national and international regulatory, law enforcement and tax reporting bodies;
(j) on instruction or request from your organisation or a relevant Third Party;
(k) to communicate with you through the channels you have approved to keep you up to date on the latest legal developments, announcements and other information about our services including client briefings, as well as events and projects we may organise;
(l) to comply with court orders and exercises and/or defend our legal rights; and
(m) for any purpose related and / or ancillary to any of the above or any other purpose for which your personal data was provided to us.
Provided you have given us your express consent, we may process your personal data for customer surveys, marketing campaigns, market analysis, sweepstakes, contests, or other promotional activities or events.
6. Legal basis for processing your personal data
We may process your personal data on one or more of the following legal grounds, depending on which of the above Permitted Purposes we use it for:
Consent
Contractual obligation
Where we ask for your consent to process your personal data.
Where the data is required for the fulfilment of the contract we have with you, or to take the necessary actions at your request prior to entering into a contract.
Legitimate interest
Legal obligation
When processing is required to pursue the Firm's or a third party's legitimate interests.
The Firm is required to carry out the processing in order to comply with legal or regulatory requirements.
7. How your personal data will be used
We may use your data in the following circumstances:
(a) we will use your personal data where it is required for the purpose of providing legal advice or other services, as well as for administrative, billing and other business purposes;
(b) where you are a client of the Firm, or you are otherwise contracted by, are an agent of, or otherwise represent a client of the Firm, we may disclose your personal data to:
-
other legal specialists, consultants or experts engaged in your matter, or
-
foreign law firms for the purpose of obtaining foreign legal advice, as may be relevant, or
-
competent authorities (law enforcement agencies, statutory regulators, supervisors, authorities) after a legitimate request for information;
(c) if we collect your personal data while providing legal services to one of our clients, we may disclose it to that client, as well as others as permitted by law, for the purpose of delivering such services;
(d) we may share your personal information with organizations that provide money laundering checks, credit risk reduction, and other fraud and crime prevention services, as well as organizations that provide similar services, such as financial institutions, credit reference agencies, and regulatory authorities;
(e) your personal data may be shared with any third party to whom we assign or novate any of our rights or obligations;
(f) in the event it is reasonably necessary for the establishment, exercise, or defence of a legal or equitable claim, or for the purposes of a confidential alternative dispute resolution procedure, we may share your personal data with courts, law enforcement authorities, regulators, attorneys, or other parties;
(g) We may also instruct service providers, either locally or internationally, such as shared service centres, to process personal data on our behalf and only in line with our instructions for the Permitted Purposes. When hiring such service providers, the Firm will retain ownership of and be entirely responsible for your personal data, and will implement necessary procedures as required by relevant legislation to ensure the integrity and security of your personal data;
(h) we may also utilise aggregated personal data and statistics to track website usage in order to improve our website and services.
Nonetheless, we will only share your personal data if you instruct us or give us permission to do so, if we are forced to do so by relevant law or regulations, or if required for investigating actual or suspected fraudulent or criminal activity.
8. Refusal to provide your personal data
Generally, we obtain your personal data when you voluntarily provide it, and there are usually no negative implications if you refuse to provide it or allow it to be processed. However, there are some situations in which we will be unable to act without obtaining such information, such as when we need to undertake legally required compliance screening, process your instructions or orders, or otherwise provide you with our services or communications.
If we are unable to provide you with what you request without the required personal data, we will notify you.
9. Your rights to your personal data
You have the right, subject to certain legally imposed conditions, to:
Right of access and rectification
You have the right to access your personal data by requesting a copy of the personal data we hold about you, as well as to have any inaccurate data corrected.
Right to object or restrict our use of your personal data
You have the right to object to or request a restriction on the processing of your personal data in certain circumstances. In cases where your interests outweigh ours, we will re-evaluate whether or not your data should be used or restricted, and we will stop processing it. Wherever possible, we will comply with your request or inform you why your request cannot be fulfilled.
Right to not be subject to fully automated decision-making
The Firm does not use automated systems to process your personal data.
Right to data portability
You have the right to request that personal data be provided in a machine-readable format to you or another data controller.
Right to transparency of information
You have the right to clear and transparent information about how your data is processed.
Right to be forgotten
You have the right to request that your data be erased if you object to its processing, such as, where the processing is not legitimate or required for the purposes for which the data was collected. Unless there is a legal obligation to keep your personal data, your data will be erased upon receipt of your request.
Complaint submission
You have the right to file a complaint if you have concerns with how we are managing your data.
Please contact us at privay@kiteos.cy if you want to do any of the above. We may require you to verify your identity in order to process your request. This is to safeguard the personal data we hold and that the data is adequately protected from unauthorized access requests and that we meet our security requirements.
Any unjustified or excessive requests we receive, as well as any further copies of the data you seek, may be subject to a modest administrative fee.
10. How we protect your personal data
Concerning the storing, access to, and disclosure of personal data, we take suitable technical and organisational steps to keep your personal data confidential and secure. We may store your personal information in electronic systems, third-party systems, and paper files.
11. Personal data about other persons that we acquire from you
In the event you provide us with the personal data of others, such as your employees, company directors, or other people with whom you do business, you must ensure that you have the authority to disclose that data to us and that we can collect, use, and disclose that data in the ways described in this policy without taking any additional steps.
Specifically, you must ensure that the individual whose personal data you are sharing with us is aware of the information provided in this Privacy Policy, as it pertains to that individual, such as our identity, how to contact us, the purposes for which we collect data, or disclosure practices, and the individual's rights in relation to our data holding.
12. Personal data transfer abroad
There may be a case, where in order to provide our services, we may need to transfer your personal data abroad if required to do so for the Permitted Purposes. In some situations, this may include transferring data to jurisdictions that may not provide the same level of protection as your home country's regulations (for example, the EU/EEA data protection legislation).
When making such transfers, we will ensure that they are subject to appropriate safeguards in accordance with the General Data Protection Regulation (Regulation 2016/679) or other relevant data protection legislation. This may include entering into the EU Commission’s Standard Contractual Clauses.
13. Duration that your personal data is kept
In accordance with our General Terms of Business, we erase your personal data when it is no longer reasonable for us to keep it for the Permitted Purposes, or when you withdraw your consent for us to keep it, and we are not otherwise legally permitted or required to keep it.
Importantly, the Firm will store your personal data for as long as it is necessary for the purposes of defending or advancing legal claims until the end of the time in which we are permitted to retain the data, or until the settlement of any such claims, as relevant. We may also save your information for archiving purposes.
14. Third-party links
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and we are not responsible for their privacy statements. Our Privacy Policy applies only to our website, so if you click on a link to another website, you should read their privacy policy.
15. Updating and correcting your personal data
If any of the personal data you have supplied us has changed, or if you believe the personal data we have is incorrect, please contact us at privacy@kiteos.cy. Further, if you hold an office or are interested in or have certain relationship with a Third Party to which we provide services, you and/or the Third Party may be contractually required or have a legal obligation to notify us of such changes within a specified time period. We cannot be held liable for any losses incurred as a result of us having inaccurate, incomplete, inauthentic, or otherwise inadequate personal data submitted to us by you or a Third Party. Please notify us if you wish to cancel any requests.
16. Complaints
We encourage you to contact us first if you have any concerns or complaints about the Firm's processing of your data, as we seek to satisfactorily resolve any concerns or complaints you may have concerning the Firm's processing of your personal data.
You can, however, report any concerns directly to the Office of the Commissioner for Personal Data Protection, where you can also learn more about your rights under applicable data protection law and file a formal complaint.
17. Amendments to the Privacy Policy
The last time this Privacy Policy was updated was on 1 July 2022. We reserve the right to amend the contents of this Privacy Policy at any time to reflect changes in the way we process your personal data or to reflect changes in the relevant legal framework. If there are any changes, we will update our Privacy Policy on our website. The changes will become effective as soon as the amended version is published on our website.