K. HADJITHOMA & CO LLC (referred to as “K. HADJITHOMA & CO”, “KHLawLab” or “we”) is a lawyers’ limited liability company, incorporated under the Cyprus Companies Law, Cap. 113, registered in Cyprus with registration number HE 386902, providing legal services on corporate and commercial law, administrative law, family & inheritance law, immigration law, immovable and intellectual property law and other areas of law.
For the purposes of this Policy:
Data Protection Laws means all applicable laws relating to the processing of personal data, including the General Data Protection Regulation (Regulation (EU) 2016/679).
Personal Data means any information that relates to an individual who can be identified from that information.
Data Subject means all living identifiable individuals whose Personal Data we process.
Data Controller means KHLawLab, which determines the purposes for which and how Personal Data is processed.
Processing means any activity or set of activities which is performed on Personal Data, whether or not by automated means. It includes obtaining, recording, or holding the data, or carrying out any operation or set of operations on the data including organizing, amending, retrieving, using, disclosing, erasing, or destroying it. Processing also includes transferring Personal Data to third parties.
Data Protection Officer means the person who is responsible for overseeing KHLawLab’s data protection strategy and its implementation to ensure compliance with GDPR requirements.
The purpose of this Policy is to help us achieve our data protection and data security aims by setting out the rules on data protection and the legal conditions that must be satisfied when we collect, receive, handle, process, transfer, and store Personal Data. KHLawLab must comply with this Policy and with the following data protection principles (as these are set out in Article 5 of the GDPR) which require that Personal Data is:
Processed lawfully, fairly and in a transparent manner in relation to individuals. We must always have a lawful basis to process Personal Data, as set out in the Data Protection Laws. Personal Data may be processed as necessary to perform a contract with the Data Subject, to comply with a legal obligation which the Data Controller is the subject of, or for the legitimate interest of the Data Controller or the party to whom the data is disclosed. The Data Subject must be told who controls the information (us), the purpose(s) for which we are processing the information and to whom it may be disclosed (“lawfulness, fairness and transparency”).
Collected only for specified, explicit and legitimate purposes. Personal Data must not be collected for one purpose and then used for another. If we want to change the way we use personal data we must first tell the Data Subject. Further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered incompatible with the initial purposes (“purpose limitation”).
Processed only where it is adequate, relevant, and limited to what is necessary for the purposes of processing. We will only collect personal data to the extent required for the specific purpose notified to the Data Subject (“data minimization”).
Accurate and kept up to date. Checks to Personal Data will be made when collected and regular checks must be made afterwards. We will make reasonable efforts to rectify or erase inaccurate information (“accuracy”).
Kept only for the period necessary for processing. Information will not be kept longer than it is needed, and we will take all reasonable steps to delete information when we no longer need it (“storage limitation”).
Secure and processed in a manner that ensures appropriate security of the Personal Data. This includes protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures (“integrity and confidentiality”).
KHLawLab may process Personal Data belonging to anyone who has expressed an interest in or contacted us. These may include (but are not restricted to) the following interested parties (often referred to as ‘you’) – employees, associates, contractors, consultants, agents, clients, suppliers, directors, beneficiary owners and recruitment candidates.
What information is covered by this Policy
The Personal Data which KHLawLab process depends upon the nature of the relationship with the interested party concerned, but is likely to include (but is not restricted to), the following:
Identity Data, meaning personal and contact details (i.e. title, name, job, address, telephone, electronic contact details, date of birth, gender, passport or ID number, nationality, citizenship, photographic identification, marital status, CV with employment, experience, education and qualifications records, criminal records and medical data);
Financial Data, meaning data necessary for processing payments (i.e., credit/debit card numbers, bank account, security code numbers, tax and insurance details and other related billing information); and
Information collected from publicly available resources, integrity databases and credit agencies where this is relevant to the services offered to you.
This Policy applies to all Personal Data created or received in the course of KHLawLab business in all formats; it may be held or transmitted in paper, stored electronically or physically in a filing system and/or communicated verbally in conversation or over the telephone.
Why is Personal Data processed and how we use your Personal Data
It is important to note the reasons for processing your Personal Data and how we use such information. The overarching purpose for processing Personal Data is to facilitate, manage and, whenever possible, enhance the services provided by KHLawLab to our interested parties. In general, we will use information to carry out our business, to administer your employment or engagement and to deal with any problems or concerns you may have. More specifically the reasons vary, again dependent upon the nature of your relationship with us, but include (not restricted to) the following:
-To register you as a new client;
-To provide legal advice or deliver other services you may have requested;
-To manage and administrate your or your organization’s business relationship with us;
-To enable us to fulfil contractual requirements;
-To meet requirements of public interest and management standards;
-To comply with legal and regulatory obligations;
-To comply with court orders and exercise our legal rights
-To enable us to give you the best service and the best and most secure experience, where it is necessary for our legitimate interests (or those of a third party);
-To ensure that recruitment process is efficient and provides appropriately qualified staff in terms of aptitude and attitude; and
-To facilitate swift responses to the above.
Legal basis for processing Personal Data
c. Legal Obligation
d. To protect vital interests
e. To meet public interests
f. Legitimate interests
How we source Personal Data
There are three main ways in which KHLawLab sources Personal Data, in a number of circumstances, and all are legal, transparent and fair:
Information You Give Us. When you seek legal advice or any other legal and/or corporate and administrative services from us, or when you offer to provide services to us and/or our clients, you may give us information by completing relevant forms or through our due diligence procedure.
Information We Collect. When you or your organisation make an enquiry or otherwise interact on our website, KHLawLab collects information about you from our website, email and telephone contacts plus our due diligence procedures.
Third Parties. We may collect information from third parties – in particular, we may use third party organisations, with whom you have dealings, to conduct background checks and verifications. Additionally, we may use the web and social media sources, all of which are publicly available and strictly open source.
Personal Data storage
The vast majority of Personal Data that is processed by KHLawLab is stored electronically and access is carefully managed and restricted appropriately. Any hard copies of processed Personal Data are held in secure cabinets with restricted access. It must be noted that information received over the internet or from personal emails may not always be secure; KHLawLab is not liable for corrupted information received from such sources.
Personal Data retention
We will only retain your Personal Data for the minimum time necessary to fulfil our purposes, which will vary but can be defined as follows:
For as long as we have reasonable business needs, such as managing our relationship with you and managing our operations;
For as long as we provide goods and/or services to you and then for as long as someone could bring a claim against us; and
Retention periods in line with legal and regulatory requirements and guidance.
Personal Data sharing
In certain circumstances, we shall share your personal information with:
-Our lawyers, partners, associates, legal specialists or consultants duly engaged with your instructions in your matter;
-Selected third parties for the purpose of providing our services, such as:
-Foreign law firms for the purpose of obtaining foreign legal advice upon your instructions;
-Clients or potential clients, in the course of providing legal services to any such client;
-Courts, law enforcement authorities, regulators or other lawyers where it is reasonably necessary;
-Companies providing services for money laundering checks, such us financial institutions, credit reference agencies and regulatory bodies;
-Any other third parties where necessary to enable us to enforce our legal rights, or to protect the rights, property, or safety of our employees or where such disclosure may be permitted or required by law.
At this point it is important to highlight that, if we transfer Personal Data to another country outside the European Union, appropriate agreements and auditable security controls will be put in place to maintain privacy rights.
Accuracy and relevance of Personal Data
We will ensure that any Personal Data processed is up to date, accurate, adequate, relevant, and not excessive, given the purpose for which it was collected. We will not process Personal Data obtained for one purpose for any other purpose unless you agree to this or reasonably expect this.
If any of the Personal Data that you have provided to us changes, or if you whish to cancel any request you have made of us, or if you consider that any information held about you is inaccurate or out of date, please let us know. If we agree that the information is inaccurate or out of date, then we will correct it promptly. If we do not agree with the correction, then we will note your comments and discuss accordingly.
We will not be responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete Personal Data that you provide to us.
Personal Data security
We will use appropriate technical and organization measures to:
-Keep Personal Data confidential and secure, and in particular protect them against unauthorized or unlawful processing and against accidental loss, destruction or damage.
-Maintain data security by making sure that:
– Only people who are authorized to use the information can access it;
– Where possible, personal data is pseudonymized or encrypted;
– Information is accurate and suitable for the purpose for which it is processed;
– Authorized persons can access information if they need it for authorized purposes; and
– Copies of personal information, whether on paper or on any physical storage device, must be physically destroyed when they are no longer needed.
-Use procedures and technology to secure personal information throughout the period that we hold or control it, from obtaining to destroying the information.
-Not transfer personal information to any person to process (e.g. while performing services for us on or our behalf), unless that person has either agreed to comply with our data security procedures or we are satisfied that other adequate measures exist.
-Set and monitor compliance with security standards for the management of personal data.
DATA SUBJECT RIGHTS
We will process all Personal Data in line with Data Subjects’ rights, as these are defined in the GDPR:
The right to be informed. We need to tell you what data is being collected, how it is being used, how long it will be kept and whether it will be shared with any third parties.
The right of access. You can submit subject access requests, which oblige us to provide a copy of any Personal Data we hold concerning you.
The right to rectification. If you discover that the information we hold on you is inaccurate or incomplete, you can request that it shall be updated.
The right to erasure. You can request us to erase your Personal Data in certain circumstances, such as when the data is no longer necessary, the data was unlawfully processed, or it no longer meets the lawful ground for which it was collected.
The right to restrict processing. You can request us to limit the way we use Personal Data. It is an alternative to requesting the erasure of data and might be used when an individual contests the accuracy of its Personal Data.
The right to data portability. You are permitted to obtain and reuse your Personal Data for you own purposes across different services.
The right to object. You can object to the processing of Personal Data that is collected on the grounds of legitimate interests or the performance of a task in the interest/exercise of official authority. We must stop processing information unless we can demonstrate compelling legitimate grounds for the processing that overrides the interests, rights and freedoms of the individual or if the processing is for the establishment or exercise of defence of legal claims.
The right to withdraw consent. You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Rights related to automated decision-making including profiling. The GDPR includes provisions for decisions made with no human involvement, such as profiling, which uses Personal Data to make calculated assumptions about individuals. There are strict rules about this kind of processing, and individuals are permitted to challenge and request a review of the processing if they believe the rules aren’t being followed.
Please note that there may be occasions where you object to, or ask us to restrict, or stop, processing of your personal information, or erase it, but we shall be unable to comply with such requests for legal reasons. However, we will consider any requests or complaints which we receive and provide you with a response in a timely manner. If you are not satisfied with our response, you may take your complaint to the Republic of Cyprus’ supervisory authority, the Data Protection Commissioner Office.
KHLawLab, as the Data Controller, is responsible for establishing policies and procedures to comply with data protection law and for implementing the Policy within its business areas.
The Data Protection Officer of KHLawLab, under Article 39 of GDPR, is responsible, inter alia, for:
– Training KHLawLab’s employees on GDPR compliance requirements;
– Conducting regular assessments and monitoring to ensure GDPR compliance;
– Serving as the point of contact between KHLawLab and the relevant supervisory authority;
– Maintaining records of all data processing activities conducted by KHLawLab;
– Reporting on compliance to the Managing Director of KHLawLab;
– Responding to Data Subjects to inform them about how their Personal Data is being used and what measures KHLawLab has put in place to protect their data;
– Ensuring that Data Subjects’ requests relating to their Personal Data are fulfilled or responded to, as necessary.
Everyone who works for or with KHLawLab has responsibility for ensuring data is collected, stored and handled appropriately and must ensure that it is handled and processed in line with this Policy and data protection principles. Specifically, they must ensure that:
– All Personal Data is kept securely;
– No Personal Data is disclosed either verbally or in writing, accidentally or otherwise, to any unauthorized third party;
– Personal Data is kept in accordance with this Policy’s requirements;
– Any queries regarding data protection and any data protection breaches are swiftly brought to the attention of the Data Protection Officer;
– Assisting the Data Protection Officer in maintaining accurate and up to date records of data processing activities.
KHLawLab reserves the right to amend this Policy from time to time. You are advised to visit this website section periodically to keep up to date with any amendments.
HOW TO CONTACT US
In compliance with the Data Protection Laws, KHLawLab has appointed a Data Protection Officer. In case you have any questions with regards to this Policy or any question or complaint with regards to how your personal data is handled, you can contact our Data Protection Officer as follows:
Email: [email protected]
Tel.: +357 22 272828
Fax: +357 22 272800
Address: Ippokratous 19, Office 101, Lakatamia, 2325, Nicosia, Cyprus