PRIVACY POLICY

Purpose

At C.D Messios LLC (our “Firm’) your privacy is very important to us. This Policy describes the ways in which we process and handle the data we collect form you directly or which we might have obtained from third parties.

This policy also sets out your rights under the new General Regulation on Personal Data (EU) 679/2016 (the “GDPR”).

Its aim is to explain how and why we process your personal data and how you have the right to know what information we have on you and how you can request that we provide you with access to it, update, transfer or delete it. 

Our Firm

We are Cypriot Counsel based in Nicosia, Cyprus. We are regulated by the Cyprus Bar Association and are registered with the Solicitors Regulatory Authority in England & Wales.

Contact Information

If you have any queries about our Privacy Policy or your rights as set out by this Privacy Policy, please contact us at:

What information we collect 

Our Firm may collect information from you when you engage our services, when you contact us, in the course of our business and when you request information from us.

Reasons why we collect personal information from you:

  •  To be able to provide our services, enforce agreements, carry out requests

  • To verify your identity

  •  To comply with applicable laws and regulations, court proceedings and orders

  • To improve the services we provide to you and provide you with information regarding changes to our pricing and service outline  

  •  To protect the rights, property and safety of our Firm as well as our employees, associates and clients

  • For recruitment purposes.

We collect the following personal information form you in the following cases:

You have engaged our services as a client or are a prospective client

  • Name, Telephone Number, Address 

  • Other contact information

  • Company information and email address if applicable

  •  Payment information

  •  Information necessary for the provision of service

  •  Information required by legislation i.e. including but limited to Anti-Money Laundering, Know Your Client regulations etc.

To be able to market our services and products which might be of interest to you

  •  Contact details

  •  Company and business information

  • Additional information that you provide to us such as topics of interest and events that you might attend

For recruitment purposes 

  • Contact details

  • Curriculum Vitae 

  • Any information that you choose to include in your application

 This information is collected for the performance of contractual, regulatory, business and legal requirements and the process may have to be repeated and updated during the course of our business relationship.

How we use your data

Your personal data may be used for the following purposes:

Provision of services to you

We collect and maintain your personal data in order to be able to fulfil our contractual obligations. It is our Firm’s and any authorized third party that we use legitimate interest to use the necessary data in order to provide you with the highest level of service at optimum cost.

Compliance and Regulatory

We collect and maintain your personal data to comply with regulatory and legal obligations which include but are not limited to Anti-Money Laundering, Know Your Client, Tax, Insurance purposes etc. It is our Firm’s and any authorized third party that we use legitimate interest to comply with all legal and regulatory requirements.

Firm Administration

It is our Firm’s legitimate interest to collect and maintain your personal data to be able to protect and enforce our rights, as well as the rights of third parties.

Third party contractors

Sometimes we are required to appoint third party contractors to provide you with the services you require. All our contractors are subject to all necessary due diligence checks to ensure that your data is handled in accordance with all legal and regulatory procedures and obligations.

We only instruct and liaise with the abovementioned contractors in order to fulfil our contractual obligations with you and it is our legitimate business interest to ensure that we provide you with the highest level of service.  

Recruitment

We collect a candidate’s personal data in order to assess their suitability for any potential vacancy at our Firm. We do so as part of prospective contractual obligations and because it is our Firm’s legitimate business interest to employ the most suitable persons at different positions in the Firm.

Personal data collected for recruitment purposes will not be used for any other purpose or relayed to any third party without your consent.   

Marketing

It is our Firm’s legitimate interest to use your personal data to communicate with regarding new and updated services.

Marketing material will only be sent if you have consented to receive it or we have a legal right to communicate it to you.

You can opt out from receiving marketing material at any point by contacting dpo@messios.com

Who do we share your personal data with

In order for our Firm to be able to perform its contractual, regulatory, business and legal obligations, we may share your data with the following parties:

  • Government departments and regulatory authorities

  • Auditors and professional advisers 

  • Professional indemnity insurers and advisers

  • The courts, police and law enforcement agencies

  • Tax authorities and corporate registries

  • Third parties and associates we employ for the provision of services which include but are not limited to document processing and translation services, IT providers, courier and postal service providers, counsel, arbitrators, mediators, experts, accountants and auditors etc.

The above is a non-exhaustive list which may vary depending on the type of service to be provided.

Transfer of data

In order to fulfil our contractual, legal and regulatory obligations our Firm may need to transfer your data to other jurisdictions both within the European Union and to countries outside.

Our Firm and the third parties it works with operate under EU standard contractual clauses in relation to handling of personal information.

Confidentiality

Our Firm and all those who process your data on our behalf are committed to keeping your personal information as secure as possible.

In order to be able best protect your data, appropriate safeguards, rules and technical measures have been put in effect to prevent potential misappropriation or any unlawful action. 

 Retention

Our Firm will retain your data only for as long as it is needed for the purposes described above. 

In general, our firm will hold your data for a period of 6 years from the date of last interaction.

Retention periods will vary and will be disclosed to clients and prospective clients in the signed engagement letters. 

Furthermore, your data may be held for longer in order for our firm to be compliant with regulatory and indemnity obligations.

Your rights

You have the following rights in relation to your personal data

  • Right of access to your information 

  • Right to rectification

  • Right to erasure

  • Right to restrict processing

  • Right to data portability

  • Right to object to the use of your personal data 

  • Right to complain to the relevant Data Protection Authority

  • Right to withdraw your consent

The above requests are subject to the other legal and regulatory requirements imposed on our Firm.

If you have any questions or which to exercise any of the above rights please contact our Firm at dpo@messios.com .

Data Privacy requests and complaints procedure

You may submit your request or complaint via email to dpo@messios.com . Please indicate the nature of your privacy issue by marking the email subject line with “Privacy Request” or “Privacy Complaint”.

 The email should include:

  • Your Full name and address

  • Full details of your privacy request or complaint

  • Evidence of previous communications with our firm regarding the specific data privacy issue

  •  Evidence of potential losses incurred as a result of the alleged data privacy issue 

We will acknowledge receipt within 72 hours (3 working days).

We will assess your request or complaint fully and endeavor to provide you with an answer within 3 weeks. If our assessment cannot be completed within 3 weeks, we will contact you to inform you when you can expect an answer.

If you are not satisfied with our response you can contact the Data Protection Commissioner’s Office in the Republic of Cyprus at:

1 Iasonos str., 1082 Nicosia
or Postal address:
P.O.Box 23378, 1682 Nicosia
Tel: +357 22818456
Fax: +357 22304565
Email: commissionerdataprotection.gov.cy

You can also contact the data protection authority in your jurisdiction.

 Changes to this Privacy Policy 

Our Firm reserves the right to make changes to this Privacy Policy form time to time in order to reflect legislative and regulatory changes. 

C. D. Messios LLC