Privacy Policy

Effective date: 21/9/2021

1. Policy Statement

DIONYSIOU LEGAL (hereinafter referred to as “our” or “we “or “us”) prioritises the protection of your privacy and handling of your personal data in ways that are clear and unambiguous. Our business involves the collection and handling of our clients’ personal information. This information must be appropriately and lawfully handled in line with the requirements of the General Data Protection Regulation (“GDPR”) and any national laws supporting or ensuring the proper implementation of the GDPR (all of which are referred to as “the Data Protection Requirements”).

We understand the levels of trust our clients have in us. This is why we prioritise data protection to preserve our clients’ trust that we use their personal information suitably and lawfully.

2. More Information on This Policy

This Policy is the basis that guides the process of collecting and processing our clients’ personal information. It does not constitute, either in total or part, any contract and it is subject to regular amendments.

It is our responsibility to comply with this Policy and the Data Protection Requirements. If you have any inquiries about how this Policy works or concerns that the Policy has not been enforced, kindly direct such to our Data Protection Officer at info@dionysiou.legal.

Here are the definitions of a few key terms as used in this Privacy Policy:

Personal Data – The data relating to a living person whether stored electronically or paper-based. It can be used separately or alongside other information, we have collected, to identify an individual indirectly or directly.

Processing – All activities where personal data is used namely; collecting, storing, holding, organising, amending, retrieving, using, disclosing, destroying, or erasing the data. It also includes the transfer of personal data to third parties.

Sensitive Personal Data – Personal data showing key aspects of an individual’s life, including their sexual life, sexual orientation, mental and/or physical health condition, biometric, genetic, trade union membership, philosophical or religious beliefs, political opinions, or ethnic or racial origin. Sensitive personal data may also include details of convictions or criminal offenses. The processing of sensitive personal data is regulated by strict conditions, starting with securing the individual’s consent.

3. Data Protection Principles

We ensure strict compliance with the principles of handling and processing personal data as stipulated by the GDPR, which states that:

a) Personal data must be transparently, lawfully, and fairly processed.

b) Personal data must be collected for clear, specified, and lawful reasons only and any further processing must be compatible with the purpose for which the personal data are initially collected.

c) Personal data must be relevant, adequate, and limited to what is necessary for the reasons intended.

d) Personal data must be accurate and updated (where required).

e) Personal data must be stored in a form that allows an individual’s identification for as long as it is necessary for the purposes it was initially collected.

f) Personal data must be processed according to the person’s right and in a way that guarantees the adequate security of the personal data. This includes protection against damage, destruction, accidental loss, and illegal or unauthorised processing. This can be achieved by adopting the right technical and organisational standards.

4. The Personal Data We Collect

We will only collect your personal data when you and other people provide that data to us, when we can publicly access that data, or when we can discover or retrieve that data from your interactions with us.

Below are the personal data we collect based on the type of service we offer you:

a) Name, fax number, email address, telephone number, address;

b) Identification number and other identification details;

c) Details of your queries or complaints (if any), and which prompted you to contact us;

d) Information on any business activities you’re engaged in.

5. Why We Need Your Personal Data

5.1 Personal Data

We do not process personal data except when the law permits us to. When we process personal data, it is usually in the circumstances listed below:

5.1.1 Where we are required to fulfil the contract, we have entered with you or to make certain efforts before entering into a contract with you.

We process personal data to provide you with our services and to:

a) Ensure the provision, administration, and servicing of our business or contractual obligations to you;

b) Reach out to you to service your contract or business relationship with us;

c) Reach out to you to resolve any inquiries or complaints you may have;

d) Inform you of changes (if any) to our services and products; and

e) Reclaim all the payments we are entitled to in respect of the services/products we have offered you.

The exact reason we process personal data is determined by the requirements for each service. You can always find additional information about this in our engagement letter with you.

When we request your data, we expect you to provide them. Otherwise, we may not be able to provide you with our services.

5.1.2 Where we are required to meet a legal obligation

We may need to abide by specific regulatory and legal obligations or statutory requirements, which may entail the processing of your personal data. In that case, we may be obligated to perform personal data processing and similar activities to achieve identity verification.

5.1.3 Where we have appropriate lawful interests to use your personal data

Personal data processing may be necessary to pursue our lawful interests or interests of our third parties. However, we will only proceed with this if your interests and fundamental rights are not nullified by our interests. In that case, we may process your data to ensure:

a) Adequate defense, investigation, and prosecution of legal claims;

b) Adequate compliance with our internal procedures and policies;

c) Proper maintenance of our records and accounts;

d) Prompt personalisation, modification, or improvement of our communications and services; and

e) To get relevant professional advice.

5.1.4 Where we have your consent to do so

In cases where we want to offer you marketing information about our services or products to educate or benefit you, we may ask for your consent to process your data.

You are allowed to withdraw your consent to the processing whenever you want to. However, this will not affect any processing that was done before the withdrawal.

5.2 Sensitive data

The following are the only situations that will warrant the use of your sensitive data:

a) where we have your explicit consent to use that personal data; or

b) where processing your sensitive data is required for establishing, exercising, or defending legal claims that involve the service(s) we offer;

c) where such sensitive data is required for reasons of considerable public interest in line with the law.

6. Who We Share Your Personal Data With

In the process of fulfilling our statutory and contractual obligations, we may share your data with other service providers, suppliers, and partners. We require these third parties to enter into contractual arrangements with us which compels them to ensure strict compliance with data protection and confidentiality obligations, as stipulated in the Data Protection Requirements.

We may share your data when we are legally obliged to, when our statutory or contractual obligations require such, or for the same or similar reasons as what we have discussed above.

In line with the circumstances mentioned above, the recipients we share your personal data with may include:

a) members of our organisation;

b) service providers working with us on technological support, solutions, and expertise to ensure the effective delivery of our services to you;

c) accountants and auditors;

d) cloud storage organisations, file storage organisations, and companies offering archiving and/or records management services;

e) regulatory and governmental agencies, such as law enforcement authorities with respect to investigations, inquiries, or proceedings that help us to comply with their regulatory and legal obligations.

We may have to share your personal data with recipients in third countries – countries outside the European Economic Area. However, such recipients must have complied with the necessary Data Protection Requirements, in addition to instituting relevant safeguards for the transfer and use of your personal data.

7. How Long We Hold Your Personal Data For

Your personal data will be held by us for as long as our business relationship still exists. If and when that ends, we may hold your data for as long as:

a) the retention period stated in our retention policy, according to the regulatory requirements on retention;

b) the end of the period where there might be legal investigations or actions arising from the services we have offered.

We may also hold your data for longer, provided we are unable to delete it for technical, regulatory, or legal reasons. In that case, we will ensure your privacy and the appropriate use of your data.

8. Your Data Protection Rights

The GDPR affords you a few rights on your data. This means you can:

a) Demand access to your personal data with us. When you do, we will provide a copy of your personal data in our possession, where you can ascertain if we are processing it legally.

b) Demand correction to your personal data with us. This way, you can amend inaccurate or incomplete information (if any) about you in our possession.

c) Demand the deletion of your personal data with us. You can ask us to remove or discard your personal data if we have no valid reason to maintain the processing. You may also demand the removal of your data in cases where you have exercised your right to object to the processing of your data.

d) Object to the processing of your personal data where we are holding on to a legitimate interest or a third-party interest, and there is a peculiarity about your case that prompts you to seek an objection to the processing on the basis of that peculiarity.

e) Demand the restriction of processing of your personal data with us. You can request us to stop processing your personal data to allow you to check if it is accurate or if we are processing it for the right reason.

f) Demand the transfer of that personal data to some other party.

In cases where you may have consented to the processing of your personal data, you have the right to withdraw the same whenever, but without such affecting the lawfulness of the processing done before the withdrawal of your consent.

Whenever you want to withdraw your consent, kindly reach out to info@dionysiou.legal.

After receiving the notification of your withdrawal of consent, we will stop processing your data for the reasons you initially consented to, except we have other legitimate grounds to continue the processing.

You can lodge a complaint to the Office of the Commissioner for Personal Data Protection in the event that you have reservations about how we have handled your previous requests concerning your personal data (if any).

9. Cookies

Certain text files are placed on your computer or mobile device to track and document some anonymous information like Internet log information and user behaviour information. These files are called cookies.

Cookies and related technology may be used to automatically retrieve information from you when you visit our website.

10. How We Use Cookies

Cookies are essentially helpful in understanding how you use our website so that we can offer you a better experience.

11. Types of Cookies We Use

While there are various kinds of cookies out there, we only use the following on our website;

11.1 Advertising – Advertising cookies help us and third-party services to gather aggregated information for statistical purposes about your visit to our website, the content you access, and the links you clicked. Limited parts of this data and other online data gathered via cookies may be shared with third parties and advertising partners for advertising reasons. So, when you visit another website, you may get adverts that follow your browsing patterns during your time on our website.

11.2 Functionality – Functionality cookies help us identify you and your previous preferences when you visit our website. We use a mix of third-party and first-party cookies to achieve this.

12. How you can manage cookies

Cookies are not obligatory. You can set your browser not to accept cookies. Note that disabling or removing cookies may make some features on our website inaccessible.

13. Data Security

We are committed to preventing all forms of unauthorised or unlawful processing of your personal data. We will put adequate security measures in place against these, as well as against the accidental or illegal alteration, loss, damage, destruction, unauthorised disclosure, or access to your personal data stored, transmitted, or processed in any way.

We use adequate technologies and procedures to ensure the security of all personal data, from the point of determination of the processing means and point of data collection to the point of destruction.

We will only transfer your data-to-data processors that agree to comply with the outlined policies and procedures or who have adequate security measures in place.

We are responsible for maintaining data security. We do this by protecting the integrity, availability, and confidentiality of personal data, according to the following definitions:

a) Confidentiality – only authorised people can access the data.

b) Integrity – ensuring the accuracy of personal data such that they are fit for the reasons they are processed.

c) Availability – only authorised individuals can access the data, only when needed, and only for authorised reasons.

The following are the adopted security measures:

a) Entry controls.

b) Clean desk policy and the use of secure lockable cupboards and desks to keep all kinds of confidential information.

c) Adequate encryption and pseudonymisation of personal data and confidential information.

d) Adequate disposal methods – shredding for paper documents and physical destruction of digital storage devices when they are no longer in use.

e) Equipment –Our staff makes sure that their monitors do not expose confidential information to strangers or passers-by, and that they only log on to their PCs when they are there in person.

14. Modifications to this Policy

We reserve the sole right to make changes to this Privacy Policy from time to time.

We will also notify you of such changes, and update the effective date (as seen at the top of this page). However, we advise that you regularly review this Privacy Policy to get updated information about the processing and protection of your personal data.

15. Data Protection Officer

If you have any questions or inquiries about any part of this Privacy Policy, the data we obtain from you, or you want to exercise any of your data protection rights (as outlined in Paragraph 8 of this Privacy Policy), please contact us through any of the channels below:

a) Email: info@dionysiou.legal

b) Phone: +357 22 25 21 09

c) Postal Address: Athalassas Ave. 38, 1^st floor, P.C. 2019, Nicosia, Cyprus