This Policy is a privacy statement and aims to inform you about the way in which we collect and process your personal data, the purpose of the processing as well as your legal rights as data subjects, in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and the relevant legislation.
According to the above Regulation ‘personal data’ is any information related to a person that can be identified, for example: full name and ID number.
2. WHO ARE WE?
VONIATIS & CO LLC is a law firm with company registration number HE424991 (the “Law Company”).
CV INSURANCE SEMINARS & CONSULTANCY is a trade name registered with the Registrar of Companies under the name of Christos Voniatis with registration number HE49402a (the “Consultancy”).
The address of both offices is at 12, Dramas Street, Office 2, 7103 Aradippou.
3. HOW WE COLLECT YOUR PESONAL DATA
We collect and process various types of personal data that we receive from you on the basis of contract necessity, or through our clients on the basis of legitimate interest.
If you are an employee or have applied for employment, we collect your personal data during the recruitment process and/or throughout your employment.
We may also collect personal data from other publicly available sources (e.g. the Internet) which we lawfully obtain and are allowed to use.
4. WHAT PERSONAL DATA WE COLLECT
If you are a client or a potential client or party to legal proceedings with the Law Company, the personal data we collect may include: name, home address, contact details, date of birth, ID number, occupation, marital status, number of dependents, assets, photos and medical history.
If you are a client or if you have participated in a seminar of the Consultancy, the personal data we collect are: name and contact details.
If you are a prospective employee, the personal data we collect may include: full name, contact details, academic qualifications, professional experience and other information that you voluntarily provide to us through your CV.
If you are an employee or former employee, in addition to the above-mentioned, we may collect: home address, date of birth, marital status, ID number, social security number, earnings and contributions, leave status and bank account number.
5. WHY WE NEED YOUR PERSONAL DATA AND ON WHAT LEGAL BASIS
As mentioned above, we are committed to protecting your privacy and to handling your data transparently and in accordance with the GDPR and the relevant legislation for one or more of the following reasons:
A. Contract necessity
We process personal data to provide you with the services you have requested.
B. Legal obligation
There are cases where we process personal data to fulfill our obligations under the Law e.g. the Prevention and Suppression of Money Laundering and Terrorist Financing Law.
C. Legitimate interest
We process personal data in order to safeguard the legitimate interests pursued either by us or by our clients or other third party. Legitimate interest arises when we have a business or commercial justifiable reason to use your personal data, as long as this is necessary and is not done unfairly against your interests, rights and freedoms.
6. WHO WE SHARE YOUR PERSONAL DATA WITH
We do not share your personal data to third parties except in the below cases:
A. Courts, governmental and/or public authorities
After a court decision or due to compliance with the law.
B. External partners
In case of payments we may transfer personal data to banks and/or our accountant. In the event of a claim covered by insurance, we may transfer personal data to our insurer.
It is emphasized that both: our employees and our partners are contractually bound by a confidentiality clause.
7. FOR HOW LONG WE RESERVE YOUR PERSONAL DATA
Your personal data will be stored throughout the duration of our contractual relationship. Upon termination of this relationship, we erase all relevant information after the lapse of 6 years, unless there is a justifiable reason not to do so.
In relation to applications for employment, we erase all relevant information 6 months after submitting an employment application.
As far as employees are concerned, we erase all relevant information 2 years after termination of employment.
8. YOUR DATA PROTECTION RIGHTS
- Right to be informed. You have the right to be informed about the collection and use of your personal data.
- Right of access. You may ask for a free copy of your personal data that is being used.
- Right of rectification. You may ask to rectify inaccurate or incomplete personal data we hold in relation to you.
- Right to erasure (right to be forgotten). You may ask us to delete your personal data where there is no justifiable reason for us to continue the processing.
- Right to restrict processing. You can limit the purposes for which the processing is carried out.
- Right to object to processing. You have the right to object to processing when we rely on a legitimate interest. In such a case we shall no longer continue to process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your rights and freedoms.
- Right to data portability. You can also ask us to transfer your personal data directly to another business.
- Right to withdraw consent. You may withdraw the consent you have given us at any time.
- Right to report a complaint. If you have concerns about the way we use your personal data, you may contact our Data Protection Officer (DPO). You also have the right to lodge a complaint with the Commissioner of Personal Data Protection via the website http://www.dataprotection.gov.cy.
9. CONTACT DETAILS
If you wish to exercise any of the above rights, ask any question and/or receive additional clarifications concerning the way we use your personal data, you may contact our DPO via email at firstname.lastname@example.org or at the postal address: P.O. Box 45162, 7112 Aradippou.