Privacy Policy

This page sets out the privacy policy of A.I. Kitsios LLC (“the Firm”), a lawyers’ limited liability company (Reg. No. ΗΕ 250702) regulated by the Cyprus Bar Association.

The data we collect about you

The Firm may collect from you, depending on the case, the following personal data:

  • Identification documents (e.g. national IDs, passports, etc)
  • Contact details (name, email address, address (professional or place of living), telephone number, etc)Financial statements and payment details
  • Data vital and necessary for the provision of services or for (potentially) establishing a client relationship (including engagement letters, retainers, etc)
  • Special categories of personal data (e.g. Medical data in case of personal injury, insurance and other relevant claims)
  • Data/information required for the completion of Know-Your-Client and Anti-Money-Laundering procedures and data which we are obliged to request under any other relevant legislation
  • CV and other relevant information in case you have sent it to us for employment purposes.
  • Any other information provided by you.

Source of data collection

Your personal data is collected via any of the following ways:

  • Personal data provided by you 
  • Data provided by your agent or other authorized person
  • Third parties or publicly available sources

The purposes for which we collect your personal data

  • To perform a contract, we are about to enter into or have entered into with you
  • When it is necessary for the Firm’s legitimate interests (or those of a third party) and your interests and fundamental rights do not override our Firm’s interests
  • To comply with a legal obligation
  • When it is necessary for the establishment, exercise or defence of legal claims
  • You have given us your consent

Who we share your personal data with

We may share your personal data with the following parties:

  • Employees or other agents of the Firm
  • Professional advisers including lawyers, bankers, auditors, insurers and other professionals who provide services and with whom it is necessary to share such information to fulfill our obligations and/or perform our services to you
  • Service providers based in the European Union who provide IT, cloud and system administration services
  • Tax Authorities, regulators and other authorities who require reporting of processing activities in certain circumstances Parties to which we are obliged under legislation or other legal act to share such information
  • Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy
  • Any other natural or legal person to whom the processing of your personal data must be effected when it is necessary for the provision of our services to you 

The Firm will ensure that your data will be processed only (and to the extent required) by people who should have access to your data to provide you with the requested services.

We require all employees and third parties to respect the security of your personal data and to treat it in accordance with the relevant legislation.

We do not allow our third-party service providers to use your personal data for their own purposes and we only permit them to process your personal data for specified purposes and in accordance with our instructions.

Retention of data

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.

We may retain your personal data for a longer period and such period will depend on various circumstances, such as:

1. In case you are a client or potential client:

  • Obligation imposed by Law
  • Time limit for legal actions provided by Cyprus Law (e.g. Limitation Law (66(I)/2012))
  • The existence of facts that requires the Firm to keep the data for its, the client’s or any other person’s interests
  • There is a prospect of litigation in respect to our relationship with you
  • Any other reason that may arise and which can reasonably be justified
  • Any other reason which is justifiable under the GDPR and national legislation

2. In case you have sent your CV or other information for employment purposes, your data will be deleted as soon as a vacancy has been filled and no similar positions are still vacant, unless you have provided your consent to us retaining your CV or other information for future vacancies.

Withdrawal of consent 

In case we process your data on the legal basis of consent, your consent may be withdrawn at any time. However, the Firm may refuse to delete and/or destroy and/or stop processing your personal data for various reasons. The Firms right to do so will depend on various factors such as those mentioned in the “Retention of data” section.

Your rights

Right to access your data: You have the right to have access to your personal data held and/or processed by the Firm. Access to your data will be granted in reasonable time once you
communicate your intention to do so by either:

  • emailing the Firm at [email protected] or
  • contacting the office via telephone (+357 25361080) or by fax (+357 25375229). In such a case written proof of identity may be required by the Firm.

Right to request erasure of your personal data: You have the right to ask the Firm to delete personal data where there is no good reason for it continuing to process it. However, we may not always be able to comply with your request for specific legal reasons which will be notified to you as soon as you make your request.

Right to request correction: you have the right to ask the Firm to correct any incomplete or inaccurate data about you.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

International transfer of your personal data

We do not transfer your personal data outside the European Economic Area (EEA).

Communicating your complaints/enquiries to the Firm

If you have any questions or complaints regarding the handling of your personal by our Firm, do not hesitate to contact as via the following means:

Address: Emmanouel Roides, KIRZIS CENTER, Block D, Office D15, 3031, Limassol, Cyprus

Tel: +357 25361080

Fax: +357 25375229

Email: [email protected]

Communicating your complaints to the Commissioner

In case you would like to make any complaints to the Commissioner for any reason related to your personal data rights you may contact the Commissioner at the following address:

Address: 1, Iasonos Str, 1082, Nicosia, Cyprus

P.O. Box 23378, 1682, Nicosia, Cyprus

Tel: +357 22818456

fax: +357 22304565

Email: [email protected]