CLIENT PRIVACY NOTICE

1. WHAT DOES THIS NOTICE COVER?

This notice will tell you, our client, or prospective client, how we use, hold and protect personal information we collect about you in the course of providing services to you and what rights you have in respect of your personal information. It is important that you read this notice together with any other notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This notice supplements any other notices and is not intended to override them.

Controller

In this notice, “GZG”, “we”, “us”, “our” refer to George Z. Georgiou & Associates LLC. GZG is a controller in respect of your personal information. That means that we determine the purposes and means for the processing of your information. For more information about us and how to contact us, please see section 10 of this notice.

Changes to this notice

We may modify or amend this notice from time to time and we will notify you appropriately about this, but we also encourage you to review this notice periodically to always be informed about how we are processing and protecting your personal information.

This notice was last updated in November 2023.

Keeping your information accurate and current

It is important that the personal data we hold about you is accurate and current. Please inform us if your personal data changes during your relationship with us.

2. HOW WE COLLECT INFORMATION ABOUT YOU

We collect your personal information from various sources, including:

Directly from you, when you provide us with your personal details in order for us to open a client file and provide you with our services, when you request to receive marketing, or when you communicate with us;
From publicly accessible sources, e.g. the Registrar of Companies
From third parties, such as claimants/ defendants, witnesses, other lawyers, consultants, business partners, experts, sanction screening providers, regulators and public authorities, persons who are involved in transactions we are working on.
Information that we generate about you in the course of providing our services, including by using our case management and document management systems.
Using automated technologies. When you use or access our website, we may collect technical data about your equipment, browsing actions and patterns and information about the way you use our services. We collect this data by using cookies; For those cookies that are not strictly necessary for the provision of our services, we will seek your consent at the time of your initial visit to our website. For more information about our use of cookies, please read the information contained in the Cookie Banner of our website.

3. HOW WE WILL USE INFORMATION ABOUT YOU

We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:

Performance of a contract: where we need to collect, and use your personal information to enter into a contract with you or to perform a contract that you have with us.
Legitimate interests: Where it is necessary for our legitimate interests and we consider such use of your information as not detrimental to you.
Compliance with a legal obligation: We may be required to process your information due to legal requirements, including anti-money laundering regulations and professional regulations.
Consent: You may be asked to provide your consent, for example in respect of any processing of your personal information for our marketing purposes. You can withdraw your consent to such use, at any time by contacting us.

4. WHAT TYPE OF INFORMATION WE COLLECT, FOR WHAT PURPOSE AND WHAT IS OUR LEGAL BASIS?

The personal data that we collect, and how we collect it, depends on how you interact with us. We may collect, store, and use the following categories of personal information about you for the purposes explained below:

Identity information and KYC - your full name, proof of identity, including passport copies and proof of address, date and place of birth, your age, occupation and country of residence. Criminal convictions and sanctions for KYC purposes.
Contact details – your name, address, email address, phone number
Professional qualifications - level of education, profession, employer, position.
Financial information –source of wealth, bank account details, properties, income, loans.
Communication data – we collect the contents of your communications, and personal information you or third parties have provided us with.
Information about your legal matter – Information about the matter for which you are seeking our advice or representation. The following list of potential matters for instruction of George Z. Georgiou & Associates LLC and the resultant processing of personal information is non-exhaustive. The information we process may include:
- Information about criminal convictions and offences.
- Details of your spouse/partner and dependants or other family members, if you instruct us on a family law matter or a will.
- We may seek particularly sensitive personal data such as information about race or ethnicity, gender and sexual orientation, religious beliefs, health, medical conditions and sickness records in the course of our business relationship for different areas of law including but not limited to family law, employment law, when defending you from criminal prosecution or on litigation/regulatory investigations.
- Information about your employment status and records, details including salary and benefits, records relating to sickness and attendance, performance, disciplinary, conduct and grievances, if you instruct us on matter related to your employment or in which your employment status or income is relevant or in which your employment records are relevant.
- We may seek details of your pension arrangements, if you instruct us on a pension matter or in relation to financial arrangements following breakdown of a relationship.
Technical information – we collect certain technical information when you use our services, such as your IP address, MAC address, device approximate location. We use CCTV in our premises.

Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. We have legitimate interests in:

providing legal services and ensuring that you are provided with the best client services we can offer;
managing our business relationship with you;
understanding and responding to client feedback;
identifying what our clients want and developing our relationship with you;
ensuring our systems and premises are secure;
developing relationships with business partners;
ensuring debts are paid;
ensuring we understand any conflict of interest which may arise for us in a matter;
ensuring we do not deal with proceeds of criminal activities or assist in any other unlawful or fraudulent activities such as terrorism;
ensuring we can manage payments, fees and any charges and to collect and recover money owed to us;
ensuring we can notify you about changes to our terms of business or this notice;
ensuring our client records are up-to-date, promoting our client services, receiving feedback, improving our services and identifying ways to grow our business.

We may also use your personal information in the following situations, which are likely to be rare:

Where we need to protect your vital interests (or someone else’s interests).
Where it is needed in the public interest or for official purposes.

If you fail to provide personal information

If you fail to provide certain information when requested or if it is not satisfactory, we may not be able to provide our services, or we may be prevented from complying with our legal obligations or we may be not able to act, or to continue to act, for you.

Change of purpose

If we need to use your personal information for a purpose unrelated to the one for which we originally collected the information, we will notify you and we will explain the legal basis which allows us to do so, however, there may be instances we may process your personal information without your knowledge or consent where this is required or permitted by law.

5. HOW WE USE PARTICULARLY SENSITIVE PERSONAL INFORMATION

“Special categories” of personal information require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information. We have in place an appropriate policy document and safeguards which we are required by law to maintain when processing such data. We may process special categories of personal information for the purposes identified in section 4 above and in the following circumstances:

In limited circumstances, with your explicit written consent.
Where we need to carry out our legal obligations or exercise rights in connection with provision of services.

We may also process this type of information where it is needed for the establishment, exercise or defence of legal claims or where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public.

Where necessary, we will process information about criminal convictions as part of the provision of services.

Marketing and opting out

We will occasionally send you marketing information where you have provided your consent for us to do so. For example, by subscribing to our newsletter you will receive legal and business news by e-mail. You are free to withdraw your consent at any time by opting out by using the “unsubscribe” link at the bottom of each marketing e-mail or by contacting our DPO.

6. DATA SHARING

We will share your personal information with third parties where required by law, where it is necessary to administer the working relationship with you or deliver our services or where we have another legitimate interest in doing so. We may also share your personal data when you have consented to us doing so.

We may need to share your information with the courts, where we represent you in legal cases, with co-counsel, opposing counsel, with the Cyprus Bar Association, government authorities and independent bodies, depending on the services we have been retained to provide or any applicable laws and regulations.

Furthermore, we may share personal information with the following categories of third-party service providers as necessary and subject to our professional obligations and any terms of business which we may enter into with you including:

Our professional advisers or consultants such accountants, bankers, auditors, experts and insurers providing consultancy, banking, audit, accounting or insurance services to us.
Any person or entity to whom we are required or requested to make such disclosure by any court of competent jurisdiction or by any governmental, taxation or other regulatory authority, law enforcement agency or any other similar body.
Third parties to whom we outsource certain services such as, without limitation, document processing and translation services, confidential waste disposal, IT systems or software providers, IT Support service providers, document and information storage providers, suppliers and service providers.
Third parties engaged in the course of the services we provide to clients such as counsel, arbitrators, mediators, clerks, witnesses, cost draftsmen, court, opposing party and their lawyers, document review platforms and experts such as tax advisors or valuers.
Third party postal or courier providers who assist us in delivering our documents related to a matter.

All our third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

Transferring information outside the EU

We may transfer the personal information we collect about you outside of the European Economic Area to perform our contract with you, such as in cases that involve international litigation or have a cross border aspect. In such cases we will transfer your data only to such countries as approved by the European Commission as providing adequate level of data protection or enter into legal agreements ensuring an adequate level of data protection, such as Standard Contractual Clauses or depending on the circumstances, proceed with the transfer based on your consent.

7. DATA SECURITY

We have implemented administrative, technical, and physical safeguards to prevent unauthorised access, use, or disclosure of your personal information. Your information is stored on secure servers and isn’t publicly available. We ensure that third parties who may process your information on our behalf (processors) will only process your personal information on our instructions and where they have agreed to treat the information confidentially and to keep it secure.

8. DATA RETENTION

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the type of information that is collected, the purpose for which it was collected, and whether there is any need to retain it based on applicable legal requirements.

9. YOUR RIGHTS

Under certain circumstances, by law you have the right to:

Request access to your personal information, together with information about how this is processed. This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
Request the transfer of your personal information to another party in a structured, commonly used and machine-readable format where we process this information on the basis of your consent or to perform our contract and we carry out the processing by automated means.
Withdraw your consent for a specific processing. In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

10. HOW TO CONTACT US AND HOW TO MAKE A COMPLAINT

If you wish to exercise any of the above rights, make a complaint or receive more information, please contact our Data Protection Officer (“DPO”) using the details provided below:

Email: [email protected]

Attn. DPO

George Z. Georgiou & Associates LLC

1 Iras Street, 1060 Nicosia,

Tel. 22763340

You also have the right to file a complaint with the relevant Data Protection Authority. For Cyprus the relevant Data Protection Authority is the Office of the Commissioner for Personal Data Protection, website at http://www.dataprotection.gov.cy or write to them at:

1 Iasonos str., 1082 Nicosia
P.O.Box 23378, 1682 Nicosia
Tel: +357 22818456
Fax: +357 22304565
Email: [email protected]