This notice will tell you, our client, or prospective client, how we use, hold and protect personal information we collect about you in the course of providing services to you and what rights you have in respect of your personal information. It is important that you read this notice together with any other notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This notice supplements any other notices and is not intended to override them.


In this notice, “GZG”, “we”, “us”, “our” refer to George Z. Georgiou & Associates LLC. GZG is a controller in respect of your personal information. That means that we determine the purposes and means for the processing of your information. For more information about us and how to contact us, please see section 11 of this notice.

Changes to this notice 

We may modify or amend this notice from time to time and we will notify you appropriately about this, but we also encourage you to review this notice periodically to always be informed about how we are processing and protecting your personal information. 

This notice was last updated in December 2021 and historic versions can be obtained by contacting us.

Keeping your information accurate and current 

It is important that the personal data we hold about you is accurate and current. Please inform us if your personal data changes during your relationship with us. 

We collect your personal information from various sources, including: 

  • Directly from you, when you provide us with your personal details in order for us to open a client file and provide you with our services, when you request to receive marketing, or when you communicate with us;
  • From publicly accessible sources, e.g. the Registrar of Companies
  • From third parties, such as claimants/ defendants, witnesses, other lawyers, consultants, business partners, experts, sanction screening providers, regulators and public authorities, persons who are involved in transactions we are working on.
  • Information that we generate about you in the course of providing our services, including by using our case management and document management systems.
  • Using automated technologies. When you use or access our website, we may collect technical data about your equipment, browsing actions and patterns and information about the way you use our services. We collect this data by using cookies; For those cookies that are not strictly necessary for the provision of our services, we will seek your consent at the time of your initial visit to our website. For more information about our use of cookies, please read our cookie policy.

We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances: 

  • Performance of a contract: where we need to collect, and use your personal information to enter into a contract with you or to perform a contract that you have with us.
  • Legitimate interests: Where it is necessary for our legitimate interests and we consider such use of your information as not detrimental to you.
  • Compliance with a legal obligation: We may be required to process your information due to legal requirements, including anti-money laundering regulations and professional regulations.
  • Consent: You may be asked to provide your consent, for example in respect of any processing of your personal information for our marketing purposes. You can withdraw your consent to such use, at any time by contacting us.

“Special categories” of personal information require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information. We have in place an appropriate policy document and safeguards which we are required by law to maintain when processing such data. We may process special categories of personal information for the purposes identified in section 4 above and in the following circumstances: 

  • In limited circumstances, with your explicit written consent.
  • Where we need to carry out our legal obligations or exercise rights in connection with provision of services.

We may also process this type of information where it is needed for the establishment, exercise or defence of legal claims or where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public. 

Where necessary, we will process information about criminal convictions as part of the provision of services. 

Due to the COVID 19 Pandemic and based on various decrees issued from time to time by the Cyprus Government, we may need to see your Safepass Certificate. We do not retain this data and we only view it in order to ensure we comply with the relevant decrees. 

We will occasionally send you marketing information where you have provided your consent for us to do so. For example, by subscribing to our newsletter you will receive legal and business news by e-mail. You are free to withdraw your consent at any time by opting out by using the “unsubscribe” link at the bottom of each marketing e-mail or by contacting our DPO.

We will share your personal information with third parties where required by law, where it is necessary to administer the working relationship with you or deliver our services or where we have another legitimate interest in doing so. We may also share your personal data when you have consented to us doing so. 
We may need to share your information with the courts, where we represent you in legal cases, with co-counsel, opposing counsel, with the Cyprus Bar Association, government authorities and independent bodies, depending on the services we have been retained to provide or any applicable laws and regulations. 
Furthermore, we may share personal information with the following categories of third-party service providers as necessary and subject to our professional obligations and any terms of business which we may enter into with you including: 

  • Our professional advisers or consultants such accountants, bankers, auditors, experts and insurers providing consultancy, banking, audit, accounting or insurance services to us.
  • Any person or entity to whom we are required or requested to make such disclosure by any court of competent jurisdiction or by any governmental, taxation or other regulatory authority, law enforcement agency or any other similar body.
  • Third parties to whom we outsource certain services such as, without limitation, document processing and translation services, confidential waste disposal, IT systems or software providers, IT Support service providers, document and information storage providers, suppliers and service providers.
  • Third parties engaged in the course of the services we provide to clients such as counsel, arbitrators, mediators, clerks, witnesses, cost draftsmen, court, opposing party and their lawyers, document review platforms and experts such as tax advisors or valuers.
  • Third party postal or courier providers who assist us in delivering our documents related to a matter.

All our third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions. 

Transferring information outside the EU 

We may transfer the personal information we collect about you outside of the European Economic Area in order to perform our contract with you, such as in cases that involve international litigation or have a cross border aspect. In such cases we will transfer your data only to such countries as approved by the European Commission as providing adequate level of data protection, or enter into legal agreements ensuring an adequate level of data protection, such as Standard Contractual Clauses or depending on the circumstances, proceed with the transfer based on your consent. 

We have implemented administrative, technical, and physical safeguards to prevent unauthorised access, use, or disclosure of your personal information. Your information is stored on secure servers and isn’t publicly available. We ensure that third parties who may process your information on our behalf (processors) will only process your personal information on our instructions and where they have agreed to treat the information confidentially and to keep it secure.

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the type of information that is collected, the purpose for which it was collected, and whether there is any need to retain it based on applicable legal requirements. 

Under certain circumstances, by law you have the right to: 

  • Request access to your personal information, together with information about how this is processed. This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
  • Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
  • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your personal information to another party in a structured, commonly used and machine-readable format where we process this information on the basis of your consent or to perform our contract and we carry out the processing by automated means.
  • Withdraw your consent for a specific processing. In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so.

If you wish to exercise any of the above rights, make a complaint or receive more information, please contact our Data Protection Officer (“DPO”) using the details provided below: 

Attn. DPO 
George Z. Georgiou & Associates LLC 
1 Iras Street, 1060 Nicosia,  
Tel. 22763340 

You also have the right to file a complaint with the relevant Data Protection Authority. For Cyprus the relevant Data Protection Authority is the Office of the Commissioner for Personal Data Protection, website at or write to them at: 

1 Iasonos str., 1082 Nicosia 
P.O.Box 23378, 1682 Nicosia 
Tel: +357 22818456 
Fax: +357 22304565