Pelecanos & Pelecanou LLC (hereinafter referred to as the “Firm”) is a group of companies constituted and operating in the Republic of Cyprus in the Legal, Corporate, Property Management and Immigration Sectors. The Firm is incorporated under the laws of the Republic of Cyprus with Registration No. ΗΕ 242787, with it’s registered address at 1 Kalymnou Street, Q Merito, 2nd Floor, 6037, Larnaca, Cyprus, under the Department of Registrar of Companies and Official Receiver (www.mcit.gov.cy). The Company is authorised and regulated by the Cyprus Bar Association (License No. 111) to provide a diverse number of services under the aforementioned sectors and also as specified in the Firm’s website.
On 25th of May 2018 the “REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC-General Data Protection Regulation” (hereinafter referred to as the “GDPR”) has been implemented by all members of the European Economic Area (EEA). The Regulation provides more strict guidelines to further enhance the data protection policies that the corporations who as data controllers are following and provide more rights to individuals over how their personal data are stored and used by organisations.
Our Firm is dedicated in protecting the personal data that is entrusted to it. Our Firm considers your privacy seriously and we are conscious of how we use and protect your personal data and rights. We understand the trust you place in our business when you provide us with your personal information. We are strongly committed to take all appropriate actions to reflect the GDPR provisions and any local Laws which implement or supplement the GDPR on a day-to-day basis and adhere to appropriate safeguards for the privacy and non-public personal data of our clients, employees and associates.
Specifically, for the usage of the Firm’s website (http://pelecanoslawyersincyprus.com/): The Firm is committed to act in the best interests of the visitors of its website by protecting and respecting any inputted personal data.
This Privacy statement details our approach on the aforementioned issues. It explicitly describes how the Firm collects, maintains, uses, discloses and safeguards your Personal Data. Furthermore, this policy aims to inform you regarding your privacy rights and how GDPR protects you. It applies to existing clients, prospective clients, clients who have terminated their business relationship with the Firm and website visitors who are accessing the Firm’s website.
Specifically, for the usage of the Firm’s website (http://pelecanoslawyersincyprus.com/): This Policy also applies for the process of any personal data provided through the Firm’s website using the ‘Contact us – Get in touch’ webpage in relation to any inquiry for our services.
- Data Controller: According to the provisions of the GDPR, the Firm is considered as controller of your personal data and is bound to make sure that all contained in this Policy statement is fully applied and followed. This means that the Firm is responsible for deciding how your data is held and used.
Specifically, for the usage of the Firm’s website (http://pelecanoslawyersincyprus.com/): The Firm is the data controller of your personal data you may input to this website and is responsible for this website.
- Data Subjects: any person whose personal data is being collected, held or processed.
- Affiliate: is defined as any other legal entity/associate, apart from the Firm’s group of companies, which/who now or in the future receives your personal data pursuant to the provision of the requested services.
- Minor: Referring to a child under the age of 18.
- Joint Data Controller: Where two or more controllers jointly determine the purposes and means of processing, they shall be joint controllers.
- Data processor: The processor or data processor is a person or organization who deals with personal data as instructed by a controller for specific purposes and services offered to the controller that involve personal data processing
Collected Personal Data under the provision of our Services:
Personal data is information that relates to an identified or identifiable individual which may include, for example, a name, address, identification number, telephone number and date of birth. In more simple terms, personal information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). Kindly be informed that we do not collect Special Categories of Personal Data (i.e. race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about health and biometric data). A derogation should also allow the processing of such personal data where necessary for the establishment, exercise or defence of legal claims (falling under our Litigation Department – civil and criminal proceedings), whether in court proceedings or in an administrative or out-of-court procedure.
Depending on the nature of services you require from us, we may collect, use, store and transfer different kinds of personal data about you and under certain circumstances, your spouse, civil partner, partner, dependants and it may non-exhaustively include the following:
- Full Name,
- Maiden Name,
- Telephone number,
- Email address, and
- Residential Address (including correspondence and billing addresses)
- Date of Birth, and
- ID or Passport
Biographical and Demographic Data:
- Marital Status,
- Educational Background,
- Professional Background,
- Occupation/Job title/Function,
- Details for current Employer, and
- Occupation of a Prominent Public Function status (PEP)
- Source and Size of Funds,
- Source and Size of Wealth,
- Annual Income,
- Counterparties – Business Affiliates,
- Countries of Counterparties and Business Affiliates,
- Tax Identification Number, and
- Tax Country
- Criminal Records for criminal convictions and offences (to the extent permitted and/or required by applicable Law), and
- Any other personal information that is necessary for the execution of the requested service(s).
The provision of certain Personal Data is required for establishing a contractual relationship with the Firm.
The Firm also lawfully collects and processes personal data from publicly available sources (including, inter alia, the press, social media and the internet) and accredited screening online databases in order to meet its regulatory obligations and confirming the validity of the clients information.
Specifically, for the usage of the Firm’s website (http://pelecanoslawyersincyprus.com/): We collect personal data from you through the use of enquiry form in the ‘Contact us – Get in touch’ webpage to provide more information regarding newly received enquiries.
Collected Personal Data under the usage of the Firm’s website:
For contacting the Firm for any inquiries and information, you may be asked to fill out specific information regarding your Name, Email and Phone number. Your personal data is collected by direct input from you. In case you decide to give the aforementioned information, this policy will be applied. Generally, our intent is to collect only the personal information that you as online visitor have provided voluntarily so we are enabled to offer information and/or deliver services to you or fulfilling your requests.
Legal Bases for Collection of your Personal Data:
Any personal data collected, retained, processed and used by the Firm is required for the communication, identification, verification and assessment for the business relationship established with the Client and is always based on the following Legal Bases:
- Given Consent and/or
- Contractual performance and/or
- Compliance under Legal Obligation and/or
- Purpose of legitimate interests.
How we collect your Personal Data:
Any personal data is collected from you directly through the use of email communications and/or Due Diligence Questionnaires at the beginning of the commencement of our business relationship. Any information given by the abovementioned ways is given only after the signing of our Engagement and Consent Letter with each related physical person.
How we collect Personal Data of Minors:
The Firm understands the importance of protecting minors’ privacy. The Company’s services are not directly offered to minors and in case of such a person wishes to communicate with the Firm may do so always through his/her parents or legal guardians. If any personal data is collected by the Firm, as part of an engagement to provide professional services, regarding any minor under the age of 14 years old, a special Consent Letter (and Engagement Letter) shall be signed by the minor’s parents or legal guardians. If the minor retains the age of 16 years old, his/her consent and agreement of the Engagement Letter can be given directly.
Specifically, for the usage of the Firm’s website (http://pelecanoslawyersincyprus.com/): The minors’ privacy, especially in the electronic and online environment, is of utmost importance. The Firm’s website is not designed or directed for use by minors.
Purpose of Collection of Personal Data:
The first and foremost purpose of the Firm is to be transparent regarding the purpose and it’s extent before the collection of any personal data.
Below you can find an indicative list of instances where processing of your data takes place during our cooperation:
- Tacking certain steps prior to entering into a contract with the Firm and for providing you information about the offered services and products; (i.e. verification of identity)
- For the evaluation, establishment and maintenance of the contractual relationship between the Firm and you;
- For the purposes of complying with the terms of a contract that we have with your or with any other third party without compromising your rights and interests;
- To manage its business operations and comply with internal policies and procedures.
- To protect our legitimate interests or those of a third party, except where such interests are overridden by your legitimate interests or fundamental rights and freedoms which require protection of personal data;
- To detect, identify, prevent, investigate and respond to actual or potential fraud, illegal activities, intellectual property infringement and other liabilities and manage risk exposure.
- Under compliance with any Laws, Court Orders, EU Directives, Regulations or any other legal and regulatory obligations to which the Firm is subject [especially under the PREVENTION AND SUPPRESION OF MONEY LAUNDERING AND TERRORIST FINANCING LAWS 2007 (Ν. 188(I)/2007)].
For any collection and disclosure of any other non-public personal information your explicit consent will be always be requested beforehand, except under legal obligation. Notably, this is done where we are obliged to detect any money laundering and terrorism financing offences. Any personal information you wish to provide, is not used for other purposes, than the purpose you originally provided the information to us.
As most cases are vastly different from the rest, please refer to the specifically designed Engagement Letter and Consent Letter which explicitly specifies and outlines the purpose, the extend of purpose, means of collection, lawful basis of processing, use, disclosure and retention period of your personal data. Please also refer to the various provisions of this privacy statement for specific information on particular processing activities.
Change of Initial Purpose:
Your collected personal data will be processed only for the purpose(s) indicated upon the commencement of our business relation, before the collection of any data and specified on the signed Engagement Letter and Consent Letter. Furthermore, the Firm retains the right to process your personal data, for any other compatible reason within the context of the initial purpose(s). In the event of the data used for any other unrelated purpose(s) and at the same time does not fall under the legal bases referred below, kindly note that you will be notified beforehand and your consent will be requested. Where additional, necessary information is sought, you will be notified to provide consent for collection.
Transfer and/or Disclosure of Personal Data:
In the course of the performance of the Firm’s contractual and statutory obligations, your personal data may be disclosed to Public Authorities, Affiliates and Third Parties. Below is a non-exhaustive list of some of the data recipients:
- Governmental agencies or entities (i.e. the Department of Registrar and Official Receiver, the Tax Department), regulatory authorities (i.e. the Cyprus Bar Association) for reporting purposes, including law enforcement authorities or other persons in line with any applicable law, regulations, court order or official request,
- Courts and Tribunals,
- Affiliates of the Firm, especially for the execution of accounting, audit and foreign incorporation services for Companies,
- Professional Advisors such as accountants and financial advisors,
- Tied Agents of the Firm (inside and outside the EEA) to whom we have delegated part of the services that you have requested from us,
- Financial Institutions such as Banks (inside and outside the EEA),
- External Tax Consultants,
- Third Party Payment Service Providers who help the Company provide its Clients the services of security deposit and withdrawal to and from a Client’s account,
- Other Service Providers that the Company has chosen to support it in the effective provision of its services by offering technological expertise, solutions and support, and
- To any other Party that you have given explicit consent.
We may share your information with other organisations providing data processing activities to our Firm such as IT support and Software Service and limited where those organisations meet our strict standards on the protection and security of data. As already mentioned above, we may share your information provided that it is necessary or prudent to comply with the national or EU law.
Transfer and/or Disclosure of Personal Data to Third Countries:
The GDPR allows personal data to be transferred outside of the EEA if adequate data protection measures and safeguards are in place.
We do not share data outside the EEA, except as necessary for our legitimate professional and business needs, to carry out requests and services as demanded by you. We have an extensive network of Affiliates (professional service providers) in Cyprus and/or across the world and work in common to help us run our business. Those Affiliates may act as joint data controllers or data processors. As a result, personal data may be transferred outside the countries where we and our clients are located. This includes countries outside the EEA and to countries that do not have laws that provide specific protection of personal data.
Where this is applicable, the Firm takes steps to ensure the right security measures are taken so that your privacy rights continue to be protected as outlined in this policy. On practical terms, the Firm and its third-party providers enter into contractual arrangements (such as the approved standard contractual clauses by the European Commission) which govern their liability to observe data protection and confidentiality according to the applicable Data Protection Legislation.
How your Personal Data is processed:
Depending on the requested service(s), your personal data will be processed accordingly by the Firm or even by an Affiliate. More information and details are always documented on the Engagement Letter and Consent Letter that you will be requested to sign before the provision of any data and the commencement of a business relationship. Alongside the processing of data in pursuit of the requested service(s), data is also physically stored on a cloud-based software, physical data back-ups and storage devices for security purposes.
Marketing and Third-Party Marketing:
Kindly note that, in any case, the personal information provided will only be used in relation to the service(s) requested. The Firm will not contact you with details of other products, services and offers and your data will never be shared to any third-party for marketing purposes.
Clients (referred as “Data Subjects”) have certain rights over their personal data. Namely, they are empowered by the GDPR with the following 8 rights:
- the right of access;
- the right to rectification;
- the right to erasure;
- the right to the restriction of processing;
- the right to data portability;
- the right to object;
- the right to withdraw consent; and
- the right not to be subject to automated decision making, including profiling.
1. The right of access – “Subject Access Request” – Request Access to your personal data
Enables the individual to request an entity that is in control of his/her data (a “Data Controller”) to provide him/her with a detailed record of all the information they have, how this information is stored, who it is shared with, the method by which it was collected and to justify the purpose for which it is currently being processed and stored for. Verification of the lawfulness of the process of the personal data in question is vital. Upon request, the Firm will send you one electronic copy of the personal data, concerning you, via email, without any charge. Furthermore, the GDPR imposes strict and elaborated rules on the manner in which a Data Controller must deliver the requested information, and according to Article 12 of the GDPR this must be in a “concise, transparent, intelligible and easily accessible form”. The Firm retains the right to charge a reasonable fee in the event of repetitive or excessive requests. Before providing information to you, we may ask for proof of identity and sufficient information in order to make sure that your claim is valid. The Firm will aim to respond to any requests for the exercise of this right promptly and in any event within the legally required time limits. (30 days)
2. The right to rectification – Request Correction of your personal data
This right grants you the power to request from the Firm to rectify any incorrect and inaccurate data and/or complete any incomplete information within a reasonable timeframe (30 days), including by means of providing a supplementary statement.
3. The right to erasure – Request erasure of your personal data
Or sometimes known in the press as the “right to be forgotten”, it is considered as one of the basic rights of the European data protection legislation. The Firm shall endeavour to accommodate such request whenever feasible. This means that you have the right to request for your personal data to be erased-deleted but this can be exercised only under the following circumstances:
- if there is no compelling reason with the continuance of its processing;
- your data is continued to being processed or stored despite no longer fulfilling the purpose for which it was originally collected for;
- where you exercise your right to object to the processing of your data and there is no overriding legitimate interest for continuing the processing; and
- after withdrawal of your consent.
4. The right to restrict processing – Request restriction of processing your personal data
This right enables you to request from an organization to stop processing your data where you contest the accuracy of your personal data, until it has been verified. During this process, the organization has the right to retain your data (especially in cases where it is required for the establishment, exercise or defend of future legal claims).
5. Right to data portability – Request transfer of your personal data
The main aim of this right is to empower you to move, copy or transmit personal data easily from one Data Controller to another. In more practical terms, this right enables individuals to request copies of their data and ultimately reuse it for their own purposes across different services. The Firm ensures that it has implemented appropriate systems to provide a copy of such personal data in a structured, commonly used and machine-readable format and/or the transmission of your personal data to another controller.
6. The right to object – Object to processing of your personal data
When the lawful basis of the process of your personal data is either ‘public interest’ of ‘legitimate interests’, you have the right to object to such processing. The GDPR requires the Firm to demonstrate that it either has compelling legitimate grounds for continuing the processing, or that the processing is necessary in connection with its legal rights. If it cannot do so, it must cease that processing activity immediately. The objection to processing does not make the processing before the request illegal, however, the Firm shall no longer process the data, provided that there are no more legitimate grounds for processing.
7. The right to withdraw consent
At any time, you can rightfully withdraw your consent in the same medium and method (i.e. same electronic interface) you have provided it in the first place. Your active affirmative motion/action would be required. Your withdrawal will not generate any charge or downgrading of services to your detriment.
8. The right not to be subject to automated decision making, including profiling
The right not to be subject to automated decision-making applies only if such a decision is based solely on automated processing and produces legal effects concerning you or similarly significantly affects you. If a decision-making process falls within these parameters, the underlying processing of personal data is allowed if it is authorised by law, necessary for the preparation and execution of a contract, or done with your explicit consent. Please rest assured that the Firm has put sufficient safeguards in place. Such safeguards might include the right to obtain human intervention on the part of the controller or another equally effective opportunity to express your point of view to contest the decision.
It is important to emphasize that these rights are not absolute and there are specific grounds under which the Firm can continue processing legitimately your personal data. This may only be allowed where it is lawful and to the extent that at least one of the following legal bases for processing, applies.
Legal Bases/Legitimate Grounds for processing:
When the Firm processes your personal data, it always relies on one of the following legitimate grounds:
- Your consent: in all cases, we will ask you for permission to process some of your personal information, and we will only proceed if you agree to us doing so. In order to rely on consent, the Firm always make sure that the individual’s approval is given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of his/her agreement with the processing.
- Performance of a contract: this is when the processing of your personal information is necessary in order to perform our obligations under the contract (and more specifically our Engagement Letter). Utmost account shall be taken of whether, inter alia, the data processed is directly applicable and related to the contract in question. The Firm always coerce individuals into giving separate consent for additional data processing beyond what is needed for performing the contract.
- Legal obligation: the processing of personal data as part of the Firm’s compliance with its legal and regulatory obligations under EU or Member State law, this is when we are required to process your personal information in order to comply with a legal obligation, such as keeping records for tax and anti-money laundering purposes (refer to Data Retention below) or providing information to a public body or law enforcement agency; or
- Legitimate interests: we will process information about you where it is in our legitimate interest in running a lawful business to do so in order to further that business, so long as it doesn’t outweigh your interests.
Lodge a Complaint:
When you feel that your personal data has been processed in a way that does not meet the GDPR, you have a specific right to lodge a complaint at any time with the Supervisory Authority of your country or in the country where an infringement was made. The said Authority in Cyprus is the Information Commissioner’s Office and can be contacted through here: http://www.dataprotection.gov.cy/dataprotection/dataprotection.nsf/page1i_en/page1i_en?opendocument
We would appreciate the chance to deal with your concerns before you approach the relevant authority so please do contact us at first instance.
Upon termination/completion/fulfilment of the purpose of processing, taken into account that no other fulfilling purpose exists, any personal data shall be destroyed in any form retained.
Notwithstanding the above, the retention period will be extended for the period of 5 years (taking into account the applicable limitation periods under relevant laws) in certain cases to enable us to use the data for defending potential legal claims, as well as, to comply with the PREVENTION AND SUPPRESION OF MONEY LAUNDERING AND TERRORIST FINANCING LAWS 2007 (Ν. 188(I)/2007), Anti-Bribery/Corruption Laws and regulations, accounting and tax laws.
By referring to personal data, we also retain trading information, account opening documents, communications and any other data which is directly relevant with the client and the requested service(s).
Specifically, for the usage of the Firm’s website (http://pelecanoslawyersincyprus.com/): The personal data of an individual who used our enquiry form in the ‘Contact us – Get in touch’ webpage, however no contractual relationship was undertaken, shall be destroyed in one month’s time from the last day of communication.
The cyberworld is not a secure medium. No data transmission over the internet or data storage system cannot provide full protection. The Firm has put in place suitable physical, electronic and managerial procedures to safeguard and secure any data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. Only employees who need the information to perform a specific job are granted access to information and they only do so under strict instructions. In any case, our employees’ actions are always subject to a duty of confidentiality. In line with the technical measures taken, the Firm ensures that all appropriate confidentiality obligations and technical and organisational security measures are in place to prevent any unauthorised or unlawful disclosure or processing, accidental loss, destruction or damage to such information.
The Firm’s technical and organisational security measures are updated and enhanced on an ongoing basis. Our staff is trained about the importance of confidentiality and maintenance of your information privacy and security. We commit to taking appropriate disciplinary measures to enforce our team’s privacy responsibilities.
Despite Firm’s best efforts, however, security cannot be absolutely guaranteed against all threats.
Specifically, for the usage of the Firm’s website (http://pelecanoslawyersincyprus.com/): When you submit sensitive information via the website, your transmitted information is protected both online and offline. The Firm’s serves and I.T. infrastructures are being compliant with the laws and regulations enforced within the European Union.
By accessing the Firm’s website (http://pelecanoslawyersincyprus.com/), you hereby accept and agree the provisions, terms and conditions mentioned herein. In no circumstances shall the Firm be legally bound by any information or representation contained in its website and no liability shall be accepted in respect of loss caused by reliance on such information or representation. The Firm also makes no representations, claims, promises, warranties or undertakings about the accuracy, completeness or adequacy of the information contained in its website. The website’s information is intended as a guide only and every reasonable effort is taken to ensure the accuracy and the timeliness of the information. Any enquiry received in our ‘Contact us – Get in touch’ webpage, does not automatically create an attorney-client relationship and should not be relied upon as such.
Non-personally identifiable information is collected through Google’s platform “Google Analytics” – a third party information storage system. This platform collects only your device’s IP address, the pages you visit, what other sites you used prior to coming to our site and the length of time you were on those specific pages, what you clicked on when you arrived, is some of the information collected in aggregate form. We use Google Analytics to store information on how our website can be improved and offer the best possible user experience to every visitor. This information is not used for any marketing purposes. You can prevent Google Analytics from recognizing you on return visits to this site by disabling cookies on your browser by using the following links:
- Internet Explorer: http://windows.microsoft.com/nl-NL/windows7/Block-enable-or-allow-cookies
- Chrome: https://support.google.com/chrome/answer/95647?hl=en-GB
- Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
- Safari: http://support.apple.com/kb/PH5042
A cookie is a small text file that is stored on a user's computer for record-keeping purposes. Cookies can be used to recognize repeat users, facilitate the users’ ongoing access to and use of the website and allow a website to track usage behaviour and compile aggregate data that will allow content improvements.
Cookies may be placed on your computer or internet-enabled device whenever you visit us online. This allows the site to remember your computer or device and serves a number of purposes.
On our website, an access banner will appear requiring you to consent to collect cookies. Your selection will be saved in a cookie and is valid for a period of 90 days. If you wish to revoke your selection, you may do so by clearing your browser's cookies by visiting its settings. (often found in your browser's Tools or Preferences menu)
To find out more about cookies, including how to see what cookies have been set and how to control, manage and delete them, you can visit http://www.allaboutcookies.org/
Below you will find more details regarding the types and ownership of our website’s cookies:
If you are applying for a vacancy, the collection and use of your personal data shall be governed by this policy. Depending on the position you are applying for, we will require you to provide us with your CV and other personal data that may be reasonably required for the purposes of examining your application and in connection with any subsequent employment or placement, unless otherwise indicated. Your data will be retained only for a period of 12 months and then destroyed.
The Firm retains the right to modify and amend the contents of this policy from time to time without further notice, to best reflect our current privacy practices. Any changes will immediately take effect and it is your responsibility to visit our website frequently and keep yourself up-to-date, particularly before you submit any personal information.
If you have any questions or complaints about this Privacy Statement or the way we process your personal data, or would like to exercise one of your rights set out above please send an email with the details of your complaint to firstname.lastname@example.org or you may directly escalate your concern to the Firm’s Data Protection Officer (DPO): email@example.com
Address: 1, Kalymnou Street, Q Merito, 5th Floor, 6037, Larnaca, Cyprus
Tel: 24-659930, 24-623685,