- the existence of evidenced consent of the data subject (i.e. the physical living person), whose personal data is processed
- processing is necessary in order to enter into a contract to which the data subject is a contractual party or to take action at the request of the data subject before or after a contract is entered into force
- processing is necessary to comply with a statutory obligation of the Data Controller or Data Processor as relevant
- processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or Data Processor as relevant, unless such interest overrides the interest or fundamental rights and freedoms of the data subject who require the protection of personal data, in particular if the subject of the data is a child
- processing is necessary to safeguard the vital interest of the data subject or other natural person
- processing is necessary for the performance of an obligation performed in the public interest or in the exercise of public authority assigned to the Company.
Why we collect personal data:
Personal data are collected through the business cooperation with the clients for purposes of compliance with Cyprus and European legislation and directions on matters related to Prevention of Money Laundering and Terrorist Financing and specifically with the Prevention and Suppression of Money Laundering Activities Law in Cyprus Ν. 188(I)/2007, the Directive of the Cyprus Securities and Exchange Commission as well as for compliance purposes with the Law Regulating Companies Providing Administrative Services and Related Matters Ν. 196(I)/2012. The aforementioned laws/directives require collection of specific personal data for purposes of Prevention of Money Laundering and Terrorist Financing.
How long we keep your personal data:
Personal data are kept for the periods necessary so as to adhere to our legal and / or regulatory obligations. At the end of the retention period applicable in each case, personal data are deleted or destroyed in controlled ways, in electronic and physical form, as appropriate.
Individuals subject to Data Processing have defined rights under the GDPR as described below:
- Right to information as to the personal data processing performed and the rationale of such processing
- Right to access to the personal data being processed for his / her person
- Right to rectification allowing individuals to request the correction or amendment of their data
- Right to object to a specific type of processing, under specific circumstances
- Right to object to automated processing or profiling in cases where automated processing results in decisions that in the opinion of the affected data subject, do not adequately reflect the unique characteristics of the case involved
- Right to withdraw consent allowing a data subject to give notice and withdraw a previously given consent for a specific type of processing
- Right to data portability allowing the transfer of personal data processed by a Data Controller to the data subject or directly to another Data Controller in electronic, machine readable format
- Right of Erasure (“right to be forgotten”) entitling a data subject – under certain circumstances – to request the deletion of their personal data.
If you have any queries in relation to the processing of your data please contact us at firstname.lastname@example.org