Your Wish is Our Command

As of 25 May 2018, the EU General Data Protection Regulation 2016/679 (GDPR) will have taken effect for the protection of natural persons against the processing of personal data and the free circulation of such data. The New General Regulation shall replace the Directive 95/46/EU which was applied via law 138(I)/2001. As of 25 May, 2018 the said law shall be considered as abolished.

More information may be obtained from the European Commission’s relevant website here and from the official Cyprus Government portal at

Our role as service providers include the obligation to secure that, personal data of yours and of any third parties such as employees, contractors, clients, principals and other individuals and contracting parties related to you, which has come or may come into our possession and which may also contain sensitive data, is processed in accordance with relevant Regulation and/or other laws in force.

Such processing may relate to agreements entered between us as service providers and yourselves, to the provision of services by us as service providers and intermediate service providers, to the adherence with laws, regulations and directives, KYC (know-your-client) procedures, the manner of operation and management of our business, including business development, account management, internal financial reporting, IT and/or marketing processing, legal due diligence or disclosure of information clients, to banks, legal or other associates of ours who may offer services to you, to international organizations whether in the Republic of Cyprus or any other European Union or other third countries.

Unless otherwise instructed by you we consider that we may process, collect, store, disclose, copy and transfer personal data, relating to you and/or your employees, contractors, clients, principals and other individuals and contracting parties of relevance to you in the same manner without the need for a separate consent on each occasion and at each time, such consent considered as duly given. Collection of such data may be made from you, any authorised by you person, any agencies who carry out investigations on our behalf, other public domain information sources such as the internet etc. Please be informed that we may not follow any instructions by you prohibiting the processing, collection, storage, disclosure, copying and transferring of personal data, relating to you and/or your employees, contractors, clients and other individuals of relevance to you, in the event that any other law/regulations in force imposes upon us any contrary obligation. For all intents and purposes the provisions of any laws/regulations in force which may provide otherwise, shall override any of your instructions.

When you provide personal data to us about third parties such as employees, contractors, clients, principals and other individuals and contracting parties etc, you shall be considered as having provided the data, with due and received authority to have done so as their agent and as having obtained any required consents.

All correspondence files and records (other than statutory corporate records) and all information and data held by us on our computers/servers are the sole property of ours and you shall have no right of access thereto or control there over, however you shall be free to request by written instructions, details of your personal information data held by us, you may demand the correction of any wrong or inaccurate information in our data records and ask for any copies of data maintained by us which you or any authorized representative of yours have furnished us with.

The maintenance, use storage, use etc. of personal data shall be kept by us to the extent and as long as the relevant law/s or any regulation/s provide. Should any law require the keeping and maintenance of certain date for a longer period of time we undertake to arbitrarily or on your request remove from our data system upon the lapse of the period provided by the GDPR, data relating to you which may be irrelevant or unnecessary for keeping for the purposes of compliance with any such law/s or regulation/s.

We are providing you herein below with the following information in addition to the above information which include the purposes of processing of personal data the legal basis for doing so, the recipients of personal data, our legitimate interests and transfer of such data. As a data subject you may address any concern of yours on a matter relating to your data protection rights to the company’s Data Protection Officer below.

Data Protection Officer (DPO): Mr. Nicolas Papapanayiotou
Contact details of DPO: [email protected] / +357 25 871000

Any complaints you may have with regards to any violation of your rights under the GDPR may be lodged with the relevant supervisory authority whose details are as follows:

Officer of the Commissioner on Personal Data Protection
1, Iasonos Str., 1082 Nicosia
P.O.Box 23378, 1682 Nicosia
Tel: +357 22818456, Fax: +357 22304565
Email: [email protected]

If you should wish to have your name and address removed from our specific purposes mailing list, you should provide us with clear Instructions in this respect or click on the unsubscribe link in any of such mailingsHowever, in such a case we shall not be held liable and you hereby relieve us of any liability with respect to any information of essence which may not reach you.

We remain at your disposal for any clarification on the above, whilst we assure you that our firm is aiming to be duly compliant with the GDPR and other laws/regulations/directives in force.

Costas Tsielepis & Co Ltd