Kannava, Kitromilidou & Co LLC may collect information that you choose to provide in communications with us. Please do not send us confidential information until we have confirmed in writing that we represent or act for you or your company or organisation. Unsolicited emails from non-clients do not establish a lawyer-client relationship. They may not be privileged and, therefore, may be disclosed to others.
Kannava Kitromilidou & CO LLC, is law firm incorporated in the Republic of Cyprus with company registration number ΗΕ 268516, operating through a number of separately constituted and regulated legal entities which provide legal and other ancillary services in accordance with the relevant laws of the Republic of Cyprus.
Kannava Kitromilidou & CO LLC is a data controller responsible for your personal information processed via the website, www.kpklegal.com (the “Website”).
WHAT PERSONAL INFORMATION DO WE COLLECT?
We collect and use several types of information of the individuals who are either interested to work for us and/or individuals we co-operate with and/or in the course of our business including when you contact or request information from us, when you engage our legal or other services or as a result of your relationship with one or more of our staff or clients. Such information may include, inter alia, information about your first and last name, address, contact details (telephone, email), identification data (such as passport, ID), birth date, place of birth (city and country), employment status (employed/self-employed), curriculum vitae, taxation and other related financial details, reference letters, whether you hold/held a prominent public function (for PEPs), FATCA information etc.
We collect and use several types of information of the individuals we co-operate with, including information by which you may be personally identified and that is defined as personal data or personally identifiable information under applicable law (“Personal Information”), such as your first and last name, e-mail address, billing information, demographics, telephone number, or other (online) contact information, personal details, health related information.
Categories of Personal Information we collect and use on or through our Website include:
- Information that you provide by filling in forms, in particular at the time of first contact with us.
- We also collect Personal Information when you report a problem with our Website.
- Records and copies of your correspondence (including e-mail addresses), if you contact us.
- Details of transactions you carry out, if any, and of the fulfilment of your orders.
Our primary goal in collecting Personal Information from you is to:
- verify your identity;
- deliver our services;
- carry out or reply to your requests in relation to our services;
- investigate or settle inquiries or disputes;
- comply with any applicable law, court order, other judicial process, or the requirements of a regulator;
- enforce our agreements with you;
- protect the rights, property or safety of us or third parties, including our other clients and users of the Website or our services;
- with recruitment purposes; and
- use as otherwise required or permitted by law.
LEGAL BASIS FOR COLLECTION, USE OR DISCLOSURE OF YOUR PERSONAL INFORMATION
We will process your Personal Information for a number of lawful reasons:
- If you have given us consent;
- If this is necessary to comply with legal or regulatory/compliance obligations;
- If this is necessary to deal with legal claims;
- If this is necessary for the purposes of providing our services in accordance with the terms and conditions of the contract you have with us/performance of a contract;
- If processing is necessary for our legitimate business interests or those of a third party: provided this does not override any interests or rights that you have as an individual.
We have legitimate business interests in:
- establishing an employment agreement;
- providing legal services;
- managing our business and relationship with you or your company or organisation;
- understanding and responding to inquiries and client feedback;
- understanding how our clients use our services and Website;
- identifying what our clients want and developing our relationship with you, your company or organisation;
- improving our services;
- enforcing our terms of engagement and Website and other terms and conditions;
- ensuring our systems and premises are secure;
- developing relationships with business partners;
- ensuring debts are paid;
- sharing data in connection with acquisitions and transfers of our business.
WITH WHOM DO WE SHARE YOUR DATA?
We may have to share your Personal Information with third parties for the purpose of carrying out our services.
We require all third parties to respect the security of your Personal Information and to treat it in accordance with the applicable data protection laws. We do not allow our third-party service providers to use your Personal Information for their own purposes and only permit them to process your Personal Information for specified purposes and in accordance with our instructions and the provisions of the GDPR.
PERSONAL INFORMATION ABOUT OTHERS
In some cases, you may provide Personal Information to us about other people (such as your customers, directors, officers, shareholders or beneficial owners, employees). You must ensure that you have given those individuals an appropriate notice that you are providing their Personal Information to us and have obtained their consent to that disclosure.
We will hold your Personal Information securely in line with physical, technical and administrative security measures. However, the transmission of information via the internet is not completely secure. Although we will take reasonable measures to protect your Personal Information, we cannot guarantee the security of your Personal Information transmitted and any transmission is at your own risk.
We take appropriate security measures (including physical, electronic and procedural measures) to safeguard your Personal Information from unauthorized access and disclosure. For example, only authorized employees are permitted to access Personal Information, and they may do so only for permitted business functions. In addition we have trained our employees on how to handle, manage and process Personal Information, applied upgraded technical measures and transformed our policies and procedures in a way that will comply with the GDPR.
Users should also take care with how they handle and disclose their Personal Information and should avoid sending Personal Information through insecure email. We are not responsible for circumventions of any privacy settings or security measures contained on the Website.
HOW LONG DO WE KEEP YOUR PERSONAL IFORMATION?
We will only retain your Personal Information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for your Personal Information, we consider the amount, nature, and sensitivity of the Personal Information, the potential risk of harm from unauthorized use or disclosure of your Personal Information, the purposes for which we process your Personal Information and whether we can achieve those purposes through other means, and the applicable legal requirements.
WHERE WE STORE YOUR PERSONAL INFORMATION?
The information that we collect about you, including Personal Information, will be stored and processed in Cyprus and/or in remote cases in the countries in which we and the third parties mentioned above maintain facilities. If you are located in the European Union or in other regions with laws governing data collection and processing that may differ from European data protection laws, please note that in the course of providing you with the service you requested we may transfer Personal Information to some of these countries and jurisdictions that have data protection laws that do not provide the exact same level of protection as in your jurisdiction, however we make every effort possible to verify and audit that the processor and sub processors provide the best level of protection of your Personal Information.
Subject to the provisions of the GDPR, you have certain rights in relation to your Personal Information which include the right to:
- Request access to your Personal Information (commonly known as a “data subject access request”). This enables you to receive a copy of the Personal Information we hold about you and to check that we are lawfully processing it.
- Request correction of the Personal Information` that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
- Request erasure of your Personal Information. This enables you to ask us to delete or remove Personal Information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Information where you have successfully exercised your right to object to processing (see below), where we may have processed your Personal Information unlawfully or where we are required to erase your Personal Information to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Object to processing of your Personal Information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your Personal Information for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your Personal Information which override your rights and freedoms.
- Request restriction of processing of your Personal Information. This enables you to ask us to suspend the processing of your Personal Information in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your Personal Information but we need to verify whether we have overriding legitimate grounds to use it.
- Request the transfer of your Personal Information to you or to a third party. We will provide to you, or a third party you have chosen, your Personal Information in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdraw consent at any time where we are relying on consent to process your Personal Information. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
RIGHT TO COMPLAIN
You have the right to make a complaint at any time to Cyprus Data Protection Commissioner (www.dataprotection.gov.cy). We would, however, appreciate the chance to deal with your concerns before you approach the Commissioner so please contact us in the first instance at the contact details stated below.
LINKS TO THIRD PARTY WEBSITES
Our Website, newsletters, email updates and other communications may, from time to time, contain links to and from the websites of others. The Personal Information that you provide through these websites is not subject to this privacy notice and the treatment of your Personal Information by such websites is not our responsibility.
If you follow a link to any other websites, please note that these websites have their own privacy notices which will set out how your information is collected and processed when visiting those sites.
We do not knowingly collect information from children or other persons who are under 18 years old. If you are under 18 years old, you may not submit any Personal Information to us.
CHANGES TO THIS NOTICE
This notice may be changed from time to time.
HOW TO CONTACT US
If you would like more information about the way we manage the Personal Information that we hold about you please contact us at:
Address: Markou Botsari 3, 2nd and 3rd floor, 3040 Limassol, Cyprus