Privacy Policy - PLP Partners

PHINOPOULOU LEGAL PRACTICE
PRIVACY POLICY

Phinopoulou Legal Practice (PLP) in an independent boutique law firm. This privacy policy demonstrates how PLP collects, uses and shares the personal information you provide us and which we otherwise collect in the course of our business, including via our website, email communications, social media account, applications or from individuals who attend events organised or hosted by us; about our clients or prospective clients (where these are natural persons) or their employees, agents and representatives; and about others who express an interest in us or with whom we carry on business (and these individuals about whom we collect data are referred to as “you” and “your” in this Privacy Policy).

The personal data that PLP, as a data controller, collects and processes will vary depending on the services provided to you.

We shall process any information we collect in accordance with Data Protection Legislation and the provisions of this Privacy Policy. This Privacy Policy sets out how we collect, store, process, transfer, share and use personal data, and which rights and options you may have in this respect. Please also refer to our Cookies Policy which explains the use of cookies and other web tracking devices via our website.

Data Protection Legislation means the EU General Data Protection Regulation 2016/679 (GDPR); together with all other applicable legislation relating to privacy or data protection as applied in the Republic of Cyprus.

Personal Data means information that is about any individual, or from which any individual is directly or indirectly identifiable, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical physiological, genetic, mental, economic, cultural or social identity of that individual.

Process, Processing or Processed means anything that is done with any Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Sensitive Personal Data means Personal Data about race or ethnicity, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health, sexual life, any actual or alleged criminal offences or penalties, national identification number, or any other information that may be deemed to be sensitive under applicable law.

How we collect your personal data

We collect and process personal data that we legally obtain not only from you but also from other sources, such as credit and other institutions, which are obliged to provide data to PLP. This processing is necessary for the exercise of PLP duties.

Some of the information that we collect about you may include special categories of personal data (such as information about racial or ethnic origin, criminal or alleged criminal offences or health and lifestyle). We will usually seek separate permission from you or them in writing to process these special categories of personal data.

If you fail to provide us with this information, or you object to us processing such information (see section Your Rights) for more information about your rights in relation to your information) the consequences are that we may be prevented from providing our services to you, or continuing to manage your matter(s) with us.

However, if you fail to provide personal data, where we need to collect personal data by law in order to process your instructions (for instance in relation to Anti-money Laundering (AML) or other KYC due diligence) or perform our services offered to you and data are not provided when requested, we may not be able to carry out or continue to process your instructions or to perform the services engaged. In such case, PLP may have to cancel or terminate our engagement with you, but we will notify subject to the terms of our engagement letter if such applies or otherwise as may be practicable or feasible.

We collect, handle, store and protect personal information about you when:

providing services to you or to our clients;
you use “our Website”; or,
we perform any other activities that form part of the operation of our business.

We may refer to information that identify or may identify you or that may otherwise relate to you as “personal data” or “personal information”. We may also sometimes collectively refer to collecting, handling, using, protecting and storing your personal information as “processing” such personal information. When we refer to “our Website” in this Privacy Policy, we mean the specific website plp-partners.com owned and monitored by PLP.

PLP also collects and process personal data in relation to tenderers in the context of procurement of supplies, works or services or concessions as well as personal data, of its employees and candidates for recruitment.

We may collect or obtain Personal Data about you:

Data you provide: We may obtain your Personal Data directly from you when you provide it to us (e.g., where you contact us via email or telephone, or by any other means, or if you provide us with your business card).
Relationship data: We may collect or obtain your Personal Data in the ordinary course of our relationship with you (e.g., in the course of corresponding with you or processing an engagement retainer).
Data you make public: We may collect or obtain your Personal Data that you choose to make public, including via social media (e.g., we may collect information from your social media profile(s), if you make a public post, LinkedIn or Facebook).
Website/Social Media: We may collect or obtain your Personal Data when you visit our website or use any features or resources or platform available on or contacting us through our website or social media.
Registration details: We may collect or obtain your Personal Data when you use, or register to use, of our Website, or services.
Content and advertising information: If you choose to interact with any third party content or advertising on our website, we may receive Personal Data about you from the relevant third party.
Third party information: We may collect or obtain your Personal Data from third parties who provide it to us (e.g., credit reference agencies; law enforcement authorities; etc.).
Professional History and other Employment Information: If an employment application or CV is filed at PLP, we may collect information on your current occupation and from your employer and details on your employment history and/or directorships.
Know-your-customer (KYC): Information required to be obtain for regulatory compliance obligations such as, your tax jurisdiction, your income tax number, your VAT number, your source of wealth and source of funds, your economic activities and references from third parties including your bank.
Physical access data: i.e. Close Circuit Television (CCTV) images of your visits at our premises.
Criminal record data : We will collect such data where permitted by law, for example if we represent you in a criminal case or in a possible alleged offences and any related criminal history is required for the processing of offering legal services.

Personal data about other people

In the course of our client services, you may provide us with personal data of individuals who are not aware of PLP involvement or of our processing of their personal data (such as family members, customers, counterparties, employees, directors, shareholders or beneficial owners). In such cases, we are likely to not have direct contact with individuals whose personal data we are processing or, it may for other reasons (e.g., to maintain confidentiality) not be appropriate for us to provide them with a privacy notice setting out how we handle their personal data. Before you disclose any such personal data to us, you must ensure that the relevant individuals have received this Privacy Policy or have otherwise been informed of our client services or if required to provide their consent for the disclosure or the use of their personal data to us.

Which personal data do we collect?

When you use our website or when you contact us (either by email or by phone) or when we interact with you or when you engage us to provide our services, the personal data we collect, may include:

Contact information, such as your name, job title, and postal address, including your home/business address, where telephone number, mobile phone number, fax number and email address.
Professional information, such as job titles, previous roles, and professional experience and qualifications.
Profile and usage data; your preferences in receiving marketing information from us; your communication preferences; and information about how you use our websites(s). To learn more about our use of cookies or similar technology, please check our Cookies Policy.
Physical access data, relating to details of your visits to our premises.
If you connect to us from a social network, such as LinkedIn or Facebook, we will collect personal information from the social network in accordance with your privacy settings on that social network. The connected social network may provide us with information such as your name, profile picture, network, gender, username, user ID, age or age range, language, country, friends list, follower list, and any other information you have agreed it can share or that the social network provides to us.
Special categories of personal data. In connection with the registration for and provision of access to an event or seminar, we may ask for information about your health for the purpose of identifying and being considerate of any disabilities or special dietary requirements you may have. Any use of such information is based on your consent.

Further, to enable us to provide our services we may collect:

information collected from publicly available sources or data sites for client due diligence purposes
Identification information from you or from your organisation or other third parties for compliance with our legal and professional duties (e.g. Know Your Customer (KYC))/ Anti –money laundering compliance (AML)).
payment and accounting data, such as data necessary for processing payments and fraud prevention, and other related billing information.
other personal data regarding your preferences, opinions and comments where it is relevant to our services.
information regarding the issue or matter in respect of which we have been engaged to provide legal or administration services may contain personal information about you. In the course of our client services, we may represent you and/or your organisation in legal matters that require us to collect and use special category personal information relating to you (that is, information about your racial or ethnic origin, political opinions, religious beliefs, trade union activities, physical or mental health, sexual life, details of criminal offences, or genetic or biometric data).

Sensitive Personal Data

We may have to process your Sensitive Personal Data in the ordinary course of our business. Where it becomes necessary to process your Sensitive Personal Data for any reason, we rely on one of the following legal bases:

Compliance with applicable law: We may Process your Sensitive Personal Data where the Processing is required or permitted by applicable law (e.g., to comply with our diversity reporting obligations);
Detection and prevention of crime: We may Process your Sensitive Personal Data where the Processing is necessary for the detection or prevention of crime (including the prevention of fraud);
Establishment, exercise or defence of legal rights: We may Process your Sensitive Personal Data where the Processing is necessary for the establishment, exercise or defence of legal rights; or
Consent: We may Process your Sensitive Personal Data where we have, in accordance with applicable law, obtained your express consent prior to Processing your Sensitive Personal Data (this legal basis is not used in relation to Processing that we are legally required to carry out).
Children: We may process children’s personal data when we act for you in relation to certain private matters (for instance, when we are advising you regarding inheritance matters). We process such personal data only where necessary for the specific client services we are providing.

What other information PLP may collect or record through its servers, websites or social media accounts?

Cookies: These are small bits of data sent by a website server to the browser on your computer. The browser tells the server when you next visit a particular website. Cookies help us to anonymously store user preferences and monitor usage trends on an aggregated basis.

Log information: Servers automatically record information that your browser sends whenever you visit a website. These server logs may include information such as the data and time of your visit, browser language and screen size as well as one or more cookies that identify your browser without collecting personal data.

This information is used to compile statistics, on an aggregated basis, on the usage of the site.

With regard to links to other websites through our website, the PLP is not responsible for the terms of management and protection of personal data they follow.

Personal information communicated via e-mail

Your personal data are collected only to the extent necessary to draft a reply or to communicate with you as part of our services engaged to be provided. If you have any questions about the processing of your e-mail and related personal data, do not hesitate to include them in your message.

Employment opportunities at PLP

Specific information on data protection concerning the handling of personal data for recruitment purposes, can be found on the application forms made available from time to time by PLP or posted on our website. The principles in this Privacy Policy apply to all employees, their status as employees and to any employment application.

Purposes of Processing and legal bases for Processing

We Process Personal Data for the following purposes: providing our Website and services to you; compliance checks; operating our business; communicating with you; managing our IT systems; health and safety; financial management; conducting surveys; ensuring the security of our premises and systems; conducting investigations where necessary; compliance with applicable law; improving our Website and services; fraud prevention; and recruitment and dealing with employment applications.

The purposes for which we Process Personal Data, subject to applicable law, and the legal bases on which we perform such Processing, are as follows:

Processing activity	Legal basis for Processing
Use/Provision of our website and services: providing our Website, or services, including legal and notarial advice; providing promotional items and information upon request; and communicating with you in relation to our Website, or services.	The Processing is necessary in connection with any contract that you have entered into with us, or to take steps prior to entering into a contract with us; or We have a legitimate interest in carrying out the Processing for the purpose of providing our Website, and services (to the extent that such legitimate interest is not overridden by your interests, fundamental rights, or freedoms); or We have obtained your prior consent to the Processing (this legal basis is only used in relation to Processing that is entirely voluntary – it is not used for Processing that is necessary or obligatory).
Compliance checks: fulfilling our regulatory and notarial compliance obligations; ‘Know Your Client’ checks; and confirming and verifying your identity; use of credit reference agencies; and screening against government and/or law enforcement agency sanctions lists and other legal restrictions.	The Processing is necessary for compliance with a legal obligation; or The Processing is necessary in connection with any contract that you have entered into with us, or to take steps prior to entering into a contract with us; or We have a legitimate interest in carrying out the Processing for the purpose of fulfilling our regulatory and compliance obligations (to the extent that such legitimate interest is not overridden by your interests, fundamental rights, or freedoms); or We have obtained your prior consent to the Processing (this legal basis is only used in relation to Processing that is entirely voluntary – it is not used for Processing that is necessary or obligatory).
Operating our business: operating and managing our Website, and our services; providing content to you; displaying advertising and other information to you; communicating and interacting with you via our Website, our or our services; and notifying you of changes to any of our Website, our or our services.	The Processing is necessary in connection with any contract that you have entered into with us, or to take steps prior to entering into a contract with us; or We have a legitimate interest in carrying out the Processing for the purpose of providing our Website, our or our services to you (to the extent that such legitimate interest is not overridden by your interests, fundamental rights, or freedoms); or We have obtained your prior consent to the Processing (this legal basis is not used in relation to Processing that we are legally obliged or which we otherwise need to carry out).
Communications and marketing: communicating with you via any means (including via email, telephone, text message, social media, post or in person) news items and other information in which you may be interested, subject always to obtaining your prior opt-in consent to the extent required under applicable law; maintaining and updating your contact information where appropriate; and obtaining your prior, opt-in consent where required.	The Processing is necessary in connection with any contract that you have entered into with us, or to take steps prior to entering into a contract with us; or We have a legitimate interest in carrying out the Processing for the purpose of contacting you, subject always to compliance with applicable law (to the extent that such legitimate interest is not overridden by your interests, fundamental rights, or freedoms); or We have obtained your prior consent to the Processing (this legal basis is not used in relation to Processing that we are legally obliged to carry out).
Management of IT systems: management and operation of our communications, IT and security systems; and audits (including security audits) and monitoring of such systems.	The Processing is necessary for compliance with a legal obligation; or We have a legitimate interest in carrying out the Processing for the purpose of managing and maintaining our communications and IT systems (to the extent that such legitimate interest is not overridden by your interests, fundamental rights, or freedoms).
Health and safety: health and safety assessments and record keeping; providing a safe and secure environment at our premises; and compliance with related legal obligations.	The Processing is necessary for compliance with a legal obligation; or We have a legitimate interest in carrying out the Processing for the purpose of managing and maintaining our communications and IT systems (to the extent that such legitimate interest is not overridden by your interests, fundamental rights, or freedoms); or The Processing is necessary to protect the vital interests of any individual.
Financial management: sales; finance; corporate audit; and vendor management.	We have a legitimate interest in carrying out the Processing for the purpose of managing and operating the financial affairs of our business (to the extent that such legitimate interest is not overridden by your interests, fundamental rights, or freedoms); or We have obtained your prior consent to the Processing (this legal basis is not used in relation to Processing that we are legally obliged to carry out).
Surveys: engaging with you for the purposes of obtaining your views on our Website, or our services.	We have a legitimate interest in carrying out the Processing for the purpose of conducting surveys, satisfaction reports and market research (to the extent that such legitimate interest is not overridden by your interests, fundamental rights, or freedoms); or We have obtained your prior consent to the Processing (this legal basis is not used in relation to Processing that we are legally obliged or otherwise need to carry out).
Security: physical security of our premises (including records of visits to our premises); CCTV recordings; and electronic security (including login records and access details).	The Processing is necessary for compliance with a legal obligation; or We have a legitimate interest in carrying out the Processing for the purpose of ensuring the physical and electronic security of our business and our premises (to the extent that such legitimate interest is not overridden by your interests, fundamental rights, or freedoms).
Investigations: detecting, investigating and preventing breaches of policy, and criminal offences, in accordance with applicable law.	The Processing is necessary for compliance with a legal obligation; or We have a legitimate interest in carrying out the Processing for the purpose of establishing, exercising or defending our legal rights (to the extent that such legitimate interest is not overridden by your interests, fundamental rights, or freedoms).
Legal proceedings: establishing, exercising and defending legal rights.	The Processing is necessary for compliance with a legal obligation; or We have a legitimate interest in carrying out the Processing for the purpose of detecting, and protecting against, breaches of our policies and applicable laws (to the extent that such legitimate interest is not overridden by your interests, fundamental rights, or freedoms).
Legal compliance: compliance with all our legal and regulatory obligations under applicable law (including those applying to providers of notarial services).	The Processing is necessary for compliance with a legal obligation.
Improving our Website or our services: identifying issues with our Website, or our services; planning improvements to our Website, or our services; and creating new Website, or services.	We have a legitimate interest in carrying out the Processing for the purpose of improving our Website, our or our services (to the extent that such legitimate interest is not overridden by your interests, fundamental rights, or freedoms); or We have obtained your prior consent to the Processing (this legal basis is not used in relation to Processing that we are legally obliged or otherwise need to carry out).
Fraud prevention: Detecting, preventing and investigating fraud.	The Processing is necessary for compliance with a legal obligation(especially in respect of applicable employment law); or We have a legitimate interest in carrying out the Processing for the purpose of detecting, and protecting against, fraud (to the extent that such legitimate interest is not overridden by your interests, fundamental rights, or freedoms).
Recruitment and job applications: recruitment activities; advertising of positions; interview activities; analysis of suitability for the relevant position; records of hiring decisions; offer details; and acceptance details.	The Processing is necessary for compliance with a legal obligation(especially in respect of applicable employment law); or We have a legitimate interest in carrying out the Processing for the purpose of recruitment activities and handling job applications (to the extent that such legitimate interest is not overridden by your interests, fundamental rights, or freedoms); or We have obtained your prior consent to the Processing (this legal basis is not used in relation to Processing that we are legally obliged or otherwise need to carry out).

Direct marketing

We may Process your Personal Data to contact you via email, telephone, direct mail or other communication formats to promote our legal services, including sending you and your personnel newsletters, legal updates, or provide you with information regarding services that may be of interest to you. You may unsubscribe free from our promotional email list at any time by sending an email stating unsubscribe at info@plp-partners.com; included in every promotional email we send. After you unsubscribe, we will not send you further informative emails, but we may continue to contact you to the extent necessary for the purposes of any services you have requested.

How we protect and safeguard your information

PLP takes all necessary measures to protect your personal data. PLP collects and processes your personal data in accordance with GDPR. Your personal data is processed only by PLP authorised employees or nominated associates.

We use a range of physical, electronic and managerial measures to ensure that we keep your personal data secure, accurate and up to date. These measures include:

education and training to relevant staff to ensure they are aware of our privacy obligations when handling personal data;
administrative and technical controls to restrict access to personal data on a ‘need to know’ basis;
technological security measures, including fire walls, encryption and anti-virus software; and
physical security measures, such as staff security passes to access our premises.

We have implemented appropriate technical and organisational security measures designed to protect your Personal Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, unauthorised access, and other unlawful or unauthorised forms of processing, in accordance with applicable law.

Internet Warning: Because the internet is an open system, the transmission of information via the internet is not completely secure. Although we will implement all reasonable measures to protect your personal data, we cannot guarantee the security of your data transmitted to us using the internet – any such transmission is at your own risk and you are responsible for ensuring that any Personal Data that you send to us are sent securely.

Disclosure of Personal Data to third parties

PLP does not transmit or disclose your personal data to any third party without your consent unless such transmission or disclosure is necessary.

We may disclose your Personal Data to other entities or associates, for legitimate business purposes (including operating our website and providing services or important information to you), in accordance with applicable law and subject to applicable professional and regulatory requirements regarding confidentiality and professional secrecy.

In addition, we may disclose your Personal Data to:

legal and regulatory authorities, upon request, or for the purposes of reporting any actual or suspected breach of applicable law or regulation;
accountants, auditors, and other professional advisors of you or PLP, subject to binding contractual obligations of confidentiality;
third party Processors (such as providers of data hosting services and document review services), located anywhere in the world, subject to the requirements of applicable law;
any relevant party, law enforcement agency or court, to the extent necessary for the establishment, exercise or defence of legal rights or for the performance of a contract in which you are a contracting party ;
any relevant party for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including safeguarding against and the prevention of threats to public security or with law enforcement regulators;
any relevant third party acquirer(s), in the event that we sell or transfer all or any portion of our business or assets (including in the event of a reorganisation, dissolution or liquidation); and
any relevant third party provider, where our Website use third party advertising, plugins or content. If you choose to interact with any such advertising, plugins or content, your Personal Data may be shared with the relevant third party provider. We recommend that you review that third party’s privacy policy before interacting with its advertising, plugins or content.

If we engage a third party Processor to Process your Personal Data, the processor will be subject to binding contractual obligations to: (i) only Process the Personal Data in accordance with our written instructions; and (ii) use measures to protect the confidentiality and security of the Personal Data, together with any additional requirements under applicable law.

Transfer your personal data outside the European Economic Area (EEA)

We may transfer personal data to associate legal firms, and reputable third party organisations situated inside or outside the EEA when we have a business reason to engage these organisations for your benefit or in processing your request with us. Each organisation is required to safeguard personal data in accordance with data protection legislation.

When we transfer your information outside the EEA, we or they will impose contractual obligations on the recipients of that data to protect your information to the standard required in the EEA. We or they may also require the recipient to subscribe to international frameworks intended to enable secure data sharing. In the case of transfers by us, we may also transfer your information where: (i) the transfer is to a country deemed by the European Commission to provide adequate protection of your information; (ii) where you have consented to the transfer; or (iii) where such transfer is otherwise permissible under data protection legislation (for example where we are required to provide such information by law).

Your Rights

You have the following rights with respect to your personal data held by the PLP:

Access your personal data. This allows you, for example, to receive a copy of your personal data and to check that we process it legally.
Request a rectification of your personal data. This enables you to correct any incomplete or inaccurate data.
Ask for your personal information to be deleted, when there is no valid reason to continue processing it.
Object to the processing of your personal data when there is a specific reason for your opposition to the processing. If you file a complaint, we will no longer process your personal data, unless we can demonstrate legitimate processing considerations that override your interests, rights and freedoms.
Ask for the limitation (restriction) of the processing of your personal data if:
- you have doubts about their accuracy,
- they have been used illegally, but you do not wish to delete them,
- it is no longer needed, but you want to keep them for use in potential legal claims,
- you have already asked us to stop using your personal data, but expect us to confirm whether there are overriding reasons for their continued use.
Withdraw the consent you have given us regarding the processing of your personal data at any time. Please note that any revocation of consent does not affect the legality of consent-based processing before it is withdrawn or revoked by you.
Right of portability. You may request to receive a copy of your personal data in a format that is structured and commonly used and transfer such data to other organisations. You may request the transfer of your personal data directly by us to other organizations.

In order to exercise any of your rights or if you have any other questions about the use of your personal data by PLP you may contact the Data Protection Officer at the following e-mail address: dataprotection@plp-partners.com. We will respond as soon as possible to your request. We aim to respond within thirty (30) days from the date we receive privacy-related communications.

How long do we retain personal data?

We retain personal data to provide our services, stay in contact with you and to comply with applicable laws, regulations and professional obligations that we are subject to. We retain personal data for as long as we have a legitimate business purpose to do so and where a specific legal, regulatory or contractual requirement applies or to assert or defend against legal claims.

Right to lodge a complaint

If you have exercised some or all of your rights to data protection and you still feel that your concerns about the way PLP process your personal data have not been fully addressed by PLP, you have the right to file a complaint to the Office of the Personal Data Protection Commissioner. You will find information on how to file complaints on the relevant website: http://www.dataprotection.gov.cy.

Automated processing

We do not carry out automated decision-making or profiling in relation to your personal information.

Changes to this Privacy Policy

We may occasionally change or amend or updated this Privacy Policy from time to time to reflect changes in our practices with respect to the Processing of Personal Data, or changes in applicable law. We encourage you to review this Privacy Policy periodically so that you are always aware of the way we process and protect your personal information.

Contact us

Should you have any questions about this privacy policy or our processing of your personal information, please contact us at: N.K.Phinopoulou LLC| 10 Yiannos Kranidiotis Street, Nice Day House, 5^th Floor
Nicosia 1065, Cyprus | Email: info@plp-partners.com | Telephone: +357 22 697400