(This Privacy Notice has been prepared in accordance with the provisions of the EU General Data Protection Regulation Regulation 2016/679 (“GDPR”).) 5>
- 1. INTRODUCTION
M.P MEDITERRANEAN PARTNERS LTD is committed to protecting the privacy and security of your personal information. We take care to protect the privacy of our individual clients (including personal data in respect of individuals who are clients, intermediaries or other third parties that our Company interacts with, or any individual who is connected to those parties).
This document also sets out the rights of individuals in respect of that personal data where the data held are on such individuals.
2. THE INFORMATION WE COLLECT
We only collect information that we know we will genuinely use and in accordance with the EU General Data Protection Regulation (GDPR) - Regulation 2016/679
The type of information that we will collect on you, and you voluntarily provide to us includes:
• contact details (including names, postal addresses, email addresses and telephone numbers);
• Financial data such as payment related information or bank account details;
Demographic data such as your address, preferences or interests;
• Website usage and other technical data such as details of your visits to our websites or information collected through cookies and other tracking technologies;
• Personal data provided to us by or on behalf of our clients or generated by us in the course of providing our services, which may, where relevant, include special categories of personal data;
• Identification and other background verification data such as a copy of passports or utility bills or evidence of beneficial ownership or the source of funds to comply with client due diligence/”know your client”/anti-money laundering laws and collected as part of our client acceptance and ongoing monitoring procedures;
• information provided in the course of the provision of legal and other services (for example, information on professional relationships and background, financial wealth and assets held, transactions entered into, tax status, disputes and court proceedings engaged in);
• Recruitment related data such as your curriculum vitae, your education and employment history, details of professional memberships and other information relevant to potential recruitment to our Company;
• Data that you may provide to us in course of registering for and attending events or meetings, including access requirements;
• Any other personal data relating to you that you may provide.
meetings attended and visits to our offices;
any other information you may provide to the Company.
We may, in further dealings with you, extend this information to include additional services used, records of conversations and agreements and payment transactions.
- 3. HOW WE COLLECT THE YOUR INFORMATION
• We may collect or receive your personal data as described above, in a number of different ways:
• Where you provide it to us directly, for example by corresponding with us by email, or via other direct interactions with us such as completing a form on our website or registering for and using one of our online tools;
• Where we monitor use of, or interactions with, our websites, any marketing we may send to you, or other email communications sent from or received by the Company;
• Third party sources, for example, where we collect information about you to assist with “know your client” checks as part of our client acceptance procedures or where we receive information about you from recruitment agencies for recruitment purposes; or
• Publicly available sources - we may, for example, use such sources to help us keep the contact details we already hold for you accurate and up to date or for professional networking purposes, e.g. LinkedIn.
- 4. HOW WE USE THE INFORMATION
We will only use your personal data where we are permitted to do so by applicable laws and we will not collect or process more or less data than what is reasonably required for achieving the purpose of each processing activity and ensures that there is always at least one lawful basis to secure that the rights of individuals are secured.
Under GDPR, the use of personal data must be justified under one of a number of legal bases. The principal legal bases that justify our use of your personal data are:
• Performance of Contract Obligations: where your information is necessary to enter into or perform our contract with you.
• Legal obligation: where we need to use your information to comply with our legal obligations.
• Legitimate interests: where we use your information to achieve a legitimate interest and our reasons for using it outweigh any prejudice to your data protection rights.
• Legal claims: where your information is necessary for us to defend, prosecute or make a claim against you, us or a third party.
• Consent: where you have consented to our use of your information (you will have been presented with a consent form or facility in relation to any such use and may withdraw your consent through an unsubscribe or similar facility).
We may use your information in the following ways:
• To provide our administrative and other services to you and to conduct our business – to administer and perform our services, including to carry out our obligations arising from any agreements entered into between you and us;
Legal basis: contract performance, legitimate interests (to enable us to perform our obligations and provide our services to you), consent
• To fulfil our legal, regulatory, or risk management obligations – to comply with our legal obligations (performing client due diligence/”know your client”, anti-money laundering, anti-bribery, sanctions or reputational risk screening, identifying conflicts of interests); for the prevention of fraud and/or other relevant background checks as may be required by applicable law and regulation and best practice at any given time (if false or inaccurate information is provided and fraud is identified or suspected, details may be passed to fraud prevention agencies and may be recorded by us or by them); to enforce our legal rights, to comply with our legal or regulatory reporting obligations and/or to protect the rights of third parties;
Legal basis: legal obligations, legal claims, legitimate interests (to cooperate with law enforcement and regulatory authorities, to ensure that you fall within our acceptable risk profile and to assist with the prevention of crime and fraud). Where we process special categories of personal data we may also rely on substantial public interest (prevention or detection of crime) or legal claims.
• To facilitate use of our websites and to ensure content is relevant – to respond to requests for information or enquiries from visitors to our websites and to ensure that content from our websites is presented in the most effective manner for you and for your device;
Legal basis: legitimate interests (to allow us to provide you with the content and services on the websites), consent, contract performance;
• For research and development purposes – analysis in order to better understand your and our clients’ services and marketing requirements and to better understand our business and develop our services and offerings;
Legal basis: legitimate interests (to allow us to improve our services).
• For marketing and business development purposes –to provide you with details of new services, news updates and invites to seminars and events where you have chosen to receive these.
Legal basis: legitimate interests, consent.
• For recruitment purposes –to enable us to process applications for employment submitted via the Careers section of our website and to assess your suitability for any position for which you may apply at the Company;
Legal basis: legitimate interests (to ensure that we can make the most appropriate recruitment decisions for our Company), contract performance (in order for us to take steps at your request to enter into a contract with you).
• To ensure that we are paid – to recover any payments due to us and where necessary to enforce such recovery through the engagement of debt collection agencies or taking other legal action (including the commencement and carrying out of legal and court proceedings);
Legal basis: contract performance, legal claims, legitimate interests (to ensure that we are paid for our services).
• To inform you of changes – to notify you about changes to our services or our terms of services or this Privacy notice;
Legal basis: legitimate interests (to ensure we can notify you about changes to our service, etc).
• To reorganise or make changes to our business - In the event that we are undergo a re-organisation (for example if we merge, combine or divest a part of our business), we may need to transfer some or all of your personal data to the relevant third party (or its advisors) as part of any due diligence process or transfer to that re-organised entity or third party your personal data for the same purposes as set out in this Privacy notice or for the purpose of analysing any proposed re-organisation;
Legal basis: legitimate interests (in order to allow us to change our business).
• To ensure the security of the Company’s system, staff and premises (including the use of CCTV equipment in the public areas of the premises)
Legal basis: legitimate interest (to protect its business environment, staff and premises from being misused or victimized in any way and to ensure that business operations run smoothly without unauthorized interruption - By entering the Company’s premises, any individual automatically consents to the use of CCTV for monitoring purposes and to abide by the internal health and safety procedures of the Firm
• For the purposes of internal know-how and training;
Legal basis: legitimate interest (as a provider of administrative services it may/will be required process data for internal know how and staff training.
• Any other purpose(s) which has been agreed by or notified to you;
- 5. TO WHOM WE SHARE YOUR INFORMATION
We may also share your personal data with the following potential recipients of data (in each case including respective employees, directors and officers)::
• Our professional advisors (e.g. legal, financial, business, risk management or other advisors), bankers and auditors;
• Our insurers and insurance brokers;
• Third party service providers, to whom we outsource certain functions such as information and document management, office support, technology and IT services, word processing, photocopying and translation services (we have agreements in place with these service providers to protect the confidentiality and security of information (including personal data) shared with them);
• Third parties with whom the Company engages for the hosting of events or other marketing initiatives;
• Third party external advisors or experts engaged in the course of the services we provide to our clients and with their prior consent, such as barristers, local counsel and technology service providers.
• Employees of the Company who are acquainted with the GDPR and which are underhave the Company’s Confidentiality and Non-Disclosure rules and regulations;
• Any registrar of a public register where the data is to be included in a public registry.
• We may also process your personal data to comply with our regulatory requirements or in the course of dialogue with our regulators as applicable, which may include disclosing your personal data to government, regulatory or law enforcement agencies in connection with enquiries, proceedings or investigations by such parties anywhere in the world or where compelled to do so. Where permitted, or unless to do so would prejudice the prevention or detection of a crime, we will direct any such request to you or notify you before responding.
• If we need to share personal data in order to establish, exercise or defend our legal rights (this includes providing personal data to others for the purposes of preventing fraud and reducing credit risk);
Unless expressly declared in this Privacy Notice or with the prior consent of the individual, personal data collected from an individual will not be disclosed to any third party other than the above-named parties.
In entering into an engagement with a third party pursuant to which data may be processed by that third party, the Company will pursue to enter into an agreement with that third party setting out the respective obligations of each party and it will seek to be reasonably satisfied that the third party has measures in place equal to those of the Company to protect data against unauthorised or accidental use, access, disclosure, damage, loss or destruction.
In the event that any such third party is outside of the European Union and where the data being transferred would include personal data which would be protected under applicable Data Protection regulation, the Company will ensure that it meets the relevant requirements of that Data Protection regulation prior to carrying out any such transfer.
This may include only transferring the data where the Company is satisfied that (1) the non-European Union country has Data Protection laws similar to the laws in the European Union; (2) the recipient has agreed through contract to protect the information in the same Data Protection standards as the European Union; (3) we have obtained consent from relevant data subjects to the transfer;
- 6. YOUR RIGHTS OVER YOUR INFORMATION
• Right to Access Your Personal Information
You have the right to access the personal information that we hold about you in many circumstances, by making a request. This is sometimes termed ‘Subject Access Request’. If we agree that we are obliged to provide personal information to you (or someone else on your behalf), we will provide it to you or them free of charge and aim to do so within 30 days from when your identity has been confirmed.
We would ask for proof of identity and sufficient information about your interactions with us that we can locate your personal information.
If you would like to exercise this right, please contact us as set out below.
• Right to Correction Your Personal Information
If any of the personal information we hold about you is inaccurate or out of date, you may ask us to correct it.
If you would like to exercise this right, please contact us as set out below.
• Right to Stop or Limit Our Processing of Your Data
You have the right to object to us processing your personal information if we are not entitled to use it any more, to have your information deleted if we are keeping it too long or have its processing restricted in certain circumstances.
If you would like to exercise this right, please contact us as set out below.
For more information about your privacy rights
The Office of the Commissioner for Personal Data Protection (CPDP) regulates data protection and privacy matters in the Republic of Cyprus. They make a lot of information accessible to consumers on their website and they ensure that the registered details of all data controllers such as ourselves are available publicly. You can access them here http://www.dataprotection.gov.cy/ or contact them at:
1 Iasonos Str., 1082 Nicosia, P.O. Box 23378, 1682 Nicosia
Tel: +357 22818456 Fax: +357 22304565
You can make a complaint to the CPDP at any time about the way we use your information.
However, we hope that you would consider raising any issue or complaint you have with us first. Your satisfaction is extremely important to us, and we will always do our very best to solve any problems you may have.
- 7. HOW LONG WE KEEP YOUR INFORMATION FOR
We retain a record of your personal information in order to provide you with a high quality and consistent service. We will always retain your personal information in accordance with the GDPR and never retain your information for longer than is necessary. Unless otherwise required by law, your data will be stored for a period of 2 years after our last contact with you/some other identifiable action or period, at which point it will be deleted.
- 8. GIVING YOUR REVIEWS AND SHARING YOUR THOUGHTS
When using our websites or mobile applications, you may be able to share information through social networks like Facebook and Twitter. For example, when you ‘like’, ‘share’ or review our Services. When doing this, your personal information may be visible to the providers of those social networks and/or their other users. Please remember it is your responsibility to set appropriate privacy settings on your social networkaccounts so you are comfortable with how your information is used and shared on them.
- 9. SECURITY
Data security is of great importance to our Company and to protect your data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure your collected data.
We take security measures to protect your information including:
• Limiting access to our buildings to those that we believe are entitled to be there (by use of passes, key card access and other related technologies);
• Implementing access controls to our information technology
• We use appropriate procedures and technical security measures (including strict encryption, anonymisation and archiving techniques) to safeguard your information across all our computer systems, networks, websites, mobile apps, offices and stores.
• Never asking you for your passwords;
• Advising you never to enter your account number or password into an email or after following a link from an email.
- 10. HOW TO CONTACT US
If you would like to exercise one of your rights as set out above, or you have a question or a complaint about this policy, the way your personal information is processed, please contact us by one of the following means:
By email: firstname.lastname@example.org
By post: Evagorou Avenue 29C, 1066, Nicosia, Cyprus.
This Policy was last updated on 20/06/2021