Last updated on 25/05/2018
• It is also directed to natural persons who had such a contractual or other legal relationship with PGE&Co in the past.
• It also contains information about sharing your personal data with other affiliated firms of PGE&Co and other third parties, such us service providers, other accountants or suppliers.
WHO WE ARE
PGE&Co is a company registered in Cyprus under the registration number HE 164750 having its registered office at 17 Gr. Xenopoulou Street, 3106 Limassol, Cyprus and head office at 30 Gr. Xenopoulou Street, 3106 Limassol, Cyprus.
E-mail address: email@example.com
Postal address: 30 Gr. Xenopoulou Street, 3106 Limassol, Cyprus
COLLECTION OF YOUR DATA
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
If you are a prospective client, or a non-client counterparty in a transaction of a client or an authorised representative/agent or beneficial owner of a legal entity or of a natural person which/who is a prospective client, the relevant personal data which we collect may include:
Identity Data such as first name, maiden name, last name, username or similar identifier, marital status, title, date of birth (city and country) and gender. Contact Data such as residential or business address, email address and telephone numbers. Marketing and Communications Data like your preferences in receiving marketing from us. Additionally we may collect banking details, marital status, employed/self-employed, if you hold/held a prominent public function (for PEPs), FATCA / CRS info, authentication data (e.g. signature), IP addresses, financial account information such as bank details, insurance information, family member information, nationality, credit reference agency data, residence or work permit in case of non-EU nationals, own and/or third party security (e.g. if an existing personal guarantor), employment position, educational background, employment history. We may also obtain personal data arising from the performance of our contractual obligations, tax information (e.g. tax residency, tax identification number), financial information (as expected annual credit/debit turnover, nature of transactions, source of income, source of assets).
We understand the importance of protecting children's privacy. We may collect personal data in relation to children, only provided that we have first obtained their parents’ or legal guardian’s consent or unless otherwise permitted under the law.
IF YOU FAIL TO PROVIDE PERSONAL DATA
Where we need to collect personal data by law, or under the terms of a contract we have with you and/or any other legal purpose and you fail to provide information when requested, we may not be able to perform our contractual obligations we have or are about to enter into with you (i.e. to provide you with our services). In this case, we may have to abort all contractual obligations with yourself but we will notify you if this is the case at the time.
WHETHER YOU HAVE AN OBLIGATION TO PROVIDE US WITH YOUR PERSONAL DATA
For us to enter into a contractual relationship with you, you must provide your personal data to us, which is necessary for the required commencement and execution of our contractual obligations. We are furthermore obligated to collect such personal data given the provisions of the Money Laundering Law, which require that we verify your identity before we enter into a contract or a business relationship with you or the legal entity for which you are the authorised representative / agent or beneficial owner.
Please note that if you do not provide us with the required data, then we will not be allowed to commence or continue our contractual relationship with you as an individual or as the authorised representative/agent or director/beneficial owner of a legal entity.
HOW IS YOUR PERSONAL DATA COLLECTED?
We collect and process different types of personal data, which we receive from our clients (potential and current) in person or via their representatives in the context of the contractual relationship.
We may also collect and process personal data which has been lawfully obtained, not only from the clients but from other service providers or third parties e.g., public authorities or companies that introduce clients to us. We may also collect and process personal data from publicly available sources (e.g. the Department of Registrar of Companies and Official Receiver, the Land Registry, the Bankruptcy Archive, commercial registers, the press, media and the internet).
PURPOSE OF DATA PROCESSING AND LEGAL BASIS
Personal data may be processed in compliance with the obligations imposed on us to obtain information about clients as well as individuals related to clients and client company/ies/trust structures. The purpose of that is to combat money laundering/terrorist financing and to comply with tax and other reporting requirements and/or other applicable European and/or Cyprus Legislation. In holding and processing your personal information, we also comply with the Processing of Personal Data (Protection of Individuals) Law 138 (I)/2001) as amended from time to time.
Most commonly, we will use your personal data in accordance with the GDPR and the local data protection law for one or more of the following reasons:
1. Where we need to perform the contract we are about to enter into or have entered into with you.
2. We process personal data so as to safeguard the legitimate interests pursued by us or by a third party. A legitimate interest is when we have a business or commercial reason to use your information.
3. Where we need to comply with a legal or regulatory obligation; There are a number of legal obligations emanating from the relevant laws to which we are subject to as well as statutory requirements, e.g. the Cyprus Banking Law, the Money Laundering Law, the Cyprus Investment Services Law, Tax Laws etc. There are also various supervisory authorities whose laws and regulations are binding on us, such as The Institute of Certified Public Accountants of Cyprus (ICPAC). Such obligations and requirements are imposed to us for personal data processing activities for identity verification, tax law or other reporting obligations and anti-money laundering controls. To comply with applicable AML/CFT measures by assessing the risks involved, we need to carry out checks in order to prevent money laundering, fraud and to combat international terrorism.
4. Promoting the best interest of the client.
5. Where disclosure is necessary for the relevant tax authorities, banks, service providers and/or other accountants, to perform their respective services.
6. You have provided your consent; Provided that you have given us your specific consent for processing (other than for the reasons set out above) then the lawfulness of such processing is based on that consent. You have the right to revoke consent at any time. However, any processing of personal data prior to the receipt of your revocation will not be affected.
CHANGE OF PURPOSE
We will only use your personal data for the purposes for which we have collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at: firstname.lastname@example.org
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis, which allows us to do so.
We may process your personal data to inform you about our services and newsletters that may be of interest to you or your business.
You may "opt out" of receiving such email updates, newsletters and/or other emails by clicking the “unsubscribe" link in any email communication that we send you. You will then be removed from our mailing list. You have also the right to object at any time to the processing of your personal data for marketing purposes, by contacting us at any time in writing.
Our website uses small files known as cookies to make it work better in order to improve services we offer you, to improve marketing and provide site functionality.
A cookie is a small, unique text file that a website can send to your computer when you visit a site. The website may automatically collect information as you browse, such as your internet service provider, browser type and version, operating system and device type, pages viewed, information accessed, the Internet Protocol (IP) address used to connect your computer to the internet and other relevant statistics. It also collects demographic information (country - city).
If you do not want us to deploy cookies to your browser, you can set your browser to reject cookies or to notify you when a website tries to put a cookie on your computer. Rejecting cookies may affect your ability to use our website.
WHO WE SHARE YOUR PERSONAL DATA WITH
In the course of the performance of our contractual and statutory obligations, your personal data may be provided to different departments within PGE&Co but also to other affiliated companies of PGE&Co and/or third parties providing services to and/or acting as agents of PGE&Co for the purposes and/or in the context of the provision of our services. Consequently, other service providers and suppliers may also receive your personal data so that we may perform our services and/or legal obligations. Such service providers and suppliers enter into contractual agreements with us by which they observe confidentiality and data protection according to the data protection law and GDPR.
It must be noted that we may disclose data about you for any of the reasons set out hereinabove, or if we are legally required to do so, or if we are authorised under our contractual and statutory obligations or if you have given your consent. We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We strictly prohibit our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. We only provide the necessary information they need to perform their specific services.
Under the circumstances referred to above, recipients of personal data may be, for example: income tax authorities, criminal prosecution authorities, ICPAC, other auditors and accountants, legal consultants and external legal consultants, service providers, suppliers, agents, business partners, valuers and surveyors, financial and business advisors, file storage companies, archiving and/or records management companies, cloud storage companies, delivery couriers, IT companies who support our website and other business systems and so on.
Appropriate security measures have been put in place, in order to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to employees, agents, contractors and other third parties. They will only process your personal data according to our instructions and they are subject to a duty of confidentiality.
Procedures have been put in place, to deal with any suspected personal data breach and we shall notify you and any applicable regulator of a breach where we are legally required to do so.
We will only retain your personal data for as long as necessary, to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements, unless a longer retention period is required or permitted by law.
The criteria used to determine our retention periods include:
1. The length of time we have an ongoing relationship with you and provide the services to you (i.e. for as long as you keep using our services).
2. Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them).
3. Whether retention is advisable considering our legal position (such as regulatory investigations).
You have the right to delete your data; to request erasure. This enables you to instruct us to erase your personal data (known as the ‘right to be forgotten’) where its process is of no further use or interest.
YOUR LEGAL RIGHTS
Under certain circumstances, you have rights under Data Protection Laws in relation to your personal data:
• Request access to your personal data: You may request a confirmation as to whether or not personal information is being processed by us and to obtain a copy of that information.
• Request correction of your personal data: You may request rectification if your personal information is inaccurate.
• Request erasure of your personal data: You may request that your personal information is erased in certain situations e.g. if it is no longer necessary to provide the services to you.
• Object to processing of your personal data: You may object to the processing of your personal data in certain situations e.g. for use of your data for ad targeting.
• Request restriction of processing your personal data: You may request restrictions of the processing of your personal data in certain situations e.g. if your personal information is inaccurate or unlawfully processed.
• Request transfer of your personal data: You may request to obtain and reuse your personal data for your own purposes across different services..
• Right to withdraw consent that you gave us with regard to the processing of your personal data at any time. Note that any withdrawal of consent shall not affect the lawfulness of processing based on consent before it was withdrawn or revoked by you.
If you wish to exercise any of the rights set out above, please contact our Data Protection Officer at: email@example.com
Please inform us for any changes to the personal data we hold for you.
You have the right to make a complaint. We would, however, appreciate the chance to address your queries, so please do contact us at firstname.lastname@example.org