In this policy, we are the data controller of your Personal Data and is subject to the EU General Data Protection Regulation 2016/679 (“GDPR”) and any locally applicable data protection laws.
What types of Personal Data we collect
Depending on the reason why you communicate with us, we may collect the following data:
personal details, such as your name, date of birth, personal contact details (postal address, email address, telephone number, fax), job title/profession and/or job description;
identification information, such as ID number and/or passport number;
payment data, such as data necessary for processing payments to include bank account details, details of beneficiaries and other related billing information;
further information necessarily processed in a project or client contractual relationship with the ATP Trust or voluntarily provided by you, such as instructions given, payments made, requests that you address to us;
special categories of Personal Data (sensitive data): In connection with the provision of legal services to you, we may on some occasions need to ask for certain sensitive information (e.g. information about your health etc.). The processing of sensitive data will only be carried out by us in full compliance with the GDPR and applicable national legislation, on the basis of your explicit prior consent.
visits, details of your visits to our premises.
Why we collect Personal Data
We use your Personal Data for the purposes for which you have supplied it to us, to include:
for responding to your requests for legal services and/or other enquiries;
for providing legal services and/or other corporate and/or administrative services you may have requested;
for ensuring compliance with our legal obligations (for example for compliance with our obligations under applicable anti-money laundering laws);
for any purpose related and/or ancillary to any of the above or any other purpose for which your Personal Data were provided to us;
where you have provided us with your explicit prior consent, we may also use the information to provide you with newsletters, briefings and other publications about legal developments and matters which we believe may be of interest to you.
Our main legal bases for the processing of your Personal Data are the following:
the processing is necessary for the performance on our part of the contract concerning the provision of legal services to you or to take steps at your request prior to entering into such contract, or the processing is necessary for the performance of any other contract or generally in the context of any other dealings we may have with you;
the processing is necessary for us to comply with a legal and regulatory obligations (for example under applicable anti-money laundering laws);
the processing is in our legitimate interests and our interests are not overridden by your interests, fundamental rights or freedoms.
Our legal bases for the processing of special categories of Personal Data (sensitive data) are the following:
you have provided your explicit consent to the processing of such sensitive Personal Data for specified purposes;
processing of such Data may be necessary for the establishment, exercise or defense of legal claims.
When we collect Personal Data
We may collect Personal Data in a number of circumstances, including:
when you contact us to seek legal advice or services from us;
when you make an enquiry via the Website or by email;
when you offer to provide or provide goods or services to us;
If you choose to withhold any Personal Data requested by us on any of the above-mentioned circumstances, it may not be possible for us to respond to your legal or other query, offer the legal services requested, or in the case of cookies, use certain functionalities of the Website.
In some circumstances, we may collect Personal Data about you from a third-party source. For example, we may collect Personal Data from your organisation, other organisations with whom you have dealings, to include banks and other professional service providers or other organisations in the context of the provision of our services to you or generally in the context of any other dealings we may have with you. In any case, such collection from third parties is always carried out in line with our legal obligations.
How we use your Personal Data
We will use your Personal Data for the following purposes:
to perform the contract we are to enter into or have entered into with you or your company;
to provide the legal, corporate, fiduciary or any other services you have requested;
to manage and administer our relationship with you or your company (this is not limited to but includes accounting, auditing, and any other services);
in order to fulfil and comply with our legal and regulatory obligations (for example under applicable anti-money laundering laws);
upon your instruction or request from your company, agent, advisor, intermediary or other relevant third party entity;
if we have been legitimately asked to provide information for legal or regulatory purposes or as part of legal proceedings or prospective legal proceedings; and
to analyze and improve the services we provide you with.
When we share Personal Data
We will not disclose your Personal Data, except:
• to third parties who provide services on our behalf, e.g. third parties providing document management services or software developers;
• to collaborators, to include instructing counsel, banks, accountants and auditors;
• where we are required to do so with our legal and regulatory obligations or where it is necessary for the purpose of, or in connection with, legal proceedings or in order to exercise or defend legal rights;
• upon your instructions or your express consent.
We may also share your Personal Data with any third party to whom we assign or novate any of our rights or obligations.
How we retain Personal Data
We will generally retain Personal Data for the period necessary to fulfil the purposes for which it was originally collected and thereafter as required or permitted by law or as is necessary in order for the ATP Trust to be able to defend, respond to or conduct prospective or actual legal claims or proceedings.
In light of the above general rule:
• Client data shall generally be retained for the duration of their business relationship with us and thereafter for a further period of 5 years from the date of termination, under applicable anti-money laundering laws;
• Personal Data in the context of other contractual relations or dealings with you shall be retained for the duration of our contractual relationship or dealings and thereafter for a further period of 5 years from the date of termination, under applicable anti-money laundering laws.
How we secure Personal Data
The ATP Trust strives to maintains appropriate technical and organisation security measures to protect your Personal Data against unauthorised or unlawful processing and against accidental loss, destruction or damage.
Whenever any third party service provider handles or processes your data on our behalf, we require them to do the same.
You may find below a list of your legal rights insofar as your Personal Data are concerned. Please note that some of these rights may not be applicable to your situation.
• You have the right to gain access to the Personal Data that we hold about you.
• You have the right of rectification, that is, to request the correction, without undue delay, of any Personal Data that we hold about you and are either inaccurate or incomplete.
• You have the right to obtain the erasure of your Personal Data, without undue delay, provided, amongst others, the Personal Data in question are no longer necessary in relation to the purposes for which they were collected.
• You have the right to restrict our processing activities or to object to the processing of your Personal Data.
• You have the right to data portability, that is, to request from us that we send your Personal Data in a structured, commonly used and machine-readable format, and to transmit those data to another controller.
• If we rely on your consent as our legal basis for the processing of your Personal Data, you have the right to withdraw that consent at any time.
In addition to the above, you also have the right to lodge a complaint to the Office of the Commissioner for Personal Data Protection in Cyprus, at the following postal and email address:
Iasonos 1, 1082 Nicosia, Cyprus
P.O.Box 23378, 1682 Nicosia, Cyprus
Tel: +357 22818456
Fax: +357 22304565