Main Menu
CONTACT US

Privacy Policy

At Michael Kyprianou & Co LLC we recognize that privacy is important to you.

This Privacy Notice explains how of the Law Firm Michael Kyprianou & Co LLC (an LLC incorporated in the Republic of Cyprus, with registered number HE237290) and all its affiliates and subsidiaries collect, use and disclose your personal data, and your rights in relation to the personal data as these are held. Keeping your data secure and private is part of our philosophy for delivering high standards of services.

In this Privacy Notice, “us’, “we’, “our” is the data controller of your personal data and is subject to the EU General Data Protection Regulation 2016/679 (“GDPR”) and any locally applicable data protection laws.

We also have established offices (including our affiliated entities) in Greece, Malta, Israel, Poland, Ukraine, the United Kingdom, Germany and Dubai (UAE). This Notice applies to the processing of personal data for all entities.

How we collect your data

We collect your personal data in the manner described below:

  • From information about you provided to us by you directly;
  • From information about you provided to us by your company or an intermediary;
  • When you communicate with us in writing, by telephone, fax, website registration, email or other digital means. In this respect, we may monitor, record and store any such communication;
  • When you complete (or we complete on your behalf) client on-boarding or application or various KYC and due diligence forms;
  • From your agents, advisers, intermediaries, and custodians of your assets;
  • From publicly available sources or from third parties, most commonly where we need to conduct background checks about you;
  • From the information you provide to us when you meet us at events or conferences, which we hold or participate in around the world, or in person, by meeting one of our staff and business cards were exchanged.

Data we collect

 We collect the following categories of personal data about you:

  • Your name and contact information such as your home or business address, job title, email address and telephone number;
  • Biographical information which may confirm your identity including your date of birth, tax identification number and your passport number or national identity card details, country of domicile and/or your nationality along with the relevant copies of the aforementioned documentation;
  • Information relating to your financial situation such as income, expenditure, assets and liabilities, sources of wealth, as well as your bank account details;
  • Reference letters, whether you hold/held a prominent public function (for PEPs), FATCA / CRS info, authentication data (e.g. signature)
  • An understanding of your goals and objectives in procuring our services;
  • Information about your employment, education, family or personal circumstances, and interests, where relevant; and
  • Information to assess whether you may represent a politically exposed person or money laundering risk.
  • Information collected when you visit our website such as your Internet Protocol (IP) address, login data, browser version, device information and time zone.

Processing your personal data

1. Performance of a contract with you

We process your personal data because it is necessary for the performance of a services provision agreement to which you are a party or in order to take steps at your request prior to entering into such agreement.

In this respect, we use your personal data for the following:

  • To prepare a proposal for you regarding the services we offer;
  • To provide you with the services as set out in our services agreement with you or as otherwise agreed with you from time to time;
  • To deal with any complaints or feedback you may have;
  • For any other purpose for which you provide us with your personal data.

In this respect, we may share your personal data with or transfer it to the following:

  • Your agents, advisers, intermediaries, and custodians of your assets who you tell us about;
  • Third parties whom we engage to assist in delivering the services to you, including other companies in Michael Kyprianou & Co LLC group;
  • Our professional advisers where it is necessary for us to obtain their advice or assistance, including lawyers, accountants, IT;
  • Debt collection agencies where it is necessary to recover money you owe us;

The courts of the Republic of Cyprus and/or any other public authorities of the Republic of Cyprus, or where requested, either by Law or in the court of providing our services to you.

  • Other third parties such as intermediaries who we introduce to you. We will wherever possible tell you who they are before we introduce you.

2. Legitimate interests

We also process your personal data because it is necessary for our legitimate interests, or sometimes where it is necessary for the legitimate interests of another person.

In this respect, we use your personal data for the following:

  • For marketing to you. In this respect, see the separate section on Marketing below;
  • Training our staff or monitoring their performance;
  • For the administration and management of our business, including recovering money you owe to us, and archiving or statistical analysis;
  • Seeking advice on our rights and obligations, such as where we require our own legal advice.

In this respect we will share your personal data with the following:

  • Our advisers or agents where it is necessary for us to obtain their advice or assistance;
  • With third parties and their advisers where those third parties are acquiring, or considering acquiring, all or part of our business.

3. Consent

We may rely on your freely given consent at the time you provided your personal data to us for a purpose of the process other than for the purposes set out hereinabove, then the lawfulness of such processing is based on that consent. You have the right to withdraw consent at any time. However, any processing of personal data will not be affected prior to the receipt of the withdrawal.


4. Compliance with legal obligations

We also process your personal data for our compliance with a legal obligation which we are under.

In this respect, we will use your personal data for the following:

  • To meet our compliance and regulatory obligations, such as compliance with anti-money laundering laws;
  • As required by tax authorities or any competent court or legal authority under the relevant laws.

In this respect, we will share your personal data with the following:

  • Our advisers where it is necessary for us to obtain their advice or assistance;
  • Our auditors where it is necessary as part of their auditing functions;
  • With third parties who assist us in conducting background checks;
  • With relevant regulators or law enforcement agencies where we are required to do so under relevant laws.

Marketing

We will send you marketing about services we provide which may be of interest to you, as well as other information in the form of alerts, newsletters and invitations to events or functions which we believe might be of interest to you or in order to update you with information (such as legal or commercial news) which we believe may be relevant to you.

Your data is not shared outside of Michael Kyprianou & Co LLC.

We will communicate this to you in a number of ways including by post, telephone, email or other digital channels.

If you object to receiving marketing from us at any time, please contact us by email: dpocyprus@kyprianou.com

If you have given consent and you wish to withdraw it at any time, please contact us on the above e-mail.

 

Transfer and processing of your personal data outside the European Union

When sharing your personal data with third parties as set out in this Privacy Notice, it may be transferred outside the European Union. Such third parties have access to personal data solely for the purpose of performing the services specified in the applicable service agreement, and not for any other purpose. In these circumstances, your personal data will only be transferred on one of the following bases:

  • The country that we send the personal data to is approved by the European Commission as providing an adequate level of protection for personal data;
  • The transfer is a recipient in the United States of America who has registered under the EU/US Privacy Framework;
  • The recipient has entered into standard contractual clauses as required by the European Commission with us or contract terms ensuring adequate data protection; or
  • We have received your explicit consent.

 

Retention of your data

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for and where we have a lawful reason to do so. In particular:

  • Where we have collected your personal data as required by anti-money laundering legislation, including for identification, screening and reporting, we will retain that personal data for between five and seven years after the termination of our relationship, unless we are required to retain this information by another law or for the purposes of court proceedings; or
  • Otherwise, we will in most cases retain your personal data for a period of seven years after the termination of our contractual or other relationship with you in case any claims arise out of the provision of our services to you.

Your contact information and personal data are stored securely, using a mixture of encryption, password protection, and servers/back-ups all kept with multiple lock protection.

We have put in place appropriate technical and organisational measures including physical, electronic and procedural measures to protect personal data from loss, misuse, alteration or destruction. We restrict access to information at our offices so that only officers and/or employees who need to know the information have access to it. Those individuals who have access to the data are required to maintain the confidentiality of such information. Please be aware that users should also take care with how they handle and disclose their personal data and should avoid sending personal data through insecure email.

Security of Processing:

We take the security of your personal data seriously and have implemented appropriate technical and organizational measures to protect it from unauthorized access, loss, misuse, alteration, or disclosure.

We also have in place procedures so we can address any suspected personal data breach incident and we will notify you and the relevant supervisory authority where we are required by law to do so.

Processing Data as Controller for Agents and Intermediaries

You, in a capacity of an agent or intermediary, will bring the attention of any individuals that you make our services available to any privacy notices or policies we make available for those services.

You confirm that any personal data of any individual provided to us by you or on your behalf has been collected and disclosed in accordance with the applicable Data Protection legislation. When using our services, you will take reasonable steps to ensure that you and your employees, agents and contractors do not input, upload or disclose to us any irrelevant or unnecessary information about individuals.

You will maintain appropriate physical, technical and organisational measurers to protect personal data against accidental, unauthorised or unlawful destruction, loss, alteration, disclosure or access.

You will without delay, tell us of any actual or suspected data breach relating to personal data that may impact us or the individuals.

 

Your rights under GDPR

Under the GDPR you have the following rights:

  • To obtain access to, and copies of, the personal data that we hold about you;
  • To require that we cease processing your personal data if the processing is causing you damage or distress;
  • To require us not to send you marketing communications;
  • To require us to erase your personal data;
  • To require us to restrict our data processing activities;
  • To receive from us the personal data we hold about you which you have provided to us, in a reasonable format specified by you, including for the purpose of you transmitting that personal data to another data controller; and
  • To require us to correct the personal data we hold about you if it is incorrect.

Please note that the above rights are not absolute, and we may be entitled to refuse requests where exceptions apply.

 

Data Protection Officer

We have designated a Data Protection Officer (“DPO”), who is responsible to monitor compliance with this Privacy Notice as well as the applicable Laws and liaise with the relevant authorities.

The DPO may be contacted directly with regards to all matters concerning this notice and the processing of your personal data including the enforcement of all applicable and available rights.

Official requests may be made electronically at: dpocyprus@kyprianou.com

 

Key Contacts:

For any information, questions and requests in relation to this Notice for our Offices outside Cyprus, you may direct your inquiries to the following key contacts:

For Greece, please contact athens@kyprianou.com , or at 5 Zalokosta Street, 3rd Floor Syntagma, 10671 Athens

For Malta, please contact  infomalta@kyprianou.com , or at MK Business Centre, 115A, Floor 2 Valley Road, BKR 9022 Birkirkara

For Israel, please contact telaviv@kyprianou.com , or at 28 HaArba’a Street 34th Floor
6473925 Tel Aviv

For Germany, please contact frankfurt@kyprianou.com , or at Thurn-und-Taxis-Platz 6
60313 Frankfurt am Main

For Ukraine, please contact kiev@kyprianou.com , or at “Panorama” Business Centre, 9th floor 01025 Kiev

For Dubai (UAE), please contact dubai@kyprianou.com , or at Office 1902, Jumeirah Business Centre 5, 19th Floor, Jumeirah Lakes Towers, P.O. Box 124920

For United Kingdom, please contact london@kyprianou.com , or at Unit 11, The Piano Works, 113-117 Farringdon Road, London EC1R 3BX

For Poland, please contact warsaw@kyprianou.com, or at 7/9 Niemcewicza St, Apt 110 Warsaw, 02-022

 

The Right to Complaint:

If you have any concerns regarding the processing of your personal data, or our compliance with the GDPR and relevant data protection legislation, you should contact the Data Protection Officer at dpocyprus@kyprianou.com or the key contact for each respective office.

You also have the right to lodge a complaint with the relevant supervisory authority.

For any complaints you may have for Cyprus you may contact the Data Commissioner of the Republic of Cyprus at:

http://www.dataprotection.gov.cy/dataprotection/dataprotection.nsf/home_en/home_en?opendocument

 

 

Subscribe to our Newsletter

Subscribe to receive insights and event invitations delivered directly to your inbox.

subscribe now
© 2025Michael Kyprianou & Co LLC. All rights reserved. Website Developed by
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Contact us