1.1 EKAVI LTD, a limited liability company incorporated and registered under the Laws of the Republic of Cyprus, with registration number HE174887, member of the Institute of Certified Public Accountants of Cyprus (ICPAC), having its registered address at 7 Florinis Street, Greg Tower, Office 201, 1065, Nicosia, Cyprus (hereinafter referred to as “Ekavi”, “we”, “our” or “us”).
1.2 This Privacy Notice Policy (hereinafter referred to as the “Privacy Notice”) is issued pursuant to and reflects compliance with the requirements and/or obligations and/or duties introduced by the EU General Data Protection Regulation 2016/679 (hereinafter referred to as the “GDPR”) and the implementing legislation L.125(1)/2018, of the Republic of Cyprus as amended and replaced from time to time.
2.1 Ekavi respects individuals’ rights to privacy and the protection of Personal Data. The scope of this Privacy Notice is to explain and elaborate on how we collect, use, process and store your Personal Data in the course of our business.
2.2 “Personal Data” or “Data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
2.3 Ekavi may update the Privacy Notice from time to time. When we make any updates, we will communicate such updates to you via a notice on our website and publish the updated Privacy Notice on our website www.ekavi.eu .
2.4 We would encourage you to visit our website regularly to stay informed about the purposes of processing of your Personal Data and your rights to control how we collect, use or process your Personal Data.
3.1 We collect, use and process various categories of Personal Data at the start of, and for the duration of, your business relationship with us as well as after the termination of our business relationship. Ekavi will limit the collection and processing of Personal Data to the necessary Data to meet the purpose and legal basis as described in the Section 5 of this Privacy Notice.
3.2 Personal Data may inter alia, include:
a. Basic Personal Data, including but not limited to name, residential address, date of birth, email address, telephone number, nationality;
b. Financial status information including but not limited to source of income, gross income, net worth, transactional history, deposits and withdrawal requests, financial needs and goals;
c. Purpose and reason of account including but not limited to the nature of the transactions;
d. Employment status information including the industry of employment and position of employment, field of study and level of study (Curriculum Vitae);
e. visual images including but not limited to copies of passports, identity cards and driver’s license;
g. Bank account details including but not limited to IBAN number, SWIFT code, account number and Sort Code (where applicable).
3.3 Ekavi may also process certain special categories of Personal Data for specific and limited purposes and only on the basis of an explicit consent granted by you or on any other legal basis, as described in the Section 5 of this Privacy Notice.
3.4 These special categories of Personal Data include:
a. Physical or psychological health details or medical conditions;
b. Information about racial or ethnic origin;
c. Religious or philosophical beliefs;
d. Biometric information, relating to the physical or physiological characteristics e.g. where these form part of the documentation which we gather for the purposes of compliance with our obligations under the Prevention and Suppression of Money Laundering and Terrorist Financing Law L.188(I)/2007, the Prevention and Suppression of Money Laundering Activities
Directive to the Members of ICPAC pursuant to Section 59(4) of The Prevention and Suppression of Money Laundering Activities Law of 2007 as amended in 2010, 2012 and 2013 and the ICPAC handbook (hereinafter referred to as the “Anti-Money Laundering Framework”) to which we are subject.
3.5 Subject to the applicable law, Ekavi may process Personal Data about criminal convictions or offences and/or alleged offences for specific and limited activities and purposes including but not limited to perform checks to prevent and detect crime and comply with the Anti-Money Laundering Framework. It may involve investigating and gathering intelligence on suspected financial crimes, fraud and threats and sharing Data with financial organisations, competent or other authorities including non-governmental authorities in any jurisdiction within or outside the European Economic Area (hereinafter referred to as the “EEA”). Where we are required to do so under the Anti-Money Laundering Framework to which we are subject, your Personal Data will be reported to the money laundering combat unit in Cyprus (MOKAS).
4.1 Your Personal Data is collected:
a. From you;
b. From third parties who provide services to you established or located within and/or outside the EEA (e.g. lawyers and/or accountants);
c. from our Associates;
d. Credit reference and fraud prevention agencies, (e.g. Lexis Nexis risk solutions), banks or other financial institutions, third authentication service providers and the providers of public registers;
e. During our business relationship with you;
f. From publicly available sources including the press, company registers and online search engines (e.g. google).
4.2 It is your duty and responsibility to provide us with updates as to the Personal Data provided in order for such Data to remain current, accurate and correct and you acknowledge that we rely on the Personal Data provided to us in carrying out our obligations, under the law and our business relationship with you.
4.3 Where you are a corporate entity providing to us Personal Data of any individual or where you are an individual providing us with Personal Data of any individual other than yourself, you hereby undertake and represent that such individual, whose Personal Data is collected, used, processed and stored in accordance with this Privacy Notice, has been fully informed of and clearly consented in writing to such collection, use, processing and store of his/her Personal Data under this Privacy Notice and that he/she has been informed of his/her rights in relation to the Personal Data which is collected, used, processed and stored, under this Privacy Notice.
4.4 Ekavi may collect Personal Data of children or underage individuals (under the age of 18 years) from their parents or guardians directly, if needed in the normal course of business of the Company.
5.1 We would like to ensure that you fully understand the purpose and the legal basis of collecting, using, processing and storing of your Personal Data. Thus, in this Section we will describe the purposes for which your Personal Data may be used as well as the legal basis of processing of your Personal Data.5.A Purpose of processing
5.A.1 We will only collect, use, process, store, share or transfer your Personal Data where it is necessary for us to carry out our lawful business activities and provide our services. We will process your Personal Data for the purpose of or in connection with the provision of professional services to you, for performance of our security, quality and risk management activities, and for compliance with our legal obligations.
We set out below in further detail the legal bases on which your Personal Data is being processed.
We have described the legal basis for which your Personal Data may be used in detail below:5.B.1 Performance of a Contract/Contractual necessity
5.B.1.1 We may process your Personal Data where it is necessary to enter into a contract with you for the provision of our services or to perform our obligations or duties under such contract.
5.B.1.2 On the basis of contractual necessity we may collect, use, process and store Data such as name of the client.
5.B.1.3 Please note that if you don’t agree to provide us with the Data required on the basis of contractual necessity we may have to suspend or terminate the services provided to you.
5.B.2 Legal and Regulatory Obligations
5.B.2.1 When you establish a business relationship with us in order to provide you with our services, throughout your relationship with us and after the termination of your business relationship with us, we are required by the law to collect, use, process and store certain Personal Data about you.
This may include Personal Data necessary:
a. To comply with any and all legal and/or regulatory obligations whatsoever under the laws and regulations, in any jurisdiction within or outside the EEA;
b. To be used in the courts, law enforcement agencies, regulatory agencies, and other public or competent or tax authorities or other authorities, governmental or not, in any jurisdiction within or outside the EEA;
c. To carry out checks in relation to anti-money laundering and terrorist financing, bribery, fraud, and/or sanctions whatsoever as required by the laws and regulations;
d. To protect our rights, privacy, safety or property whatsoever;
e. To be used for the prevention, detection or investigation of crimes whatsoever.
5.B.2.2 Ekavi may collect, use, process and store Personal Data such as, name of the client including the names of the directors, shareholders and ultimate beneficial owners (in case of a corporate client) to comply with the legal and/or regulatory obligations.
5.B.2.3 Please note that if you don’t agree to provide us with the Data required to meet our legal and/or regulatory obligations we may have to suspend or terminate the services provided to you.
5.B.3 Legitimate interests of Ekavi
5.B.3.1 We may collect, process, use, and store your Personal Data where it is in our legitimate interests and without prejudicing your interests or fundamental rights and freedoms.
5.B.3.2 We may process your Personal Data to manage our business, financial affairs as well as to protect our employees, clients and property. It is in our interests to ensure that our processes and systems operate effectively and that we can continue operating as a business.
5.B.3.3 This may include processing of your Data to:
a. Monitor, maintain and improve internal business processes, information and data, technology and communications solutions and services;
b. Ensure business continuity and disaster recovery responding to information technology and business emergencies;
c. Ensure network and information security, including but not limited to monitoring authorised users’ access to our information technology for the purpose of preventing cyber-attacks, unauthorised use of our telecommunications, trading or other systems and websites, prevention or detection of crime and protection of your Personal Data;
d. Provide assurance on the management of Ekavi’s material risks;
e. Perform general, financial and regulatory accounting and reporting;
f. Protect our legal rights and interests.
5.B.3.4 It is in Ekavi’s interest to ensure that it provides you with the most appropriate services.
5.B.3.5 This may require processing of your Data to enable us to:
a. Understand your actions, behaviour, preferences, expectations, feedback and financial history in order to improve our services, develop new business opportunities and services, and to improve the relevance of the services offered;
b. Monitor and improve the performance and effectiveness of services.
5.B.3.6 Please note that if you don’t agree to provide us with the Data collected, used, processed and stored on the basis of the legitimate interest we may have to suspend or terminate the services provided to you.
5.B.4.1 For special category of data as well as for research, statistical or marketing purposes we may only collect, use, process and store Personal Data where an explicit consent has been granted.
5.B.4.2 On the basis of Consent we may collect, use, process and store Data e.g. for marketing purposes.
6.1 Ekavi takes all the appropriate measures to make sure that you are fully informed about your rights in regards with all Personal Data we collect, process, use and store. For information about your rights and how your rights may be exercised please click here.
6.2 In the event you have any queries about how we collect, use, process or store your Personal Data that are not answered in this Privacy Notice, or if you wish to complain to our Data Protection Officer, please contact us at firstname.lastname@example.org or at Tel: +357 22818600 or at Fax: +35722818601 or at 7 Florinis Street, Greg Tower, Office 201, 1065, Nicosia, Cyprus.
7.1 Ekavi reserves the right to change the way and/or the purpose of processing and use of your Personal Data. As a result, where Ekavi decides to process or use your Personal Data for purpose other than the purpose for which such Personal Data were initially collected, processed and used and stored, it shall provide you with all relevant information of such change including the new purpose under which such Personal Data will be used and/or processed as well as all of your rights as described in the Section 6 of this Privacy Notice.
8.1 We may directly contact you to provide you with information in regards with the status, operation and maintenance of your Personal Data including updated information about how we collect, use, process and store your Personal Data by email, email@example.com.
9.1 We will only use and share your Personal Data where it is necessary for us to lawfully carry out our business activities and/or provide our services. Your Personal Data may be shared with and used, processed and stored by subsidiaries and/or other group companies.
10.1 We may share your Personal Data with the following recipients and categories of recipients:
a. Third party organisations that provide applications, data processing or IT services to Ekavi including cloud-based software, identity management, web-hosting, data analysis, security and storage services.
b. Other third-party service providers and processors, including file storage services and companies providing background checks.
c. Agents and Associates.
d. Insurers and professional advisors including legal advisors
e. Law enforcement and other government and regulatory agencies and other third parties as required under applicable law.
10.2 We may share your Personal Data with third parties in the following cases:
a. Where we have your explicit and written consent;
b. It is required for your service;
c. Where it is requested by any Competent or any other authority having control or jurisdiction over Ekavi or you or your associates whatsoever or in whose territory Ekavi has clients;
d. With Competent authorities to investigate or prevent fraud, money laundering or other illegal activity;
e. With credit reference and fraud prevention agencies, third authentication service providers, banks and other financial institutions for credit checking, fraud prevention, anti-money laundering purposes, identification or due diligence checks of the Client. To do so they may check your details supplied against any particulars on any database (public or otherwise) to which they have access. They may also use your details in the future to assist other companies for verification purposes. A record of the search will be retained by Ekavi;
f. With any of Ekavi’s professional advisors provided that in each case the relevant professional shall be informed about the confidential nature of such Data and commit to the confidentiality obligations herein as well;
g. With other service providers who create, maintain or process databases (whether electronic or not), offer record keeping services, email transmission services, messaging services or similar services which aim to assist Ekavi collect, storage, process and use your Personal Data or get in touch with you;
h. With successors or assignees or transferees or buyers, with five (5) Business Days prior written notice to you;
i. With such third parties as we see fit to assist us in enforcing our legal or contractual rights against you including but not limited to debt collection agencies and legal advisors. You acknowledge that any of the persons listed in the previous sentence may be either within or outside the EEA;
j. It is required by the law and by law enforcement agencies, judicial bodies, the financial ombudsman, government entities, tax authorities or regulatory bodies and/or other competent authorities, governmental or not, whatsoever, established or located within or outside the EEA;
k. With software, platform support or cloud hosting companies;
10.3 Our third-parties to which we share and/or transfer your Personal Data are not allowed to use or disclose or share whatsoever for any other purpose other than the purpose to provide services, as agreed, to us.
10.4 We will not disclose to any third party your Personal Data for its own marketing purposes without your consent.
10.5 Please note that your Personal Data may be shared, transferred, collected, processed and stored in the following countries (non-EEA or EEA equivalent): Ukraine, British Virgin Islands, Panama, Seychelles, UAE, Marshal Islands and Belize, Turks and Caicos, Hong Kong, Mauritius.
10.6 If you would like a copy of your Personal Data held by the third parties or if you want to receive more details on how your Personal Data is collected, used, processed or stored by the third parties please contact us at firstname.lastname@example.org or at Tel: +357 22818600 or at 7 Florinis Street, Office 201, 1065, Nicosia, Cyprus.
11.1 We may share or transfer your Personal Data with recipients in non-EU where:
a. the European Commission has decided that the country or the organisation we are sharing your Personal Data with will protect your Data adequately;
b. the transfer has been authorised by the relevant data protection authority;
c. we have entered into a contract with the organisation with which we are sharing your Personal Data (on terms approved by the European Commission or the Data Protection Commissioner of the Republic of Cyprus) to ensure your Personal Data is adequately protected.
12.1 We may provide you with any notifications or updates in regards with corporate or tax matters or notifications about deadlines of submissions of documentation or other information to Companies House or tax authorities as part of the services which we provide to you. You have the right to request that we do not make such communications by written request at email@example.com or at Tel: +357 22818600 or at 7 Florinis Street, Greg Tower, Office 201, 1065, Nicosia, Cyprus.
13.1 We retain the Personal Data processed by us for as long as we consider necessary for the purpose for which it was collected, as required and/or as required under any legal provision to which we are subject and/or for such other periods as can be lawfully justified in each case.
13.2 Documentation or Data gathered by us in accordance with our obligations under the relevant Anti-Money Laundering Framework to which we are subject is maintained for a period of 6 years after the termination of our business relationship or a one-off transaction. Ekavi, retains such records for such period to allow ICPAC to perform effectively its supervisory functions in respect of compliance with Anti-Money Laundering Framework as it is provided in the ICPAC Handbook to which we are subject, as this may be amended from time to time.
13.3 Personal data may be held for longer periods where extended retention periods are required by the Law or regulations and/or in order to establish, exercise or defend our legal rights before a Court or tribunal or arbitral tribunal whatsoever.
14.1 We are committed to ensuring that your Personal Data is secure. For more information about the steps we are taking to protect your Personal Data please contact us at firstname.lastname@example.org or at Tel: +357 22818600 or at 7 Florinis Street, Greg Tower, Office 201, 1065, Nicosia, Cyprus.
14.2 In the event of any loss or destruction or other form of personal data breach in respect of your Personal Data which is likely to result in a high risk to your rights and freedoms, we will contact you from email@example.com, on your email provided during the establishment of the relationship unless you provide us with other contact details in respect of such notifications. Any such contact details should be communicated to the DPO.
15.1 There are signs in our office showing that CCTV is in operation. The images captured are securely stored and only accessed on a need to know basis (e.g. to look into an incident). We use the CCTV images for the legitimate purposes of promoting security and safety of our employees, clients and member of a public, preventing and detecting crime and establishing, exercising and defending legal claims. It shall be noted that Ekavi may disclose CCTV images to law enforcement bodies as per GDPR.
Especially, Ekavi uses CCTV system for the following purposes:
- Protect staff, clients and visitors of the organisation
- apprehend and prosecute offenders and provide evidence to take criminal or civil action in the courts
- provide a deterrent effect and reduce unlawful activity
- help to provide a safer environment for the staff, clients and visitors
- monitor operational and safety related incidents
- help to provide improved services
- assist with the verification of potential claims.
15.2 CCTV recordings are typically automatically overwritten after a short period of time and maximum after a period of 30 days after being recorded unless an issue such as a crime, is identified that requires investigation.
16.1 Ekavi is generally a controller for processing of the Personal Data, however, we may provide some services as processors. If you have any queries about how we collect, use, process or store your Personal Data that are not answered in this Privacy Notice, or if you wish to complain to our Data Protection Officer, please contact us at firstname.lastname@example.org or at Tel: +357 22818600 or at 7 Florinis Street, Greg Tower, Office 201, 1065, Nicosia, Cyprus.