Last updated: March 2024
1. Purpose
1.1 Our Organization
A.G. Raftis Business Consulting Ltd (ΗΕ 408632) and/or A.G. Raftis Trustees Ltd (HE 435160) and/or A.G. Raftis & Co Ltd (HE 442711) (hereinafter jointly referred to as “we”, “us”, “our”, “Company”) are committed to protecting your privacy. This Policy explains how we collect and use your personal data and what entitlements you have in this respect.
This Policy applies regardless of whether you access our website through your personal computer, mobile device, or any other means. For any questions, please contact our Data Protection Officer via email: andreas.raftis@raftisconsulting.eu.
1.2. Data Controller
Our Company is responsible for your personal data. Under its’ capacity as Data Controller, the Company defines all the procedures, means and purposes of processing of personal data in accordance with the requirements of the relevant European Legislation on Personal Data (General Data Protection Regulation – Regulation 2016/679).
1.3. Joint Data Protection Officer and Relation with the Data Controller
In all cases where the Company enters into agreements with third party service providers for the purpose of performing the services on your behalf, all such parties are considered as “joint controllers”. In addition, the Company may delegate to third parties (physical or legal) certain tasks on its behalf. In such cases, the third party becomes the “data processor”. Under all circumstances however, the Company takes all the appropriate measures to protect and process lawfully your personal information, by executing written agreements with explicit assignment of responsibilities when engaging other service providers and using all appropriate safeguards to ensure the integrity and safety of your data.
2. Categories and Use of Your Data
| No. | Purpose of data processing | Kind of Personal information we hold about you | Possible consequences of failure to provide personal data | Legal basis for processing | Means of collection of your personal information | Permitted Purposes |
|---|---|---|---|---|---|---|
| 2.1. | For provision of advice, consultation or other services you may have requested relating to the services we provide and for managing our business relationship with you, including support services. | Identification data i.e., full name, postal address including business and home address where you have provided this to us, contact details such as email address, fax number, telephone or mobile number. | As a general principle we require voluntary personal data disclosure and there will be no major consequences if you decline to provide such data. However, there may be circumstances where we will not be able to act on your behalf without certain of your personal information, i.e. because we will not be able to process your instructions or requests or carry out a legally required due diligence screening or you may experience insufficient communication or poor service. In such cases we will notify you accordingly. | Consent. | When you seek advice, consultation, or other services from us, including but not limited to Business Consulting, Directorships, Trustee Services, Audit & Assurance and Liquidations. | Processing is necessary for providing advice, consultation or other services requested from us and administering our business relationship with you. |
| 2.2. | Data necessary for accounting, billing and collection, processing payments. | Financial data including credit/debit card numbers, bank account details and other related billing information. | Insufficient service or inability to provide you with what you request or financial abeyance. | Consent. | When you make an inquiry or assign or otherwise interact with us, including but not limited to on our website, by email or phone communication. | For processing payments, accounting, auditing, billing and collection. |
| 2.3. | Data necessarily processed in an assigned task or client contractual relationship with us or voluntarily provided by you. | Business information including instructions given by you, payments made, service requests and assignments. | Not possible for us to provide you with our services, without obtaining the relevant data. | Legal obligation/ contract execution. | When you make an inquiry or assign or otherwise interact with us, including but not limited to on our website, by email or phone communication. | For performing your instructions and providing our service to you. |
| 2.4. | Where this is relevant to the services provided to you. | Information provided from publicly available sources, integrity data bases and credit agencies. | Insufficient service or inability to provide you with what you request. | Legal obligation/consent. | For example, through your organization or other organizations with whom you have dealings, government agencies, information or service provider or from a publicly available record. | To comply with our legal and regulatory obligations. |
| 2.5. | If legally required for KYC/due diligence or compliance purposes. | Further identity data such as marital status, date of birth, passport and/or I.D. number, CV. | Not possible for us to provide you with our services, without obtaining the relevant data. | Legal obligation/protection of legitimate interest provided that such interest does not override your interests, rights or freedoms. | This may include but not limited to automated checks of your data or other information you provide about your identity against applicable sanctioned-party lists and contacting you in case of potential match for compliance purposes. | To comply with our legal and regulatory obligations i.e. compliance purposes on anti-money laundering, financial and credit check and fraud and crime prevention, detection purposes and being audited by regulatory bodies. |
| 2.6. | If relevant to the services that we provide. | Preference data. | Insufficient service or inability to provide you with what you request. | Consent. | When you make an inquiry or it may be automated for monitoring and assessing our services and standards. | To analyze and improve our services and communications to you or for any purpose related to and/or ancillary to any of the above or any other purpose for which your information was provided to us. |
3. Collecting personal data with Cookies and Types of Cookies that we use
3.1. By visiting and using our website, cookies are collected and used on the basis of consent. Information in these cookies include browser type, search terms on our website, search terms on other websites, IP address, location at login (hereinafter "Cookie data").
3.2. Cookie data is used for improvement of the website and the user experience, to deliver our services, to prevent unauthorized logins, fraud, scams and illegal use of our website or services, as well as for customer support.
3.3. We use the following cookies:
- Strictly Necessary: These are required for the operation of our website i.e. they enable you to log into secure areas of our website.
- Analytical/Performance: These allow us to recognize and count the number of visitors and their behaviour and preferences when they use our website. This helps us improve the way our website works, by ensuring that users can easily find what they are looking for.
- Functionality: These are used to recognize you when you return to our website. This enables us to personalize our content for you and remember your preferences (i.e. choice of language, region, etc.)
- Targeting: These record your visit to our website, the pages you have visited and the links you followed. This information is used to make our website more relevant to your interests.
3.4. If you wish to limit or decline the cookies placed on your computer when visiting our website you can do so at any time by changing your browser settings. However, you should be aware that if you decline or reject cookies it may impact the functionality of the website or you may not be able to access all or parts of our site. Any browser allows that you delete cookies collectively or individually. How this is done depends on the used browser. Remember to delete the cookies in all browsers if you use several different browsers.
3.5. Please note that third parties (including for example external service providers) may also use cookies, over which we have no control. These cookies are likely to be analytical/performance or targeting cookies.
4. Disclosure of Personal Data
We shall not assign, disclose, share, or transfer your personal information to any third person, organization or entity in a manner different from that described in this Policy. However, we reserve the right to disclose your personal information to third parties:
4.1. For compliance with any legal or regulatory obligation or judicial or official request to do so.
4.2. To cooperate with law enforcement agencies and to investigate and prosecute illegal activities, including but not limited to actual or suspected fraudulent or criminal activities.
4.3. We may share your personal data with courts, lawyers, or other parties where it is reasonably necessary for the establishment, exercise or to defend a legal or equitable claim, or in any alternative dispute resolution process.
4.4. We may share your personal data with companies providing services of money laundering checks, credit risk reduction and other fraud and crime prevention services.
4.5. We will not disclose your personal data to third parties outside the European Union, in countries where there is no secure data protection regime. However, if such a transfer of data is required, it will be done in accordance with the necessary safeguards laid down by European legislation (Regulation 2016/679) and following previous cooperation with the national supervisory authority for the protection of personal data, namely the Office of Personal Data Protection Commissioner of the Republic of Cyprus.
5. Time Limit of Data Storage
5.1. Your data will be stored for a certain time, with absolute respect to the purpose for which the data was collected, in accordance with the principles of data minimization and storage limitation.
5.2. Based on those principles, your data will be retained for as long as necessary to fulfill the permitted purposes. Once our business relationship expires or terminates, or should you no longer wish to receive any service from us, we will aim to erase all your personal data in a timely manner, subject to retaining your data to potentially assert or defend against legal claims for as long as the claims in question remain pending.
5.3. It should be noted that we align the retention of your data with possible variations resulting from the exercise of your rights to the protection of your personal data.
5.4. When determining the appropriate retention period, we examine the amount, nature and sensitivity of your personal information, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process your data and whether we can achieve those purposes by other means, subject also to the applicable legal requirements.
5.5. We aim to limit the data retention period to a maximum of seven (7) years, unless the purpose for which we retain and process your data necessitates otherwise.
6. Data Storage
Your data are reserved and stored under the sole supervision of the Company. Access to such data may be granted by the Company to its administrative officers and/or employees who are duly engaged to carry out your instructions.
7. Rights of Protecting Your Personal Data
7.1. At any time while we maintain or process your data, you retain the following rights, and you may submit a request, such as:
- Right to information – you have the right to know that personal data are collected and processed.
- Right of access – you have the right to access the personal data we hold for you, and you may request a copy thereof, provided we process them in electronic form.
- Right to rectification – you have the right to correct inaccurate or incomplete data that we hold for you by presenting the necessary documentation for rectification.
- Right of erasure – You may request that the data we hold for you shall be deleted as a whole or partly, and we are obliged to satisfy your request in specific cases when the law allows us.
- Right to restriction of processing – You have the right to obtain from us restriction of processing with respect to certain conditions, such as where the accuracy of the personal data is contested, for a period enabling us to verify the accuracy of the personal data or where the processing is unlawful and there is pending verification as to the legitimate grounds that may override your rights.
- Right to data portability – You have the right to request that the data we hold for you, be transferred to another entity.
- Right to object – you have the right to object to the processing of your personal data, unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
- Right to recall consent – you have the right to recall your consent to the processing of your data, without however affecting the legality of our processing prior to such withdrawal.
7.2. When you exercise any of your rights to object to our processing or request the deletion and/or restriction of processing, we will consider your request and ensure that your interests are properly balanced against our legitimate interests and whether it is still necessary to process your data for the permitted purpose for which they were collected.
7.3. We will evaluate your request and respond to you about its progress (approval, partial approval or rejection of a request), as soon as practically possible and in any case within ten (10) days of its submission.
7.4. If your requests are repeated or require disproportionate technical efforts or may affect the privacy of third parties, we may either reject them as unfounded or demand a reasonable administrative fee. In any case, the answers to your requests will be reasoned and communicated to you (either in printed format or electronically).
7.5. Before we can satisfy any of your requests, we may ask you to verify your identity or provide other details to help us identify you and respond to your request.
7.6. You have the right to submit a complaint directly to the Personal Data Protection Commissioner Office supervisory authority and/or the Company’s Data Protection Officer.
8. Updating Personal Data
8.1. You may check, update, or delete some personal information.
8.2. If you want to end your relationship with us, you can also contact the Company’s Data Protection Officer directly. We will comply with such requests unless we have a legal obligation or a legitimate interest in not deleting the data.
8.3. If any of the personal data you have provided us changes or if you become aware of inaccurate personal data we hold on you, please let our Data Protection Officer know by email at andreas.raftis@raftisconsulting.eu.
9. Data Security
We shall take every necessary and appropriate technical and organizational measure in order not only to protect, keep confidential and secure your personal data, but also to prevent or minimize any risk of harm to them. Those measures are compatible with modern best practices and the requirements of European legislation. The methods of pseudonymisation and cryptography are reported as typical examples. We also apply supplement methods to protect personal data, such as the creation of strong security codes, tracking and controlling operations under legal conditions, and strict adherence to a policy of confidentiality. All these actions are intended to prevent data misuse, unauthorized access or disclosure, loss, alteration, or destruction. Personal data may be kept on our personal data technology systems or in paper files.
10. Advertising Communications
Regarding advertisements or marketing related communications, we will only provide you with such material, where legally required, if you have freely and explicitly provided your consent to receive such material and you will also be provided with the option to withdraw your consent anytime you decide that you do not wish to receive further marketing-related communication from us. Under no circumstances will your personal information be used for taking any automated decisions or profiling other than the above described.
Where you have expressly given us your consent, we may process your personal information for communicating with you through the means you have approved, to keep you up to date with industry related developments, announcements and other information about our services.
11. Changes in Data Privacy Policy
We reserve the right to update or change this Policy from time to time to reflect any changes in the legal requirements or on the way in which we process your personal data. Any updates or changes in this Policy will be communicated to you through our website or by mail or electronic communication, based on the communication means you have approved.
12. Communication
In accordance with the requirements of European law (Regulation 2016/679, article 37), we inform you that we have appointed as our Data Protection Officer: Mr. Andreas Raftis.
If at any time you believe we are not complying with the provisions established in this Policy or if you have any other matter related to data protection or wish to make a complaint, query or comment to us about our handling of your personal information, please contact our Data Protection Officer via email: andreas.raftis@raftisconsulting.eu.
If you are not satisfied with our response, you may file your complaint with the Office of the Commissioner for Personal Data Protection of the Republic of Cyprus at:
Iasonos 1, 1082 Nicosia, Cyprus
P.O. Box 23378, 1682 Nicosia, Cyprus
Tel: +357 22 818 456
Fax: +357 22 304 565
Email: commissioner@dataprotection.gov.cy
13. Disclaimer
13.1. We will not accept responsibility for any losses arising from any inaccurate, incomplete, deficient or inauthentic personal data that you provide to us.
13.2. If you provide personal data to us about someone else, you must ensure that you are entitled to collect, use and disclose that data to us and we shall not be held responsible for not taking any further steps in establishing your entitlement in this respect.
© Raftis Business Consulting | All Rights Reserved
Privacy Policy | Terms & Conditions | Photo Credits: Pexels.com
Licensed & Developed by UIBS.