This Privacy notice
- provides an outline of how The Samir Group (herein after referred to as ‘we’, ‘us’, ‘our’ or 'the Group') collects and processes data, whether on individuals (including personal data in respect of individuals who are past, present and prospective clients, intermediaries or other thirds parties with whom the Group interacts and/or any other individual connected/related to those parties) or otherwise.
- informs you about your rights under the local data protection law and the EU General Data Protection Regulation (‘GDPR’),
- applies to all other members of ‘The Samir Group’ along with the following group companies:
- Eumelia Trustees Limited
- ConnectedSky - www.connectedsky.com
- C. Samir & Co. LLC – www.csamir.com
- Desmos Capital Limited – www.desmoscapital.com
- FirstClassProject Limited – www.firstclassproject.com
- CYMEBA – www.cymeba.com
- might be subjected to updates and/or alterations for which you will receive a notification.
WHAT DATA DO WE HOLD
We process data in the context of providing legal and other services to clients. The categories of data we collect and process, according to the particulars of each case include:
- Contact details (including names, surnames, postal addresses, email addresses, telephone –and fax numbers numbers);
- Information required by The Group to meet legal and regulatory requirements, in particular in respect of anti-money laundering legislation, including but not limited to information on source of funds and source of wealth, Marital status, Tax Residency, Employment information, Identification documentation, Proof of Residence, whether you are part of any criminal proceedings, Whether you have dual nationality, whether you are a Politically Exposed Person, whether you are a US National, whether you hold a US Green card etc.)
- Information provided in the course of the provision of legal, corporate, fiduciary, financial, banking, accounting, payroll, tax, administrative, advisory (non-exhaustive list) (for example, information on professional relationships and background, financial wealth and assets held, transactions entered into, tax status, disputes and court proceedings engaged in);
- Financial information, such as payment related information;
- Meetings attended and visits to our offices;
- Any other information you may provide to The Group for the enablement of services as requested by you.
IMPORTANT NOTICE ON SPECIAL CATEGORY DATA
In certain instances, the personal data that we process may include "Special Category Data" (which includes information on a person's race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data processed for the purpose of uniquely identifying a natural person, health data, data on a person's sex life or sexual orientation or data relating to a person's criminal record or alleged criminal activity). In such instances, legal bases for processing that data may include explicit consent (where the Special Category Data has been provided to us by the data subject for any of the above-listed purposes) or the processing is being necessary for compliance with a legal obligation or for the purposes of legal proceedings or legal advice.
WHY DO WE NEED THIS DATA?
The Group ensures that the data collected and processed is relevant to one or more processing activities and that we does not collect nor process more or less data than what is reasonably required for achieving the purpose of each processing activity. Furthermore, for each purpose of processing, there is always at least one lawful basis to secure that the rights of individuals are safeguarded by all means. The purposes of processing and the lawful basis of each processing activity are the following:
|Purpose||Lawful basis of Processing|
|1. To enter into a client-relationship and for the provision of services|
It is in the legitimate interest of The Group as a provider of legal, corporate, fiduciary, financial, banking, accounting, payroll, tax, administrative, advisory (non-exhaustive list) to collect and process certain personal data in the context of provision of these services
The processing of this data is necessary for the aforementioned proceedings or to establish, exercise or defend the rights of the client with relation to these proceedings.
|2. For Identity verification, record keeping and maintenance of correspondence details|
Processing of such data is necessary for compliance with the legal and regulatory obligations to which we need to abide.
|3. To Ensure the security of The Group’s systems, members of staff and premises ( including the use of CCTV equipment in the public areas of the premises)|
It is in the legitimate interest of The Group to protect its business environment, members of staff and premises, and to ensure smooth business operations without unauthorized interruption.
By entering the The Group Premises both in the Nicosia Headquarters and the Limassol offices, and any other group office and/or representative office worldwide, any individual automatically consents to the use of CCTV monitoring purposes and to abide by the internal health and safety procedures of The Group.
|4. To meet all legal, regulatory and ethical obligations applicable to The Group|
Processing is necessary for compliance with all legal obligations to which The Group is subject or for the exercise of functions with public authorities both locally and internationally.
It is in the legitimate interests of The Group as a provider of services (as mentioned in point 1) to process data to the extent necessary to ensure that it meets all legal, regulatory and ethical obligations applicable to the Company.
|5. For the purposes of internal know-how and training|
It is in the legitimate interests of The Group as a provider of services (as mentioned in point 1) to process data for internal know how and staff training.
|6. To Follow up on comments, enquiries, requests and complaints.|
It is in the legitimate interests of The Group as a provider of services (as mentioned in point 1) to collect and process certain personal data to enable it follow up on comments, enquiries, requests and complains in order to enhance client/user experience with the services of The Group.
To perform and fulfil the contract with the individual for the provision of services (as mentioned in point 1)
|7. To promote, improve and enhance the provision of The Group’s services|
It is in the legitimate interests of The Group as a provider of services (as mentioned in point 1) to collect and process certain personal data to enable it to enhance client/user experience with The Group’s services.
|8. For Marketing purposes which includes but is not limited to: the sending of updates on important legal, corporate, fiduciary, financial, banking, accounting, payroll, tax, administrative developments; The Group’s company developments and/or events.|
It is in the legitimate interests of The Group as a provider of services (as mentioned in point 1) to process personal data to communicate with persons on topics and events which may be of interest to those individuals
|For the purpose of provision of IT- related services such as cloud storage, data encryption, Data Leakage Prevention and File- auditing (non-exhaustive list)|
It is in the legitimate interests of The Group as a provider of services (as mentioned in point 1) to implement the necessary measures for safeguarding the data as mentioned prior. For enablement of such IT-related safety measures, The Group will provide access to a third party IT Company for provision of such safety measures.
|9.Any other purpose(s) which has been agreed or notified to you|
The Group shall not carry out any automated decision-making activities, including profiling, using your personal information.
SOURCES AND RECIPIENTS OF DATA
The sources of data may include clients, intermediaries, other data processors, other data controllers, data subjects directly, third parties connected to the data subject (for example, their employer or another service provider who provides services to the data subject), open-source material, client representatives, Banks , Credit institutions, Administrative Service Providers, Lawyers, Auditors, Accountants, public authorities, any legal entity and/or third party individual who might introduce clients ( Individual and corporate) to us, Companies who Process Payments, The Department of Registrar of Companies and Official Receiver, The Land Register, The Bankruptcy Archive, the press, media, and the Internet.
The following is a list of potential recipients of data (in each case including respective employees, directors and officers):
- Employees of The Group who received the appropriate training with regard to the GDPR and have signed The Group’s Confidentiality and Non-Disclosure Statement.
- Other service providers ( Legal, Administrative, Governance or otherwise, including any bank or financial institution, audit firm, accountant firm and/or related individuals in relation to the service for which The Group has been engaged) where disclosure to that provider of services is considered necessary to fulfil the purposes set out above;
- Any sub-contractors, Lawyers, third parties, agents or service provides of The Group;
- Courts or Tribunals
- Third parties with whom The Group engages for the hosting of events or other marketing initiatives;
- Law enforcement agencies where considered necessary for The Group to fulfil legal obligations applicable to it;
- Regulators or other governmental or supervisory bodies with a legal right to the material or a legitimate interest in any material;
- Any registrar of a public register where the data is to be included in a public registry.
Unless expressly declared in this Privacy Notice or with the prior consent of the individual, personal data collected from an individual will not be disclosed to any third party other than the above-named parties.
Where The Group is entering into an engagement with a third party pursuant to which data may be processed by that third party, The Group will seek to enter into an agreement with that third party setting out the respective obligations of each party and it will seek to be reasonably satisfied that the third party has measures in place equal to those of The Group to protect data against unauthorised or accidental use, access, disclosure, damage, loss or destruction.
In the event that any such third party is outside of the European Union and where the data being transferred would include personal data which would be protected under applicable Data Protection regulation The Group will ensure that it meets the relevant requirements of that Data Protection regulation prior to carrying out any such transfer. This may include only transferring the data where The Group satisfied that:
- The non-European Union country has Data Protection laws similar to the laws in the European Union;
- The recipient has agreed through contract to protect the information in the same Data Protection standards as the European Union;
- We have obtained consent from relevant data subjects to the transfer;
RIGHTS OF DATA SUBJECTS
In response to such requests, The Group reserves the right to require the individual making the request to provide certain details about himself/herself so that The Group can validate that the individual is indeed the person whom the data refers to. The Group is required to respond to the request of the individual without undue delay and latest within one month of receipt of the request and it will endeavour to do so wherever possible. The Group reserves the right to charge a reasonable fee to cover any expenses that may arise from the request.
In any case in which a data subject chooses not to provide any personal data, or where any of the rights set out above are exercised to limit the processing of personal data, The Group may be unable to provide relevant services, or there may be restrictions on the services which can be provided.
RETENTION OF DATA
The Group retains personal data in accordance with its Data Retention Policy. Any personal data provided to The Group is retained according to such policy, to fulfil the purposes for which the data was collected. Once the business relationship has been terminated, we are obliged under the relevant AML Laws and Regulations to maintain these records consisting of personal data, for a period of minimum 5 years.
USE OF PERSONAL DATA IN LEGAL PROCEEDINGS
If it becomes necessary that The Group has to take action against you for any reason whatsoever, including but not limited to recovering from you any money you owe to The Group, you expressly agree that the personal data provided by you can be relied upon in identifying and taking legal action against you
CHANGES TO THIS PRIVACY NOTICE
The Group keeps this Privacy Notice under review in order to ensure that it is in line with any changes to the laws relating to privacy and personal data. Any updates will appear on The Group’s website at www.thesamirgroup.com
This Privacy Notice was last updated on 23 May 2018.
The General Data Protection Regulation (EU) 2016/679 shall apply from 25 May 2018. Until then the Processing of Personal Data (Protection of Individuals) Laws 2001 until 2012 remain in force.
For any additional information about your rights under the data protection regulation you may visit http://www.dataprotection.gov.cy/dataprotection/dataprotection.nsf/home_en/home_en?opendocument