Latest Update 22 January 2019

1.                  Introduction

This Data Protection and Privacy Policy sets out the data processing practices carried out by E. Tzioni & Associates LLC (‘the firm’, ‘we’, ‘us’, ‘our’).

If you have any requests concerning your personal information or any queries or any complaint regarding the practices followed by our firm, please contact us at info@tzionilaw.com.cy.

2.                  Who We Are

E. Tzioni & Associates is a law firm based in Nicosia, Cyprus which is incorporated as a lawyers’ limited company in the Republic of Cyprus with registration number HE383697 and authorised and regulated by the Cyprus Bar Association.

Our law firm is a Data Controller under the data protection rules. This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this Data Protection and Privacy Policy.

We consider the privacy of our clients, employees, visitors and/or associates to be extremely important, hence we are committed to protecting the privacy and security of your personal information in accordance with the EU General Data Protection Regulation (“GDPR”).

This Data Protection and Privacy Policy describes in detail the types of personal information collected and recorded by us and how we use it.

3.                  Data protection principles

Our company undertakes to comply with the principles relating to processing of personal data laid down in the GDPR. Those principles prescribe that the personal information we hold about you must be:

1. Processed lawfully, fairly and in a transparent way.
2. Collected only for valid purposes that we have clearly explained to you and not processed in any way that is incompatible with those purposes.
3. Relevant to the purposes we have told you about and limited only to those purposes.
4. Accurate and kept up to date.
5. Kept only as long as necessary for the purposes we have told you about.
6. Kept securely.

4.                  Information collection

4.1              Ways we collect data

We collect information in the following ways:

Information you give to us. For example, when you engage with us for the provision of legal services or by subscribing to our newsletter or otherwise, you provide us with personal information. When you engage with us, we will ask for personal information, like your name, email address and telephone number and other information as may be required by law. You may also provide your personal information upon exchange of your business card.

Information we receive from your use of our website and services. We collect information about the services you use and how you use them, like when you visit our website or view and interact with its content.

Information from third parties. We may also receive information about you from third parties. This can include information such as your name, postal address, email address, phone number, your geographic location (for mobile devices). We are able to identify what browser you are using, IP address and computer operating systems that are being used and this information may be used to improve the services we offer.

Information from Research. We may also obtain information about you from your company website and other public sources such as LinkedIn, Facebook, or other social media or any material published online. We will notify you when we receive your data and you will be given the opportunity to opt out of all communication and to remove your data immediately.

4.2              Sensitive Personal Data

The GDPR recognises that certain categories of personal information are more sensitive. This is known as sensitive personal data and covers health information, race, religious beliefs and political opinions. We do not usually collect sensitive personal data about you unless there is a clear reason for doing so, such as where we need this information to enable us to provide appropriate services to you.

5.                  Use of personal information

We process personal information collected via our website for the purposes of:

• providing and personalising our services
• dealing with your inquiries and requests
• providing you with information about our services.
• exchanging personal information with third parties e.g. Mailing Houses, e-mail marketing software providers, Marketing and Telesales.
• Maintaining information as a reference tool or general resource.
• Carrying out market research campaigns.
• Google Analytics to measure the use of the website (see Cookies).
• Security – we process all data submitted to our Web server in order to identify any potential threats such as viruses, trojans or data scraping based on rules, known vulnerabilities and poor reputation of the device being used to access our site.

6.                  Website users

Our website makes use of cookies to render it functional and to track information about how people are using them.

6.1              Website Cookies

To provide the best experience to our users, our website makes use of cookies. Our cookies do not store sensitive personal information. They only store the browser association that loads the data and provides a dynamic experience for the site user.

6.2              Third Party Links

Our website may include links to third-party websites. Clicking on those links may allow third parties to collect or share data about you. We do not control these third-party websites and we are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every other website you visit.

6.3              Inappropriate website content

If you post or send any content that we believe to be inappropriate, offensive or in breach of any laws, such as defamatory content on our participating forums or social media pages, we may use your personal information to inform relevant third parties such as your internet provider or other parties.

7.                  Legal basis for processing personal data

We will only use your personal information in accordance with the GDPR legal basis set out herein below. Most commonly, we shall use your personal information in the following circumstances:

1. Where we are taking steps at your request prior to entering into a contract and where we need to perform the contract which we have entered into with you (i.e. as a client);
2. Where we need to comply with a legal obligation (e.g. compliance with relevant anti-money laundering legislation, accounting regulations etc.);
3. Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights and freedoms do not override those interests;
4. You may have expressly asked us to do something or have otherwise given your clear consent to us to process your personal data (e.g. responding to a question you may have asked us or subscribing on our newsletter).

We may also use your personal information in the following situations, which are likely to be rare:

1. Where it is necessary to protect the vital interests of you or another person.
2. Where it is needed in the public interest or in the exercise of official authority.

8.                  Marketing – It’s your choice

We want to ensure you receive the level of information about us that is right for you. It is always your choice as to whether you want to receive information about our work and the ways you may engage.

If you do not want us to use your personal information in these ways, please indicate your preferences on the form on which we collect your data.

8.1              Email Marketing

If you actively provide your consent to us along with your email address, we will contact you for marketing purposes by email. By subscribing to our firm’s emails or opting in to email communication from our firm, you grant us the right to use the email for email marketing purposes.

8.2              Post/telephone marketing

If you have provided us with your postal address or telephone number, we may send you direct mail or telephone you about our services unless you have told us that you would prefer not to receive such information.

8.3              Photography and Filming

Certain sessions and/or social functions may be photographed and/or filmed and some of this content may be used for our future marketing materials, member communications, products or services. Should you have any concerns with regard to this, or do not wish to be featured in any of these materials, please contact us at info@tzionilaw.com.cy.

9.                  Data Retention

We will cease to retain your Personal Data or remove the means by which the Personal Data can be associated with you, after seven years (7) where your relationship with us has been terminated and/or as soon as it is reasonable to assume that such retention no longer serves the purposes for which the Personal Data were collected and are no longer necessary for legal or business purposes (except where retention is permitted or required by law e.g. anti-money laundering laws).

10.              Your rights to your personal information

Under the GDPR, you have the following rights:

10.1          The right to be informed - this is fulfilled through this Data Protection and Privacy Policy.

10.2          Request access to your personal information. This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.

10.3          Right to rectification of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected. Please keep us informed if your personal information changes during your working relationship with us.

10.4          Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).

10.5          Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.

10.6          Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the purpose for processing it.

10.7          Right of data portability. You can request the transfer of your personal information to another party.

10.8          Right to withdraw consent. In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so.

If you would like to exercise any of your above rights, please write to us at  info@tzionilaw.com.cy.

11.              Recipients – Information and Disclosure

We may disclose your personal information in the following circumstances:

• To any member of our group of companies, including any of our subsidiaries and/or affiliate companies, for the purposes for providing our services as described herein;
• To third parties including other lawyers, accountants, advisers and expert witnesses and other legal specialists, translators, couriers and other necessary entities and/or subcontractors, for the purposes for providing our services as described herein;
• To our client, if your personal data has been collected in the course of providing our services to our client;
• To service providers (including providers of IT services);
• Where we are under a duty to disclose your personal information in order to comply with any legal obligation (for example, to government bodies and law enforcement agencies), or in order to enforce or apply our rights (including in relation to our website or other applicable terms and conditions or to enforce our terms of business or to protect the rights of our business, our employees and our clients) or in cases of suspected fraud or defamation or pursuant to an order of a court or a legal obligation; and
• To any other third parties for example in the context of a merger, sale or restructuring of our business.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We require these third parties to comply strictly with our instructions and the data protection laws and we will make sure that appropriate controls are in place. We enter into contracts with all our data processors and regularly monitor their activities to ensure they are complying with our policies and procedures.

12.              Personal Data Security

To safeguard your Personal Data from unauthorised access, collection, use, disclosure, copying or similar risks, we have introduced appropriate administrative, physical and technical measures such as up to date antivirus protection, encryption and the use of privacy filters to secure the storage, disclosure and transmission of Personal Data.

You should be aware, however, that no method of transmission over the internet or method of electronic storage is completely secure. While security cannot be guaranteed, we try to protect the security of the Personal Data by constantly reviewing and enhancing our information security measures.

13.              International transfers of personal information

We generally do not transfer Personal Data to countries outside of EEA, (except where required by the purposes set out in this Data Protection and Privacy Policy). If we need to transfer your Personal Data outside the EEA for any other purpose, we will obtain your consent for the transfer to be made and we will take all steps required to ensure that your Personal Data continues to receive our standards of protection.

14.              Changes to this privacy Data Protection and Privacy Policy

We may update and/or amend the terms of this Data Protection and Privacy Policy at any time, so please do check it from time to time. We will notify you about significant changes in the way we treat personal information by sending a notice to the primary email address you have provided to us or by placing a prominent notice on our website. By continuing to use our website, you will be deemed to have accepted such changes.

15.              Complaints, compliments or comments

If you are unhappy with our work or something that we have done or failed to do, we want to know about it. We also welcome your views on what we do well. Your comments enable us to learn and continuously improve our services. Email us at info@tzionilaw.com.cy.

If you are still not satisfied after you have spoken to us, you also have the right to make a complaint at any time to the Office of Personal Data Protection Commissioner Office, the supervisory authority for personal data protection issues of the Republic of Cyprus.

16.              Definitions and legal references

In this Data Protection and Privacy Policy, we have used the following terms:

Cookies means Small sets of data stored in our website.

Data Controller means the person or organization which determines when, why and how to process Personal Data and implements appropriate technical and organizational measures to comply with the Law;

Data Subject means a living, identified or identifiable natural person about whom we hold Personal Data;

European Economic Area (EEA) means the EU countries and also Iceland, Liechtenstein and Norway;

Personal Data means data about the Data Subject who can be identified:

-        from that data; or

-        from that data and other information to which we have or are likely to have access.

The Personal Data we may collect and use includes, without limitation, names and identification information such as email address, telephone numbers, copy of your passport, utility bill.

For the purposes of this Data Protection and Privacy Policy, Personal Data includes Special Categories of Personal Data.

Processing means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaption or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure or destruction;

Sensitive Personal Data means the information revealing racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health conditions, sexual life, sexual orientation, biometric or genetic data.