Who we areI&C SERVICES (hereinafter referred as I&C) is an Administrative Service Provider, a company regulated by the Cyprus Bar Association with Cyprus Bar Association registration number 1384 and company registration number HE 368173, located at Spyrou Araouzou 165, Lordos Waterfront Court Office 402, 3036, Limassol, Cyprus.
We would like to inform you that the impending European General Data Protection Regulation ((EU) 2016/679) (hereinafter referred as the GDPR), will come into force on the 25th of May 2018. In order I&C to be duly complied with the above Regulation we would like to inform you that I&C is a subject to the GDPR and henceforth is the data controller of your personal data.
Why we collect personal data
Your personal data is processed by I&C on the basis of:
1. contracts and agreements for providing the services stated therein and for contracts and agreements of which you are a party. I&C may also process your personal data in order to make all necessary arrangements prior entering into a contract or agreement with you. I&C will process only the personal data necessary for the execution of the contract and agreement;
2. legal obligation and specifically the Cyprus Anti-Money Laundering and Combating Money Laundering Law of 2007 (188 (I) / 2007), clause 58 et seq, (hereinafter referred as The Law) to perform Due Diligence procedure on its Clients and to all individual which may be the Beneficiaries of the services obtained by I&C and/or may control the legal entity for which I&C provides administrative services;
3. your consent to process your personal data only for the purpose mentioned in the consent.
What kind of personal data we collect
I&C collects and processes some or all of the following personal data:
• Passport, ID, Driving license details;
• Date and place of birth;
• Marital status;
• Contact information such as: email address, telephone numbers, skype ID, home and business address;
• Information regarding financial status/source of wealth, bank account details;
• Information about employment, education, interests;
• Any other personal data that may indicate the identity and/or the address and/or the credibility and/or the financial status and/or employment and/or any personal status of the data subject.
How we collect personal data
All the above-mentioned information may also be obtained through certified true copies and/or originals of:
• Identity card;
• Driving License;
• Utility bills;
• Curriculum Vitae;
• Reference letter provided from a Bank / Lawyer / Accountant;
• Criminal record;
• Any other document may proof any of the personal data mentioned above.
All the above personal data and documents relating to the personal data are collected directly from the data subject and/or his/her representatives and/or agents and/or intermediaries in various ways such as:
• During personal meeting with the data subject and/or his/her representatives;
• During correspondence through phone, fax, regular mail, email and any other kind of electronic communication;
• From business application forms and/or any other form that may be filled and handed to us;
• From publicly available sources.
How we use and handle personal data
The personal data collected will be used with great care and only for purposes mentioned above. The personal data will be stored in a safe box and/or on an encrypted hard drive located at the offices of I&C. Only the needed authorized employees and duly authorized partners of I&C will have access to the personal data only for the purposes mentioned above. The personal data will be stored and processed throughout the duration of our services and/or the duration of the business relationship.
After the end of business relationship between I&C and the Client, I&C is obligated to maintain the personal data which is stated in the Law for the period of five (5) years. Through out the business relationship and after the end of it, I&C may be obligated based on the law or to Court Order to disclose some or all of the personal data possessed to regulator authorities or competent authorities.
For the purposes to comply with our legal obligations and/or to perform and execute the agreements and contacts; I&C may share your personal data with the following:
• any person properly authorized by you;
• your representatives, agents, advisers that you will indicate;
• our professional advisers where it is necessary for I&C to obtain their advice or assistance including lawyers, auditors and accounts;
• third parties such as accountants, auditors, agents in different jurisdictions (when applicable), with whom we engage to assist in delivering the services to you;
• Cyprus authorities such as the Department of Registrar of Companies and Official Receiver, Tax, VAT, Social Insurance Services authorities and any other authorities for the purposes mentioned above;
• banks and financial institutions.
Separate consent will be obtained in case of sharing personal data with any third party not stated above.
The data processing may be carried out on behalf of us by a third-party data processor, pursuant to written and express authorization for specific purposes contained in the relevant authorization. The third party will be controlled and supervised by I&C in order the processing of the personal data to be compliant with GDPR and in order the rights of the data subject to be insured. Further I&C has taken all the necessary and appropriate technical and legal measures to meet the standards of GDPR and to minimize any risks.
In order to deliver the services and/or to execute the contracts and agreements I&C may share the personal data with parties outside the European Union. In such case I&C may share personal data with third parties outside EU only if the third party is established in country that the European Committee has been approved and meets the minimum requirements set out by GDPR. In case that the mentioned third party is established in a country outside EU which doesn’t meet the minimum requirements, prior consent of the data subject will be required and the full details of this third party will be disclosed to him/her.
One of the most important part of the GDPR is the personal data subject rights arising from the GDPR. I&C would like to inform you about your rights which you may exercise at any time:
• to request from the data controller access on your personal data;
• to request from the data controller the rectification of your personal data;
• to require from the data controller not to send any marketing communication;
• to request from the data controller to erase your personal data;
• to request from the data controller to cease the processing of personal data for any reason;
• to object on processing your personal data or to demand the restriction of processing your personal data,
• to lodge a complaint with a supervisory authority. The supervisory authority in Cyprus is the Commissioner of Data Protection. You can lodge the complaint through mail at the following address:1 Iasonos Str., 1082, Nicosia, Cyprus; or by following the instruction on their web-site http://www.dataprotection.gov.cy.
Please note that the above rights are not absolute, and I&C may be intitle to refuse a request when exception applies.
In addition, I&C strongly recommends to visit wed-site of the Commissioner for Data Protection in Cyprus which is the regulatory authority and where you can be further informed for your rights. www.dataprotection.gov.cy
Please contact I&C at any time should you have any questions or concerns with regards to GDPR or you wish to exercise any or all rights mentioned above.
Data Controller’s info:
I&C SERVICES LTD
Address: Spyrou Araouzou 165, Lordos Waterfront Court Office 402, 3036, Limassol, Cyprus
Phone Number: 25028410
Fax Number: 25028411
Email address: firstname.lastname@example.org