Fidelius Managements Services Ltd (hereinafter referred to as “FMS”) respects your privacy and your personal data and is committed to ensuring that your privacy is protected. This policy has been prepared in harmony with the EU General Data Protection Regulation 2016/679 (hereinafter referred to as the “GDPR Regulation”) and aims to inform you as to how we treat your personal data and further explain your rights and our obligations for such collection and process of your personal data.
FMS, is a limited liability company incorporated and registered in Cyprus with company registration no. HE217666 and is an approved service provider, regulated by the Institute of Certified Public Accountants of Cyprus. Where necessary FMS may provide services through associated and/or ancillary legal entities.
FMS is the data controller of your personal data, with its registered address at 205 Christodoulou Chatzipavlou, Loulloupis Court, 4th Floor, Office 401, 3036, Limassol, Cyprus, telephone no. +357 25 356 000, fax no. +357 25 356 500 and email address: email@example.com
TYPE OF PERSONAL INFORMATION WE COLLECT
Personal data means any information about a natural person from which that person can be identified directly or indirectly. FMS collects and processes data when rendering accounting, corporate, banking, tax and/or other services to you including but not limited to the following:
- name and surname;
- date and place of birth;
- identification and authentication data included in ID, passport and/or other similar document;
- contact information (e.g. Phone number, fax number, email address, postal or residential address)
We may further obtain additional data like:
- professional and educational information (e.g. Job title, professional and educational experience, other information included in a Curriculum Vitae - CV);
- reference Letter;
- financial information (e.g. financial wealth, source of wealth, assets held, solvency status, tax status);
- location and traveling information in the context of holding meetings and visits to our offices or to other places arranged by us.
Where necessary and legally permitted, FMS may collect sensitive data (special category of data) such as data revealing racial or ethnic origin, political opinions (or status/whether you are a politically exposed person), religious or philosophical beliefs, or trade union membership, genetic or biometric data, data concerning health or a natural person’s sexual orientation and sex life, or data relating to a person’s criminal record or alleged criminal activity.
In any case, where FMS collects and processes your data in the context of providing services to you it ensures that these are:
- collected and processed lawfully, fairly and in a transparent manner (lawfulness, fairness and transparency);
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (purpose limitation);
- adequate, relevant and limited to what is necessary in relation to the purpose for which they are processed (data minimization);
- accurate and where necessary, kept up to date (accuracy);
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed (storage limitation);
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures (integrity and confidentiality)
HOW YOUR PERSONAL DATA IS COLLECTED
Personal data may be collected by us:
- directly from you in person or via your authorized representatives, through telephone, email or other means of communication, or by filling data forms and questionnaires;
- via our associates, where applicable, on the grounds of our business relationship;
- from other entities/firms or databases which provide information for regulatory and/or legal compliance;
- from publicly available sources (e.g. the Department of the Registrar of Companies and Official Receiver, the Land Registry, commercial registers and other catalogues, the internet, the press, the media, advertisements etc.)
PURPOSE OF COLLECTING & PROCESSING YOUR PERSONAL DATA AND THE LEGAL BASIS
- If you have given your consent to us;
- To perform a contract that we are about to enter or have entered with you in order to provide our services;
- If this is necessary in order to comply with legal or regulatory obligations;
- To safeguard our legitimate interest, always respecting your fundamental rights and freedoms and the principle of proportionality and necessity
Please note that we only process and use your personal data for the purposes for which these have originally been collected. We may use your personal data for another purpose only if we believe that this is compatible with the purpose for which your personal data is initially collected taking into consideration, inter alia:
- the link between the purposes for which the personal data has been collected and the purposes of the intended further processing;
- the context in which the personal data has been collected;
- the nature of the personal data;
- the possible consequences of the intended further processing for you;
- the existence of appropriate safeguards.
If you have any questions as to how we may further process your personal data and how this is compatible with the initial purposes, please contact us at the contact details provided above, and we will be happy to assist you.
Processing of your personal data for any other reason not compatible with the original purposes will require our prior notification to you and the establishment of a legal basis which will allow us to do so.
YOUR LEGAL RIGHTS
Subject to the GDPR Regulation you have certain rights including:
- the right to be informed about the collection and processing of your personal data and the legal basis for such collection and processing;
- the right to access your personal data. You have the right to access your personal data held by FMS and request a copy of it;
- the right to rectification/correction of any inaccurate personal data concerning you;
- the right to erasure/deletion of your personal data, partially or in total, subject to the limitations referred to in this Policy and in the GDPR Regulation;
- the right to obtain restriction of processing of your personal data subject to the limitations referred to in this Policy and in the GDPR Regulation;
- the right to be informed about any rectification or erasure of your personal data or restriction of processing;
- the right to data portability. This means that you have the right to receive the personal data concerning you in a structured, common and machine-readable format. You also have the right to directly transfer such personal data to another controller.
- the right to object that your personal data is processed for marketing purposes or subject to automated individual decision making, including profiling, which produces legal effects concerning you;
- the right to withdraw the consent you have given us regarding the processing of your personal data at any time, without affecting, through the lawfulness of processing, based on your consent given prior to your revocation.
- the right to be informed about a breach of your personal data that is likely to result in a high risk to your rights and freedoms.
The rights (i) to (ix) above can be exercised by you by placing a written request to us, while we have the obligation to inform you about any breach occurred under point (x) above. In addition, we are responsible to respond to your request or provide any information requested subject to your above rights without undue delay and in any event within one month of receipt of the request.
The period may be extended by two additional months, where necessary, taking into consideration the complexity and number of requests. We shall inform you of any such extension within one moth of receipt of the request and explain the reason for the delay.
All information shall be provided to you free of charge, however, where your request is manifestly unfounded or excessive, we may charge you a reasonable fee taking into consideration the administrative costs for providing the information or in some instances refuse to act on the request.
If we cannot respond to your request, you shall be informed without delay, and at the latest within one month of receipt of the request, of the reason for not taking action. Furthermore, you shall be informed about your right to lodge a complaint with the supervisory authority if you are not satisfied with how we handle the processing of your personal data.
Please note that if we have reasonable doubts concerning your identity, we may request the provision of additional information in order to respond to your request.
Finally, please note that the exercise of your above rights and our obligations to respond to them are subject to the limitations of this Policy and of the GDPR Regulation.
YOUR OBLIGATION TO PROVIDE YOUR PERSONAL DATA AND THE CONSEQUENCES OF THE FAILURE TO DO SO
You need to provide us with personal data that we request from you in order to:
- execute a contractual obligation we are entering or have entered;
- start a business relationship with you or your authorized representatives, officers, shareholders, UBO’s of legal entities or other corporate bodies;
- start an employment relationship;
- comply with our legal, regulatory or statutory obligations including money laundering laws and regulations, regulatory authority regulations (ICPAC), tax, accounting or audit as well as employment laws etc.
If you fail to provide your personal data when requested, we may not be able to commence or continue a business or employment relationship with you or your authorized representatives, officers, directors, UBO’s of legal entities or other corporate bodies.
WITH WHOM DO WE SHARE YOUR PERSONAL DATA
We may have to share your personal data with third parties if we are legally obliged to do so, if there is a court or other authority order enforcing us, if there is a legitimate or private interest, or if a consent or contractual obligation exists.
Sharing your personal data with third parties may include:
- supervisory and other regulatory and public authorities, i.e. the Registrar of Companies, the Land Registry, the Tax and VAT authorities, Courts, the Institute of Certified Public Accountants of Cyprus, etc.;
- our associates and their employees;
- banks or other financial institutions;
- external legal consultants;
- entities that provide information on regulatory compliance i.e. Lexis Nexis World Compliance;
- messengers or Delivery/Courier Companies;
- regulated Markets;
- share or Stock Investment or Management Companies;
- valuers and Surveyors.
We hereby inform you that we only share your personal data if it is necessary to do so and we take reasonable measures to ensure that third parties respect the process and security of your personal data and do not use it for their own purpose, but only permit them to process your personal data in accordance with our instructions and in accordance with the provisions of the GDPR Regulation.
SHARING YOUR INFORMATION OUTSIDE THE EUROPEAN UNION
We may have to share your personal data to a third party or to an international organization outside the European Union for the purpose of carrying out our services, including but not limited to, banks, consultants, experts, accountants or auditors, agents, other service providers and financial or other organizations.
In the event that we do share your personal data outside the European Union, this shall be done in accordance with the provisions of the GDPR Regulation in order to ensure that your rights are not undermined.
RETENTION OF YOUR PERSONAL DATA
We only keep your personal data for as long as we have an employment or business relationship with you or your authorized representatives, officers, shareholders, UBO’s of legal entities or other corporate bodies or for as long as we have your explicit consent to do so. Please note that we may keep your personal data after the expiration of such business or employment relationship or after your consent is withdrawn for as long as we are obliged and/or entitled to so subject to any applicable law, regulation or statute.
Please note that in relation to any prospective job candidates, clients and/or their authorized representatives, officers, shareholders, UBO’s of legal entities or other corporate bodies, your personal data shall be retained for no longer than six months since our last communication that did not lead to a business or employment cooperation.
We have concluded a data Processing Agreement with Google.
Google may not use the data for any other Google services.
The inclusion of full IP addresses is blocked by us.
We are committed to the security of personal data. We take appropriate security measures to limit abuse of and unauthorised access to personal data. This ensures that only the necessary persons have access to your data, that access to the data is protected, and that our security measures are regularly reviewed.
THIRD PARTY WEBSITES
This privacy statement does not apply to third party websites connected by links on our website. We cannot guarantee that these third parties handle your personal data in a reliable or secure manner. We recommend you read the privacy statements of these websites prior to making use of them.
We reserve the right to make amendments to this privacy statement. It is recommended that you consult this privacy statement regularly in order to be aware of any changes. In addition, we will actively inform you wherever possible.