Privacy Policy

Phoebe Christodoulou & Associates LLC (the “Firm”, “we”, “us” or “our”) is a law firm incorporated in the Republic of Cyprus and regulated by the Cyprus Bar Association (“CBA”) to provide legal services.

We are committed to protecting privacy and making sure that any personal data we collect are processed in accordance with the EU General Data Protection Regulation (the “GDPR”) and applicable Cyprus laws and regulations.

This Privacy Policy describes how the Firm may collect, use, store and/or otherwise process personal data of clients.

References to “you” and “your” are to the individual/s who is/are providing personal data to us.

We may amend or update this Privacy Policy from time to time. The updated version of our Privacy Policy will be uploaded on our website https://phoebechristodoulou.com, which you we encourage you to periodically review and remain updated with our Privacy Policy and how we are committed to protect your personal data.

Who is this Policy directed to

This Privacy Policy is directed to:

  • Individuals who are considering entering into an agreement with us to offer services to them or who entered into an agreement with us and/or former clients, provided that five (5) years have not lapsed from the termination of the agreement between the Firm and the said former clients (“individuals”)
  • Authorised representatives and/or agents and/or employees of the individuals
  • Individuals connected or related to non-individual clients such as companies or other corporate clients or other legal or non-legal entities who are considering entering into or who entered into an agreement with us (“legal or non-legal entities”). Such persons include shareholders, owners, employees, directors, officers, authorised representatives or agents (e.g. external legal counsels or auditors) and other associates.

The above-mentioned individuals and entities are collectively referred to as clients.

  • Other individuals (e.g. job applicants)
  • Our employees, associates and other persons working for us

It is noted that our associates may include, without limitation, IT service providers, auditors, consultants, estate agents, insurers, background check providers and other associates (collectively referred to as the “associates”) with whom we may cooperate for the purposes of our offering our services to clients.

When we Collect Personal Data

Personal data may be collected by the Firm in a number of circumstances, including:

  • when you contact us to seek legal advice or services from us;
  • when you make an enquiry via the website or by email;
  • when you apply for employment (job applicants);
  • when you offer to provide or provide goods or services to us;
  • information collected via the website, using cookies.

If you choose to withhold any personal data requested by us on any of the above-mentioned circumstances, it may not be possible for us to respond to your legal or other query, or offer the legal services requested.

In some circumstances, we may collect personal data about you from a third-party source. For example, we may collect personal data from your organisation, other organisations with whom you have dealings, to include banks and other professional service providers or other organisations, in the context of the provision of our services to you or generally in the context of any other dealings we may have with you. In any case, such collection from third parties is always carried out in line with our legal obligations.

Types of Personal Data We Collect

Depending on the reason why you communicate with us, we may collect the following data:

  • Personal Details, such as your name, date of birth, personal contact details (postal address, email address, telephone number, fax), job title/profession and/or job description;
  • Identification Information, such as ID number and/or passport number;
  • Recruitment/selection data such as academic qualifications, professional background and any other information contained in your CV, record of interview or interview notes and/or any other assessment material;
  • Payment Data, such as data necessary for processing payments to include bank account details, details of beneficiaries and other related billing information;
  • Further information necessarily processed in a project or client contractual relationship with the Firm or voluntarily provided by you, such as instructions given, payments made, requests that you address to us.
  • Special categories of personal data (sensitive data): In connection with the provision of legal services to you, we may on some occasions need to ask for certain sensitive information (e.g. information about your health etc.). The processing of sensitive data will only be carried out by us in full compliance with the GDPR and applicable national legislation, on the basis of your explicit prior consent.
  • Visits. Details of your visits to our premises.

Purposes and Legal Bases for the Processing of Personal Data

The Firm uses your Personal Data for the purposes for which you have supplied it to us, to include:

  • for responding to your requests for legal advice and/or other enquiries;
  • for providing legal advice and/or other legal services you may have requested;
  • for ensuring compliance with our legal obligations (e.g. for compliance with our obligations under applicable anti-money laundering laws and the requirements of our regulatory authority, the CBA);
  • for the purpose of processing your application if you are a candidate for employment with the firm;
  • for complying with court orders and/or defending our legal rights, where applicable;
  • for any purpose related and/or ancillary to any of the above or any other purpose for which your personal data were provided to us;

Our main legal bases for the processing of your personal data are the following: 

  • the processing is necessary for the performance on our part of the contract concerning the provision of legal services to you or to take steps at your request prior to entering into such contract or the processing is necessary for the performance of any other contract or generally in the context of any other dealings we may have with you;
  • the processing is necessary for us to comply with a legal obligation (for example under applicable Anti-Money Laundering laws or the requirements of our regulatory authority);
  • the processing is in our legitimate interests and our interests are not overridden by your interests, fundamental rights or freedoms;

Our legal bases for the processing of special categories of personal data (sensitive data) are the following:

  • you have provided your explicit consent to the processing of such sensitive personal data for specified purposes;
  • processing of such data may be necessary for the establishment, exercise or defence of legal claims.

Sharing Your Personal Data

We will not disclose your personally data, except:

  • to third parties who provide services on our behalf, e.g. software developers;
  • to collaborators, including instructing counsel, other law firms and/or external associates, banks, accountants and auditors;
  • where we are required to do so by law or where it is necessary for the purpose of, or in connection with, legal proceedings or in order to exercise or defend legal rights;
  • upon your instructions or your express consent.

We may also share your personal data with any third party to whom we assign or novate any of our rights or obligations.

Personal data about other individuals which you provide to us

If you provide us with personal data about another individual, you must ensure that you are entitled to disclose such personal data to us and that you have provided the relevant data subjects of all mandatory data privacy notifications and information under the GDPR and applicable legislation and regulations, to include a notification as to their legal rights as data subjects.  For that purpose, you must also ensure that the individual concerned is aware of the contents of the present Privacy Policy, as those matters relate to that individual, to include our identity, how to contact us, the purposes of collection of the data, how we may use and/or share the data and his/her relevant rights.

The website uses cookies to identify your computer when you are on the website. A cookie is a file sent by the website to your computer and used by the website to identify you, to improve the website and offer a personalised service. By continuing to browse the website, you are agreeing to our use of cookies. You may configure your browser to refuse or restrict the use or cookies. If you refuse or restrict the use of cookies, you may be unable to access certain parts of the website, as some of the cookies the Firm sets when you visit our websites are essential to the working functionality of the website.

Retention of Personal Data

The Firm will generally retain personal data for the period necessary to fulfil the purposes for which it was originally collected and thereafter, as required or permitted by law or as is necessary in order for the Firm to be able to defend, respond to or conduct prospective or actual legal claims or proceedings.

In light of the above general rule:

  • Client data shall generally be retained for the duration of their business relationship with the Firm and thereafter for a further period of (5) five years.
  • With regard to candidates’ data, these shall be kept for the whole of the duration of the recruitment process and where their relevant application has been unsuccessful, the data will be deleted immediately, except where the candidate has provided his/her explicit consent for holding the date for a longer period.
  • Personal data in the context of other contractual relations or dealings with you shall be retained for the duration of our contractual relationship or dealings and thereafter for a further period of (5) five years.

Security and Confidentiality of your Personal Data

The Firm strives to maintain appropriate technical and organisation security measures to protect your personal data against unauthorised or unlawful processing and against accidental loss, destruction or damage.

Whenever any third-party service provider handles or processes your data on our behalf, we require them to do the same.

Your Rights

You may find below a list of your legal rights insofar as your personal data are concerned. Please note that some of these rights may not be applicable to your situation.

  • You have the right to gain access to the personal data that we hold about you (right to access).
  • You have the right of rectification of your personal information that is in our control (right to data rectification).
  • You have the right to obtain the erasure of your personal data, without undue delay, provided, amongst others, the personal data in question are no longer necessary in relation to the purposes for which they were collected (right to be forgotten).
  • You have the right to restrict processing of your personal data (right to restriction of processing).
  • You have the right to object to the processing of your personal information by us (right to object).
  • You have the right to data portability, that is, to request from us that we send your personal data in a structured, commonly used and machine-readable format, and to transmit those data to another controller (right to data portability).
  • You have the right to withdraw the consent given to us for the processing of your personal data.

How to contact us If you wish to exercise any of your above-mentioned rights or have any questions or comments with regard to this Privacy Policy, you may contact us by sending an email to phoebe@phchlaw.com[PC1]