- PURPOSE OF THIS NOTICE
This notice describes how we collect and use personal data about you, in accordance with the EU General Data Protection Regulation (GDPR) 2016/679, the national law 125(I)/2018 and any other national implementing laws, regulations and legislation, as amended from time to time in Cyprus.
This Privacy Notice is separate and in addition to client confidentiality obligations we may owe you – please refer to the terms and conditions applicable to your engagement for further details. - ABOUT US
Globus Papademetres (“Group”, “we”, “us”, “our”) is a group of companies consisting of DM Globus Audit Services Ltd, MCA Papademetres Ltd, A. Papademetres Ltd and DM Globus Auditors Joint Venture Ltd. The Group provides audit, accounting, taxation services and consultancy services in related areas. All companies of the Group are located at Loukis Pierides Street, Lysion Court, 1st Floor, 6021, Larnaca, Cyprus.
For the purpose of the Data Protection Legislation and this notice, we are the ‘data controller’. This means that we are responsible for deciding how we hold and use personal data about you. We are required under the Data Protection Legislation to notify you of the information contained in this privacy notice.
In each case, your personal data will controlled by the entity of the Globus Papademetres Group to which you have given instructions, or with which you are otherwise dealing with or receiving communications from or the entity of the Globus Papademetres Group which provides services to a third party which you are associated with, for example a company of which you are a director or shareholder. - HOW WE MAY COLLECT YOUR PERSONAL DATA
We may collect personal data about you in various cases, such as for example:
• When you or your organisation seek our services – i.e. audit, accounting, tax or consultancy services
• When you or your organisation make an enquiry through our website, in person, over email or over the telephone;
• When you attend a Globus Papademetres seminar or other events we may organise, or sign up to receive communications from us, including training;
• When a Third Party Entity engages us to provide services and you hold an office or an interest in or have certain relationships with that Third Party Entity;
• When you or your organisation provide services to us, or otherwise offer to do so; or
• When your data are publicly available (e.g. the Department of Registrar of companies and Official Receiver, Land Registry etc).
In some circumstances, we may collect personal data about you from third parties – for example, we may collect personal data from your organisation, other organisations with which you have dealings including Third Party Entities, government agencies, a credit reporting agency, an information or service provider or from a publicly available record. - THE KIND OF INFORMATION WE HOLD ABOUT YOU
The information we hold about you may include the following:
Contact information: Information such as your name, job title, postal address, home address, business address, telephone number, mobile number, fax number and email address.
Business details: Business information which we necessarily process as part of our instructions or assignments we are involved in or otherwise provided by you voluntarily.
Correspondence: Details of any correspondence with you, including but not limited to details of contact we have had with you in relation to the provision, or the proposed provision, of our services, details of any services you have received from us, and our correspondence and communication with you.
Compliance details: Information we are legally required to collect for compliance purposes, such as ‘know your client’ information, details relevant to international sanctions and restrictive measures and information about relevant and significant litigation, which may impact our ability to act.
Publicly available information: Information collected from publicly available resources, including but not limited to information collected from databases we use to carry out compliance checks or credit rating agencies.
Statutory Information: Information about you on account of an interest or office you may hold in or certain relationships you may have with a corporate entity, partnership, trust or other vehicle to which we provide services (each such entity, a Third Party Entity).
Information received from other sources such as information provided by your employer.
We typically do not process any sensitive personal data that reveal your ethnic origin, philosophical or religious beliefs, political opinions, or are related to biometric or genetic data, trade-union membership, health-related data, or data concerning your sexual life and sexual orientation, unless we are instructed to do so with the express consent of the data subject or when otherwise required by law. - HOW WE USE PERSONAL DATA WE HOLD ABOUT YOU
We may process your personal data for purposes necessary for the performance of our contract with you or your employer or our clients and to comply with our legal obligations.
We may process your personal data for the purposes necessary for the performance of our contract with our clients. This may include processing your personal data where you are an employee, subcontractor, supplier or customer of our client.
We may process your personal data for the purposes of our own legitimate interests provided that those interests do not override any of your own interests, rights and freedoms which require the protection of personal data.
We may process your personal data for certain additional purposes with your consent, and in these limited circumstances where your consent is required for the processing of your personal data then you have the right to withdraw your consent to processing for such specific purposes.
Please note that we may process your personal data for more than one lawful basis depending on the specific purpose for which we are using your data.
Situations in which we will use your personal data
We will use your personal data for the following purposes (Permitted Purposes):
• To provide services you may have requested, as instructed or requested by you or your organisation;
• To manage and administer your or your organisation’s business relationship with us, including processing payments, accounting, auditing, billing and collection or support services;
• For compliance with our legal obligations (such as record keeping obligations), compliance screening or recording obligations (such as under antitrust laws, export controls, trade sanction and embargo laws, for anti-money laundering, financial and credit check and fraud and crime prevention and detection purposes), which may include automated checks of your contact data or other information you provide about your identity against applicable sanctioned-party lists and contacting you to confirm your identity in case of a potential match or recording interaction with you which may be relevant for compliance purposes;
• To provide updates, reminders, requests and directions relevant to the role or capacity in which you are interested in a Third Party Entity.
• To analyse and improve our services and communications to you;
• To protect the security of and managing access to our premises, IT and communication systems, websites and other systems, preventing and to detect security threats, fraud or other criminal or malicious activities;
• For insurance purposes;
• To monitor and assess compliance with our policies and standards;
• To identify persons authorised to trade on behalf of our clients, customers, suppliers and/or service providers;
• To comply with our legal and regulatory obligations and requests anywhere in the world, including reporting to and/or being audited by national and international regulatory, law enforcement and tax reporting bodies;
• On instruction or request from your organisation or a relevant Third Party Entity;
• To communicate with you through the channels you have approved to keep you up to date on the latest tax and/or relevant legal developments, announcements, and other information about our services, products and technologies – including client briefings, newsletters and other information – as well as events and projects we may organise;
• To comply with court orders and exercises and/or defend our legal rights; and
• For any purpose related and/or ancillary to any of the above or any other purpose for which your personal data was provided to us.
Where you have expressly given us your consent, we may process your personal data also for the following purposes:
• For customer surveys, marketing campaigns, market analysis, contests or other promotional activities or events; or
• To collect information about your preferences to create a user profile to personalise and foster the quality of our communication and interaction with you (for example, by way of newsletter tracking or website analytics).
With regard to newsletters, updates and other general communications, we will – where legally required – only provide you with such information if you have opted in. You have the opportunity to opt out of receiving such communications at any time. We will not use your personal data for taking any automated decisions affecting you or creating profiles other than described above.
Depending on for which of the above Permitted Purposes we use your personal data, we may process your personal data on one or more of the following legal grounds:
• Because processing is necessary for the performance of a client instruction or other contract with you or your organisation or a Third Party Entity;
• To comply with our legal obligations (e.g. to keep social insurance records or records for tax purposes); or
• Because processing is necessary for purposes of our legitimate interest or those of any third party recipients that receive your personal data, provided that such interests are not overridden by your interests or fundamental rights and freedoms.
• We may also process your data based on your consent where you have expressly given that to us.
Data retention
We will only retain your personal data for as long as is necessary to fulfill the purposes for which it is collected.
When assessing what retention period is appropriate for your personal data, we take into consideration:
• the requirements of our business and the services provided;
• any statutory or legal obligations;
• the purposes for which we originally collected the personal data;
• the lawful grounds on which we based our processing;
• the types of personal data we have collected;
• the amount and categories of your personal data; and
• whether the purpose of the processing could reasonably be fulfilled by other means.
Change of purpose
Where we need to use your personal data for another reason, other than for the purpose for which we collected it, we will only use your personal data where that reason is compatible with the original purpose.
Should it be necessary to use your personal data for a new purpose, we will notify you and communicate the legal basis which allows us to do so before starting any new processing. - DATA SHARING
We will share your personal data with third parties where we are required by law, where it is necessary to administer the relationship between us or where we have another legitimate interest in doing so. All of our third-party service providers are required to take reasonable and appropriate organisational and security measures to protect your personal data. We only permit our third-party service providers to process your personal data for specified purposes and in accordance with our instructions.
We may share your personal data in the following circumstances:
• We may share your personal data between the Globus Papademetres Entities on a confidential basis where this is required for the purpose of providing advice or other products and services, as well as for administrative, billing and other business purposes. All of the Globus Papademetres entities are located in Cyprus;
• If you are a Globus Papademetres client, or you are otherwise contracted by, are an agent of, or otherwise represent a Globus Papademetres client, we may disclose your personal data to other consultants or experts engaged in your matter;
• If we have collected your personal data in the course of providing services to any of our clients, we may disclose it to that client, and where permitted by law to others for the purpose of providing those services;
• We may share your personal data with companies providing services for money laundering checks, credit risk reduction and other fraud and crime prevention purposes and companies providing similar services, including financial institutions, credit reference agencies and regulatory bodies with whom such personal data is shared;
• We may share your personal data with any third party to whom we assign or novate any of our rights or obligations;
• We may share your personal data with other third parties in the context of a possible sale or restructuring of the business;
• We may share your personal data with courts, law enforcement authorities, regulators or attorneys or other parties where it is reasonably necessary for the establishment, exercise or defence of a legal or equitable claim, or for the purposes of a confidential alternative dispute resolution process;
• We may also instruct service providers within or outside Globus Papademetres, domestically or abroad, e.g. shared service centres, to process personal data for the Permitted Purposes on our behalf and in accordance with our instructions only. Globus Papademetres will retain control over and will remain fully responsible for your personal data and will use appropriate safeguards as required by applicable law to ensure the integrity and security of your personal data when engaging such service providers.
We will otherwise only disclose your personal data when you direct us or give us permission to do so, when we are required by applicable law or regulations or judicial or official request to do so, or as required to investigate actual or suspected fraudulent or criminal activities. - REFUSAL TO SHARE YOUR PERSONAL DATA WITH US
In general, we receive your personal data where you provide this on a voluntary basis, and there will typically be no detrimental effect for you if you wish not to provide this or otherwise withhold your consent for it to be processed. However, there are certain cases where we will unfortunately be unable to act without receiving such data, for example where we need to carry
out legally required compliance screening or require such data to process your instructions or orders, or otherwise to provide you with our online services or communications.
Where it is not possible for us to provide you with what you request without the relevant personal data, we will let you know accordingly. - TRANSFERRING PERSONAL DATA OUTSIDE THE EUROPEAN ECONOMIC AREA (EEA)
We will not transfer the personal data we collect about you outside of the EEA. - DATA SECURITY
We have put in place commercially reasonable organisational and appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
We may keep your personal data in our electronic systems, in the systems of our contractors, or in paper files. - PERSONAL DATA WE RECEIVE FROM YOU ABOUT OTHER PEOPLE
Where you provide us with the personal data of other people, such as your employees, directors of your companies, or other persons you may have dealings with, you must ensure that you are entitled to disclose that personal data to us and furthermore that, without being required to take further steps, we can collect, use and disclose that data in the manner described in this policy. More specifically, you must ensure that the individual whose personal data you are sharing with us is aware of the matters discussed in this Privacy Notice, as these are relevant to that individual, including our identity, how to get in touch with us, the purposes for which we collect data, our disclosure practices, and the rights of the individual in relation to our holding of the data. - RIGHTS OF ACCESS, CORRECTION, ERASURE AND RESTRICTION
Your duty to inform us of changes
It is important that the personal data we hold about you is accurate and current. Should your personal information change, please notify us of any changes of which we need to be made aware by contacting us, using the contact details below.
Your rights in connection with personal data
Under certain circumstances, by law you have the right to:
• Request access to your personal data. This enables you to receive details of the personal data we hold about you and to check that we are processing it lawfully.
• Request correction of the personal data that we hold about you.
• Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
• Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this basis. You also have the right to object where we are processing your personal information for direct marketing purposes.
• Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
• Request the transfer of your personal data to you or another data controller if the processing is based on consent, carried out by automated means and this is technically feasible.
If you want to exercise any of the above rights, please contact us at dataprotection@globus.com.cy.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive.
To enable us to process your request, we may require that you provide us with proof of your identity, such as by providing us with a copy of a valid form of identification – this is to ensure that we appropriately protect the personal data we hold from unauthorised access requests and comply with our security obligations. - RIGHT TO WITHDRAW CONSENT
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal data for a specific purpose (for example, in relation to direct marketing that you have indicated you would like to receive from us), you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please send an email to dataprotection@globus.com.cy.
Once we have received notification that you have withdrawn your consent, we will no longer process your personal information (personal data) for the purpose or purposes you originally agreed to, unless we are obliged by law to do so or there is court order for doing so in law. - MINORS
The Company does not knowingly provide its services to minors and therefore does not process their data, except when there is an engagement of services and there is an express consent of the parent or legal guardian. - CHANGES TO THIS NOTICE
Any changes we may make to our privacy notice in the future will be updated on our website or sent to you by email.
This privacy notice was last updated on 16 December 2021. - CONTACT US
If you have any questions regarding this notice or if you would like to speak to us about the manner in which we process your personal data, please email dataprotection@globus.com.cy or telephone our Data Protection Point of Contact on +357 24622400.
In relation to complaints, we will promptly respond to your requests and complaints. In the event that you are unhappy with our response, you may submit a complaint to the relevant privacy regulator. We can provide you with the details of the relevant regulator upon request.