Last Revised: 1/2/2019
Personal data means any information about an individual from which that person can be identified (e.g. Name, address, Passport Number, Identification Number, Tax Identification Number, bank account details etc)
COLLECTION OF PERSONAL DATA
Before the commencement of any business relationship between you as a client and the Firm, we are obliged to collect your personal data when performing due diligence checks in relation to our services. REANDA Cyprus Limited is regulated and supervised by the Institute of Certified and Public Accountants of Cyprus (ICPAC) and with regards to the Cyprus Anti Money Laundering laws and regulations your personal data must be used for our internal client’s acceptance procedure.
We may collect your personal data though several ways: (a)directly from you since we are using Know Your Client (KYC) Questionnaires and along with them you are required to submit several documentations (b) from your employer, (c) from a third party service provider (d)authorised representatives (e ) publicly available sources (e.g through tax department, registrar of companies and official receiver, Social Insurance Department, Civil Registry and Migration etc). For enhanced due diligence procedures, we are lawfully permitted to use the internet, press and media.
Without any limitation, we can collect several types of data and personal information: name, date of birth, age, identification number, email address, home address, primary country and country of residence, financial and tax related information, marital status, employment details and any other related and similar type of data. The data we collect may also include sensitive related information (e.g health or ethnicity).
We may also collect your personal data when you are using our Website. We may collect such data in case you gave them to us through our website (e.g. Website Requesting Callback OR Contact form).
The several types of personal data and special categories may vary depending on the nature of services that we provide to you and our legal responsibilities from several legislations.
USAGE AND DISCLOSURE OF PERSONAL DATA
The Firm will collect and process your data in compliance with the regulation and under necessity. Most commonly the personal data may be used for the following purposes:
1. Agreement of services
The Firm will use your personal data in relation to the services provided to you. This may vary due to the wide range of services. Generally, we might use personal data for the following provision of services:
(a) Accounting & Audit services
(b) Payroll Services
(c) When we consider applicants for employment purposes
(d) Tax and VAT services
(e) Banking services
2. Compliance with legal obligations
The Firm is required to comply with certain legal obligations which may involve the processing of personal data activities for identity verification, risk assessment, client’s acceptance procedures, internal reporting and anti-money laundering controls.
3. Legitimate Interest
The Firm may process personal data to pursue business interests of our own or of third parties. More specifically, we process your personal data:
(a) To maintain our accounts and records
(b) To improve our services
(c) To manage our infrastructure and comply with internal policies and procedures
(d) For business development purposes
(e) To identify, prevent and investigate fraud
(f) To perform a contract
4. Based on your consent
We will be able to use and process your personal data only if you gave us your consent to do so. The Firm will ask for your consent if it is a necessity to send you informative material through newsletters in relation to your product or services.
WHO RECEIVES YOUR PERSONAL DATA
We may disclose your personal data if:
(a) we are legally required to do so
(b) we are authorised under our contractual agreement
(c) you have given to us your consent
Your personal data may be shared with the following organisations/persons in the course of meeting our contractual or legal obligations (without any limitation):
(a) Supervisory and other regulated authorities (e.g Institute of Certified and Public Accountants of Cyprus etc)
(b) Government Departments and Public Authorities (e.g tax department, social insurance department, Civil Registry and Migration Department etc.)
(c) File Storage Companies
(d) External Advisors
(e) Service Providers (either assisting in providing our services or assisting in implementation of our procedures)
(f) Credit and Financial Institutions
(g) Fraud Prevention agencies
In any case, we will ensure that such service providers will comply with the General Data Protection Regulation.
RETENTION PERIOD FOR PERSONAL DATA
We are obliged to keep your personal data as long as you are a client of the Firm. Once our business relationship terminated, we may keep your personal data up to 7 (seven) years. More than this retention period should be kept only in cases where there are legal or regulatory reasons.
DATA PROTECTION RIGHTS
Under the Data Protection Regulation, you have several rights in relation to your personal data:
(a) Access Request: anytime you may request to receive a copy of the Personal data the Firm holds for you
(b) Request Correction (Rectification): this right gives you the opportunity to make corrections or update any incomplete information.
(c) Request Erasure: this right allows you to request from us to delete any personal data concerning you and you think there is no good reason to process it, unless otherwise required by any legislation.
(d) Object to Process: this gives you the right to object to the processing of your personal data (this is subject to the legal basis on which the processing activity is based)
(e) Request Restriction: with this right you will be able to request from us to restrict the processing of your personal data. You can request from us to use the data for certain purposes. You may request the restriction of the processing when the personal data:
- is not accurate
- is used by the Firm unlawfully
-it is not relevant anymore, but you want us to keep it
(f) Request to receive copy: you may request to receive a copy of your personal data in a commonly used format and transfer it to a third party.
(g) Withdraw your consent: you can withdraw your consent any time. Note that any withdrawal of consent shall not affect the lawfulness of processing which was based on consent before it was withdrawn.
REANDA CYPRUS LIMITED
48 ARCHANGELOS AVENUE, 1ST FLOOR, 2404, ENGOMI, NICOSIA – CYPRUS
TEL: +357 22670680