This version was last updated on: 11th December 2024
IMPORTANT INFORMATION
TOTALSERVE MANAGEMENT LIMITED, (collectively referred to as “TOTALSERVE, “we”, “us” or “our” in this privacy policy) respects your privacy and is committed to protecting your personal data. The personal data that we collect depends on the service requested and agreed in each case. This privacy policy explains as to how we collect and process your personal data and informs you about your privacy rights under the Processing of Personal Data (Protection of individuals) Law 125 (I)/2018) as amended from time to time and the EU General Data Protection Regulation (“GDPR”) 2016/679.
- This Privacy Policy is directed to natural persons who are either current or potential clients of The Firm or are authorised representatives/agents or beneficial owners of legal entities of natural persons.
- It is also directed to natural persons who had such a contractual or other legal relationship with TOTALSERVE in the past.
- It also contains information about sharing your personal data with other members of TOTALSERVE and other third parties, such us other service providers or suppliers.
- This Privacy Policy aims to provide you with information on how we collect and process your personal data through your use of this website, including any data you may provide through this website when signing up to our newsletter and/or during our contractual relationship.
It is important that you read this privacy policy together with any other privacy policy or fair processing notice we may provide on specific occasions when we are collecting or processing your personal data so that you are fully aware of how and why your data is being used. This privacy policy supplements the other policies and it is not intended to override them.
WHO WE ARE
TOTALSERVE MANAGEMENT LIMITED, incorporated and registered in Cyprus under Registration No. HE 27192 whose registered office is at 17, Gr Xenopoulou, 3106, Limassol, Cyprus.
We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to privacy issues. If you have, any questions about this privacy policy, including any requests to exercise your legal rights, please contact the DPO using the details set out below:
Name: Xenia Kasapi
Email address: [email protected]
Postal address: 17, Gr Xenopoulou, 3106, Limassol, Cyprus
YOUR DUTY TO INFORM US OF CHANGES
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
COLLECTION OF YOUR DATA
Personal data, or personal information, means any information about an individual from which that person can be identified. This can include a wide range of information, such as:
- Name, identification number and more.
- Contact Information: Email address, phone number or address.
- Age, gender, marital status, or nationality.
- Financial Information: Bank account details, credit card numbers or financial records.
If you are a prospective client, or a non-client counterparty in a transaction of a client or an authorised representative/agent or beneficial owner of a legal entity or of a natural person which/who is a prospective client, the relevant personal data which we collect may include:
Identity Data such as your first name, maiden name, last name, username, marital status, title, date of birth (including city and country of birth) and gender. Contact Data include your residential or business address, email address and telephone numbers. Marketing and Communications Data refers to your preferences for receiving marketing content from us.
Additionally, we may collect banking information, employment status (employed/self-employed), whether you hold or have held a prominent public function (for Politically Exposed Persons-PEPs), FATCA / CRS information, authentication data (such as your signature), IP addresses, financial account details such as bank details, insurance information, information about family members, nationality, residence or work permits from non-EU nationals. We may also collect information regarding guarantors your job position educational background and employment history.
Furthermore, we may obtain personal data that arises from fulfilling our contractual obligations, which can include tax information (defence tax, tax residency and tax identification number), as well as financial details such as expected annual credit/debit turnover, nature of transactions, source of income, source of assets.
CHILDREN’S DATA
We understand the importance of protecting children's privacy. We may collect personal data in relation to children, only provided that we have first obtained their parents’ or legal guardian’s consent or unless otherwise permitted under the law.
IF YOU FAIL TO PROVIDE PERSONAL DATA
Where we need to collect personal data by law, or under the terms of a contract we have with you and/or any other legal purpose and you fail to provide information when requested, we may not be able to perform our contractual obligations we have or are about to enter into with you (for example, to provide you with our services). In this case, we may have to abort all contractual obligations with yourself, but we will notify you if this is the case at the time.
WHETHER YOU HAVE AN OBLIGATION TO PROVIDE US WITH YOUR PERSONAL DATA
For us to enter into a contractual relationship with you, you must provide your personal data to us, which is necessary for the required commencement and execution of our contractual obligations. We are furthermore obligated to collect such personal data given the provisions of the money laundering law, which require that we verify your identity before we enter into a contract or a business relationship with you or the legal entity for which you are the authorised representative/agent or beneficial owner.
Please note that if you do not provide us with the required data, then we will not be allowed to commence or continue our contractual relationship to you as an individual or as the authorised representative/agent or beneficial owner of a legal entity.
HOW YOUR PERSONAL DATA IS COLLECTED
We collect and process different types of personal data, which we receive from our clients (potential and current) in person or via their representative in the context of the contractual relationship.
PURPOSE OF DATA PROCESSING AND LEGAL BASIS
Personal data may be processed in compliance with our obligations to obtain information about clients, as well as individuals associated with clients and their company/ies/trust structures. The purpose of processing is to fulfill our obligation in combating money laundering and terrorist financing, as well as to comply with tax reporting requirements, including those concerned with U.S Foreign Account Tax Compliance Act (FATCA), the Common Reporting Standard (CRS) and/or other applicable European and/or Cyprus Legislation. In holding and processing your personal information, we also adhere to the Processing of Personal Data (Protection of Individuals) Law 138 (I)/2001) as amended from time-to-time legislation.
Most commonly, we will use your personal data in accordance with the GDPR and the local data protection law for one or more of the following reasons:
- Where we need to perform the contract we are about to enter into or have entered into with you.
- Where it is necessary that our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; we process personal data so as to safeguard the legitimate interests pursued by us or by a third party. A legitimate interest is when we have a business or commercial reason to use your information. Examples of such processing activities include, initiating legal claims and preparing our defence in litigation procedures and/or measures to manage business and for further developing services, sharing your personal data within TOTALSERVE for the purpose of updating/verifying your personal data in accordance with the relevant anti-money laundering compliance framework and/or for the performance of the services.
- Where we need to comply with a legal and regulatory obligations under different laws such as the Cyprus Banking Law, the Money Laundering Law, the Cyprus Investment Services Law, Tax Laws and more. We are also governed by the rules of supervisory authorities like the Cyprus Bar Association. These obligations require us to process personal data for identity verification purposes, compliance with court orders, tax reporting and anti-money laundering controls. To comply with applicable AML/Counter-Terrorism Financing-CFT requirements, we conduct reviews in order to assess the risks involved and to prevent money laundering, fraud and to combat international terrorism.
- Promoting the best interest of the client.
- Where disclosure is necessary for the relevant tax authorities, auditors and/or reporting accountants, to perform their respective services.
- You have provided your consent; Provided that you have given us your specific consent for processing (other than for the reasons set out above) then the lawfulness of such processing is based on that consent. You have the right to revoke consent at any time. However, any processing of personal data prior to the receipt of your revocation will not be affected.
CHANGE OF PURPOSE
We will only use your personal data for the purposes for which we have collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at: [email protected]
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
MARKETING
We may process your personal data to inform you about our services and newsletters that may be of interest to you or your business.
You may "opt out" of receiving such email updates, newsletters and/or other emails by clicking the “unsubscribe" link in any email communication that we send you. You will then be removed from our mailing list. You have also the right to object at any time to the processing of your personal data for marketing purposes, by contacting us at any time in writing.
THIRD-PARTY LINKS
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.
COOKIES
Our website uses small files known as cookies to make it work better in order to improve services we offer you, to improve marketing and provide site functionality.
A cookie is a small, unique text file that a website can send to your computer when you visit a site. The website may automatically collect information as you browse, such as your internet service provider, browser type and version, operating system and device type, pages viewed, information accessed, the Internet Protocol (IP) address used to connect your computer to the internet and other relevant statistics. It also collects demographic information (country - city).
If you do not want us to deploy cookies to your browser, you can set your browser to reject cookies or to notify you when a website tries to put a cookie on your computer. Rejecting cookies may affect your ability to use our web site.
WHO DO WE SHARE YOUR PERSONAL DATA WITH
In the course of the performance of our contractual and statutory obligations, your personal data may be provided to different departments within TOTALSERVE and/or third party/ies providing service/s to and/or acting as agents of TOTALSERVE for the purposes and/or in the context of the provision of our services. Consequently, other service providers and suppliers may also receive your personal data so that we may perform our services and/or legal obligations. Such service providers and suppliers enter into contractual agreements with us by which they observe confidentiality and data protection according to the data protection law and GDPR.
It must be noted that we may disclose data about you for any of the reasons set out hereinabove, or if we are legally required to do so, or if we are authorised under our contractual and statutory obligations or if you have given your consent. We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We strictly prohibit our third-party service providers from using your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. We only provide the necessary information they need to perform their specific services.
Under the circumstances referred to above, recipients of personal data may be, for example: income tax authorities, criminal prosecution authorities, the Cyprus Bar Association, auditors and accountants, legal consultants and external legal consultants, service providers, suppliers, share and stock investment and management companies, agents, business partners, valuers and surveyors, financial and business advisors, file storage companies, archiving and/or records management companies, cloud storage companies, delivery couriers, IT companies who support our website and other business systems and so on.
INTERNATIONAL TRANSFERS
Your personal data may be transferred to third countries; countries outside of the European Economic Area (EEA) in such cases as e.g. to execute our services or if this data transfer is required by law. We ensure that your personal data shall be protected by requiring all our group companies to follow the same rules when processing your personal data; namely, the “binding corporate rules”. For further details, protection is provided by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.
- Where engaging certain service providers, we may use Standard Contractual Clauses (SCCs) approved by the European Commission to ensure that your personal data received equivalent protection as it has in Europe. . For further details, see European Commission: Standard Contractual Clauses for the transfer of personal data to third countries.
- In case that we use providers based in the US, we may transfer data using Standard Contractual Clauses or other appropriate safeguards.
DATA SECURITY
Appropriate security measures have been put in place, in order to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to employees, agents, contractors and other third parties. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
Procedures have been put in place, to deal with any suspected personal data breach and we shall notify you and any applicable regulator of a breach where we are legally required to do so.
DATA RETENTION
We will only retain your personal data for as long as necessary, to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements, unless a longer retention period is required or permitted by law.
The criteria used to determine our retention periods include:
- The length of time we have an ongoing relationship with you and provide the services to you (for example, for as long as you keep using our services).
- Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them).
- Whether retention is advisable considering our legal position (such as, litigation or regulatory investigations).
You have the right to delete your data; to request erasure. This enables you to instruct us to erase your personal data (known as the ‘right to be forgotten’) where its process is of no further use or interest.
YOUR LEGAL RIGHTS
You have the following rights in terms of your personal data we hold about you:
- Request access to your personal data: You may request confirmation as to whether or not personal information is being processed by us and to obtain a copy of that information.
- Request correction of your personal data: You may request rectification if your personal information is inaccurate.
- Request erasure of your personal data: You may request that your personal information is erased in certain situations.
- Object to processing of your personal data: You may object to the processing of your personal data in certain situations e.g. for use of your data for ad targeting.
- Request restriction of processing your personal data: You may request restrictions of the processing of your personal data in certain situations e.g. if your personal information is inaccurate or unlawfully processed.
- Request transfer of your personal data: You may request to obtain and reuse your personal data for your own purposes across different services.
- Right to withdraw consent that you gave us with regard to the processing of your personal data at any time. Note that any withdrawal of consent shall not affect the lawfulness of processing based on consent before it was withdrawn or revoked by you.
If you wish to exercise any of the rights set out above, please contact our Data Protection Officer at: [email protected]
RIGHT TO LODGE A COMPLAINT
You have the right to make a complaint at any time to Office of the Commissioner for Personal Data (the “Commissioner”), the Cyprus supervisory authority for data protection issues (http://www.dataprotection.gov.cy/dataprotection/dataprotection.nsf/home_el/home_el?opendocument). We would, however, appreciate the chance to deal with your concerns before you approach the Commissioner so please contact us in the first instance.
We would, however, appreciate the chance to address your queries, so you may contact us at [email protected]
CHANGES TO THE PRIVACY POLICY AND YOUR DUTY TO INFORM US OF CHANGES
This version was last updated on 11/12/24. This Privacy Policy may be amended from time to time. We do, however, encourage you to review this statement periodically so as to be always informed about how we are processing and protecting your personal information.