We are committed to protecting our clients’ privacy and handling our clients’ personal data in an open and transparent manner. The personal data that we collect and process depends on the service requested and agreed in each case.
In this privacy notice we explain what information we collect about our clients, what we use that information for and who we give that information to. It also sets out our clients’ rights in relation to the information collected and processed.
1.Who we are
We are KKP Accountancy LTD.
2.Who this privacy notice is directed to
This privacy notice is directed to natural persons (hereinafter our “clients”) who are either past, current or potential clients, or are authorized representatives/agents of past, current or potential clients, or are beneficial owners in legal entities who are past, current or potential clients.
3.What personal data we process and where we collect it from
We collect and process different types of personal data which we receive from our clients in person or via their representative in the context of our business relationship.
We may also collect and process personal data which we lawfully obtain not only from our clients and their representatives but also from other third parties e.g. other service providers, professional such as accountants and lawyers or online screening tools such as World Compliance.
We may also collect and process personal data from publicly available sources (e.g. the Department of Registrar of Companies and Official Receiver, the Land Registry, the Bankruptcy Archive, commercial registers, the press, media and the Internet) which we lawfully obtain and are permitted to process.
The personal data which we may collect includes:
Name, address, contact details (telephone, email), identification data (such as passport, driver’s license or ID), birth date, place of birth (city and country), marital status, employment status (employed/self-employ), curriculum vitae, whether you hold/held a prominent public function (for PEPs), FATCA / CRS info, authentication data (e.g. signature]).
4.Why we process data and on what legal basis
In order to proceed with a business relationship our clients must provide their personal data to us which are necessary for the required commencement and execution of a business relationship. This is a requirement under the relevant Anti-Money Laundering Laws and the regulations of our Regulator the Institute of Certified Public Accountants Cyprus.
Failure to provide us with personal data prevents us from commencing or continuing a business relationship with the clients.
We process our clients’ personal data in accordance with the GDPR and the local data protection law for one or more of the following reasons:
- For compliance with a legal obligation
We are obligated under several laws such as Anti Money Laundering Laws and Tax Laws to which we are subject to, to collect and process the personal data of our clients for due diligence purposes and anti-money laundering purposes.
There are also various supervisory authorities whose laws and regulations we are subject to e.g. the Institute of Certified Public Accountants Cyprus, IFAC and ACCA which impose on us obligations and requirements to collect and process personal data for due diligence purposes and anti-money laundering purposes.
- From the specific consent of the client
When the client has provided specific consent for processing (other than for the reason set out hereinabove) then the lawfulness of such processing is based on that consent. The client has the right to revoke consent at any time. However, any processing of personal data prior to the receipt of the revocation will not be affected.
- For the purposes of safeguarding legitimate interests
We process personal data so as to safeguard the legitimate interests pursued by us or by a third party. A legitimate interest is when we have a business or commercial reason to use our clients’ information. An example of such processing activities can include, initiating legal claims, preparing our defense in litigation procedures, initiating complaints to our regulator etc.
5.Who receives the personal data
In the course of the performance of our business relationship our clients’ personal data may be provided to various departments within our Company.
Furthermore, the following third parties may also be the recipients of the personal data under the certain circumstances:
- Supervisory and other regulatory and public authorities, whereby a statutory obligation exists. Some examples are the Institute of Certified Public Accountants Cyprus, the Registrar of Companies the income tax authorities, criminal prosecution authorities.
- Credit and financial institutions whereby our clients specifically instruct us to open bank accounts.
- Any other service provider or professional which our clients specifically instruct us to engage with such as service providers, auditors, lawyers, business consultants etc.
6.How long we keep personal information for
We will keep our clients’ personal data for as long as we have a business relationship.
Once our business relationship has ended, we will hold your personal data on our systems for the longest of the following periods: (i) any retention period that is required by law or professional standards; (ii) the end of the period in which litigation or investigations might arise in respect of the services or (iii) as directed by our own internal retention policies or practices, the length of which may vary depending on the nature of the information that is held.
7.Our clients’ data protection rights
Our clients have the following rights in terms of the personal data we hold about them:
- To receive access to their personal data.
- To request correction of the personal data.
- To request erasure of their personal information. Where there is a good reason for the personal information to be kept we may refuse the erasure of the personal data. Good reasons can include legal/statutory reasons for non-erasure, legitimate interests for non-erasure.
- To object to processing of their personal data. If our clients lodge an objection, we will no longer process their personal data unless we can demonstrate compelling legitimate grounds for the processing which override their interests, rights and freedoms.
- To request the restriction of processing of their personal data.
- To request to receive a copy of their personal data.
- To withdraw the consent given to us with regard to the processing of their personal data at any time. Note that any withdrawal of consent shall not affect the lawfulness of processing based on consent before it was withdrawn or revoked.
8.How to raise a complaint
To exercise any of the above rights, or for any questions or complaints about our use of persona data, please contact our Data Protection Officer at 61 Lordou Vironos Str., Lumiel Building 4th Floor, Larnaca, 6023, Cyprus, email firstname.lastname@example.org
Complaints may also be submitted the Office of the Commissioner for Personal Data Protection. More information can be found at http://www.dataprotection.gov.cy
Thanking you for your understanding and cooperation at all time.