Privacy Policy for Clients

MULTILYSIS SERVICES LTD (“We”, “Us” and “Our”) is committed to protecting and respecting your privacy.  This policy (together with our terms of use policy and any other documents referred to on it) sets out the basis for which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

For the purpose of the Data Protection laws (the ‘data controller’ is Multilysis Services Ltd of 5 Amathountos Str., Pirilides Building, 4th and 5th Floor, 3105, Limassol- Cyprus (Reg. No.: 103366).

For the purpose of the Data Protection laws ‘personal data’ is any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;’. ‘Sensitive personal data’ is data concerning a specific set of “special categories” that must be treated with extra security. These categories are:

  • Racial or ethnic origin;
  • Political opinions;
  • Religious or philosophical beliefs;
  • Trade union membership;
  • Genetic and biometric data

          Data   concerning   health,   sex   life   or   sexual orientation

Our use of your personal data is subject to your instructions, the EU General Data Protection Regulation (GDPR), other relevant Cyprus and EU legislation and our professional duty of confidentiality.

The relevant Data Protection laws are the European Union Regulation on the Protection of Natural Persons with regard to the Processing of Personal Data and on the Free Movement of such Data ΕΕ 2016/679 and the Processing of Personal Data (Protection of the Individual) Law of 2001, as amended by 105(I)2012.


The table below sets out the personal data we will or may collect in the course of offering our services, advising or acting for you.

Personal data we will or may collect depending on why you have instructed us:

  • Your full name, address and telephone number;
  • Information to enable us to check and verify your identity;
  • Electronic contact details;
  • Information relating to the matter in which you are seeking our advice or representation;
  • Information to enable us to undertake a credit or other checks, i.e. your date of birth and identity or passport details;
  • Your financial details so far as relevant to your instructions;
  • Your Social Insurance and Tax details;
  • Your bank details;
  • Details of your professional online presence;
  • Your employment status and details including salary and benefits;
  • Details of your pension arrangements;
  • Your racial or ethnic origin, gender and sexual orientation, religious or similar beliefs;
  • Personal identifying information.


We collect most of this information from you directly during the process of setting you up as a client of ours or during the course of taking instructions from you or providing you with legal and/or other advice.  However, we may also collect information from third parties including publicly accessible sources, e.g.: the Cyprus Registrar of Companies, directly from a third party, e.g.: from client due diligence providers; from a third party with your consent, e.g.: your bank or financial institution or advisor; consultants, service providers and other professionals engaged in relation to your matter; your employer and professional body, via our website - we use cookies on our website (for more information on cookies, please see below section of this policy.


Multilysis’ website, like most websites, uses cookies to run the content management system and to collect anonymous visitor data. In keeping with recent legislation, we are making users more aware of these cookies and providing links to help visitors decline or remove cookies.

Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your Web browser (if you allow) that enables the sites or service providers systems to recognize your browser and capture and remember certain information.

We use cookies to understand and save your preferences for future visits and compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future. We may contract with third-party service providers to assist us in better understanding our site visitors. These service providers are not permitted to use the information collected on our behalf except to help us conduct and improve our business.

Please note that opting-out or blocking cookies may impair your use of this (and other) websites.


We will only use your information when it is fair and lawful to do so. Most commonly, we will use your personal information in the following circumstances:

1. Where we need to perform the contract that we have entered into with you;
2. Where we need to comply with a legal obligation;
3. Where it is necessary for our legitimate interests (or those of a third party) namely to provide you with advice and assistance or in facilitating and enabling the management of all matters relating to our business, but only where your interests and fundamental rights do not override those interests;
4. Where you have given your consent and that consent has not subsequently been withdrawn by you.

We may also use your personal information in the following circumstances, which are likely to be rare:

5. Where we need to protect your interests (or someone’s interests).
6. Where it is needed in the public interest.

The situations where we will process your personal data are listed below:

  • to fulfil our contract with you;
  • to provide you with our services;
  • making payments to and on your behalf;
  • creating a client account for you;
  • to prevent fraud and to satisfy our legal obligations under The Money Laundering Regulations 2017 and corresponding financial crime legislations;
  • to provide you with information about our services;
  • to invite you to events or seminars that may be of interest to you;
  • to provide you with updates about the law and other topics that may be of interest to you;
  • for marketing and advertising purposes;
  • for intra group transfer or transfers to third party administrators for administration purposes; and
  • the enforcement of legal claims including debt collection including via out-of-court procedures.

Failure to provide personal information

Failure to provide certain information when requested may result in us being unable to perform both our legal obligations and our contractual duties to you, such as making payments to and on your behalf.

Sensitive Personal Information

We may also collect, store and use, exercise or defence of legal claims the below “special categories” of more sensitive personal information:

  • Information about health, including sickness records, medical conditions and other records.
  • Information about race or ethnicity, religious beliefs, trade union membership, sexual orientation and political opinion.
  • Information about criminal convictions and offences.

We will only process these ‘special categories of personal data’ in the following exceptional circumstances:

  • to the extent necessary for the establishment, exercise or defence of legal claims; or
  • with your explicit written consent which you can withdraw at any time.


We may use your personal data to send you updates (by email or post) in relation to legal, tax or other areas of practice that might be of interest to you and/or information about our services.

We have a legitimate interest in processing your personal data for promotional purposes (see above ‘How and why we use your personal data’). This means we do not usually need your consent to send you promotional communications. However, where consent is needed, for example for electronic marketing communications, we will ask for this consent separately and clearly.

We will always treat your personal data with the utmost respect and never sell it to other organisations for marketing purposes.

You have the right to opt out of receiving promotional communications at any time by contacting us at  

We may ask you to confirm or update your marketing preferences if you instruct us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.


We routinely share personal data with:

  • professional  advisers  who  we  instruct  on  your  behalf  or  refer  you  to,  e.g.  accountants, auditors, tax advisors or other experts;
  • other people involved in your matter (including the other side) and their advisers;
  • other  third  parties  where  necessary  to  carry  out  your  instructions,  e.g.  Registrar of Companies, Land Registry etc.;
  • our insurers and brokers;
  • our bank;
  • any other bank to carry out your instructions; and
  • our IT providers;

We only allow our service providers to handle your personal data if we are satisfied they take appropriate measures to protect your personal data. We also impose contractual obligations on service providers to ensure they can only use your personal data to provide services to us and to you.

We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.


Information may be held at our offices and those of the third party agencies, service providers, representatives and agents as described above (see above ‘Who we share your personal data with’). Some of these third parties may be based outside the European Economic Area. For more information,  including  on  how  we safeguard your  personal  data  when  this  occurs,  see  below: ‘Transferring your personal data out of the EEA’.


We will keep your personal data after we have finished advising or acting for you for any such period deemed reasonable and necessary by us. We will do so for one of these reasons:

  • to respond to any questions, complaints or claims made by you or on your behalf;
  • to enable us to carry out checks for conflicts of interest in the future;
  • to show that we treated you fairly; and
  • to keep records required by law.


The personal information you provide to us will be transferred and stored outside of the EEA for the purposes of carrying out administration and other functions necessary to provide our legal services to you. Any personal information transferred will receive an adequate level of protection as required by the Data Protection laws. Third parties will only process your personal information on our instructions and in the agreement that the information is kept secure and confidential.

Where any transfer is made to a third party supplier (for example to someone that we have outsourced an administrative function to or a provider of storage) outside of the EEA and the European Commission has not made an adequacy decision in relation to the laws of that country we will ensure that appropriate safeguards are in place prior to any transfer of your data. Those safeguards are likely to consist of either the use of standard data protection clauses adopted or approved by the European Commission or transfer to a US based recipient which is a member of the EU-US Privacy Shield self-certification arrangement or an equivalent regime.

Where any transfer is made to another lawyer, adviser or expert witness outside of the EEA we will usually do this on the basis that the transfer is necessary for the performance of our contract with you.


Data Subject Rights

Under certain circumstances, you have the right to:

  • Access your information

You are entitled to request access to the information we hold about you (known as a ‘data subject access request’). You are entitled to receive a copy of the personal information we hold about you and to check that it is being lawfully processed.

  • Correct your information

If the information we hold for you is incomplete or incorrect, you have the right to request a correction.

  • Request erasure

Where there are no reasons for continuing the processing of your personal information, you are able to request the removal or deletion of the personal information.

  • Object to processing

Where the firm relies on legitimate interest for the processing of your personal information, or for the purposes of direct marketing, you have the right to object to the processing.

  • Request the restriction of processing

You are entitled to request for a suspension for the processing of your personal information, for example, if you are awaiting the reasons for the processing of the information or require us to establish its accuracy.

  • Transfer your personal information

You are able to request the transfer of your personal information to another party.

It is important that the personal information we hold for you is accurate and up to date. If you would like to review, verify, correct or request erasure of your personal information, object to the processing of your personal data or request that we transfer a copy of your personal information to another party, please contact us by email

For further information on your rights, including the circumstances in which they apply, please visit the website of the Cyprus’ Information Commissioner’s Office.

If you would like to exercise any of those rights, please:

  • email, call or write to our data protection officer - see below: ‘How to contact us’; and
  • let us have enough information to identify you (your full name, address and client or matter reference number);
  • let us have proof of your identity and address (a copy of your ID or passport and a recent utility bill); and
  • let us know what right you want to exercise and the information to which your request relates.

No fee usually required

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.


We have appropriate security measures to prevent personal data from being accidentally lost, or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.


We hope that we can resolve any query or concern you may raise about our use of your information. The General Data Protection Regulation also gives you the right to lodge a complaint with a supervisory authority, in particular in the European Union or EEA state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in Cyprus may be contacted by email at or telephone: +357 22818456.


This privacy notice was published on 17.05.2018 and last updated in May 2018. We will provide you with reasonable prior notice of substantial changes in how we use your information, including by email at the email address you provide.


By email at

Other Pages in Privacy Policy

Office Address: 5 Amathountos street,
Pirilides Building, 4th-5th Floor,
3105 Limassol-Cyprus 51252, 3503