Last updated: 30 June 2020
We suggest that you read the following carefully to ensure you are fully informed and to understand our views and practices regarding your personal data, as well as how we will treat it.
For the purpose of Data Protection Laws (as defined below) the ‘data controller’ is Multilysis Services Ltd of 5 Amathountos Str., Pirilides Building, 3105, Limassol- Cyprus (Reg. No.: 103366).
For the purpose of the Data Protection Laws ‘personal data’ is any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person, or a combination of the aforesaid which may identify the data subject. ‘Sensitive personal data’ is data concerning a specific set of “special categories” that must be treated with extra security. These categories are:
Our use of your personal data is subject to your instructions, if applicable, and the Data Protection Laws.
“Data Protection Laws” means the following legislation as applicable:
(a) the General Data Protection Regulation (2016/679) (“GDPR”); any law, statute, declaration, decree, legislative enactment, order, ordinance, regulation, rule or other binding instrument of any EU member state where the Parties have a presence which implements the Data Protection Directive (95/46/EC), the GDPR or the Directive on Privacy and Electronic Communications (2002/58/EC); and
(b) National Law No. 125(I)/2018 as amended from time to time.
PERSONAL DATA WE COLLECT ABOUT YOU
The table below sets out the personal data we will or may collect in the course of offering our services, advising or acting for you, including, but not limited to, when you fill out an enquiry or registration form, where all the necessary details relating to our KYC procedures will be required.
Personal data we will or may collect depending on why you have instructed us:
HOW YOUR PERSONAL DATA IS COLLECTED
What information do we collect when you engage in recruitment services?
We collect information from and about candidates in connection with available employment opportunities with us. This information may include CVs, identification documents, academic records, work history, employment and references.
We use your personal information to match your skills, experience and education with the specific roles offered by the firm. This information is passed to the relevant hiring managers and persons involved in the recruitment process to decide whether to invite you for interview. We will collect further information from you if you are invited to the interview (or equivalent) stage and onwards.
In connection with our recruitment activities, we may also collect special categories of personal information from candidates where we have an employment law obligation to do so, the information is relevant to their future working environment at us or the future provision of employment benefits, or with the individual's explicit consent. We may also need to conduct criminal background checks for some candidates, for example applicant lawyers, to assess their eligibility to work at our firm.
We may collect personal information about candidates from the following sources:
Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your Web browser (if you allow) that enables the sites or service providers’ systems to recognize your browser and capture and remember certain information.
Please note that opting-out or blocking cookies may impair your use of this (and other) websites.
THIRD PARTY LINKS
Occasionally, at our discretion, we may include or offer third party services on our website. These third party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.
HOW AND WHY WE USE YOUR PERSONAL DATA
We will only use your information when it is fair and lawful to do so. Most commonly, we will use your personal information in the following circumstances:
We may also use your personal information in the following circumstances, which are likely to be rare:
The situations where we will process your personal data are listed below:
Failure to provide personal information
Failure to provide certain information when requested may result in us being unable to perform both our legal obligations and our contractual duties to you, such as making payments to and on your behalf.
Sensitive Personal Information and Special Categories of Data
We may also collect, store and use, the below “special categories” of more sensitive personal information for the purpose of representing you in your legal claims before Court:
We will only process these ‘special categories of personal data’ in the following exceptional circumstances:
We may use your personal data to send you updates (by email or post) in relation to legal, tax or other areas of practice that might be of interest to you and/or information about our services.
We have a legitimate interest in processing your personal data for promotional purposes (see above ‘How and why we use your personal data’). This means we do not usually need your consent to send you promotional communications. However, where consent is needed, for example for electronic marketing communications, we will ask for this consent separately and clearly.
We will always treat your personal data with the utmost respect and never share it with other organisations for marketing purposes without your explicit written consent.
You have the right to opt out of receiving promotional communications at any time by contacting our Data Protection Officer at firstname.lastname@example.org.
We may ask you to confirm or update your marketing preferences if you instruct us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.
WHO WE SHARE YOUR PERSONAL DATA WITH
We routinely share personal data with:
We only allow our service providers to collect and process your personal data if we are satisfied they take appropriate measures to protect your personal data. We also impose contractual obligations on service providers to ensure they can only use your personal data to provide services to us and to you.
DISCLOSURE OF INFORMATION
All non-public information shared including but not limited to any personal information, litigation strategy, evidence, written work product, thoughts, impressions and ideas, shall be treated as confidential and shall not be disclosed to any third parties except the trusted third parties, who assist Multilysis Services Ltd in operating its website, conducting business, or servicing you and who have agreed to keep this information secure in accordance with the GDPR and applicable local data protection legislation, and confidential.
We may share your information to third parties where this is reasonably necessary, for the purposes set out in the policy including:
We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.
WHERE YOUR PERSONAL DATA IS HELD
Information may be held at our offices and those of the third party agencies, service providers, representatives and agents as described above (see above ‘Who we share your personal data with’). Some of these third parties may be based outside the European Economic Area. For more information, including on how we safeguard your personal data when this occurs, see below: ‘Transferring your personal data out of the EEA’. In addition, our website may store a limited amount of personal data such as name, surname, contact email and telephone no.
HOW LONG YOUR PERSONAL DATA WILL BE KEPT
We will keep your personal data after we have completed our contractual obligation towards you and/or for any such period stipulated by applicable legislation and regulations. We will do so for one of these reasons:
If you have questions about, or need further information concerning, our data retention periods, please send an email to email@example.com.
TRANSFERRING YOUR PERSONAL DATA OUTSIDE THE EU
The personal information you provide to us will be transferred and stored outside of the EEA for the purposes of carrying out administration and other functions necessary to provide our legal services to you. Any personal information transferred will receive an adequate level of protection as required by the Data Protection laws. Third parties will only process your personal information on our instructions and in the agreement that the information is kept secure and confidential.
Where any transfer is made to a third party supplier (for example to someone that we have outsourced an administrative function to or a provider of storage) outside of the EEA and the European Commission has not made an adequacy decision in relation to the laws of that country we will ensure that appropriate safeguards are in place prior to any transfer of your data. Those safeguards are likely to consist of either the use of standard data protection clauses adopted or approved by the European Commission or transfer to a US based recipient which is a member of the EU-US Privacy Shield self-certification arrangement or an equivalent regime.
Where any transfer is made to another lawyer, adviser or expert witness outside of the EEA we will usually do this on the basis that the transfer is necessary for the performance of our contract with you.
Data Subject Rights
Under certain circumstances, you have the right to:
You are entitled to request access to the information we hold about you (known as a ‘data subject access request’). You are entitled to receive a copy of the personal information we hold about you and to check that it is being lawfully processed.
If the information we hold for you is incomplete or incorrect, you have the right to request a correction.
Where there are no reasons for continuing the processing of your personal information, you are able to request the removal or deletion of the personal information.
Where the firm relies on legitimate interest for the processing of your personal information, or for the purposes of direct marketing, you have the right to object to the processing.
You are entitled to request for a suspension for the processing of your personal information, for example, if you are awaiting the reasons for the processing of the information or require us to establish its accuracy.
If we have collected and process your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
You are able to request the transfer of your personal information to another party.
It is important that the personal information we hold for you is accurate and up to date. If you would like to review, verify, correct or request erasure of your personal information, object to the processing of your personal data or request that we transfer a copy of your personal information to another party, please contact us by email firstname.lastname@example.org.
You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority.
For further information on your rights, including the circumstances in which they apply, please visit the website of the Cyprus’ Information Commissioner’s Office at http://www.dataprotection.gov.cy/dataprotection/dataprotection.nsf/home_en/home_en?opendocument.
If you would like to exercise any of those rights, please:
We respond to all requests received from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
No fee usually required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
KEEPING YOUR PERSONAL DATA SECURE
We have appropriate technical and organisational measures to prevent personal data from being accidentally lost, or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal data.
HOW TO COMPLAIN
We hope that we can resolve any query or concern you may raise about our use of your information. The General Data Protection Regulation also gives you the right to lodge a complaint with a supervisory authority, in particular in the European Union or EEA state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in Cyprus may be contacted by email at email@example.com or telephone: +357 22818456.
This privacy notice was published on 17.05.2018 and last updated on 30.06.2020. We will provide you with reasonable prior notice of substantial changes in how we use your information, including by email at the email address you provide.
HOW TO CONTACT US
By email at firstname.lastname@example.org.