HOME  /  Privacy Policy


Last updated: 30 June 2020

Privacy Policy

Multilysis Services Ltd (“We”, “Us” and “Our”) is committed to protecting and respecting your privacy. This policy (together with our terms of use policy and any other documents referred to on it) sets out the basis for which any personal data we collect from you, or that you provide to us, will be processed by us, how we collect, share and use personal information about you and how you can exercise your privacy rights. It applies to all individuals who access our website at www.multilysis.com, engage our legal services, or who participate in our recruitment activities.

We suggest that you read the following carefully to ensure you are fully informed and to understand our views and practices regarding your personal data, as well as how we will treat it.

For the purpose of Data Protection Laws (as defined below) the ‘data controller’ is Multilysis Services Ltd of 5 Amathountos Str., Pirilides Building, 3105, Limassol- Cyprus (Reg. No.: 103366).

For the purpose of the Data Protection Laws ‘personal data’ is any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person, or a combination of the aforesaid which may identify the data subject. ‘Sensitive personal data’ is data concerning a specific set of “special categories” that must be treated with extra security. These categories are:

  • Racial or ethnic origin;
  • Political opinions;
  • Religious or philosophical beliefs;
  • Trade union membership;
  • Genetic and biometric data; and
  • Data concerning health, sex life or sexual orientation.

Our use of your personal data is subject to your instructions, if applicable, and the Data Protection Laws.

Data Protection Laws” means the following legislation as applicable:

(a) the General Data Protection Regulation (2016/679) (“GDPR”); any law, statute, declaration, decree, legislative enactment, order, ordinance, regulation, rule or other binding instrument of any EU member state where the Parties have a presence which implements the Data Protection Directive (95/46/EC), the GDPR or the Directive on Privacy and Electronic Communications (2002/58/EC); and

(b) National Law No. 125(I)/2018 as amended from time to time.


The table below sets out the personal data we will or may collect in the course of offering our services, advising or acting for you, including, but not limited to, when you fill out an enquiry or registration form, where all the necessary details relating to our KYC procedures will be required.

Personal data we will or may collect depending on why you have instructed us:

  • Your full name, address and telephone number;
  • Information to enable us to check and verify your identity;
  • Electronic contact details;
  • Information relating to the matter in which you are seeking our advice or representation;
  • Information to enable us to undertake a credit or other checks, i.e. your date of birth and identity or passport details;
  • Your financial details so far as relevant to your instructions;
  • Your Social Insurance and Tax details;
  • Your bank details;
  • Details of your professional online presence;
  • Your employment status and details including salary and benefits;
  • Details of your pension arrangements;
  • Your racial or ethnic origin, gender and sexual orientation, religious or similar beliefs;
  • Personal identifying information.


We collect most of this information from you directly during the process of setting you up as a client of ours or during the course of taking instructions from you or providing you with legal and/or other advice. However, we may also collect information from third parties including publicly accessible sources, e.g.: the Cyprus Registrar of Companies, directly from a third party, e.g.: from client due diligence providers; from a third party with your consent, e.g.: your bank or financial institution or advisor; consultants, service providers and other professionals engaged in relation to your matter; your employer and professional body, via our website and social media accounts - we use cookies on our website (for more information on cookies, please see below section of this policy.

What information do we collect when you engage in recruitment services?

We collect information from and about candidates in connection with available employment opportunities with us. This information may include CVs, identification documents, academic records, work history, employment and references.

We use your personal information to match your skills, experience and education with the specific roles offered by the firm. This information is passed to the relevant hiring managers and persons involved in the recruitment process to decide whether to invite you for interview. We will collect further information from you if you are invited to the interview (or equivalent) stage and onwards.

In connection with our recruitment activities, we may also collect special categories of personal information from candidates where we have an employment law obligation to do so, the information is relevant to their future working environment at us or the future provision of employment benefits, or with the individual's explicit consent. We may also need to conduct criminal background checks for some candidates, for example applicant lawyers, to assess their eligibility to work at our firm.

We may collect personal information about candidates from the following sources:

  • Directly from you – for example, information that you have provided when applying for a position directly through the firm's recruitment website;
  • From recruitment agencies – for example, when a recruitment agency contacts us to identify you as a potential candidate;
  • Through publicly available sources online – for example, where you have a professional profile posted online (e.g. on your current employer's website, or on a professional networking site like LinkedIn); and
  • By reference or word of mouth – for example, through a referred from former employee/employer or from a referee you have identified.


Multilysis’ website uses cookies to run the content management system and collect anonymous visitor data. In keeping in line with recent legislation, we are making users more aware of these cookies and providing links to help visitors decline or remove cookies.

Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your Web browser (if you allow) that enables the sites or service providers’ systems to recognize your browser and capture and remember certain information.

We use cookies to understand and save your preferences for future visits and compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future. We may contract with third-party service providers to assist us in better understanding our site visitors. These service providers are not permitted to use the information collected on our behalf except to help us conduct and improve our business.

Please note that opting-out or blocking cookies may impair your use of this (and other) websites.


Occasionally, at our discretion, we may include or offer third party services on our website. These third party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.


We will only use your information when it is fair and lawful to do so. Most commonly, we will use your personal information in the following circumstances:

  • Where we need to perform the contract that we have entered into with you;
  • Where we need to comply with a legal obligation;
  • Where it is necessary for our legitimate interests (or those of a third party), namely, to provide you with advice and assistance or in facilitating and enabling the management of all matters relating to our business, but only where your interests and fundamental rights do not override those interests;
  • Where you have given your consent and that consent has not subsequently been withdrawn by you.

We may also use your personal information in the following circumstances, which are likely to be rare:

  • Where we need to protect your interests (or someone’s interests).
  • Where it is needed in the public interest.
  • To personalize your needs/requirements (your information helps us to better respond to your individual requests) and
  • To improve our website (we strive to improve our website offerings based on the information and feedback we receive from you).

The situations where we will process your personal data are listed below:

  • to fulfil our contract with you;
  • to provide you with our services;
  • making payments to and on your behalf;
  • creating a client account for you;
  • to prevent fraud and to satisfy our legal obligations under The Money Laundering Regulations 2017 as amended and corresponding financial crime legislation;
  • to provide you with information about our services;
  • to invite you to events or seminars that may be of interest to you;
  • to provide you with updates about the law and other topics that may be of interest to you;
  • for marketing and advertising purposes, including promotional communications as stated below;
  • for intra group transfer or transfers to third party administrators for administration purposes; and
  • the enforcement of legal claims including debt collection including via out-of-court procedures.

Failure to provide personal information

Failure to provide certain information when requested may result in us being unable to perform both our legal obligations and our contractual duties to you, such as making payments to and on your behalf.

Sensitive Personal Information and Special Categories of Data

We may also collect, store and use, the below “special categories” of more sensitive personal information for the purpose of representing you in your legal claims before Court:

  • Information about health, including sickness records, medical conditions and other records.
  • Information about race or ethnicity, religious beliefs, trade union membership, sexual orientation and political opinion.
  • Information about criminal convictions and offences.

We will only process these ‘special categories of personal data’ in the following exceptional circumstances:

  • to the extent necessary for the establishment, exercise or defence of legal claims; or
  • with your explicit written consent which you can withdraw at any time.


We may use your personal data to send you updates (by email or post) in relation to legal, tax or other areas of practice that might be of interest to you and/or information about our services.

We have a legitimate interest in processing your personal data for promotional purposes (see above ‘How and why we use your personal data’). This means we do not usually need your consent to send you promotional communications. However, where consent is needed, for example for electronic marketing communications, we will ask for this consent separately and clearly.

We will always treat your personal data with the utmost respect and never share it with other organisations for marketing purposes without your explicit written consent.

You have the right to opt out of receiving promotional communications at any time by contacting our Data Protection Officer at dpo@multilysis.com.

We may ask you to confirm or update your marketing preferences if you instruct us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.


We routinely share personal data with:

  • professional advisers who we instruct on your behalf or refer you to, e.g. accountants, auditors, tax advisors or other experts;
  • other people involved in your matter (including counterparts) and their advisers;
  • other third parties where necessary to carry out your instructions, e.g. Registrar of Companies, Land Registry etc.;
  • our insurers and brokers;
  • our bank;
  • any other bank to carry out your instructions; and
  • our IT providers.

We only allow our service providers to collect and process your personal data if we are satisfied they take appropriate measures to protect your personal data. We also impose contractual obligations on service providers to ensure they can only use your personal data to provide services to us and to you.


All non-public information shared including but not limited to any personal information, litigation strategy, evidence, written work product, thoughts, impressions and ideas, shall be treated as confidential and shall not be disclosed to any third parties except the trusted third parties, who assist Multilysis Services Ltd in operating its website, conducting business, or servicing you and who have agreed to keep this information secure in accordance with the GDPR and applicable local data protection legislation, and confidential.

We may share your information to third parties where this is reasonably necessary, for the purposes set out in the policy including:

  • Business partners and sub-contractors for the performance of any contract we enter into with them or you.
  • Analytics and search engine providers that assist us in the improvement and optimisation of our site.

We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.


Information may be held at our offices and those of the third party agencies, service providers, representatives and agents as described above (see above ‘Who we share your personal data with’). Some of these third parties may be based outside the European Economic Area. For more information, including on how we safeguard your personal data when this occurs, see below: ‘Transferring your personal data out of the EEA’. In addition, our website may store a limited amount of personal data such as name, surname, contact email and telephone no.


We will keep your personal data after we have completed our contractual obligation towards you and/or for any such period stipulated by applicable legislation and regulations. We will do so for one of these reasons:

  • to respond to any questions, complaints or claims made by you or on your behalf;
  • to enable us to carry out checks for conflicts of interest in the future;
  • to show that we treated you fairly; and
  • to keep records required by law or regulation.

If you have questions about, or need further information concerning, our data retention periods, please send an email to dpo@multilysis.com.


The personal information you provide to us will be transferred and stored outside of the EEA for the purposes of carrying out administration and other functions necessary to provide our legal services to you. Any personal information transferred will receive an adequate level of protection as required by the Data Protection laws. Third parties will only process your personal information on our instructions and in the agreement that the information is kept secure and confidential.

Where any transfer is made to a third party supplier (for example to someone that we have outsourced an administrative function to or a provider of storage) outside of the EEA and the European Commission has not made an adequacy decision in relation to the laws of that country we will ensure that appropriate safeguards are in place prior to any transfer of your data. Those safeguards are likely to consist of either the use of standard data protection clauses adopted or approved by the European Commission or transfer to a US based recipient which is a member of the EU-US Privacy Shield self-certification arrangement or an equivalent regime.

Where any transfer is made to another lawyer, adviser or expert witness outside of the EEA we will usually do this on the basis that the transfer is necessary for the performance of our contract with you.


Data Subject Rights

Under certain circumstances, you have the right to:

  • Access your information

You are entitled to request access to the information we hold about you (known as a ‘data subject access request’). You are entitled to receive a copy of the personal information we hold about you and to check that it is being lawfully processed.

  • Correct your information

If the information we hold for you is incomplete or incorrect, you have the right to request a correction.

  • Request erasure

Where there are no reasons for continuing the processing of your personal information, you are able to request the removal or deletion of the personal information.

  • Object to processing

Where the firm relies on legitimate interest for the processing of your personal information, or for the purposes of direct marketing, you have the right to object to the processing.

  • Request the restriction of processing

You are entitled to request for a suspension for the processing of your personal information, for example, if you are awaiting the reasons for the processing of the information or require us to establish its accuracy.

  • Withdraw your consent

If we have collected and process your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.

  • Transfer your personal information

You are able to request the transfer of your personal information to another party.

It is important that the personal information we hold for you is accurate and up to date. If you would like to review, verify, correct or request erasure of your personal information, object to the processing of your personal data or request that we transfer a copy of your personal information to another party, please contact us by email dpo@multilysis.com.

  • Complain to the authority

You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority.

For further information on your rights, including the circumstances in which they apply, please visit the website of the Cyprus’ Information Commissioner’s Office at http://www.dataprotection.gov.cy/dataprotection/dataprotection.nsf/home_en/home_en?opendocument.

If you would like to exercise any of those rights, please:

  • email, call or write to our data protection officer - see below: ‘How to contact us’; and
  • let us have enough information to identify you (your full name, address and client or matter reference number);
  • let us have proof of your identity and address (a copy of your ID or passport and a recent utility bill); and
  • let us know what right you want to exercise and the information to which your request relates.

We respond to all requests received from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.

No fee usually required

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.


We have appropriate technical and organisational measures to prevent personal data from being accidentally lost, or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal data.


We hope that we can resolve any query or concern you may raise about our use of your information. The General Data Protection Regulation also gives you the right to lodge a complaint with a supervisory authority, in particular in the European Union or EEA state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in Cyprus may be contacted by email at commissioner@dataprotection.gov.cy or telephone: +357 22818456.


We may update this Privacy Notice from time to time in response to legal, technical or business developments. When we update our Privacy Notice, we will take appropriate measures to inform you, which will be consistent with the significance of the changes we make. We will obtain your consent to any material Privacy Policy changes if and where this is required by applicable data protection laws.

This privacy notice was published on 17.05.2018 and last updated on 30.06.2020. We will provide you with reasonable prior notice of substantial changes in how we use your information, including by email at the email address you provide.


By email at dpo@multilysis.com.