Introduction

Pyrgou Vakis Law Firm (‘PVLF’, ‘We’, ‘us’) is a limited liability company incorporated in Cyprus under company number HE237322 and is located at 36 Agias Elenis street, GALAXIAS Building, Block B, Floor 6, Office 602, 1061 Nicosia, Cyprus. PVLF is strongly committed to privacy and confidentiality issues entrusted to it.

This privacy notice describes how we collect and use your personal data, and it applies to personal data provided to us, directly by you or by others.  We may use your personal data provided to us only for the purposes described in this privacy Notice.

This Policy applies to individuals who are current or prospective clients of the PVLF, employees, third parties, and business associates. By providing your personal information, you acknowledge and agree that we will process it in accordance with the terms set out in this Policy. The term “processing” refers to any action performed on your personal data, including but not limited to collection, registration, organization, structuring, storage, adaptation, modification, retrieval, consultation, use, transmission, dissemination, disposal, alignment, combination, restriction, erasure, or destruction. PVLF processes your personal data for numerous purposes, and the means of collection, lawful basis of processing, use, disclosure, and retention periods for each purpose may differ.

When collecting and using your personal data, our policy is to be transparent about why and how we process personal data. If you require further details on how we process your personal data, you may contact our Data Protection Officer via email at  privacy@pyrgouvakis.com.

Collection and processing of personal data

During the provision of our services, we collect and process personal data from various sources, so as to be able to provide our services and to comply with laws and regulations applicable to us. We may collect personal data either directly from you or from other sources. Direct collection occurs, for example, when you request our services, submit a curriculum vitae (CV), make an inquiry, request, or complaint, or interact with us through our website, electronic forms, or during online payments. It also includes instances where you complete personal details submission forms or engage with us through personal communication. Additionally, we may obtain personal data from third parties or other external sources, particularly in the context of providing services where you are directly involved. These sources may include your intermediaries, agents and/or representatives, public sources i.e. social media, world compliance, websites, publicly accessible databases, government departments, regulatory authorities, credit institutions, media outlets, press publications etc. We may also receive information from former employers listed in your CV or reference letters, clients, business partners, or other entities that introduce you to us. Furthermore, data may be collected through cookies and similar technologies, as well as through correspondence by phone, fax, email, website interactions, or photographic evidence.

We offer a variety of legal and other professional services to legal entities / clients. The information of such entities is not personal data. However, whilst we provide a service to aa legal entity, we may collect personal data of individuals who are connected with this entity such as personnel, representatives, official, associates, beneficial owners, signatories, proxies, counterparties, customers or perspective customers and others which in anyway are related to the client. In this respect, we collect various categories of personal data depending on the specific service we’ve been engaged to provide. In any case we collect personal data which is adequate, relevant and limited to what is necessary for the purposes for which they are processed.

We also may collect your personal data during your visit to our website, the Internet Protocol (IP) address, browser type and version, device type, time zone setting, browser plug-in types and versions, operating system and platform. To learn more about our use of cookies or similar technology please check our cookies policy here;

We collect and process a wide range of personal data due to the diverse nature of our services and the variety of clients we serve. This includes core identification and contact information such as full name, date of birth, nationality, ID or passport number, home address, email, phone number, occupation, social insurance number and country of residence. In the context of providing our services, we also collect case-specific data and other information you voluntarily provide to us, either directly or through electronic means. Additionally, we may process publicly available information obtained through media, registries, or public authorities, as necessary to fulfill our obligations and responsibilities.

Financial and payment-related data is another key category of information we process. This includes your bank account details, IBAN, income status, financial background, tax-related documents, tax declarations and bank references. Where required by law or for regulatory compliance, we collect and assess information related to Anti-Money Laundering (AML) and Know Your Client (KYC) purposes. This may include details about your economic profile, source of funds and wealth, and the nature of your relationship with the client. Data collected in this context is strictly limited to what is essential and proportionate for due diligence and compliance checks.

In the course of our operations, we may also collect data relating to your employment, academic, and professional background. This includes employment agreements, leave and absence records, salary history, academic degrees, training certificates, seminar participation records, CV contents, and performance evaluations. Additionally, property-related and legal documentation may be collected, such as title deeds, third-party signatures, and guarantor details. In certain circumstances, we may also process information about your family, including marital status, marriage and birth certificates, family structure, heirs, and, where relevant, criminal records.

When you apply for a vacancy, we collect personal and biographical information included in your curriculum vitae, such as name, contact details, academic qualifications, employment history, nationality, gender, and references. Supporting documents may also be required, including proof of address (e.g., utility bills) and bank account details. Where appropriate, we collect additional data such as academic and professional certificates, performance records and information about dependents. In cases where required by law or the nature of the position, we may also process sensitive information such as health data or a criminal record, ensuring all data is handled in accordance with legal obligations and best practices.

Use of  personal data

We will only collect and use your personal data to achieve the purposes outlined in this Privacy Policy and only when permitted by law.

Most commonly, we will collect, use, and process your personal data in the following circumstances:

• when you or your organization engage us for the provision of our professional services (e.g., legal advice, fiduciary services);
• when a third-party entity engages us and you hold an office in, have an interest in, or a relationship with that entity;
• when you or your organization provide services to us; and when we are required to comply with legal obligations, including obligations arising from anti-money laundering and terrorist financing legislation.

In the course of these activities, we may request information related to other data subjects (such as family members), where relevant.

Your personal data may also be processed internally by our employees and associates to ensure effective service delivery.

We may use your data to communicate with you, enhance our services and products, and—subject to your consent where required—for promotional, marketing, and advertising purposes tailored to your preferences.

Furthermore, we may process your data to comply with applicable national and EU laws, directives, court rulings, and regulatory guidelines; for the detection, investigation, and prevention of crimes including fraud and money laundering; for the assessment and management of legal or commercial risks; to protect our business operations, legal rights, property, or safety—and that of our clients, associates, and third parties; and to enforce our terms, pursue recovery actions, and mitigate potential damages.

Children

PVLF may collect and process also children’s personal data during the performance of its business activities and in order to provide the service engaged for. In this case, we act only under the guardian’s consent to the processing.

Personal data we receive from you about other people

Where you provide us with the personal data of other people, such as your employees, directors of your companies, or other persons you may have dealings with, you must ensure that you are entitled to do so and furthermore that, without being required to take further steps, we can collect, use and disclose that data in the manner described in this Policy. More specifically, you must ensure that the individual whose personal data you are sharing with us is aware of the matters discussed in this Privacy Policy, as these are relevant to that individual, including our identity, how to get in touch with us, the purposes for which we collect data, our disclosure practices, and the rights of the individual in relation to our holding of the data.

Data retention

We maintain and store your personal data processed by us, for as long as is considered necessary for the purpose for which it was collected as required by applicable law or regulation.

• Personal data arising from contractual engagements or other professional dealings will be retained for the duration of the relationship and for an additional 7 years following its conclusion.
• Client-related information is generally stored throughout the course of the business relationship with the Firm and remains archived for a further period of 7 years thereafter.
• Data provided by job applicants is retained for the entire recruitment process. If an application is unsuccessful, the information is promptly deleted, unless the candidate expressly consented to an extended retention period.

Security

We have implemented generally accepted standards of technology and operational security in order to protect personally identifiable data and information from loss, misuse, alteration or destruction. Only specifically authorized personnel of PVLF are provided with access to personally identifiable information and these employees have expressly agreed to ensure confidentiality of this information.

When and how we disclosure your personal data?

We only disclose your personal data when necessary and in accordance with this Privacy Policy. The employee responsible for the service you receive will access the necessary data, and where required, your personal data may be shared with third parties in order to fulfill the requested service.

Such third parties may include:

• Collaborators and associates such as lawyers, accountants, auditors, banks, insurance companies, document management providers, software developers, and IT/cloud service providers.
• Government and/or regulatory bodies and/or local authorities, including but not limited to the Registrar of Companies and Official Receiver, Social Insurance Department, Tax Department, Human Resources Development Authority.
• Courts of the Republic of Cyprus, arbitrators, mediators, debt collection and credit management agencies, evaluators, and other experts.

We may also disclose personal data:

• Where required by law or in connection with legal proceedings, or in order to exercise or defend our legal rights;
• Upon your explicit consent or following your instructions;
• To third parties involved in a business transfer, such as a merger, acquisition, reorganization, or sale of assets. In such cases, we will notify you before your data is transferred and becomes subject to a different privacy policy;
• To any third party to whom we assign or novate our rights or obligations.

In each case of data transmission, we ensure that only the minimum necessary information is shared, and only for lawful and legitimate purposes. All third parties are contractually bound to adhere to the provisions of the General Data Protection Regulation (GDPR).

Where your personal data needs to be transferred outside the European Union to jurisdictions that do not provide adequate levels of data protection, we commit to implementing appropriate safeguards, including standard contractual clauses, to ensure your data remains protected.

Employees / Visitors to our Offices

Our premises are equipped with a CCTV surveillance system and an access control system to ensure the safety and security of our staff, visitors, and property. The CCTV system records video footage of individuals within and around our offices, while the access control system processes and stores the names of persons who have been granted entry authorization. The data collected are securely stored on the respective system servers. No further processing or automated decision-making is carried out in relation to this data. Access to the recorded footage and stored information is strictly limited to authorized personnel designated by the firm. All data are retained for a period of thirty (30) days, after which they are automatically deleted, unless a longer retention period is required for the investigation of a specific incident.

Your Rights under the General Data Protection Regulation (GDPR)

Under the General Data Protection Regulation, you have specific rights regarding the processing of your personal data. Our Firm has developed a mechanism to ensure that requests relating to your personal data are handled effectively. Please note that some of the rights listed below may not apply in all circumstances.

• Right of Access: You have the right to request access to the personal data we hold about you. Upon request, and provided we maintain your data in electronic format, you may receive a copy of your personal data.
• Right to Rectification: You have the right to request the correction or completion of inaccurate or incomplete personal data we hold about you. Supporting documentation may be required in such cases.
• Right to Erasure (“Right to be Forgotten”): You may request the deletion of your personal data without undue delay, especially where the data is no longer necessary for the purposes for which it was collected. Please note that data will be deleted in accordance with our data erasure policy and applicable legal obligations.
• Right to Restriction of Processing: You can request the restriction of processing of your personal data if its accuracy is contested, if processing is unlawful, or if the data is no longer needed by us but you require it for legal claims.
• Right to Object: You may object at any time to the processing of your personal data. In such a case, we will cease processing unless there are compelling legitimate grounds or the data is needed for the establishment, exercise, or defense of legal claims.
• Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to request the transfer of such data to another controller.
• Right to Withdraw Consent: If the processing of your data is based on your consent, you have the right to withdraw that consent at any time. This will not affect the lawfulness of any processing carried out before the withdrawal. However, withdrawing your consent may affect the services we are able to provide.
• Right to Lodge a Complaint: If you believe your rights have been violated or are dissatisfied with the outcome of a request, you may lodge a complaint with the Commissioner for the Protection of Personal Data in Cyprus by using the following details:

Office of the Commissioner for the Protection of Personal Data

1 Iasonos Street, 2nd Floor, 1082 Nicosia
P.O. Box 23378, 1682 Nicosia
Tel.: +357 22818456
Email: commissioner@dataprotection.gov.cy

To exercise any of the rights listed above, or if you have any questions or require further clarification about your rights, please contact our Data Protection Officer:

• Email: privacy@pyrgouvakis.com
• Tel: +357 22466611
• Postal Address: Pyrgou Vakis LLC, 36 Agias Elenis Street, GALAXIAS Building, Block B, Floor 6, Office 602, Nicosia, 1061 Cyprus, Attn: Data Protection Officer.

Changes to this privacy statement

Our ongoing responsibility to transparency requires us to keep this privacy notice updated through regular review.

This privacy notice was last updated on 20^th day of October 2025.