Privacy Statement


Pyrgou Vakis Law Firm (‘We’,‘us’) is a limited liability company incorporated in Cyprus with registgration number HE237322 and is located at 9 Lampousa street, 1095 Nicosia. PYRGOU VAKIS LAW FIRM is strongly committed to privacy and confidentiality issues entrusted to it.

This privacy notice describes how we collect and use your personal data and it applies to personal data provided to us, directly by you or by others. We may use your personal data provided to us only for the purposes described in this privacy Notice. Personal data is any information relating to an identified or identifiable living person.

PYRGOU VAKIS LAW FIRM processes your personal data for numerous purposes, and the means of collection, lawful basis of processing, use, disclosure, and retention periods for each purpose may differ.

When collecting and using your personal data, our policy is to be transparent about why and how we process personal data.

What personal data we collect

During the provision of our services we collect personal data from various sources to be able to provide our services and to comply with laws and regulations applicable to us. We collect your personal data from you when you have engaged us to act as your lawyers or legal advisors in legal proceeding in courts or otherwise. The personal data which we collect depend on the nature of the service we offer to you. We may also collect your personal data from our clients. For example, when you are a counterparty of our clients in a contract or when you are a party in court proceedings with our clients or when you are heirs of our clients etc.

We offer a variety of legal and other professional services to corporate clients. The information of such entities are not personal data. However, whilst we provide a service to a corporate client we may collect personal data of individuals who are connected with the client such as personnel, representatives, official, associates, beneficial owners, counterparties, customers or perspective customers and others which in anyway are related to the client. In this respect, we collect various categories of personal data depending on the specific service we’ve been engaged to provide. In any case we collect personal data which is adequate, relevant and limited to what is necessary for the purposes for which they are processed.

We also may collect your personal data during your visit to our website, the Internet Protocol (IP) address, browser type and version, device type, time zone setting, browser plug-in types and versions, operating system and platform. To learn more about our use of cookies or similar technology please check our Cookies Policy

Due to the nature of the services we offer and the variety of our clients, a non-excessive list of the categories of personal data we collect and process is provided below:
• Indemnification details such as name, surname, id/passport no
• Contact details
• Financial and payment information
• Facts of cases
• Information that you provide us, so that we provide you our services

Information necessary for Anti-money Laundering/ Know Your Client purposes such as economic profile, source of fund, wealth, relation with client etc. In this respect we process many categories of personal data, including as appropriate:

• Contact details
• Identification Information
• Business activities
• Family information
• Economic Profile information
• Professional Information
• Publicly available information
• Investments and other financial interests.

For certain services and when required by law we may also collect special categories of personal data such as health data or criminal records.

In case where you apply for a vacancy we collect:
• Name, surname
• Contact details such as address and email
• Personal data included in your curriculum vitae such as academic qualification, employment history, gender, nationality, skills and similar personal data which you included in your curriculum vitae
• Other information necessary for recruitment

How and Why we use your personal data

We will only use your personal data to achieve our purposes provided in this Privacy Notice and when the law allows us to. Most commonly, we will collect, use and process your personal data to achieve the following purposes: 

(a) When you or your organization engages us for the provision of our professional services; i.e. legal advice, fiduciary services etc.
(b) When a Third-Party Entity engages us to provide services and you hold an office or an interest in or have certain relationships with that Third-Party Entity;
(c) When you or your organization provide services to us;
(d) Where we need to comply with a legal obligation i.e. the prevention and suppression of money laundering and terrorist financing laws 2007 and its amendments;

During the performance of the above activities, we may ask you to provide us with the necessary information of other data subjects concerned, such as family members, regarding its use.

From whom we collect your personal data

PYRGOU VAKIS LAW FIRM collects your personal data (a) directly from you, (b) from your intermediaries, agents and/or representatives, (c) from public sources i.e. social media, web, world compliance websites etc.


PYRGOU VAKIS LAW FIRM may collect and process also children’s personal data during the performance of its business activities and in order to provide the service engaged for. In this case, we act only under the guardian’s consent to the processing. 

Personal data we receive from you about other people

Where you provide us with the personal data of other people, such as your employees, directors of your companies, or other persons you may have dealings with, you must ensure that you are entitled to do so and furthermore that, without being required to take further steps, we can collect, use and disclose that data in the manner described in this Policy. More specifically, you must ensure that the individual whose personal data you are sharing with us is aware of the matters discussed in this Privacy Policy, as these are relevant to that individual, including our identity, how to get in touch with us, the purposes for which we collect data, our disclosure practices, and the rights of the individual in relation to our holding of the data.

How we use your personal data

a. Providing professional services: We use your personal data in order to provide you with the requested professional service. In order to provide you with such service we are required to process your personal data in order to provide you with the requested advice and/or service and/or other deliverables. For example, we need to use personal data to provide legal advice, fiduciary services or litigation services.

b. Performing of Anti Money Laundering and Combat Terrorist Financing Due Diligence procedure: We use and process your personal data in order to fulfil our due diligence procedures required by the prevention and suppression of money laundering and terrorist financing laws of 2007, 2010, 2012 and 2013. In order to fulfil the requirements of the aforementioned laws we are required to collect and process your personal data. As part of our due diligence process, we carry out searches using publicly available sources (such as internet searches and sanctions lists) to identify politically exposed persons and heightened risk individuals and organizations and check that there are no issues that would prevent us from working with a particular client (such as sanctions, criminal convictions (including in respect of company directors), conduct or other reputational issues).

c. Quality and risk management activities: We, are certified as complying with the requirements of ISO 9001:2015. This entails that we regularly monitor the services provided to our clients for quality purposes. This process may involve processing personal data stored on the relevant client file. We have policies and procedures in place to monitor the quality of our services and manage risks in relation to client engagements.

d. To comply with court orders and exercises and/or defend our legal rights;

e. For any purpose related and/or ancillary to any of the above or any other purpose for which your personal data was provided to us.

Data retention
We maintain and store your personal data processed by us for as long as is considered necessary for the purpose for which it was collected as required by applicable law or regulation.

In the absence of specific legal, regulatory or contractual requirements, our baseline retention period for records and other documentary evidence created in the provision of services is 7 years.

We have implemented generally accepted standards of technology and operational security in order to protect personally identifiable data and information from loss, misuse, alteration or destruction. Only specifically authorized personnel of PYRGOU VAKIS LAW FIRM are provided access to personally identifiable information and these employees have agreed to ensure confidentiality of this information.

When and how we share personal data

We recognize that your information is valuable, and we take all reasonable measures to protect your information while it is in our care.

Your personal data may also be transferred to third party service providers who process information on our behalf, including providers of information technology, agents, identity management, and management, data analysis, data back-up, security and storage services. As a result, your personal information may, subject to the provisions of the and the Regulation (EU) 679/2016 and the Personal Data Law, be transferred outside the country where you are located. This includes countries outside the European Economic Area (EEA) and countries that do not have laws that provide specific protection for personal information.

PYRGOU VAKIS LAW FIRM may disclose your personal information to courts, law enforcement, regulatory, or other government agencies or to other third parties as required by, and in accordance with, applicable law or regulation.
We may also share your personal data with other professionals and consultants engaged in your matter like auditors, other fiduciary service providers or foreign law firms for the purpose of obtaining foreign legal advice, as may be relevant;

Your personal information is not shared with any third party, for any secondary or unrelated purposes unless otherwise disclosed or if specifically requested by you in the course of our service provision. If there is an instance where such information may be shared, your consent will be asked beforehand.

Personal data held by us may be transferred to:

a. Third party organizations that provide IT services to us

We use third parties to support us in running and managing our internal IT systems. For example, providers of information technology, cloud providers, website hosting and management, security and storage services. The servers powering and facilitating that cloud infrastructure are located in secure data centers in EU and personal data may be stored in any one of them.

b. Third party organizations that otherwise assist us in providing goods, services or information.
We may share your personal data with your respective insurers, legal advisors or auditors, other fiduciary service providers or a third party to the extent that this is required by law by any court of competent jurisdiction or by a governmental or regulatory authority, or where there is a legal duty or requirement to disclose, provided that (and without breaching any legal or regulatory requirement).

Rights of Data Subjects

Individuals have certain rights over their personal data and data controllers are responsible for fulfilling these rights. Where we decide the means and purposes under which their personal data are processed, we act as a data controller and hereinafter we include further information about the rights of individuals as data subjects and how they may exercise them.

Access to personal data

If you would like to update any personal data you have submitted, please email us at

When personally identifiable information is retained, we do not assume responsibility for verifying the ongoing accuracy of the content of personal information. When we are informed that any personal data collected is no longer accurate, we will make appropriate corrections based on the updated information provided by the authenticated data subject.

If you would like details of the information which you have submitted to us through this site, you have a right of access to such information and you may contact us via the above email address.

Rectification of personal data

In case you have identified that the personal data kept by us are obsolete you may contact us by sending us an email at

Other data subject rights

This privacy notice is intended to provide information about what personal data we collect about you and how they are processed. As well as rights of access and amendment referred to above, individuals may have other rights in relation to the personal data we hold, such as a right to erasure/deletion, to restrict or object to our processing of personal data and the right to data portability.

If you wish to exercise any of these rights, please contact us by sending us an email at


In case you wish to complaint for the use of your personal data, please send an email with the details of your complaint to We will look into and respond to any complaints we receive.

You have also the right to file your complaint with the Commissioner for the Protection of Personal data (the Cyprus data protection regulator). For further information on your rights and how to file a complaint to the Commissioner, please refer to

Changes to this privacy statement

Our ongoing responsibility to transparency requires us to keep this privacy notice updated through regular review.

This privacy notice was last updated on the 23rd day of November 2018.