Last updated May 2018
Adiuvo Trustees Ltd (hereinafter referred to as the “Firm” or “Adiuvo”) values your privacy and cares about the way in which your personal data is treated. This Privacy Statement has been prepared in accordance with the provisions of the EU General Data Protection Regulation (“GDPR”) and describes how Adiuvo collects and processes data, whether on individuals (individuals who are clients, intermediaries or other third parties that the Firm interacts with, or any individual who is connected to those parties) or otherwise. Where the data held are on individuals, this document also sets out the rights of those individuals in respect of that personal data.
Who we are
Our Firm is a limited liability company registered in Cyprus in 2012 with Registration Number HE 307693 and has its registered address situated at 165, Spyrou Araouzou, Lordos Waterfront Court, Office 201A, 3036, Limassol, Cyprus. We are regulated and licensed by the Cyprus Bar Association with licence number 624.
Adiuvo operates with a head office in Limassol, Cyprus and representation offices located in key technology, business, and financial centres and provides legal, corporate and other related services to clients that can be found here. Our team consists of lawyers, legal and tax consultants, business strategy advisors, immigration experts, specialists in the shipping industry whilst we closely cooperate with accountants, auditors, real estate advisors and Information Technology solution professionals.
Are you required to provide personal data?
As a general principle, you will provide us with your personal data entirely voluntarily; there are generally no detrimental effects for you if you choose not to consent or to provide personal data. However, there are circumstances in which Adiuvo cannot take action or provide services without certain of your personal data. For example, certain personal information is required to process your instructions, provide you with access to a newsletter or to carry out a legally required compliance screening. In these cases, it will unfortunately not be possible for us to provide you with what you request without the relevant personal information and we will notify you accordingly.
What personal information we collect
We may collect personal information from you in the course of our business, including through your use of our website, when you contact or request information from us, when you engage our legal or other services or as a result of your relationship with one or more of our employees and clients. The categories of data that we collect and process, according to the particulars of each case, may include:
- Basic and contact information such as name, surname (including name prefix or title), job title, the company you work for, postal addresses, including your home/residential address, business address, phone and/or fax number(s), and email addresses);
- Relevant information as required in order to meet legal, statutory and regulatory requirements, in particular in respect to Know Your Client and/or Anti-Money Laundering regulations and as part of our client intake procedures. This may possibly include evidence of source of funds, financial wealth and assets held, transactions entered into, tax status and financial information, such as payment related information, at the outset of and possibly from time to time throughout our relationship with clients, which we may request and/or obtain from third party sources. The sources for such verification may comprise documentation which we request from you or through the use of online sources or both.
- If legally required for compliance purposes, information about relevant and significant disputes, litigation or other legal or court proceedings engaged in or a third party related to you and interaction with you which may be relevant for antitrust purposes;
- Personal information provided to us by or on behalf of our clients or generated by us in the course or providing services to them, which may include special categories of data*;
- Further business information necessarily processed in a project or client contractual relationship with Adiuvo or voluntarily provided by you, such as instructions given, payments made, requests and projects;
- Details of your visits and meetings attended to our premises;
- Technical information, such as information from your visits to our website or applications or in relation to materials and communications we send to you electronically;
- Information collected from publicly available resources, integrity databases and credit agencies;
- any other information relating to you that you may voluntarily provide to us.
*Special Category Data – In certain instances, the personal data that the Firm processes may include “Special Category Data” which includes information on a person’s race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data processed for the purpose of uniquely identifying a natural person, health data or data relating to a person’s criminal record or alleged criminal activity. In such instances, legal bases for processing that data may include explicit consent (where the Special Category Data has been provided to the Firm by the data subject for any of the above-listed purposes) or the processing is being necessary for compliance with a legal obligation or for the purposes of legal proceedings or legal advice.
Why do we need them
The Firm ensures that the data collected and processed is relevant to one or more processing activities and that the Firm does not collect or process more or less data than what is reasonably required for achieving the purpose of each processing activity. Furthermore, for each purpose of processing, there is always at least one lawful basis to secure that the rights of individuals are safeguarded by all means. The purposes of processing and the lawful basis of each processing activity are mainly the following and are analysed in detail in the following table:
- To perform our obligations in accordance with any contract that we may have with you.
- It is in our legitimate interest or a third party’s legitimate interest to use personal information in such a way to ensure that we provide the Services in the best way that we can.
- It is our legal obligation to use your personal information to comply with any legal obligations imposed upon us.
|Purpose of processing||Legal Basis of processing|
|Fulfilment of Services and Client Services
We collect and maintain personal information that you voluntarily submit to us during your use of our website and/or our Services to enable us to perform the Services. Please note also that our Terms of Business apply when we provide the Services.
|It is necessary for us to process your information to perform our obligations in accordance with any contract or services agreement or any other agreement that we may have with you. It is in our legitimate interest, or a third party’s legitimate interest, to use your personal information in such a way to ensure that we provide the very best client service we can to you or others.
|Business administration and legal compliance
We use your personal information for the following business administration and legal compliance purposes:
|Where we use your personal information in connection with a business transition, to enforce our legal rights, or to protect the rights of third parties it is in our or a third party’s legitimate interest to do so. For all other purposes described in this section, it is our legal obligation to use your personal information to comply with any legal obligations imposed upon our Firm.|
To assess your suitability for any position for which you may apply at Adiuvo including partner level positions, associate positions, training contract or summer placements and also any business support or services role whether such application has been received by us online, via email or by hard copy or an in-person application. All employment related decisions are made entirely on merit.
|Where we use your personal information in connection with recruitment it will be in connection with us taking steps at your request to enter a contract we may have with you or it is in our legitimate interest to use personal information in such a way to ensure that we can make the best recruitment decisions for Adiuvo. We will not process any ‘special category data’ except where we are able to do so under applicable legislation or with your explicit consent.
We may carry out postal marketing and email marketing. We use information that we observe about you from your interactions with our website, our email communications to you and/or with services to send you marketing material, including sending updates on important legal developments and news about the Firm’s work and invitations to educational seminars and events.
|It is in our legitimate interest to use your personal information for marketing purposes.
We will only send you marketing communications where you have consented to receive such marketing communications, or where we have a lawful right to do so.
|Client insight and analysis
|Where your personal information is not in an anonymous form, it is in our legitimate interest to use your personal information in such a way to ensure that we provide the very best products and services to you and our other clients.
Any other purposes for which we wish to use your personal information that are not listed above, or any other changes we propose to make to the existing purposes will be notified to you using your contact details (where available).
To ensure the security of the Firm’s system, staff and premises (including the use of CCTV equipment in the public areas of the premises)
|It is in the legitimate interests of the Firm to protect its business environment, staff and premises from being misused in any way and to ensure that business operations run smoothly without unauthorised interruption.
By entering our Firm’s premises, any individual automatically consents to the use of CCTV for monitoring purposes and to abide by the internal health and safety procedures of our Firm.
To meet all legal, regulatory and ethical obligations applicable to the Firm, comply with any applicable law, court order, other judicial process, or the requirements of a regulator.
|It is our legal obligation to use your personal information to comply with any legal obligations imposed upon the Firm
It is in the legitimate interests of the Firm as a provider of legal services to process data to the extent necessary to ensure that it meets all legal, regulatory and ethical obligations applicable to the Firm.
|Purposes of internal know-how and training||It is in the legitimate interests of the Firm as a provider of legal services to process data for internal know how and staff training in such a way to ensure that we provide the Services in the best way that we can.
|Investigate or settle inquiries or disputes||It is in the legitimate interests of the Firm as a provider of legal services to collect and process certain personal data to enable it follow up on comments, inquiries, disputes or complains in order to enhance client/user experience with the services of the Firm.
To perform our obligations in accordance with any contract that we may have with you.
Any other purpose(s) which has been agreed by or notified to you
|It is in our legitimate interest or a third party’s legitimate interest to use personal information in such a way to ensure that we provide the services in the best way that we can.
With whom we share your personal information
We may also share personal information with a variety of the following categories of third parties as necessary. These may include clients, intermediaries, data subjects directly, third parties connected to the data subject (for example, their employer or another service provider who provides services to the data subject) or open-source material.
Reasonable endeavours are made to ensure that data is only accessible by those with a need for access to fulfil the purposes set out above. The following is a list of potential recipients of data (in each case including respective employees, directors and officers) is non-exhaustive and there may be other examples where we need to share with other parties in order to provide the services as effectively as we can.
- employees of the Firm who have been provided with the appropriate training in order to handle personal data promptly and in compliance with European Union’s GDPR and other applicable laws are acquainted with the GDPR and who have also signed the Firm’s Confidentiality and Non-Disclosure Statement;
- other service providers (legal, governance or otherwise, including any bank or financial institution providing services in relation to any matter on which the Firm is instructed) where disclosure to that provider of services is considered necessary to fulfil the purposes set out above;
- third parties engaged in the course of the services we provide to clients such as lawyers, accountants, auditors, counsel, arbitrators, mediators, clerks, witnesses, courts, tribunals, opposing party and their lawyers, document review platforms and experts such as tax advisors or valuers;
- any sub-contractors, agents or service providers of the Firm;
- third parties to whom we outsource certain services such as, without limitation, document processing and translation services, confidential waste disposal, IT systems or software providers, IT Support service providers, document and information storage providers;
- Third party service providers to assist us with client insight analytics, such as Google Analytics;
- third parties with whom the Firm engages for the hosting of events or other marketing initiatives;
- government or regulatory authorities or other governmental or supervisory bodies with a legal right to the material or a legitimate interest in any material;
- law enforcement agencies where considered necessary for the Firm to fulfil legal obligations applicable to it;
- any registrar of a public register where the data is to be included in a public registry.
Third party contractors and other controllers
Where the Firm is entering into an engagement with a third party or a sub-contractor pursuant to which data may be processed by that third party, the Firm will seek to enter into an agreement with that third party setting out the respective obligations of each party and it will seek to be reasonably satisfied that the third party has measures in place equal to those of the Firm to protect data against unauthorised or accidental use, access, disclosure, damage, loss or destruction.
We conduct an appropriate level of due diligence and put in place contractual documentation in relation to any sub-contractor to ensure that they process personal information appropriately and according to our legal and regulatory obligations. In the event that any such third party is outside of the European Union and where the data being transferred would include personal data which would be protected under applicable Data Protection regulation the Firm will ensure that it meets the relevant requirements of that Data Protection regulation prior to carrying out any such transfer.
Period of Retention of data
For visitors to the website, we will retain relevant personal information for at least three years from the date of our last interaction with you and in compliance with our obligations under the EU General Data Protection Regulation or similar legislation around the world, or for longer if we are required to do so according to our regulatory obligations or professional indemnity obligations.
For service provision to any client, we will retain relevant personal information for at least six years from the date of our last interaction with that client and in compliance with our obligations under the EU General Data Protection Regulation or similar legislation around the world, or for longer as we are required to do so according to our regulatory obligations or professional indemnity obligations. We may then destroy such files without further notice or liability.
If personal information is only useful for a short period e.g. for specific marketing campaigns, after the fulfilment of the purposes for which the personal data was collected, such data will be destroyed.
Subject to certain legal conditions, data subjects in the European Union (or any jurisdiction with equivalent legislation to the European Union GDPR) have certain rights in respect of their personal data.
Any such data subject wishing to exercise any rights under applicable data protection laws (including the right to withdraw any consent to processing previously given; the right of access to data; or to have data corrected, updated, rectified or erased; or for access to data to be restricted or provided to any third party; or to object to any particular processing; or to lodge a complaint with the relevant supervisory authority; or the right o data portability) should send the request in the first instance to email@example.com.
In response to such requests, the Firm reserves the right to require the individual making the request to provide certain details about himself/herself so that the Firm can validate that the individual is indeed the person whom the data refers to. The Firm is required to respond to the request of the individual within 40 days and it will endeavour to do so wherever possible. The Firm reserves the right to charge a reasonable fee to cover any expenses that may arise from the request.
In any case in which a data subject chooses not to provide any personal data, or where any of the rights set out above are exercised to limit the processing of personal data, the Firm may be unable to provide relevant services, or there may be restrictions on the services which can be provided.
Right of access: If you ask us, we’ll confirm whether we’re processing your personal information and, if necessary, provide you with a copy of that personal information (along with certain other details). If you require additional copies, we may need to charge a reasonable fee.
Right to rectification: If the personal information we hold about you is inaccurate or incomplete, you are entitled to request to have it rectified. If you are entitled to rectification and if we’ve shared your personal information with others, we’ll let them know about the rectification where possible. If you ask us, where possible and lawful to do so, we’ll also tell you who we’ve shared your personal information with so that you can contact them directly.
Right to erasure: You can ask us to delete or remove your personal information in some circumstances such as where we no longer need it or if you withdraw your consent (where applicable). If you are entitled to erasure and if we’ve shared your personal information with others, we’ll let them know about the erasure where possible. If you ask us, where it is possible and lawful for us to do so, we’ll also tell you who we’ve shared your personal information with so that you can contact them directly.
Right to restrict processing; You can ask us to ‘block’ or suppress the processing of your personal information in certain circumstances, such as where you contest the accuracy of that personal information or you object to us. If you are entitled to restriction and if we’ve shared your personal information with others, we’ll let them know about the restriction where it is possible for us to do so. If you ask us, where it is possible and lawful for us to do so, we’ll also tell you who we’ve shared your personal information with so that you can contact them directly.
Right to data portability: You have the right, in certain circumstances, to obtain personal information you’ve provided us with (in a structured, commonly used and machine readable format) and to reuse it elsewhere or to ask us to transfer this to a third party of your choice.
Right to object: You can ask us to stop processing your personal information, and we will do so, if we are (i) relying on our own or someone else’s legitimate interests to process your personal information, except if we can demonstrate compelling legal grounds for the processing; or (ii) processing your personal information for direct marketing purposes.
Right to withdraw consent: If we rely on your consent (or explicit consent) as our legal basis for processing your personal information, you have the right to withdraw that consent at any time.
Right to lodge a complaint with the supervisory authority: If you have a concern about any aspect of our privacy practices, including the way we’ve handled your personal information, you can report it to the relevant Supervisory Authority.
Please note that some of these rights may be limited where we have an overriding interest or legal obligation to continue to process the data or where data may be exempt from disclosure due to reasons of legal professional privilege or professional secrecy obligations.
Use of Personal Data in Legal Proceedings
If it becomes necessary that the Firm has to take action against you for any reason whatsoever, including but not limited to recovering from you any money you owe to the Firm, you expressly agree that the personal data provided by you can be relied upon in identifying and taking legal action against you.
Updates to this Privacy Statement
This Privacy Statement was last updated on 24th May 2018. As we may make changes to this Privacy Statement from time to time, Adiuvo reserves the right to keep this Privacy Statement under review in order to ensure that it reflects any changes to the applicable laws or regulatory requirements. Where it is practicable, we will notify you by email of any significant changes. In any other case, any changes will appear on our website.
How to contact us
Adiuvo ensures that your privacy is respected. The Firm has a Data Protection Officer and all enquiries in respect of this Privacy statement or any requests or comments regarding this Privacy Statement should be directed to the Data Protection Officer at firstname.lastname@example.org or via post at our registered address.