1. Introduction
Who we are
This Data Protection Policy provides an overview of how and why Epaminondou & Co Audit Services Ltd (hereinafter referred to as “firm”) collects and processes data of natural persons and informs you of the rights granted to you by the relevant legal framework, including across our website, https://epaminondou.com/, and other sites we own and operate.
Epaminondou & Co Audit Services Ltd is a data controller within the meaning of the GDPR, and we process personal data.
Neoklis Epaminondou as a Data Protection/ Compliance Officer from Epaminondou & Co Audit Services Ltd, Chartered Certified Accountants, Hadjikyriacos Building, Office 402, 4th Floor, Prodromou Street, 121, 2064 Nicosia, Cyprus.
Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Data Subject means the natural person who is the subject of the relevant Personal Data.
Personal Data means any information relating to an identified or identifiable natural person (“data subject”); and may include, for example, an identity number, name, address, telephone number, date of birth, occupation, data concerning your health or family situation.
Processing means any operation performed on your Personal Data by us in any way, including the collection, recording, storage, transmission and use of your personal data.
Processor means the natural or legal person, public authority, agency or other body that processes personal data on behalf of the Controller.
2. The role of the Firm
According to the Regulation, the firm is the Data Controller for all Personal Data it collects, maintains and processes.
In cases where the firm is the Processor, then it processes Personal Data in accordance with the means and purposes defined by the Controller.
Epaminondou & Co Audit Services Ltd is responsible for all Personal Data that it collects, maintains and processes. In cases where the company is a Processor, then it processes Personal Data in accordance with the means and purposes specified by the Controller.
We may amend this privacy notice from time to time. If we do so, we will supply you with and/or otherwise make available to you a copy of the amended privacy notice.
3. The purposes for which we intend to process personal data
We will process your personal data in accordance with the Regulation and the national legal framework for the following purposes:
i. In order to comply with our legal obligations under the applicable legal framework.
ii. To enforce our terms and conditions.
iii. To safeguard the legitimate interests pursued by us or by third parties, provided that your interests and fundamental rights are not overridden by our interests. For example, for human resources management, maintaining our accounts and records, defending, investigating or prosecuting legal claims and consulting with external legal and/or tax advisors.
iv. For operational and security reasons, i.e. to detect, prevent and respond to actual or potential fraud and illegal activities, to safeguard the safety of our people, premises and assets and to prevent trespassing through video surveillance.
v. To enable us to supply professional services to you as our client.
vi. To fulfil our obligations under relevant laws in force from time to time (e.g. current money laundering regulations).
vii. To comply with professional obligations to which we are subject as a member of ICPAC, ACCA and ICAEW.
viii. To use in the investigation and/or defense of potential complaints, disciplinary proceedings and legal proceedings.
ix. To enable us to invoice you for our services and investigate/address any attendant fee disputes that may have arisen.
x. To contact you about other services we provide which may be of interest to you if you have consented to us doing so.
Comments
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.
Media
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Cookies
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
4. The legal bases for our intended processing of personal data
At Epaminondou & Co Audit Services Ltd , we are committed to safeguarding the privacy and non-public personal data of our clients, partners and employees, in accordance with the General Regulation on the Protection of Personal Data of the European Union (Regulation 2016/679, GDPR) (hereinafter referred to as “the Regulation”) and the On the Protection of Protection of Natural Persons with regard to the Processing of Personal Data and on the Free Movement of such Data Law of 2018 (Law 125 (I)/2018).
At the time you instructed us to act, you gave consent to our processing your personal data for the purposes listed above.
The processing is necessary for the performance of our contract with you.
The processing is necessary for compliance with legal obligations to which we are subject (e.g. current money laundering regulations).
It is a requirement of our contract with you that you provide us with the personal data that we request. If you do not provide the information that we request, we may not be able to provide professional services to you. If this is the case, we will not be able to commence acting or will need to cease to act.
5. Persons/organisations to whom we may give personal data
We may share your personal data with:
· Registrar of Companies, Ministry of Interior and Inland Revenue
· any third parties with whom you require or permit us to correspond
· subcontractors
· an alternate appointed by us in the event of incapacity or death
· professional indemnity insurers
· our professional body, ICPAC and MOKAS in relation to practice assurance and/or the requirements of current money laundering regulations (or any similar legislation)
If the law allows or requires us to do so, we may share your personal data with:
· the police and law enforcement agencies
· courts and tribunals
· the Information Commissioner’s Office (“ICO”)
We may need to share your personal data with the third parties identified above in order to comply with our legal obligations, including our legal obligations to you. If you ask us not to share your personal data with such third parties, we may need to cease to act.
If you request a password reset, your IP address will be included in the reset email.
Third parties we currently use include:
- Google Analytics
- MailChimp
- Brevo
6. Security of Your Personal Information
When we collect and process personal information, and while we retain this information, we will protect it within commercially acceptable means to prevent loss and theft, as well as unauthorised access, disclosure, copying, use or modification.
Although we will do our best to protect the personal information you provide to us, we advise that no method of electronic transmission or storage is 100% secure and no one can guarantee absolute data security.
You are responsible for selecting any password and its overall security strength, ensuring the security of your own information within the bounds of our services.
For example, ensuring you do not make your personal information publicly available via our platform.
7. How long we retain your data
We keep your personal information only for as long as we need to. This time period may depend on what we are using your information for, in accordance with this privacy policy. For example, if you have provided us with personal information such as an email address when contacting us about a specific enquiry, we may retain this information for the duration of your enquiry remaining open as well as for our own records so we may effectively address similar enquiries in future. If your personal information is no longer required for this purpose, we will delete it or make it anonymous by removing all details that identify you.
However, if necessary, we may retain your personal information for our compliance with a legal, accounting, or reporting obligation or for archiving purposes in the public interest, scientific, or historical research purposes or statistical purposes.
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
8. What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Your choice: By providing personal information to us, you understand we will collect, hold, use, and disclose your personal information in accordance with this privacy policy. You do not have to provide personal information to us, however, if you do not, it may affect your use of our website or the products and/or services offered on or through it.
Information from third parties: If we receive personal information about you from a third party, we will protect it as set out in this privacy policy. If you are a third party providing personal information about somebody else, you represent and warrant that you have such person’s consent to provide the personal information to us.
Marketing permission: If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by contacting us using the details below.
Access: You may request details of the personal information that we hold about you.
Correction: If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant, or misleading, please contact us using the details provided in this privacy policy. We will take reasonable steps to correct any information found to be inaccurate, incomplete, misleading, or out of date.
Non-discrimination: We will not discriminate against you for exercising any of your rights over your personal information. Unless your personal information is required to provide you with a particular service or offer (for example providing user support), we will not deny you goods or services and/or charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties, or provide you with a different level or quality of goods or services.
Notification of data breaches: We will comply with laws applicable to us in respect of any data breach.
Complaints: If you believe that we have breached a relevant data protection law and wish to make a complaint, please contact us using the details below and provide us with full details of the alleged breach. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take to deal with your complaint. You also have the right to contact a regulatory body or data protection authority in relation to your complaint.
Unsubscribe: To unsubscribe from our email database or opt-out of communications (including marketing communications), please contact us using the details provided in this privacy policy, or opt-out using the opt-out facilities provided in the communication. We may need to request specific information from you to help us confirm your identity.
9. Business Transfers
If we or our assets are acquired, or in the unlikely event that we go out of business or enter bankruptcy, we would include data, including your personal information, among the assets transferred to any parties who acquire us. You acknowledge that such transfers may occur, and that any parties who acquire us may, to the extent permitted by applicable law, continue to use your personal information according to this policy, which they will be required to assume as it is the basis for any ownership or use rights we have over such information.
10. Limits of Our Policy
Our website may link to external sites that are not operated by us. Please be aware that we have no control over the content and policies of those sites, and cannot accept responsibility or liability for their respective privacy practices.
Changes to This Policy
At our discretion, we may change our privacy policy to reflect updates to our business processes, current acceptable practices, or legislative or regulatory changes. If we decide to change this privacy policy, we will post the changes here at the same link by which you are accessing this privacy policy.
If required by law, we will get your permission or give you the opportunity to opt in to or opt out of, as applicable, any new uses of your personal information.
11. Additional Disclosures for General Data Protection Regulation (GDPR) Compliance (EU) Data Controller / Data Processor
The GDPR distinguishes between organisations that process personal information for their own purposes (known as “data controllers”) and organizations that process personal information on behalf of other organizations (known as “data processors”). We, Epaminondou & Co Audit Services Ltd, located at the address provided in our Contact Us section, are a Data Controller and/or Processor with respect to the personal information you provide to us.
12. International Transfers Outside of the European Economic Area (EEA)
We will ensure that any transfer of personal information from countries in the European Economic Area (EEA) to countries outside the EEA will be protected by appropriate safeguards, for example by using standard data protection clauses approved by the European Commission, or the use of binding corporate rules or other legally accepted means.
13. Your Rights and Controlling Your Personal Information
Restrict: You have the right to request that we restrict the processing of your personal information if (i) you are concerned about the accuracy of your personal information; (ii) you believe your personal information has been unlawfully processed; (iii) you need us to maintain the personal information solely for the purpose of a legal claim; or (iv) we are in the process of considering your objection in relation to processing on the basis of legitimate interests.
Objecting to processing: You have the right to object to processing of your personal information that is based on our legitimate interests or public interest. If this is done, we must provide compelling legitimate grounds for the processing which overrides your interests, rights, and freedoms, in order to proceed with the processing of your personal information.
Data portability: You may have the right to request a copy of the personal information we hold about you. Where possible, we will provide this information in CSV format or other easily readable machine format. You may also have the right to request that we transfer this personal information to a third party.
Deletion: You may have a right to request that we delete the personal information we hold about you at any time, and we will take reasonable steps to delete your personal information from our current records. If you ask us to delete your personal information, we will let you know how the deletion affects your use of our website or products and services. There may be exceptions to this right for specific legal reasons which, if applicable, we will set out for you in response to your request. If you terminate or delete your account, we will delete your personal information within 30 days of the deletion of your account. Please be aware that search engines and similar third parties may still retain copies of your personal information that has been made public at least once, like certain profile information and public comments, even after you have deleted the information from our services or deactivated your account.
Visitor comments may be checked through an automated spam detection service.
