Privacy Policy

Fiducenter (Cyprus) Limited (referred to as ‘we’, ‘us’, ‘our’, ‘Fiducenter ’) is committed to protecting your privacy and handling your data in an open and transparent manner. The personal data that we collect and process depends on the product or service requested and agreed in each case. The same commitment is applicable also when you use our website.

This privacy statement:

o    provides an overview of how Fiducenter collects and processes your personal data and tells you about your rights under the Processing of Personal Data (Protection of individuals) Law138 (I)/2001 as amended from time to time and the EU General Data Protection Regulation (‘GDPR’) 2016/679.

o    is addressed to natural persons who transact with us in accordance with the services we offer in any way other than in an employment relationship.

o    is addressed to natural persons who are either current or potential customers of Fiducenter, or are authorised representatives/agents or beneficial owners of legal entities or of natural persons which/who are current or potential customers of Fiducenter or employees of legal entities to whom we provide services.

o    is addressed to natural persons who had such a business relationship with  Fiducenter in the past.contains information about when we share your personal data with other members of Fiducenter and third parties (for example banks, auditors, our service providers or suppliers).

o    aims to provide you with information on how we collect and process your personal data through your use of this website, including any data you may provide through this website when raising an enquiry and/or during our contractual relationship.

In this privacy statement, your data is sometimes called “personal data” or “personal information”. We may also sometimes collectively refer to handling, collecting, protecting and storing your personal data or any such action as “processing” such personal data.

1. Who we are

Fiducenter is a licensed Administrative Service Provider registered in Cyprus under registration number HE152889 and having its registered office at 11 Apostolou Andrea, HYPER TOWER, 1st floor, office 101, 4007 Limassol, Cyprus.

If you have any questions, or want more details about how we use your personal information, you can contact our Data Protection Officer by mail at 11 Apostolou Andrea, HYPER TOWER, 1st floor, office 101, 4007 Limassol, Cyprus, or by phone at +35725504000 or by email: dpo@fiducenter.com.cy

2. Definitions and Interpretation

In this Privacy Policy the following terms shall have the following meanings:

·        Content means any text, graphics, images, audio, video, software, data compilations and any other form of information capable of being stored in a computer that appears on or forms part of this website.

·         Cookie means a small text file placed on your computer by Fiducenter when you visit certain parts of our website. This allows us to identify recurring visitors and to analyse their browsing habits within the website. To find out more about how we use cookies please see our cookie policy .

·         Personal Data have the meaning given to them in the GDPR which is any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

·         Fiducenter means Fiducenter (Cyprus) Ltd, as well as its subsidiaries, affiliates, divisions, contractors and all of its and their data sources and suppliers.

·         Service means collectively any services provided by Fiducenter either now or in the future.

·         System means any online communications infrastructure that Fiducenter makes available through the website either now or in the future. This includes, but is not limited to, web-based email, message boards, live chat facilities and email links.

·         User/Users means any third party that accesses the website and is not employed by Fiducenter.

·         You means any person dealing with us, or connected to the entities to which we provide services (including but not limited to trusts and companies). For example, you may be a client, intermediary, associate, family member, guardian, representative, advisor, director, settlor, beneficiary, trustee, protector, other officer or appointee, attorney, introducer, supplier, service provider, lender, borrower, or employee or agent of any of the above.

3. What personal data we process and where we collect it from

We collect and process different types of personal data which relate to our activities, including when you use our website, when you contact or request information. We receive this personal data from our customers (potential and current) in person or via their representative, from suppliers and/or associates, in the context of our business relationship.

We may also collect and process personal data which we lawfully obtain not only from you but from third parties e.g. public authorities and companies that introduce you to us.

We may also collect and process personal data from publicly available sources (e.g. the Department of Registrar of Companies and Official Receiver, the Land Registry, commercial registers, the press, media and the Internet) which we lawfully obtain and we are permitted to process.

If you are a prospective customer or an authorised representative/agent or beneficial owner of a legal entity or of a natural person which/who is a prospective customer, the relevant personal data which we collect may include:

Name, address, contact details (telephone, email), identification data, birth date, place of birth (city and country), marital status, employed/self-employed, if you hold/held a prominent public function (for Politically Exposed Persons), Foreign Account Tax Compliance Act / Common Reporting Standard info, authentication data [e.g. signature].

When we agree to provide products and services to you or the legal entity you represent or beneficially own, then additional personal data will be collected and processed which may include:

Current income, employment history, employment position, personal investments and investment income, tax residence and tax ID and criminal history through a search either in Thomson Reuters Worldcheck and/or other databases which provide general information about any criminal history.

4. Children’s data

We understand the importance of protecting children's privacy. We may collect personal data in relation to children only provided that we have first obtained their parents’ or legal guardian’s consent or unless otherwise permitted under law. For the purposes of this privacy statement, “children” are individuals who are under the age of sixteen (16).

5. Whether you have an obligation to provide us with your personal data

In order that we may be in a position to proceed with a business relationship with you, you must provide your personal data to us which are necessary for the required commencement and execution of a business relationship and the performance of our contractual obligations. We are furthermore obligated to collect such personal data given the provisions of the money laundering law which require that we verify your identity before we enter into a contract or a business relationship with you or the legal entity for which you are the authorized representative / agent or beneficial owner. You must, therefore, provide us with your identity card/passport, your full name, place of birth (city and country), employment history and position (e.g CV) and your residential address so that we may comply with our statutory obligation as mentioned above.

Kindly note that if you fail to provide us with the required data, we may be prevented from conducting business with you and we may be unable to provide our services to you or to an entity connected to you. Also, the failure to provide certain personal data in certain circumstances may trigger a requirement for us or any of our employees or agents to consider whether to make a disclosure under applicable legislation against money laundering and the financing of terrorism.

6. Why we process your personal data and on what legal basis

As mentioned earlier we are committed to protecting your privacy and handling your data in an open and transparent manner and as such we process your personal data in accordance with the GDPR and the local data protection law for one or more of the following reasons:

A.   For the performance of a contract

We process personal data in order to perform administrative and other professional services based on contracts with our customer but also to be able to complete our acceptance procedure so as to enter into a contract with prospective customers.

The purpose of processing personal data depends on the requirements for each product or service. The contract terms and conditions provide more details of the relevant purposes.

B.   For compliance with a legal obligation 

There are a number of legal obligations emanating from the relevant laws to which we are subject as well as statutory requirements and regulatory requirements, e.g.  the Companies’ Law, The Law Regulating Companies Providing Administrative Services and Related Matters, the Prevention and Suppression of Money Laundering and Terrorist Financing Law, CySEC`s Directive DI 144-2007-08 for the prevention of Money laundering and Terrorist Financing  and Tax laws. Such obligations and requirements impose on us necessary personal data processing activities for identity verification, statutory information record keeping, compliance with court orders, tax law or other reporting obligations and anti-money laundering controls.

C.   For the purposes of safeguarding legitimate interests 

We process personal data so as to safeguard the legitimate interests pursued by us or by a third party. A legitimate interest is when we have a business or commercial reason to use your information. But even then, it must not unfairly go against what is right and best for you. Examples of such processing activities include:

·         Initiating legal claims and preparing our defence in litigation procedures;

·         Means and processes we undertake to provide for the Company’s IT and system security, preventing potential crime, asset security, admittance controls and anti-trespassing measures; and

·         Measures to manage business and for further developing products and services.

 

D.   You have provided your consent 

Provided that you have given us your specific consent for processing (other than for the reasons set out hereinabove) then the lawfulness of such processing is based on that consent. You have the right to revoke consent at any time. However, any processing of personal data prior to the receipt of your revocation will not be affected.

7. Who receives your personal data

In the course of the performance of our contractual and statutory obligations your personal data may be provided to various departments within the Company but also to other affiliated companies. Various service providers and suppliers may also receive your personal data so that we may perform our obligations. Such service providers and suppliers enter into contractual agreements with the Company by which they observe confidentiality and data protection according to the data protection law and GDPR.

It must be noted that we may disclose data about you for any of the reasons set out hereinabove, or if we are legally required to do so, or if we are authorized under our contractual and statutory obligations or if you have given your consent. All data processors appointed by us to process personal data on our behalf are bound by contract to comply with the GDPR provisions.

Under the circumstances referred to above, recipients of personal data may be, for example: 

·         Supervisory and other regulatory and public authorities, in as much as a statutory obligation exist. Some examples are, the Central Bank of Cyprus, the Cyprus Securities Exchange Commission, the Registrar of Companies, the income tax authorities, criminal prosecution authorities;

·         Credit and financial institutions;

·         Share and stock investment and management companies;

·         Valuators and surveyors;

·         Debt collection agencies;

·         External legal consultants;

·         Financial and business advisors;

·         Auditors and accountants;

·         Marketing service providers;

·         Fraud prevention agencies;

·         File storage companies, archiving and/or records management companies, Companies who assist us with the effective provision of our services to you by offering technological expertise, solutions and support;

·         Third party websites and services. Our website contains links to other websites such as Facebook, Twitter, LinkedIn and YouTube. When you link to other websites you should read their own privacy policies; and

·         Website and advertising agencies. Potential or actual purchasers and/or transferees and/or assignees.

8. Transfer of your personal data to a third country or to an international organisation

Your personal data may be transferred to third countries [i.e. countries outside of the European Economic Area] in such cases as e.g. to open a bank account with a foreign bank, or if this data transfer is required by law [e.g. reporting obligation under Tax law] or you have given us your consent to do so or for any of the purposes described in this Privacy Policy. Processors in third countries are obligated to comply with the European data protection standards and to provide appropriate safeguards in relation to the transfer of your data in accordance with GDPR Article 46.

9. To what extent there is automated decision-making and whether profiling takes place

In establishing and carrying out a business relationship, we generally do not use any automated decision-making. We may process some of your data automatically, with the goal of assessing certain personal aspects (profiling), in order to enter into or perform a contract with you, in the following cases:

·         Data assessments are carried out in the context of combating money laundering and fraud. These measures may also serve to protect you.

·         To calculate the Risk of your company under the Prevention and Suppression of Money laundering and Terrorist Financing Law.

10. How we treat your personal data for marketing activities and whether profiling is used for such activities

We may process your personal data to tell you about news, law amendments, products, services and offers that may be of interest to you or your business.

The personal data that we process for this purpose consists of information you provide to us and data we collect and/or infer when you use our services.

We can only use your personal data to promote our products and services to you if we have your explicit consent to do so or, in certain cases, if we consider that it is in our legitimate interest to do so.

You have the right to object at any time to the processing of your personal data for marketing purposes, which includes profiling, by contacting us at any time either in person or in writing.

11. How long we keep your personal information for

We will keep your personal data for as long as we have a business relationship with you  or as required to comply with any legal obligations to which we are subject. This will involve us regularly reviewing our files to check that information is accurate, up-to-date and still required.

Once our business relationship with you has ended, we may keep your data for at least six (6) years in order to comply with various legal and regulatory requirements emanating from, among others, the Cyprus Tax and VAT Legislation.

We may keep your data for longer than 6 years if we cannot delete it for legal, regulatory or technical reasons.

For prospective customer personal data [or authorized representatives/agents or beneficial owners of a legal entity prospective customer] we shall keep your personal data for 6 months from the date of withdrawal of your application for administrative services and/or other services we offer. As soon as the 6 months period has lapsed, we will destroy that personal data. For the applications which we are rejecting, the personal data we received will be destroyed immediately unless otherwise advised by you.  

12. Your data protection rights

You have the following rights in terms of your personal data we hold about you:

·           Receive access to your personal data. This enables you to e.g. receive a copy of the personal data we hold about you and to check that we are lawfully processing it. In order to receive such a copy you can request it by sending an email to dpo@fiducenter.com.cy  

·           Request correction [rectification] of the personal data we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected.

·           Request erasure of your personal information. This enables you to ask us to erase your personal data [known as the ‘right to be forgotten’] where there is no good reason for us continuing to process it.

·           Object to processing of your personal data where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground. If you lodge an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms.

    • You also have the right to object where we are processing your personal data, for direct marketing purposes. This also includes profiling in as much as it is related to direct marketing.
    • If you object to processing for direct marketing purposes, then we shall stop the processing of your personal data for such purposes.

·           Request the restriction of processing of your personal data. This enables you to ask us to restrict the processing of your personal data, i.e. use it only for certain things, if:

    • it is not accurate,
    • it has been used unlawfully but you do not wish for us to delete it,
    • it is not relevant any more, but you want us to keep it for use in possible legal claims,
    • you have already asked us to stop using your personal data but you are waiting us to confirm if we have legitimate grounds to use your data.

·           Request to receive a copy of the personal data concerning you in a format that is structured and commonly used and transmit such data to other organisations. You also have the right to have your personal data transmitted directly by ourselves to other organisations you will name [known as the right to data portability].

·           Withdraw the consent that you gave us with regard to the processing of your personal data at any time. Note that any withdrawal of consent shall not affect the lawfulness of processing based on consent before it was withdrawn or revoked by you.

·           Right to lodge a complaint. If you have exercised any or all of your data protection rights and still feel that your concerns about how we use your personal data have not been adequately addressed by us, you have the right to complain by  sending an email to our Data Protection Officer at dpo@fiducenter.com.cy. You also have the right to complain to the Office of the Commissioner for Personal Data Protection. Find out on their website how to submit a complaint (http://www.dataprotection.gov.cy).

To exercise any of your rights, or if you have any other questions about our use of your personal data, please contact our Data Protection Officer at dpo@fiducenter.com.cy.

13. Data Security

Data security is of great importance to Fiducenter and to protect your Personal Data we have put in place appropriate measures in order to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

In addition, procedures have been put in place, to deal with any suspected personal data breach. We shall notify you and any applicable regulator of a breach where we are legally required to do so.

14. Changes to this privacy statement

We may modify or amend this privacy statement from time to time. We will notify you when we make changes to this privacy statement, however, we encourage you to review this statement periodically so as to be always informed about how we are processing and protecting your personal information.

 02.11.2018