Your privacy is very important to us and we are committed in protection your personal data in accordance with the EU General Data Protection Regulation (“GDPR”) and the Processing of Personal Data (Protection of Individuals) Law 125(I)/2018 (“DPL”) as amended from time to time.
We follow strict security procedures in the storage and disclosure of personal information that you are providing to us to protect your privacy.
In this section you can find information about our policy regarding the protection of personal date and security policy that we follow about your privacy.
1. Who we are?
This website is operated by Raza Corporate Services Ltd (“Raza”, “we” or “us”) which is a limited liability company incorporated in Cyprus under registration number HE334966 and its registered office at 5 Anastasios Leventis Street, Leventis Gallery Tower, 8th Floor, 1097 Nicosia, Cyprus.
2. Whom to contact for privacy questions or concerns?
We have appointed a Data Protection Officer (DPO) whom you can contact for any questions about this Privacy Statement or any requests regarding your legal rights. The e-mail address is email@example.com and the postal address is 5 Anastasios Leventis Street, Leventis Gallery Tower, 8th Floor, 1097 Nicosia, Cyprus.
3. Collection of Personal Data
Personal data that we collect may include the full name, passport or identity card number, residential and business addresses, date of birth, occupation, nationality, e-mail addresses, telephone numbers and CV information. Additionally, as per the applicable Anti-Money Laundering rules and regulations (“AML”), we may also collect information as to source of funds, expected annual turnover, bank accounts, marital status, US Foreign Account Tax Compliance Act (“FATCA”) and Common Reporting Standard (“CRS”) information, tax information, nature of transactions.
The personal data may be provided either directly by you or from authorized third parties introducers to whom you have given the express authority to disclose these data to us.
Personal data may also be obtained from public sources such as public registers, internet searches, news articles and sanction lists.
4. Purpose of collecting Personal Data
Before entering into any business relationship with you as our client we are obliged to collect your personal data and perform due diligence check in relation to the services we will be providing to you. Raza is regulated and supervised by the Cyprus Bar Association and (“CyBar”) subject to the provision of the AML law and regulations and the regulations and directives of CyBar and we can only enter into a contractual relationship with you subject to being provided with your personal data and all other Know Your Client information and documentation.
We process personal data for:
(a) Meeting our contractual commitments to you and providing you with our professional services
(b) Adhering to any of your written requests and/or consents for disclosure
(c) Adhering to our legitimate interests or legal obligations including reporting obligations
(d) Complying with other reporting requirements (such as FATCA and CRS) and any other European of Cyprus legislative requirements
(e) Complying with AML and CyBar legal and regulatory obligations
(f) Disclosing when necessary to the relevant tax authorities, auditors, accountants, tax advisors and banks for providing their respective services to you and to Raza
(g) Sending you updates regarding laws and regulations or regarding Raza
(h) Inviting you to any events, seminars and webinars organized or sponsored by Raza
(i) Administering, maintaining and ensuring the security of our information systems, application and website
5. When Personal Data is shared and with whom
In the course of performance of our contractual and statutory obligations your personal data is shared between the team members of Raza and/or third parties providing services to Raza for the purpose and in the context of providing our services. Such third-party service providers enter into contractual agreements with us for observing confidentiality according to the DPL and the GDPR.
We only share personal data with trusted third parties who are contractually bound to protect the data we entrust them with, and the third-parties recipients are limited to the following:
(a) Other advisors of the clients such as their tax advisors, auditors, lawyers and insurers
(b) Parties that support Raza in the provision of its services such as IT system support, document protection services and cloud-based software services and mailroom support
(c) Raza professional advisers, including auditors, insurers and lawyers
(d) A potential buyer or transferee of all of part of the business of Raza and their advisers
(e) Promoting your best interests
7. Personal Data Security
Appropriate security measures have been put in place in order to prevent your personal data from being accidentally lost, used or accessed in an authorized way, altered or disclosed. Furthermore, we limit access to your personal data to employees, agents, contractors and other third parties who can only process your personal data on our instruction and are subject to a duty of confidentiality.
8. Retention Period of Personal Data
Raza retains your personal data for as long as you are its client and the data is required for complying with its professional commitments and for satisfying any legal, accounting or reporting requirements and where a specific legal, regulatory or contractual requirement and obligation applies. You have the right to request that we delete your data subject to no legal or regulatory restriction to do so. We will dispose of your personal data in a secure manner.
9. Data Protection Rights
Under the GDPR and DPL you have the following rights in relation to your personal data:
(a) Access Request: anytime you may request to receive a copy of the Personal data the Firm holds for you
(b) Request Correction (Rectification): this right gives you the opportunity to make corrections or update any incomplete information.
(c) Request Erasure: this right allows you to request from us to delete any personal data concerning you and you think there is no good reason to process it, unless otherwise required by any legislation.
(d) Object to Process: this gives you the right to object to the processing of your personal data (this is subject to the legal basis on which the processing activity is based)
(e) Request Restriction: with this right you will be able to request from us to restrict the processing of your personal data in certain situations, such as when your personal data is not accurate or is used by Raza unlawfully or it is not relevant anymore but you want Raza to keep it
(f) Request to receive copy: you may request to receive a copy of your personal data in a commonly used format.
(g) Withdraw your consent regarding the processing of your personal data: this consent can be withdrawn by you at any time. Note that any withdrawal of consent shall not affect the lawfulness of processing which was based on consent before it was withdrawn or revoked by you.
(h) Right of portability: you may request us to transmit personal data that you have provided to us, to a third party without hindrance, or to give you a copy of it so that you can transmit it to a third party where this is technically possible.
The above rights are subject to restrictions as laid down by the applicable law, this Privacy Statement and any written agreement that you enter into with Raza.
If you wish to exercise any of these rights set out above please contact our Data Protection Officer at the e-mail indicated here below and we will respond to you within one month. In case more time will be required we will be informing you accordingly. We may request proof of identification to verify your request. We have the right to refuse your request where the law permits us to do so or if your request is manifestly unfounded or excessive or against public interest.
If you consider that the processing of your personal data infringes the General Data Protection Regulation (Regulations (EU) 2016/2017) you have the right to lodge a complaint with the Data Protection Authority in the European Member State of your residence, place of work or place of an alleged infringement. The Data Protection Authority is Cyprus is the Commissioner for Personal Data Protection and you may contact the said Authority via the following link: www.dataprotection.gov.cy.