The General Data Protection Regulation (GDPR) represents a change in the law relating to Personal Data and replaces existing data protection laws.
The GDPR came into effect on May 2018 and its aim is to increase transparency in relation to the way in which personal data is collected, stored and used. GDPR will give individuals more control of how their personal information is used.
Who we are
MSS is a Cyprus based trust, secretarial and company services provider, licensed and regulated under the umbrella of its parent company Meritservus HC Limited by the Institute of Certified Public Accountants of Cyprus under the certificate number E446/G/2013.
Our principal place of business and registered office is Eftapaton Court, 3 Chrysanthou Mylona, 5th Floor, Limassol 3030, Cyprus.
Telephone: +357 25 85 77 00;
Our data protection officer is Michalis Konstantinou.
His contact details are: email@example.com
How do we collect Personal Data?
We collect and process different types of personal data which are received from our clients via:
- Our website, online forms, email, telephone or any other means of communication with the client;
- Transactions within the funds and portfolios the company manages;
- Third parties such as other service providers, including but not limited to consumer reporting agencies and agents providing verification services;
- Publicly available sources, including but not limited to the Department of Registrar of companies and the bankruptcy archive
Information that we collect
We collect the following personal data:
- First and last name
- Telephone Number
- Date of Birth
- Home Address
- Such other contact details you have supplied us with
- National Insurance Number/Personal Tax Reference
- Email/ Skype Address
- Passport / ID Card/ Driver’s License and/or such other biographical information/data which may confirm your identity, including your date of birth, tax identification number, passport number, national ID card details, nationality and/or country of domicile.
- Bank account details
- Any document/information related to your financial situation such as income, assets, source of wealth, liabilities, expenditures
- Such information showing your knowledge and experience in the investment field and your objectives for the provision of the specific services we will provide you, as applicable.
Any information about your education, family, employment and such other information which might be necessary for the provision of any service to you or required by the relevant legislation from time to time.
Lawful reasons for collecting, processing and disclosing personal data
MSS processes your personal information to meet our legal, statutory and contractual obligations and continue providing you with our services. We will never collect any unnecessary personal data from you and do not process your information in any way, other than already specified in this notice.
In accordance with GDPR we may rely on the following lawful reasons when we collect and process personal data to operate our business.
- Compliance with Legal obligation: We may process your personal data to meet legal and regulatory obligations such as Anti-Money Laundering Law, Tax Law and the regulations of various supervisory authorities that we are subject to for anti-money laundering purposes and for due diligence purposes.
- Contract: We request and process your data to establish a co-operation with us.
- Consent: We rely on your freely given consent at the time you provide your personal data to us to establish co-operation with us. You have the right to withdraw consent at any time. However, any processing of personal data will not be affected prior to the receipt of the withdrawal.
Legitimate Interests: We rely on the legitimate interests based on the evaluation that the processing of your personal data is private, reasonable and sensible. A legitimate interest translates to when there is a business reason to use our client’s information.
How we use your Personal data and how it is stored
MSS takes your privacy very seriously and your Personal data is kept confidential. However, in order to be able to provide our services to our clients, and depending on the nature of such services we may share any information about you:
if required by law, including but not limited to:
- Our regulators;
- Courts or tribunals;
- Governmental and quasi-governmental authorities;
- Fraud prevention agencies;
- Any revenue service or tax authority
To any of the following, as applicable:
- Your advisors, agents, intermediaries, custodians of your assets or any other person or entity you tell us about, based on our communications or contracts;
- Our delegates, other related/affiliated companies or other persons or entities assisting us in the performance of the services we provide you or directly related to the performance of the services we provide you, including but not limited to banks, professional advisors, accountants, lawyers, investment brokers;
- Any other person or entity following any restructuring of MSS, as long as it uses your data for the purposes of the provision of the services we currently provide you.
When we share any information, as referred above, we ensure that any disclosure we make is compliant with GDPR.
Personal data is recorded on paper and IT systems.
The purposes and reasons for processing your personal data are detailed below: –
- To ensure that we comply with our Regulatory Requirements when providing a service.
- As part of our legal obligation for business, accounting and tax purposes and for the due performance of the services we offer you
To deal with any complaints or feedback you may have
What are your rights under GDPR?
GDPR gives you certain rights regarding the personal data we collect, process or disclose and that is related to you, including the:
- Right to access your personal data
- Right to correct and rectify personal data concerning you
- Right to erase personal data concerning you
- Right to receive the personal data provided by you in a structured, commonly used and machine-readable format and to transmit those Personal Data to another data controller
- Right in some cases to object to the use of your personal data
- Right in some cases to restrict the processing of your personal data
- Right to withdraw the consent given to us regarding the processing of your personal data at any time.
You can request the information we hold about you and exercise any of your above rights by sending an email at firstname.lastname@example.org.
The above rights are subject to certain limitations and we may be entitled, subject to any applicable laws from time to time, to refuse requests where exceptions apply.
We might request for specific information from you to confirm your identity and ensure your right to access the information or to exercise any of your rights. This is to ensure that your data is protected and kept secure.
How Long We Keep Your Data
MSS only retains personal information for as long as is necessary, based on the applicable laws, depending on the category of your data and the purpose for collecting it, and we have strict review and retention policies in place to meet these obligations.
Consequences of Not Providing Your Data
You are not obligated to provide your personal information to MSS. However, as this information is required for us to provide you with our service, we will not be able to offer our services without it.
Changes to our policy
We may use your information for marketing purposes. If you object to receive any marketing emails from us at any time, please contact us at email@example.com.
Lodging a Complaint
MSS only processes your personal information in compliance with this privacy notice and in accordance with the relevant data protection laws. If you wish to raise a complaint regarding the processing of your personal data or are unsatisfied with how we have handled your information, you have the right to lodge a complaint with the supervisory authority. See contact details below:
Commissioner for Personal Data Protection
1 Iasonos str., 1082 Nicosia
P.O.Box 23378, 1682 Nicosia
Tel: +357 22818456
Fax: +357 22304565
For more information about the GDPR, you can visit the Information Commissioner’s Office website at www.dataprotection.gov.cy
The Information Commissioner’s Office is the independent organisation that upholds information rights in the public interest.
Our principle place of business and registered office is Eftapaton Court, Arch. Makarios III Avenue 256, 2nd Floor, Limassol 3105, Cyprus.
Telephone: +357 25 857900
LAST UPDATED 24 JULY 2018