Introduction  

POTENS CORPORATE SERVICES LTD values your personal and confidential  information. We are committed to protecting this information with adequate protection and use  it only for the purposes stipulated in this Privacy Policy. 

This Privacy Policy (“Policy”) sets out the basis on which POTENS CORPORATE  SERVICES LTD (“we”, “us”, “our”), with registration number HE411943, being a Data  Controller, collects and processes your personal information, i.e. information collected online  and offline, in accordance with the General Data Protection Regulation (2016/679) and the  applicable Data Protection Laws of the Republic of Cyprus (“the Law”). 

This Policy applies to all Personal Data in our possession or under our control. Definitions of terms used in Policy: 

“Data Controller” means the person or organization which determines when, why and how  to process Personal Data and implements appropriate technical and organizational measures to  comply with the Law; 

“Data Processor” means a natural or legal person, public authority, agency or other body  which processes Personal Data on behalf of the Data Controller; 

“Data Protection Officer” means the person who is formally appointed with the purpose of  ensuring that we are aware of and comply with our data protection responsibilities and  obligations according to the Law; 

“Data Subject” means a living, identified or identifiable natural person about whom we hold  Personal Data; 

“Personal Data” means data about the Data Subject who can be identified: a. from that data; or 

1. from that data and other information to which we have or are likely to have access. 

The Personal Data we may collect and use includes, without limitation, names and  identification information such as email address, telephone numbers, copy of your passport,  utility bill. 

“Processing” means any operation or set of operations which is performed on Personal Data  or on sets of Personal Data, whether or not by automated means, such as collection, recording,  organization, structuring, storage, adaption or alteration, retrieval, consultation, use, disclosure  by transmission, dissemination, or otherwise making available, alignment or combination,  restriction, erasure or destruction; 

“Special Categories of Personal Data” means the information revealing racial or ethnic  origin, political opinions, religious or similar beliefs, trade union membership, physical or  mental health conditions, sexual life, sexual orientation, biometric or genetic data; For the purposes of this Privacy Policy, Personal Data includes Special Categories of Personal  Data. 

“Third Party” means the recipient of your Personal Data as defined below.

The kind of information we collect about you: 

The purpose of the Processing of your Personal Data is largely based on each of our services  that you have requested: 

• Contact details: e.g. name, email address, physical address, phone number etc.; • Demographic: e.g. nationality, gender, age etc;  
• Personal Correspondence: e.g. emails that you send to us, etc.; 
• Anti-Money Laundering and Combating Financing Terrorism (AML -CFT) compliance: e.g. Identification documents/Know Your Client (KYC) documents (e.g.  copy of your passports, utility bills, CVs, reference letters etc.); 
• Any additional information that can be necessary for the provision of particular services 

In the event that you provide us with Personal Data about other individuals (e.g. your  colleague or client), you warrant to us that you have obtained such individuals’ permission  to do so. 

We do not collect or process Personal Data of children without prior consent from their  parents or legal guardian. 

Why do we process your Personal Data 

The purpose of the Processing of your Personal Data is largely based on each of the services  that you have requested or that have been agreed with you. In general, your Personal Data is  processed, within the scope of our business relationship with you. 

On what legal basis do we process your Personal Data: 

We may collect and process your Personal Data for any and/or all the following purposes:  

1. we may have a contractual arrangement with you, and we need to process your Personal  Data in order to fulfil our obligations (e.g. you are a client); 
2. there may be a legal obligation for us to process your Personal Data (e.g. compliance  with relevant anti-money laundering legislation); 
3. we may want to fulfil a legitimate interest pursued by us or by a third party, in a manner  that does not override your rights and freedoms; 
4. you may have expressly asked us to do something or have otherwise given your clear  consent to us to process your Personal Data (e.g. responding to a question you may have  asked us). 

Who Receives your Personal Data: 

Your Personal Data may sometimes be shared or made accessible to the following Third Parties  in order for us to perform our services to the highest standard possible: 

1. Employees that need access to fulfill the purposes set out above;

1. Service providers, including but not limited to IT service providers that support our  services; 
2. Financial Institutions; 
3. Public Authorities e.g. Registrar of Companies; 
4. Payment Service Providers. 

In case of an absence of your consent, your Personal Data will not be disclosed to any Third  Party, other than the above-mentioned, unless the disclosure is required and/or mandatory  under the provisions of any legislation, regulation or upon governmental, supervisory,  competent authority request. 

Our employees have signed a Confidentiality and Non – Disclosure Agreement. 

When we enter into agreement with a Third Party that requires your Personal Data to be  processed by that Third Party, we enter into a processing agreement with that party in order to  ensure that they process the Personal Data strictly according to our instructions and to  implement the appropriate administrative, physical and technical measures to protect the  Personal Data from unauthorized or accidental use, collection, access, damage, loss or  disclosure. 

Transferring your Personal Data outside European Union (‘EU’) and/or European  Economic Area (‘EEA’) 

We generally do not transfer Personal Data to countries outside of EU and/or EEA (“Third  Countries”), except where required by the purposes set out in this Policy. If we need to transfer  your Personal Data to Third Countries for any other purpose, we always ensure that the transfer  meets the relevant requirements of the Law, and we take all steps required to ensure that your  Personal Data continues to receive our standards of protection. 

When can Personal Data be transferred outside of the EU and the EEA: 

• If the European Commission has made a finding that the third country, territory or  sectors within the third country ensures an adequate level of privacy protection  (Adequacy Decision); 
• The Third Party has signed the standard data protection clauses (i.e. contract) adopted  by the European Commission and agreed to apply the privacy standards of protection  of the European Union; 
• The Data Subject has provided consent to the transfer. 

How long will we store your Personal Data 

We will cease to retain your Personal Data or remove the means by which the Personal Data  can be associated with you, after seven (7) years where your relationship with us has been  terminated and/or as soon as it is reasonable to assume that such retention no longer serves the  purposes for which the Personal Data were collected and are no longer necessary for legal or  business purposes (except where retention is permitted or required by the Law and/or other  applicable laws).

Protection of Personal Data: 

To safeguard your Personal Data from unauthorized access, collection, use, damage, loss,  disclosure, copying or similar risks, we have introduced appropriate administrative, physical  and technical measures such as up to date antivirus protection, encryption and the use of privacy  filters to secure all storage and transmission of Personal Data to Third Parties. We also allow  access to Personal Data only to those employees who need to know such data and they will  only process your Personal Data on our instructions. 

However, no method of transmission over the internet or method of electronic storage is  completely secure. While security cannot be guarantee, we try to protect the security of the  Data Subject’s Personal Data and we constantly review and enhance our information security  measures. 

What are your rights in relation to your Personal Data 

Right to access  

Request access to your Personal Data (commonly known as a “data subject access request“):  This enables to receive a copy of your Personal Data that we hold about you at any time; 

Right to rectification  

Request to correct or update nay of your Personal Data which we hold. This enables you to  have any incomplete or inaccurate information we hold about you corrected. We strive to retain  only Personal Data that is accurate, complete and up to date;  

Right to data portability  

Request the transfer of your Personal Data to another party;  

Right to erasure 

Request to delete your Personal Data from our records. However, we may need to retain certain  information for legal or administrative purposes, such as record keeping and detect fraudulent  activities. 

Right to restrict processing  

Request to restrict the use of your Personal Data; 

Right to object:  

You have the right to object to the collection and use of your Personal Data (e.g. when we use  your Personal Data on the basis of your consent you can withdraw that consent at anytime);  

Right to lodge a complaint:  

You have the right to lodge a complaint about the use of your Personal Data by contacting the  Office of the Commissioner for Personal Data Protection in Cyprus at at the contact details  below: 

Office address: Iasonos 1, 1082 Nicosia, Cyprus 

Postal address: P.O. Box 23378, 1682 Nicosia, Cyprus 

Tel: +357 22818456 

Fax: +357 22304565 

Email: commissionerdataprotection.gov.cy 

If you wish to exercise any of your rights, you may contact our Data Protection Officer in writing or via email at the contact details provided below: 

Address: 58 Raphael Santi, Nefeli Court 11, Ground Floor, 6052 Larnaca, Cyprus Email: Data Protection Officer at dpo@toulouraslaw.com  

The Data Protection Officer has the right to require the individual making the request to provide  certain identification documents/information to be able to verify his/her identity. 

The Data Protection Officer will respond to your requests within thirty (30) days after receiving  your email/letter. 

How do we protect your Personal Data 

To safeguard your Personal Data from unauthorized access, collection, use, disclosure, copying  or similar risks, we have introduced appropriate administrative, physical, and technical  measures. 

You should be aware, however, that no method of transmission over the internet or method of  electronic storage is completely secure. While security cannot be guarantee, we try to protect  the security of the Personal Data by constantly reviewing and enhancing our information  security measures. 

Effect of Policy and Changes to Policy: 

We keep this Policy under review, and we may modify it from time to time without any prior  notice. You should review our Policy on our website periodically to ensure that you are aware  of any such modifications/updates. 

COOKIES POLICY 

Our website uses cookie technology. Cookies are small files saved to your computer or mobile  device that track, save, and store information as well as your interactions and usage of our  website. The primary purpose for collection of data from users to our site is to allow us to  provide a smooth efficient and personalized experience while using our site. Users are advised 

that if they wish to deny the use and saving of cookies from this website on to their computers  hard drive, they should take necessary steps within their web browsers security settings to block  all cookies from this website and its external serving vendors. 

We also collect other forms of non-personal information such as browsers used to access our  website, search terms used to find the website, traffic referrals and links to our website. Cookies  collected by us are used to enable certain functions and tools of our website, assist in the  navigation of the website, track resources and data used on this site and remember computer 

settings. You may prevent your computer from accepting cookies by modifying the properties  on your web browser (see your browser’s “Help” option on how to do this). 

We also use the services of Google Analytics software to analyze traffic to our website. Neither  of these programs creates individual profile for visitors, nor do we collect any personally  identification information using these services. Data collected regarding site usage is compiled  in aggregate to improve the performance of the website. If you do not wish your information  to be included in this aggregated data through Google Analytics, modify the properties on your  web browser to prevent your computer or mobile device from accepting cookies. Please read  the Google privacy policy. 

Types of Cookies 

Strictly Necessary Cookies: 

These cookies are necessary for the website in order to enable you to use certain features of the  website, such as request specific services, setting your privacy preferences, logging in or filling  in forms. You can set your browser to block or alert you about these cookies, but some parts  of the site will not then work. These cookies do not store any personally identifiable  information. 

Functionality Cookies: 

These are used to allow the website to remember choices you make (such as language) and  provide enhanced features to improve your web experience. 

Navigation Cookies: 

These cookies enable the site to function correctly and are used to gather information about how visitors use the site. This information is used to compile reports and help us to improve the site. Cookies gather information in anonymous form, including the number of visitors to the site, where visitors came from and the pages they viewed. 

Analytical Cookies: 

These cookies are used to produce statistical analyses of the way users navigate the site (using  computers or mobile devices), the number of pages viewed, or the number of clicks made on a  page during navigation of a site. 

Disabling Cookies 

You can prevent the setting cookies by adjusting the settings on your browser (see your browser’s “Help” option on how to do this). Be aware that disabling cookies may affect the functionality of this and other websites that you visit.