General Data Protection Regulation (GDPR)
As of 25th of May 2018, the General Data Protection Regulation (GDPR and/or Regulation) 2016/679 becomes enforceable with direct applicability on all EU members and members of the European Economic Area. Thus, all member states shall harmonize data privacy loss across Europe.
The objective of this Regulation is the protection of natural persons with regards to the processing of personal data and on the free movement of such data.
Altus Citadel Corporate Services Limited (The “Company”), strives to protect the privacy and the confidentiality of Personal Data that the company collects and processes in connection with the services it provides to clients. Thus, the Company undertakes to meet its obligation under the EU General Data Protection Regulation (GDPR).
Altus Citadel Corporate Services Limited of 82 Acropoleos Avenue, Acropolis, 2th Floor, 2012 Nicosia, Cyprus is the Controller in respect of the personal data it receives in connection with the services provided under the relevant engagement with its clients.
1. What we need
Our Personal Data Protection Policy governs the use and storage of your data.
We collect and process the following types of personal data from you:
Where necessary and legally permitted, we may also collect more sensitive data.
Where you are providing us with information about a person other than yourself, you agree to notify them of their use of personal data and to obtain such consent for us, if needed.
2. Why we need it
In this section, we set out the purposes for which we collect and process personal data of our clients:
3. Sharing your information
The personal information you provide to our Company may be shared, consistent with applicable law and regulations, as follows:
4. Cross-Border Transfer of Personal Information Outside the EEA
Countries outside the European Economic Area (EEA) often do not offer the same level of protections and guarantees for personal data as the countries within the EEA. Thus, our Company does not transfer your personal information outside of the EEA unless the transfer is justified on specific legal ground/s as mentioned in GDPR such as model contractual clauses, individual’s consent or other legal grounds permitted by GDPR.
In the event of a cross-border transfer of personal data outside the EEA, our Company will follow the GDPR guidelines to ensure the level of data protection is not undermined.
5. How long we keep it
Under Cyprus law and EU regulations and directives regarding prevention and suppression of anti-money laundering and terrorist financing activities, we are required to keep your documents for 10 years as of the termination of the business relationship or one-off transaction, or where the business relationship or one-off transaction is not formally terminated, as of the completion of the last transaction made in the course of the business relationship. For more information, please do not hesitate to request our Data Retention Policy. After this period, your personal data will be irreversibly destroyed.
Any personal data held by us for marketing and service update notifications will be kept by us until such time that you notify us that you no longer wish to receive this information.
6. What are your rights?
Should you believe that any personal data we hold on you is incorrect or incomplete, you have the ability to request to see this information, rectify it or have it deleted through our “Data Subject Access Request Form”.
In the event that you wish to complain about how we have handled your personal data, please contact our Data Protection Officer, Mrs. Maria Afxentiou Mackinder at email@example.com.
Our Data Protection Officer will then look into your complaint and work with you to resolve the matter.
If you still feel that your personal data has not been handled appropriately according to the law, you can contact Commissioner’s Office of Personal Data Protection in Cyprus and file a complaint with them:
1 Iasonos str., 1082 Nicosia
P.O.Box 23378, 1682 Nicosia
Tel: +357 22818456
Fax: +357 22304565