Home / Privacy Policy for Altus Citadel

Privacy Policy for Altus Citadel

General Data Protection Regulation (GDPR)

As of 25th of May 2018, the General Data Protection Regulation (GDPR and/or Regulation) 2016/679 becomes enforceable with direct applicability on all EU members and members of the European Economic Area. Thus, all member states shall harmonize data privacy loss across Europe.

The objective of this Regulation is the protection of natural persons with regards to the processing of personal data and on the free movement of such data.

Altus Citadel Corporate Services Limited (The “Company”), strives to protect the privacy and the confidentiality of Personal Data that the company collects and processes in connection with the services it provides to clients. Thus, the Company undertakes to meet its obligation under the EU General Data Protection Regulation (GDPR).

Altus Citadel Corporate Services Limited of 82 Acropoleos Avenue, Acropolis, 2th Floor, 2012 Nicosia, Cyprus is the Controller in respect of the personal data it receives in connection with the services provided under the relevant engagement with its clients.

1. What we need

Our Personal Data Protection Policy governs the use and storage of your data.

We collect and process the following types of personal data from you:

  • Contact details (including names, postal addresses, email addresses, telephone and fax numbers);
  • Identification documents and details (including passports and IDs, social security and tax identification number);
  • Verification of residential address;
  • Professional information;
  • Bank/Lawyer/Auditor reference letter;
  • Personal financial information (including size and source of wealth, income and other financial information);
  • Anti-fraud data (including information about fraud and criminal convictions, allegations of crimes and sanctions details received from various anti-fraud and sanctions databases, or regulators or law enforcement agencies);
  • Website and communication usage (including details of your visits to our websites and information collected through cookies and other tracking technologies, including but not limited to, your IP address and domain name);

Where necessary and legally permitted, we may also collect more sensitive data.

Where you are providing us with information about a person other than yourself, you agree to notify them of their use of personal data and to obtain such consent for us, if needed.

2. Why we need it

In this section, we set out the purposes for which we collect and process personal data of our clients:

  • To provide you with, and to improve, our services;
  • To deal with your inquiries and requests;
  • To contact you in the course of providing services to our clients;
  • To provide you with any other information that you request from us;
  • To comply with our legal and professional responsibilities; and
  • Where we have other legitimate reasons, such as for internal compliance and security purposes.

3. Sharing your information

The personal information you provide to our Company may be shared, consistent with applicable law and regulations, as follows:

  • With affiliates and subsidiaries of our Company;
  • With third parties such as contractors, advisers, agents and third-party service providers that provide services to our company, such as companies that provide record and information management services;
  • With law enforcement agencies if our Company reasonably believes unlawful activities have occurred;
  • As required by law or court order.

4. Cross-Border Transfer of Personal Information Outside the EEA

Countries outside the European Economic Area (EEA) often do not offer the same level of protections and guarantees for personal data as the countries within the EEA. Thus, our Company does not transfer your personal information outside of the EEA unless the transfer is justified on specific legal ground/s as mentioned in GDPR such as model contractual clauses, individual’s consent or other legal grounds permitted by GDPR.

In the event of a cross-border transfer of personal data outside the EEA, our Company will follow the GDPR guidelines to ensure the level of data protection is not undermined.

5. How long we keep it

Under Cyprus law and EU regulations and directives regarding prevention and suppression of anti-money laundering and terrorist financing activities, we are required to keep your documents for 10 years as of the termination of the business relationship or one-off transaction, or where the business relationship or one-off transaction is not formally terminated, as of the completion of the last transaction made in the course of the business relationship. For more information, please do not hesitate to request our Data Retention Policy. After this period, your personal data will be irreversibly destroyed.

Any personal data held by us for marketing and service update notifications will be kept by us until such time that you notify us that you no longer wish to receive this information.

6. What are your rights?

Should you believe that any personal data we hold on you is incorrect or incomplete, you have the ability to request to see this information, rectify it or have it deleted through our “Data Subject Access Request Form”.

In the event that you wish to complain about how we have handled your personal data, please contact our Data Protection Officer, Mrs. Maria Afxentiou Mackinder at maria.a@altuscitadel.com.

Our Data Protection Officer will then look into your complaint and work with you to resolve the matter.

If you still feel that your personal data has not been handled appropriately according to the law, you can contact Commissioner’s Office of Personal Data Protection in Cyprus and file a complaint with them:

1 Iasonos str., 1082 Nicosia
P.O.Box 23378, 1682 Nicosia
Tel: +357 22818456
Fax: +357 22304565
Email: commissioner@dataprotection.gov.cy

7. Changes to our Privacy Policy

Any changes we make to our Privacy Policy in the future will be posted on our website and, where appropriate, notified to you by email.