This Privacy Notice (according to Article 13 of the Regulation, as this is defined below) contains information with regards to the rights you have in the Processing of your Personal Data, how you may reach us or get in touch with the relevant authority for submitting a claim, if needed, and also informs you how the Company collects, uses and/or transfers your Personal Data.

Important Definitions

Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data.

Processing means any operation or set of operations which is performed on Personal Data, by automated means or otherwise, including: collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Personal Data means any information relating to an identified or identifiable natural person (‘Data Subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Company: Altus Citadel Corporate Services Limited

Akropoleos 82, 2nd floor, Akropoli, 2012, Nicosia, Cyprus

Tel: +357 22 252774

Profiling means any form of automated Processing of Personal Data consisting of the use of Personal Data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, personal preferences, interests, reliability, behaviour, location or movements.

General Data Protection Regulation (GDPR)

As of 25th of May 2018, the General Data Protection Regulation (the “GDPR” and/or “Regulation”) 2016/679 became enforceable with direct applicability on all EU members and members of the European Economic Area. Thus, all member states shall harmonize data privacy loss across Europe.

The objective of this Regulation is the protection of natural persons with regards to the Processing of Personal Data and on the free movement of such data and this is addressed to all persons with whom the Company (as this is defined below) will be engaged into a business relationship with.

The Company strives to protect the privacy and the confidentiality of Personal Data that the Company collects and processes in connection with the services it provides to clients. Thus, the Company undertakes to meet its obligation under the EU General Data Protection Regulation (GDPR).

The Company is the Controller as well as Processor of Personal Data it receives in connection with its services provided under relevant engagement with its clients.

The Company does not use your Personal Data for Profiling.

1. What we need

Our Data Protection Policy governs the use and storage of your data.

We collect and process the following types of Personal Data from you:

  • Contact details (including names, postal addresses, email addresses, telephone and fax numbers);
  • Identification documents and details (including passports and IDs, social security and tax identification number);
  • Verification of residential address;
  • Professional information;
  • Bank/Lawyer/Auditor reference letter;
  • Personal financial information (including size and source of wealth, income and other financial information);
  • Anti-fraud data (including information about fraud and criminal convictions, allegations of crimes and sanctions details received from various anti-fraud and sanctions databases, or regulators or law enforcement agencies);
  • Website and communication usage (including details of your visits to our websites and information collected through cookies and other tracking technologies, including but not limited to, your IP address and domain name);

Where necessary and legally permitted, we may also collect more sensitive data.

Where you are providing us with information about a person other than yourself, you agree to notify them of their use of Personal Data and to obtain such consent for us, if needed.

2. Why we need it

In this section, we set out the purposes for which we collect and process Personal Data of our clients:

  • To provide you with, and to improve, our services;
  • To deal with your inquiries and requests;
  • To contact you in the course of providing services to our clients;
  • To provide you with any other information that you request from us;
  • To comply with our legal and professional responsibilities; and
  • Where we have other legitimate reasons, such as for internal compliance and security purposes.

3. Use of Cookies

This site uses cookies which are pieces of data that are created when you visit any website and are stored in the cookie directory of your computer, either temporarily or permanently, to help the site provide a better user experience. We only use cookies to measure how you interact with our site; this does not include any personal information and remains anonymous.

In general, cookies are used to retain user preferences, store information for things like shopping carts, and provide anonymized tracking data to third party applications like Google Analytics. As a rule, cookies will make your browsing experience better. However, you may prefer to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your browser. We suggest consulting the Help section of your browser which offers guidance on this for all modern browsers.

4. Sharing your information

The personal data you provide to our Company may be shared, consistent with applicable law and regulations, as follows:

  • With affiliates and subsidiaries of our Company;
  • With third parties such as contractors, advisers, agents, banks, regulators and third-party service providers that provide services to our Company, such as companies that provide record and information management services;
  • With law enforcement agencies if our Company reasonably believes unlawful activities have occurred;
  • As required by law or court order.

5. Cross-Border Transfer of Personal Information Outside the EEA

Countries outside the European Economic Area (EEA) often do not offer the same level of protections and guarantees for Personal Data as the countries within the EEA. Thus, our Company does not transfer your personal information outside of the EEA unless the transfer is justified on specific legal ground/s as mentioned in GDPR such as model contractual clauses, individual’s consent or other legal grounds permitted by GDPR.

In the event of a cross-border transfer of Personal Data outside the EEA, our Company will follow the GDPR guidelines to ensure the level of data protection is not undermined.

6. How long we keep it

Under Cyprus law and EU regulations and directives regarding prevention and suppression of anti-money laundering and terrorist financing activities, we are required to keep your documents up to 7 years (ie 5 years for compliance purposes and 7 years for tax purposes) as of the termination of the business relationship or one-off transaction, or where the business relationship or one-off transaction is not formally terminated, as of the completion of the last transaction made in the course of the business relationship. After this period, your Personal Data will be irreversibly destroyed. For more information, please do not hesitate to request our Data Protection Policy.

Any Personal Data held by us for marketing and service update notifications will be kept by us until such time that you notify us that you no longer wish to receive this information.

7. What are your rights?

Should you believe that any Personal Data we hold on you is incorrect or incomplete, you have the ability to request to see this information, rectify it or have it deleted (Article 16 of the Regulation) by sending a request with subject “Data Subject Access Request Form” to email

In accordance with Article 14 of the Regulation, in the situation where your Personal Data is collected from a third party, Company is required to provide you with a full list of recipients or categories of recipients including processors, unless you already possess such information or where the recording or disclosure of the Personal Data is expressly laid down by law or where the provision of information to the Data Subject proves to be impossible or would involve a disproportionate effort. Also, you have the right to receive information and/or copy of your Personal Data we hold, free of charge (Article 15 of the Regulation) and the right to ask for having your Personal Data erased (Article 17 of the Regulation).

In the event that you wish to complain about how we have handled your Personal Data, please contact Mrs. Maria Afxentiou Mackinder at, who will then look into your complaint and work with you to resolve the matter.

If you still feel that your Personal Data has not been handled appropriately according to the law, you can contact the Office of the Commissioner for Personal Data Protection in Cyprus and file a complaint with them at:

1 Iasonos str., 1082 Nicosia
P.O.Box 23378, 1682 Nicosia
Tel: +357 22818456
Fax: +357 22304565

7. Changes to our Privacy Policy

Any changes we make to our Privacy Policy in the future will be posted on our website and, where appropriate, notified to you by email.