M.RAPHAEL L.L.C. respects your privacy and understands the importance of protecting your personal data. This Privacy Notice describes our policies and practices regarding the collection and use of your personal data and sets forth your privacy rights. We are aware that the protection of your personal data is a continuous responsibility, which we do not take lightly, and therefore we will, from time to time, update this Privacy Notice, as we undertake new personal data practices. In particular, this Privacy Notice includes the following information:
DEFINITIONS
The terms used in this Privacy Notice (“personal data”, “processing”, “Data Controller”, “Data Processor”, “consent”, “recipient”, “special categories of personal data”, “third party/ies”, “Supervisory Authority”), shall have the meaning attributed to them by the General Data Protection Regulation 2016/679 (GDPR) and the Law providing for the Protection of Natural Persons with regard to the Processing of Personal Data and for the Free Movement of such Data of 2018 (Law 125(I)/2018).
WHO IS THE DATA CONTROLLER?
The Data Controller processing your personal data is M.RAPHAEL L.L.C., a duly registered limited liability company under the Registration Number ΗΕ 446412, having its registered office at 33 Constantinou Paleologou Street, The Square, 2nd floor,6036 Larnaca, P.O. Box 42364, CY-6533 Larnaca, Cyprus (hereinafter referred to as “Raphael Legal”, “we” or “us”).
WHO DOES THIS PRIVACY NOTICE CONCERN?
This Privacy Notice relates to the collection and processing of personal data of:
· individuals seeking to receive legal advice or services from us or submitting any enquiries, who provide their personal data through the use of our Contact Form,
· individuals seeking to receive legal advice or services from us or submitting any enquiries, who provide their personal data via email or telephone,
· job applicants,
· individuals seeking to provide goods or services to us and
· individuals who we communicate or interact with, within the course of our business.
References to “you” and “your personal data” refer to the individual/s who is/are providing personal data to us.
If you require further information regarding this Privacy Notice, please contact us at info@raphael.legal.
WHAT PERSONAL DATA DO WE COLLECT AND FOR WHAT PURPOSES?
Personal data means any information relating to identified or identifiable natural persons, namely persons who can be identified, directly or indirectly.
Raphael Legal collects personal data provided by you directly, either through our Contact Form or via email or telephone, such as your name and email address. We will use your personal datasolely for the purposes of responding to your enquiry or job application. There are also instances where we invite or request individuals to provide us with their personal data.
The legal basis for the collection of your personal data is Article 6(1)(b) of GDPR, insofar as your information is required to answer to your enquiry or job application, in performance of or prior to entering into a contract, and otherwise Article 6(1)(f) of the GDPR due to our legitimate interests to answer to your enquiry and manage our business, manage our relationship with our clients, prospective clients and their staff, hosting clients and others at our offices.
There may also be instances in which we will require you to provide us with your personal data, for which instances our legal basis for the collection of your personal data will be Article 6(1)(c) of GDPR, insofar as your information is required to comply with a legal obligation to which we are subject.
On some occasions, we may also need to acquire special categories of personal data (e.g. information about your health, race, ethnicity etc.), as well as personal data relating to criminal convictions and offences, only to the extent strictly necessary and proportionate for the purposes of providing our legal services to you, based on your explicit prior consent (Article 9 (2)(a) of the GDPR) or for the establishment, exercise or defence of legal claims (Article 9 (2) (f) of the GDPR).
In some circumstances, we may collect personal data about you from a third-party source. For instance, we may collect personal data from your organization, other organizations with whom you have dealings, including banks and other professional service providers, or other organizations in the context of the provision of our services to you or generally in the context of any other dealings we may have with you. We may also acquire information that you have made public and/or is otherwise publicly available. Furthermore, we may collect information from providers who assist us in complying with our legal, regulatory and other obligations, such as in relation to anti-money laundering, sanctions screening etc. In any case, such collection of your personal data from third parties is always carried out in accordance with GDPR and other legal obligations.
Please be aware that if you choose to withhold any personal data requested by us,in any of the above-mentioned circumstances, we might not be able to respond to your enquiry, process your job application, offer the legal services requested or perform any other contract between us.
Personal data communicated to us by clients, within the course of providing our services to the latter, is subject to client confidentiality obligations and may be protected by legal professional privilege.
Lastly, Raphael Legal collects information automatically, via the use of cookies.Raphael Legal uses onlyessential cookies, which cannot be disabled. These cookies do not collect the personal data of our website visitors. For more information on the types of cookies and how we use them, please contact us as set out in the "How To Contact Us" Section below.
We have summarised in the table below, a description of all the ways in which we plan to use your personal data, which are the legal bases we rely on to do so, as well as the purpose for which we use your personal data. We have also identified what our legitimate interests are, where appropriate.
We may process your personal data for more than one lawful grounds, depending on the specific purpose for which we are using your personal data.
Personal data we collect when you contact us via our Contact Form (this concerns potential clients, potential partners and job applicants).
· Name
· Surname
· Email address
Legal Basis for this Processing:
Article 6(1)(b) of the GDPR
Article 6(1)(f) of the GDPR
Purpose of this Processing:
We require your personal data to support our legitimate interests in managing our business (which are not overridden by your interests, fundamental rights or freedoms) and/or for providing our services to you i.e., for the performance of a contract concerning the provision of legal services to you or taking steps at your request prior to entering into such contract, in terms of responding to your requests for legal advice and/or other enquiries you may submit through our Contact Form or for the purpose of processing your job application.
Personal data we collect when you contact us via email or via telephone (this concerns potential clients and clients, potential partners and partners, job applicants).
· Name
· Surname
· Mail address
· Email address
· Telephone number
· Recruitment Data, such as academic qualifications, professional background and any other information contained in your CV
· Any other Personal data you provide us with such as ID number/Passport number
Legal Basis for this Processing:
Article 6(1)(b) of the GDPR
Article 6(1)(f) of the GDPR
Purpose for this Processing:
We require your personal data to support our legitimate interests in managing our business (which are not overridden by your interests, fundamental rights or freedoms) and/or for providing our services to you i.e., for the performance of a contract concerning the provision of legal services to you or taking steps at your request prior to entering into such contract, in terms of responding to your requests for legal advice and/or other enquiries you may submit through email or via telephone or for managing the services or goods provided to us by you, or for the purpose of processing your job application.
Personal data we require from our potential clients
· Name
· Surname
· Mail address
· Email address
· Telephone number
· ID/Passport number
· Information relating to personal wealth, sources of funds and assets
Legal Basis for this Processing:
Article 6(1)(c) of the GDPR
Purpose for this Processing:
We require your personal data to ensure and evidence, where legally required, compliance with our legal and regulatory obligations such as anti-money laundering legislation or for the purpose of responding to a binding request/order from a public authority or court etc.
Personal data we require from our clients
· Payment data such as bank account and payment card details, details of beneficiaries and other related billing information
· Special categories of personal data
Legal Bases for this Processing:
Article 6(1)(b) of the GDPR
Article 6(1)(f) of the GDPR
Article 9 (2)(a) of the GDPR
Article 9 (2)(f) of the GDPR
Purpose for this Processing:
We require your personal data to support our legitimate interests in managing our business (which are not overridden by your interests, fundamental rights or freedoms) and/or for providing our services to you i.e., for the performance of a contract concerning the provision of legal services to you or taking steps at your request prior to entering into such contract, in terms of managing payments of our invoices and sums due to us.
We may process special categories of personal data upon acquiring your explicit consent to the processing of such sensitive personal data in connection with the provision of legal services to you or for the establishment, exercise or defence of legal claims.
Personal data collected through the CCTV systems in our premises
· Image
· Sound
Legal Basis for this Processing:
Article 6(1)(f) of the GDPR
Purpose for this Processing:
When you visit our office premises, we collect your personal data relating to image and sound via the use of a CCTV system, for the purpose of ensuring the security of our premises, as well as the security of our visitors.
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you require further information on how the processing for the new purpose is compatible with the original purpose, please contact us, using the contact details set out in the “How to Contact Us” Section below.
If we need to use your personal data for an unrelated purpose, we will notify you, explaining the legal basis upon which the processing relies.
WHERE AND FOR HOW LONG DO WE STORE YOUR PERSONAL DATA?
Your personal data is stored on our servers and on the servers of the cloud-service providerswe engage, located within the European Economic Area (“EEA”).
We generally retain your personal datafor as longas needed to achieve the purpose for which it was originally collected and thereafter as required or permitted by law or as is necessary in order for us to be able to defend, respond to or conduct prospective or actual legal claims or proceedings.
To determine the appropriate retention period for personal data, we consider the volume, nature and sensitivity of the personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax or other requirements.
In particular:
· Information provided to us by you when contacting us with an enquiry, either through our Contact Form or via email or via telephone, will be retained for a period of 1 year since our last communication with you, unless a longer retention period is required orpermitted by law or unless we enter into a contractual relationship in the context of which your personal data shall be retained for the duration of our contractual relationship and thereafter for a further period of 7 years.
· Information provided to us by you when contacting us seeking for recruitment, shall be kept for the whole duration of the recruitment process and shall be deleted one (1) month after the candidate’s application is not successful, except where the candidate has provided his/her explicit consent for retention of his/her personal data for a longer specified period of time.
WITH WHOM DO WE SHARE YOUR PERSONAL DATA?
We will notdisclose your personal data except in the following cases:
· Disclosure to our employees, on a need-to-know basis, in order to provide our services to you. We require our employees to follow this Privacy Notice (and our internal Privacy Policy) in relation to the processing of the personal data that we share with them, and we ensure that they are bound by confidentiality obligations.
· Sharing with third party providers, who are facilitating the delivery of our services to you, and more specifically with third parties providing document management services, translation services, audit and accounting services, banking and/or business consulting services as well as our IT service providers, located in the EEA, always in accordance with any applicable data protection laws, and in compliance with the principles of necessity and proportionality.
· Sharing withgovernmental/regulatory/law enforcement agencies or other third parties, if we are required to do so by law or where it is necessary for the purpose of, or in connection with any administrative and/or disciplinary and/or civil and/or criminal legal proceedings or in order to exercise or defend our legal rights.
· Upon obtaining your written consent.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
THIRD-PARTY LINKS
Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
WHERE WILL YOUR PERSONAL DATA BE TRANSFERRED?
The personal data we collect and hold about you will not be used, stored and/or accessed by individuals and/or entities operating outside the EEA. We only share your personal data with the recipients mentioned above, which are located within the EEA.
WHAT ARE YOUR RIGHTS REGARDING YOUR PERSONAL DATA?
Under the GDPR, you have the following data protection rights, subject to any exemptions provided by the law:
· Access to your personal data: You have the right to obtain confirmation as to whether we process your Personal data and access your Personal data at any time, as well as to request a copy of the personal data we hold about you. For any further copies, we may charge a reasonable fee.
· Rectification of your personal data: You have the right to request the correction of any incomplete or inaccurate personal data we hold about you.
· Erasure of your personal data: You have the right to request the erasure of your personal data where the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed. You also have the right to request that we delete your personal data where you have withdrawn your consent, if the processing of the personal data was based on your consent, provided that there is no other legal ground for the processing, where you have successfully exercised your right to object to the processing and there are no overriding legitimate grounds for the processing, where we may have processed your data unlawfully or where we need to delete your personal data to comply with the law. Note, however, that we may not always be able to comply with your request for deletion for specific legal reasons for which we will notify you, as appropriate, at the time of your request.
· Restriction of processing: You have the right to request the restriction of the processing of your personal data, in the following instances:
a) You contest the accuracy of the personal data, for a period enabling usto verify the accuracy of the personal data;
b) the processing is unlawful and youoppose the erasure of the personal data and request the restriction of their use instead;
c) weno longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims;
d) you have objected to processing, pending the verification whether ourlegitimate grounds override your legitimate grounds.
· Object to processing of personal data: When we process your personal data based on the public interest or based on a legitimate interest of ours (or of a third party), you have the right to object to the processing of your personal data on grounds relating to your particular situation, as you feel it impacts your fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds which override your rights and freedoms. You also have the right to object when we are processing your personal data for direct marketing purposes.
· Data portability: You have the right to request the transfer of your personal data to you or to a third party, provided that the processing is based on consent, or on the performance of a contract, and the processing is carried out by automated means. We will provide to you, or directly to a third party you have chosen, if this is technically feasible, your personal data in a structured, commonly used, machine-readable format.
· Right not to be subject to Automated Decision-Making: You have the right not to be subject to a decision which is based on automated processing, and it produces legal effects or significantly affects you.
· Right to withdraw consent: You have the right to withdraw your consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before the withdrawal of consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent.
· Right to Lodge a Complaint with a Supervisory Authority: You also have the right to lodge a complaint with the Cyprus Commissioner for Personal Data Protection if in any case, you are of the opinion, that our company infringes your privacy and data protection rights. Please find more information at the official website of the Commissioner at www.dataprotection.gov.cy. Please also find below the relevant contact details of the Office of the Commissioner for Personal Data Protection in Cyprus:
1 Iasonos str., 1082 Nicosia, Cyprus
P.O.Box 23378, 1682 Nicosia, Cyprus
Tel: +357 22818456
Fax: +357 22304565
Email: commissioner@dataprotection.gov.cy
HOW CAN YOU EXERCISE YOUR RIGHTS?
If you wish to exercise any of theabove-mentioned rights, please contact the Data Protection Officer at dpo@raphael.legal.
Please note that:
- We may need to verify your identity before we can act on your request. This is a security measure to ensure that your personal data is not disclosed to any other person. We may request the provision of additional information necessary to confirm your identity. If we are not in a position to identify you, we may refuse to act on your request.
-Since the exercise of the above-mentioned rights is subject to certain legal conditions and limitations, we may have to decline your request if those conditions are not fulfilled or if legal limitations apply.
-We may refuse to act on requests that are manifestly unfounded or excessive, in particular because of their repetitive character.
-You will not have to pay a fee to exercise any of the above-mentioned rights. However, we may charge a reasonable fee if your request is manifestly unfounded, excessive, or repetitive.
-We will endeavour to deal promptly with your request, and in any event within one (1) month from receipt of the request (subject to any extensions to which we are lawfully entitled, for which we will also inform you). If we refuse to take any action on your request, we will inform you within one (1) month of receipt of the request of the reasons for not taking action, of the possibility of lodging a complaint with a Supervisory Authority and seeking a judicial remedy.
-In case you are not satisfied with the reply or resolution of your request, you have the right to lodge a complaint before the Supervisory Authority.
HOW DO WE PROTECT YOUR PERSONAL DATA?
Raphael Legal strivesto prevent any accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to your personal data. Therefore, we have implemented technical, organizational, and administrative security measures, such as password protection and data back-up.
We also regularly assess the effectiveness of our security measures and update them, where deemed necessary, and we restrict access to your personal data to employees on a need-to know-basis, for the provision ofour services. In addition, our employees undertake training sessions regarding the importance of the protection of personal data and are bound by confidentiality duties.
Whenever any third-party service provider processes your data on our behalf, we require them to also implement appropriate technical and organizational measures in such a manner that processing will meet the applicable legal requirements and ensure the protection of your rights.
CAN MINORS USE THIS WEBSITE?
This website is addressed to individuals over the age of 18. We do not knowingly attempt to request or receive information from minors under the age of 18. If you are a parent or legal guardian of a minor and you become aware that the latterhas provided his/her personal data to us without your consent, please contact us at info@raphael.legal. to exercise your rights as described in this Privacy Notice.
HOW DO WE USE COOKIES?
A cookie is a small text file that a website saves on your computer or mobile device when you visit the website. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognizes that cookie, to develop a record of the user’s online activity.
We only use cookies that are essential for our website to operate efficiently and to technically deliver the services requested, as well as for maintaining the security of our website. that are strictly necessary for its operation, which cannot be disabled. Those cookies are set by us and are called first-party cookies.
If you need any further information on the types of cookies and how we use them, contact us as set out in the "How To Contact Us" Section below.
WILL THIS PRIVACY NOTICE CHANGE?
We may update this Privacy Notice from time to time, to reflect any changes to the use and processing of your personal data or in response to changing legal, regulatory or operational requirements. Any changes made to this Privacy Notice will be published on this page, and therefore we encourage you to frequently review this page for any updates.
When these changes are material, for instance when there is a change in the processing purposes, a change to the identity of the Data Controller, or a change as to how you can exercise your rights in relation to the processing of your personal data, we will provide you with specific notice of any such changes (including when they will take effect) in accordance with the law.
HOW TO CONTACT US?
If you have any questions, concerns, complaints or would like to exercise your data protection rights, please contact our Data Protection Officer at:
Name: Melina Loizou
Email: dpo@raphael.legal
Address: Constantinou Paleologou 33, 6036-Larnaca, Cyprus
Tel: +35724323333
This Privacy Notice was last updated on July 28th, 2023.
P: +357 24 323333 F: +357 24 323332
A: 33 Konstantinou Paleologou, The Square, 2nd Floor, CY-6036 Larnaca
P.O. Box 42364, CY-6533 Larnaca, Cyprus
Copyright © 2023 M.Raphael LLC-All Rights Reserved
We only use cookies that are essential for our website to operate efficiently and to technically deliver the services requested, as well as for maintaining the security of our website. Those cookies are set by us and are called first-party cookies. Our website only uses cookies that are strictly necessary for its operation, which cannot be disabled.