Privacy Policy

PRIVACY POLICY OF C. MAVROCOSTAS & Co. LLC

C. MAVROCOSTAS & Co. LLC (hereinafter “our firm”, “the company” “we”, “us”, “our” or “our company”) with registration number HE388415, is the controller of the information collected or provided directly through our website, www.cmavrocostasllc.com and/or through your User Profile and/or through emails, and/or in any other manner through your contact as a User, and/or as a contact and/or through the contact of any other third party with our company. We respect our Users’ privacy and are committed to protecting it through our compliance with applicable privacy and data protection laws and regulations.

Please read this privacy policy carefully to understand our policies and practices regarding your information and how we will treat it. If you have any questions about our privacy practices, please refer to the end of this privacy policy for information on how to contact us. This privacy policy applies to information we collect directly from you and/or through our offline interaction and/or through emails, and/or through telephone conversations and/or through any kind of telecommunications and/or through third parties in the ordinary course of our business. We collect the information provided to be able to provide you with the service you requested and given that we have your consent.

This Policy must be read in conjunction with our website’s Terms of Use (https://www.cmavrocostasllc.com/terms-of-use) and our Cookies Policy (https://www.cmavrocostasllc.com/cookie-policy/).

Definitions

“Company” or “law firm” or “our firm” means C. MAVROCOSTAS & Co. LLC, registered in the Republic of Cyprus, with registration number HE389367 and registered office at Akropoleos 44 – 46, Strovolos, 2012, Nicosia, Cyprus.

“Personal Information” means any information that relates to a living Individual (not companies or other legal persons) which can be reasonably linked to that Individual. “Personal Information” mentioned in this policy also refer to “Sensitive Personal Information” (see the definition below).

“Special Categories of Personal Information (Sensitive Information)” are the ones revealing an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, offences & criminal convictions, criminal history, security measures, trade union memberships, the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person and data concerning health or data concerning a natural person’s sex life or sexual orientation.

“MNPI” – Material Non Personal Information is data which is NOT Personal or Sensitive information but by nature should be limited to appropriate staff or management.

“Data Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the data controller.

“Data Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State Law, the controller or the specific criteria for its nomination may be provided for by Union or Member State Law. For the purposes of this Policy, the Data Controller refers to our Company.

“EEA” means the European Economic Area.

“Processing” of Personal Data shall mean any operation or set of operations that is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation, alteration, maintenance, retrieval, access, consultation, use, transfer, transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.

“Third Party” is any natural or legal person, public authority, agency, or any other body other than the data subject, the controller, the processor, and the persons who, under the direct authority of the controller or the processor, are authorized to process the data.

“Data Subject” is an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

“Lawyer/s” means the natural persons that are employed by our firm and/or are in a contractual relationship with our Company and have been categorized as Lawyers in our Company.

“Introductory Services” or “Services” means the services our company provides to the Customers by selecting and assigning a Lawyer to the cases they open through their Customer Profiles.

“Cookies” refer to the cookies of the company’s website as defined in our Cookies Policy found at (https://www.cmavrocostasllc.com/cookie-policy/).

“Cookies Policy” means the Cookies Policy of the company’s website which can be found at (https://www.cmavrocostasllc.com/cookie-policy/).

“Associates” Directors, managers and employees of the company as well as the subcontractors, principals and its affiliates.

“Principal” is any natural of legal person that has designated our Company as its Agent to act on their behalf.

“DPO” – Data Protection Officer is the person responsible to set and maintain appropriate procedures to ensure adherence to the Personal Data Protection regulation.

“PIA” – Privacy Impact Assessment is the new obligation on data controllers and data processors to conduct a Data Protection Impact Assessment (also known as a privacy impact assessment, or PIA) before undertaking any processing that presents a specific privacy risk by virtue of its nature, scope, or purposes.

“Profiling” is any form of automated processing of personal data intended to evaluate certain personal aspects relating to an individual, or to analyse or predict in particular that person’s performance at work, economic situation, location, health, personal preferences, reliability, or behaviour.

“Terms of Use” means our website’s Terms of Use found at (https://www.cmavrocostasllc.com/terms-of-use/)

“Transfer outside EEA” is subject to restrictions. As with the Data Protection Directive, data does not need to be physically transported to be transferred. Viewing data hosted in another location would amount to a transfer for GDPR purposes.

Purpose

To support its mission within the services sector, the Company uses Personal Information to provide a variety of related services under one roof as a one-stop shop. This policy about the privacy of Personal Information (the “Policy”) has been adopted in order to assist in establishing and maintaining an adequate level of Personal Information privacy in the collecting, processing, disclosing and cross-border transfer of Personal Information including that relating to current, past and prospective Company Personnel, Customers, suppliers, principals, contractors and business associates of the company.

Our company respects the Privacy rights of any person whose personal Data we are entrusted with and it complies with laws and regulations protecting Personal Information. This Policy explains the relevant data privacy principles for the protection of Personal Information and how such principles are to be implemented.

Scope and Applicability

- This Policy covers all Personal (and sensitive) Information collected, processed, shared, or used by the Company.
- It applies to all our Associates, Customers, Lawyers and Third Parties that are involved in our Company’s ordinary course of business.
- This Policy contains the Company’s Data processing standards.
- This Policy must be implemented by all Company’s Associates, Lawyers, Customers and Third Parties that are involved in our Company’s ordinary course of business.

Collection of Personal Information:

We collect and use several types of information of the individuals we co-operate with, of our Customers, Lawyers and sometimes of our Customers’ opposing party including information by which you may be personally identified and that is defined as personal data or personally identifiable information under applicable law (“Personal Information”), such as your first and last name, e-mail address, billing information, license number, demographics, telephone number, or other (online) contact information, identification number, other personal details and financial details where applicable.

Information we automatically collect online:

We automatically collect certain technical information from visitors to our Site(s), such as the Internet protocol (IP) address of their device through IP Locator, their login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platforms. We also collect information through Google Ads, Google Analytics and Facebook Ads to be able to provide the best possible service to our Customers.

We collect information submitted to us:

- Through our online services on our website (http://www.cmavrocostasllc.com) We may collect Personal Information when you visit our website, when you contact us, when you call us, when you ask about a case, when you communicate with us via online chat services, when we inform you about how we perform your requested services, through our email communications, when you inform us of any special requests or preferences you may have, or sign up for a newsletter or participate in a survey, contest, or promotional offer.
- Through other sources: We may receive Personal Information from third parties including without limitation, your Customers, recruitment agencies, credit check agencies, agencies providing compliance checks, sub-agents, and other partners.

Categories of Personal Information collected

The Categories of Personal Information that we collect online on our website, through our website (http://www.cmavrocostasllc.com), or through online telecommunications, or through offline telephone conversations, or other telecommunications and/or by any other means as described in paragraph 6 above, include:

Any information that you provide by filling in forms, in particular at the time of first contact with us.
Any information that is used in offline or online meetings.
Any information that your instruct us to register and/or file and/or submit on your online profile such as your case details, opposition details etc.
Any personal or sensitive information our registered Lawyers may give us for the purposes of carrying out our services to our registered customers.
Personal Information is also collected when you enter a contest or promotion sponsored by us, and when you report a problem with our Website.
Records and copies of your correspondence (including e-mail addresses), if you contact us or when we contact you.
Details of transactions you carry out, if any, and of the fulfilment of your orders.

Purposes for Which We Use Your Personal Information

In general, we use information that we collect about you or that you provide to us, including Personal Information and Sensitive Personal Information, for following purposes:

Provision of services: to provide you with information, products or services that you request from us;
Customer management:to manage your customer account, to provide you with customer support and with notices and/or updates about your account, including notices about changes to any services we offer or provide through it;

Advertising:following explicit consent to communicate with you about products or services that may be of interest to you either from us, our affiliates or other third parties;

Functionality and security:to detect, prevent, and respond to actual or potential fraud, illegal activities, or intellectual property infringement;
Compliance:to enforce our terms and conditions and to comply with our legal obligations as these derive from the applicable laws or our regulators;

in any other way we may describe when you provide the information; or for any other purpose with your consent provided separately from this privacy policy.

Disclosure of Your Personal Information

We want you to understand when and to whom we disclose Personal Information and other information we have collected about you or your activities on the Website. We do not share your Personal Information with third parties except as indicated below:

Subsidiaries and Affiliates: We share above categories of Personal Information with our subsidiaries and affiliates to the extent this is necessary for the purposes of provision of services, customer management, customization of content, advertising (if you have consented) security and compliance, or to the extent you have provided your consent provided separately from this privacy policy.
To our authorized Lawyers that perform certain services on our behalf, including for purposes of provision of the services that the Customers requested from us, customer management and security. The Lawyers may have access to Personal Information provided by the Customers when filing a case through their Customer Profile and which are needed by the Lawyers to perform their initial advice. Lawyers are not permitted to share or use such information to any third party for any other purposes. We have taken all reasonable steps to ensure that they comply with the current data protection regulations.
Legal successors.To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, in which personal information held by is among the assets transferred. Should such a sale or transfer occur, we will use reasonable efforts to try to ensure that the entity to which we transfer your personal information uses it in a manner that is consistent with this privacy policy.
To send you administrative information, marketing communications, promotional offers, periodic customer satisfaction, market research or quality assurance surveys (to the extent permitted after we have obtained your consent);
To personalize your experience when you use our services;
To allow you to participate in contests and other promotions and to administer these activities;
For our business purposes, such as data analysis, audits, security, fraud monitoring and prevention, enhancing, improving or modifying our Services, identifying usage trends, determining the effectiveness of our promotional campaigns and operating and expanding our business activities;
To the extent this is necessary to fulfil any other purpose not mentioned above for which you provided Personal Information and, if applicable, your consent separately from this privacy policy.
Governmental Authorities: We also disclose your Personal Information to other third parties, including official authorities, courts, or other public bodies:

In response to a subpoena or similar investigative demand, a court order or other judicial or administrative order, or a request for cooperation from a law enforcement or other government agency; to establish or exercise our legal rights; to defend against legal claims; to comply with applicable law or cooperate with law enforcement, government or regulatory agencies; or to enforce our Website terms and conditions or other agreements or policies; or as otherwise required by law (including responding to any government or regulatory request). In such cases, we may raise or waive any legal objection or right available to us, in our sole discretion.
Resolve complaints, and handle requests for data access or correction. Comply with applicable laws and regulatory obligations (including laws outside your country of residence), such as those relating to anti-money laundering and anti-terrorism; comply with legal process; and respond to requests from public and governmental authorities (including those outside your country of residence).
- To the extent a disclosure is necessary in connection with efforts to investigate, prevent, report or take other action regarding illegal activity, suspected fraud or other wrongdoing; to protect and defend the rights, property or safety of our company, our users, our employees, or others; to maintain and protect the security and integrity of our Website or infrastructure.
- Third Parties. Third parties to whom we may disclose Personal Information may have their own privacy policies which describe how they use and protect Personal Information. If you want to learn more about their privacy practices, we encourage you to visit the websites of those third parties.
- We may disclose aggregated information about our users, and information that does not identify any individual, without restriction. In particular, we may transfer non-Personal Information and process it outside your country of residence, wherever the Website, its affiliates and service providers operate. We may combine non-Personal Information we collect with additional non-Personal Information collected from other sources. We also may share aggregated information with third parties, including advisors, advertisers and investors, for the purpose of conducting general business analysis.

Storage and Protection of Your Personal Information

- The information that we collect about you, including Personal Information, will be stored and processed in Cyprus and/or in remote cases in the Countries in which we and our Associates above maintain facilities. If you are located in the European Union or other regions with laws governing data collection and use that may differ from European data protection laws, please note that in the course of providing you with the service you requested we may transfer Personal Information to some of these countries and jurisdictions that have data protection laws that do not provide the exact same level of protection as in your jurisdiction, however we make every effort possible to verify and audit that the processor and sub processors provide the best level of protection of personal data.
- We are committed to protecting the Personal Information you share with us. We use all reasonable precautions to secure your Personal Information as well as the appropriate physical, technical, organizational and administrative security measures to help protect your Personal Information from unauthorized or unlawful access, use or disclosure, and from accidental loss, destruction or damage.
- Where our registered Lawyers and/or Associates and/or third parties process the Personal Information on behalf of the Company, we will ensure that the Lawyer, Associate or Third Party is under an obligation: (i) not to process or transfer the Personal Information except pursuant to instructions from the Company (which should take the form of a written agreement); and (ii) to take appropriate measures to protect the Personal Information to an extent substantially similar to the protections provided by the Company.
- We support online security using secure server technology because we want your data to be safe. We use state-of-the-art security arrangements and facilities on our platform and website to maintain data security. Unfortunately, the transmission of information via the internet cannot be guaranteed 100% completely secure and we cannot guarantee the security of your Personal Information that is transferred over the internet.
- How We Protect the Security of Your Personal Information – We take appropriate security measures (including physical, electronic and procedural measures) to safeguard your Personal Information from unauthorized access and disclosure. For example, only authorized employees and/or our Associates are permitted to access Personal Information, and they may do so only for permitted business functions. In addition, we have trained our employees on how to handle, manage and process personal data, applied upgraded technical measures and transformed our policies and procedures in a way that will comply with the General Data Protection Regulation(the “GDPR”). Our Website Users should also take care with how they handle and disclose their Personal Information and should avoid sending Personal Information through insecure email. We are not responsible for circumventions of any privacy settings or security measures contained on the Website.
- If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account has been compromised), please immediately notify us in accordance by sending an email to our Company’s DPO at (dpo@cmavrocostasllc.com)
- Regarding the retention period of the Personal Information please refer to paragraph 11 below.

Retention of Personal Information

- To the extent we have collected your Personal Data for purposes of provision of services, customer management, and customization of content (for descriptions of these purposes see above), we keep your Personal Information for as long as you have an account with the Website, as needed to provide you with our respective services and in compliance with relevant laws of Cyprus.
- Personal Information on your profile on our website are stored for as long as your client profile is active and/or as long as you have a contractual relationship with our Company as a Customer. We will maintain all the information in your customer profile for a period of 12 months even where your contractual relationship ends and your customer profile becomes inactive for security purposes.
- Financial Information and/or transactional information between our Company and you as a Client will be maintained for a period of 6 years for tax purposes.
- Personal Information used for marketing and advertising purposes will be stored for a period of 12 months and the period can be renewed with your consent.
- The period for which we keep your Personal Information that is necessary for compliance and legal enforcement purposes varies and depend on the nature of our legal obligations and claims in the individual case.
- For further information regarding other specific retention periods please contact us at (dpo@cmavrocostasllc.com)

Legal Bases for Collection, Use and Disclosure of Your Personal Information

There are different legal bases that we rely on to collect, use and disclose your Personal Information, namely:

Consent:We will rely on your consent to use (i) your Personal Information for marketing and advertising purposes; (ii) your Personal Information for other purposes when we ask for your consent separately from this privacy policy and for which the purpose of the process does not relate to the services we offer to you.
Performance of contract:The use of your Personal Information for purposes of providing the services, customer management and functionality and security as described above is necessary to perform the services provided to you under our term and conditions and any other contract that you have with us.
Compliance with legal obligation:We are permitted to use your Personal Information in to the extent this is required to comply with a legal obligation to which we are subject.

Choices About How We Collect, Use and Disclose Your Personal Information

- We strive to provide you with choices regarding the Personal Information you provide to us.
- You can choose not to provide us with certain Personal Information, but that may result in you being unable to use certain services.
- When you register with us, you may be given a choice as to whether you want to receive email messages, newsletters or advertising material about product updates, improvements, special offers, or containing special distributions of content by us. If consented yet later on you decide you no longer want to receive commercial or promotional emails or newsletters from us, you will need to avail yourself of the unsubscribe mechanism set out in the applicable communication. It may take up to seven days for us to process an opt-out request. We may send you other types of transactional and relationship e-mail communications, such as service announcements, administrative notices, and surveys, without offering you the opportunity to opt out of receiving them as these will related directly to your relationship with us.
- If you provided Personal Information, you may terminate your relationship with us at any time as per the provision of the between us agreement or engagement. If you choose to do so, your Personal Information will be deleted in accordance with our retention policy.

Your Rights Related to Your Personal Information

Subject to the provisions of the General Data Protection Regulation (GDPR), you have certain rights regarding the Personal Information we collect, use or disclose and that is related to you, including the rights:

- to receive information on the Personal Information concerning we hold about you and how such Personal Information is used (right to access);
- to rectify inaccurate Personal Information concerning you (right to data rectification);
- to delete/erase your Personal Information (right to erasure/deletion, “right to be forgotten”);
- to receive the Personal Information provided by you in a structured, commonly used and machine-readable format and to transmit those Personal Information to another data controller (right to data portability);
- to object to the use of your Personal Information where such use is based on our legitimate interests or on public interests (right to object); and
- in some cases, to restrict our use of your Personal Information (right to restriction of processing).
  - If we ask for your consent to use your Personal Information, you can withdraw your consent at any time.
  - You may, at any time, send us an e-mail at (dpo@cmavrocostasllc.com) to exercise your above rights in accordance with the applicable legal requirements and limitations. If you are located in the EEA, you have a right to lodge a complaint with your local data protection authority.
  - Note that some requests to delete certain Personal Information will require the deletion of your user account as the provision of user accounts are inextricable linked to the use of certain Personal Information (e.g., your e-mail address). Also note that it is possible that we require additional information from you in order to verify your authorization to make the request and to honour your request.

Changes to Our Privacy Policy

- We may modify or revise our privacy policy from time to time. Although we may attempt to notify you when major changes are made to this privacy policy, you are expected to periodically review the most up-to-date version found at our website (https://www.cmavrocostasllc.com/privacy-policy-2/) for you to be aware of any changes, as they are binding on you.
- If we change anything in our privacy policy, the date of change will be reflected in the “last modified date”. You agree that you will periodically review this privacy policy and refresh the page when doing so. You agree to note the date of the last revision to our privacy policy. If the “last modified” date is unchanged from the last time you reviewed our privacy policy, then it is unchanged. On the other hand, if the date has changed, then there have been changes, and you agree to re-review our privacy policy, and you agree to the new ones. By continuing to use the Website subsequent to us making available an amended version of our privacy policy in a way that you can easily take notice of it, you thereby consent to such amendment.

Enforcement; Cooperation

We regularly review our compliance with this privacy policy. Please feel free to direct any questions or concerns regarding this privacy policy or our treatment of Personal Information by contacting us through this Website at (dpo@cmavrocostasllc.com). When we receive a formal written complaint, it is our policy to contact the complaining party regarding his or her concerns. We will cooperate with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the collection, use and disclosure of Personal Information that cannot be resolved by an individual and us.

No Rights of Third Parties

This privacy policy does not create rights enforceable by third parties or require disclosure of any Personal Information relating to users of the Website.

No Error Free Performance

We do not guarantee error-free performance under this privacy policy. We will use reasonable efforts to comply with this privacy policy and will take prompt corrective action when we learn of any failure to comply with our privacy policy. We shall not be liable for any incidental, consequential or punitive damages relating to this privacy policy.

Contact Information

If you have any questions about this privacy policy or our information-handling practices, please contact us at (dpo@cmavrocostasllc.com)
You may also contact us through email at (info@cmavrocostasllc.com), and/or through mail at C. Mavrocostas & Co. LLC, Akropoleos Ave. 44-46, Office 301, Strovolos, 2012, Nicosia, Cyprus and/or through a private message at our Facebook Page (https://www.facebook.com/cmavrocostasllc)