Privacy Statement Summary

Last revised: 22 March 2021

At PICCO, we are committed to protect privacy of information and personal data entrusted to us. We handle private information in an open, transparent manner. 

The privacy statement set below, applies to personal data processed by PICCO PROFESSIONAL SERVICES LIMITED, registered in Cyprus under registration number 390658 with registered office address at 45, Ezekia Papaioannou, 7020 Larnaca, Cyprus. 

This privacy statement explains what information we collect about our clients, what we use that information for and who we give that information to. It also sets out our clients’ rights in relation to the information collected and processed.


To whom this privacy statement applies to and what it covers?

It is directed to natural persons (hereinafter our “clients”) who are either past, current or potential clients, or are authorized representatives/agents of past, current or potential clients, or are beneficial owners in legal entities who are past, current or potential clients.

You can find how we will collect, handle, store and protect personal information about you when:

  • providing services to you or to our clients,

  •  you use our Website, or,

  •  we perform any other activities that form part of the operation of our business.

We may refer to information that identify or may identify you or that may otherwise relate to you as “personal data” or “personal information”. We may also sometimes collectively refer to collecting, handling, using, protecting and storing your personal information as “processing” such personal information.


What information do we collect and where do we collect it from?

In the course of providing services to you as a client and particularly when performing due diligence checks in connection with our services (or discussing possible services we might provide to you as a prospective client), we may collect or obtain personal data about you.  We may also collect personal data from you when you use our Website.

We may collect or obtain such data because you give them to us (for example in a form on our Website or through our “know-your-client” procedures), because other people give that data to us (for example your employer or adviser, or third party service providers that we use to help operate our business) or because it is publicly available.

We may also collect or obtain personal data from you because we observe or infer that data about you from the way you interact with us. For example, to improve your experience when you use this Website and ensure that it is functioning effectively, we (or our service providers) may use cookies (small text files stored in a user’s browser) which may collect personal data. 

The personal data that we collect or obtain may include without limitation: your name; age; date of birth;  ID number; e-mail address; home address; country of residence;  family circumstances (for example, your marital status and number of dependents); employment and education details (for example, the organization you work for, your job title and your education details); financial and tax-related information (for example your income and tax residency); your IP address; your browser type and language; your access times; complaint details;  and other similar information.

The types of personal data and special categories of personal data that we collect may vary depending on the nature of the services that we provide to you, or how you use our Website. In some rare circumstances, we might also gather other special categories of personal data about you, for example as a result of legal requirements imposed on us.

Where we have no direct contractual relationship with you but obtain your personal data about you by our client, we take steps to ensure that the client has complied with the privacy laws and regulations relevant to that information; this may include, for example, that the client has provided you with the relevant information notices in relation to how your personal data will be processed and disclosed to third parties such as PICCO and has obtained any necessary consents for us to process your personal data as described in this privacy statement and/or our engagement with the client.


How we use information about you?

Use of personal information to provide services to our clients

We will only process your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

(A) In order to proceed with a business relationship

We will use your personal data to provide you with our services. As part of this, we may use your personal data in the course of correspondence relating to the services.  Such correspondence may be with you or our service providers or competent authorities.  We may also use your personal data to conduct due diligence checks relating to the services.

Because we provide a wide range of services to our clients, the way we use personal data in relation to our services also varies. For example, we might use personal data:

  • about a client’s employees to help those employees manage their tax affairs when working overseas,

  • when we provide risk advisory services to corporate clients,

  • when we provide investment services to clients (such as investment advice)

  • when we offer human capital services (such as payroll services),

  • about a client’s employees and customers in the course of conducting an audit (or similar activity) for a client,

  • about a client to help him/her complete and submit a tax return, or

  • when we consider applicants for employment purposes.

If you do not provide the personal data we request from you, we may not be able to offer or continue offering our services to you.

(B) Where we need to comply with a legal obligation

We are required to comply with certain legal and regulatory obligations, as well as certain industry standards, which may involve the processing of personal data. We may, for example, need to carry out identity verifications through our “know-your-client” procedures, set-up anti-money laundering controls and comply with our tax reporting obligations. We may also need to provide information to a public body or law enforcement agency when we are so required.

(C) For the purposes of safeguarding legitimate interests

We process personal data so as to safeguard the legitimate interests pursued by us or by a third party. A legitimate interest is when we have a business or commercial reason to use our clients’ information. An example of such processing activities can include, initiating legal claims, preparing our defense in litigation procedures, to identify, prevent and investigate fraud and other unlawful activities, to safeguard the security of our people, premises and assets and prevent trespassing through video surveillance, for financial accounting, invoicing and risk analysis purposes, etc.

(D) Where you have given us your consent

When the client has provided specific consent for processing (other than for the reason set out hereinabove) then the lawfulness of such processing is based on that consent. The client has the right to revoke consent at any time. However, any processing of personal data prior to the receipt of the revocation will not be affected.


Use of personal information collected via our Website

In addition to the purposes connected to the operation of our business above, we may also use your personal data collected via our Website:

  • to manage and improve our Website,

  • to tailor the content of our Website and to draw your attention to information about our products and services that may be of interest to you, 

  • to manage and respond to any request you submit through our Website.


Who we disclose your information to?

In the course of the performance of our business relationship, our clients’ personal data may be provided to various departments within our Company.

Furthermore, the following third parties may also be the recipients of the personal data under the certain circumstances:

  • Supervisory and other regulatory and public authorities, whereby a statutory obligation exists. Some examples are the Institute of Certified Public Accountants Cyprus, the Registrar of Companies, the Income Tax Authorities, Criminal Prosecution Authorities.

  • Credit and financial institutions whereby our clients specifically instruct us to open bank accounts.

  • Any other service provider or professional which our clients specifically instruct us to engage with such as service providers, auditors, lawyers, business consultants etc.


Protection of your personal information

We use a range of physical, electronic and managerial measures to ensure that we keep your personal data secure, accurate and up to date. These measures include:

  • education and training to relevant staff to ensure they are aware of our privacy obligations when handling personal data;

  • administrative and technical controls to restrict access to personal data on a ‘need to know’ basis;

  • technological security measures, including fire walls, encryption and anti-virus software; and

  • physical security measures, such as staff security passes to access our premises.


How long we keep your information for?

We will hold your personal data on our systems for the longest of the following periods:

(i) as long as is necessary for the relevant activity or services,

(ii) any retention period that is required by law,

(iii) the end of the period in which litigation or investigations might arise in respect of the services, or,

(iv) any retention period as per our Firm’s official retention policy, the length of which may vary depending on the nature of the information that is held.


Your rights

You have various rights, under the Data Protection regulation, in relation to your personal data. In particular, you have a right to:

  • To receive access to their personal data.

  • To request correction of the personal data.

  • To request erasure of their personal information. Where there is a good reason for the personal information to be kept we may refuse the erasure of the personal data. Good reasons can include legal/statutory reasons for non-erasure, legitimate interests for non-erasure.

  • To object to processing of their personal data. If our clients lodge an objection, we will no longer process their personal data unless we can demonstrate compelling legitimate grounds for the processing which override their interests, rights and freedoms.

  • To request the restriction of processing of their personal data.

  • To request to receive a copy of their personal data.

  • To withdraw the consent given to us with regard to the processing of their personal data at any time. Note that any withdrawal of consent shall not affect the lawfulness of processing based on consent before it was withdrawn or revoked.


Right to complain

To exercise any of your rights, if you have any other questions about our use of your personal data, or if you want to complaint about our use of persona data, please send an email to info@piccocy.com or write to us to the address below:

The Data Protection Officer,

PICCO PROFESSIONAL SERVICES LIMITED,

6 Constantinou Paleologou,

Alexandros II Building, Ground Floor,

6036 Larnaca, Cyprus.

Complaints may also be submitted to the Office of the Commissioner for Personal Data Protection. More information can be found at http://www.dataprotection.gov.cy.


Changes to this privacy statement

We may modify or amend this privacy statement from time to time.

To let you know when we make changes to this privacy statement, we will amend the revision date at the top of the first page. The new modified or amended privacy statement will apply from that revision date. Therefore, we encourage you to periodically review this statement to be informed about how we are protecting your information.