Data Protection Policy

Effective Date: September 2024

1. Introduction

At Agapitos, Georgiou & Partners, we are committed to maintaining the privacy and security of personal data entrusted to us by our clients, employees, and other stakeholders. This Data Protection Policy outlines our practices for collecting, using, storing, and protecting personal data in compliance with applicable data protection laws, including but not limited to the General Data Protection Regulation (GDPR) and any relevant local regulations.

2. Scope

This policy applies to all personal data processed by Agapitos, Georgiou & Partners, including data relating to clients, employees, business contacts, and other individuals who interact with the firm. It covers all data processing activities, whether the data is held electronically or in paper form.

3. Principles of Data Protection

We adhere to the following core principles of data protection when handling personal data:

  • Lawfulness, Fairness, and Transparency: We process personal data lawfully, fairly, and in a transparent manner, ensuring that individuals are informed about how their data is collected, used, and shared.

  • Purpose Limitation: Personal data is collected for specified, legitimate purposes and is not processed further in a way that is incompatible with those purposes.

  • Data Minimization: We collect only the personal data that is necessary for the purposes for which it is processed.

  • Accuracy: We ensure that personal data is accurate and kept up-to-date. Inaccurate data is corrected or deleted promptly.

  • Storage Limitation: Personal data is retained only for as long as necessary for the purposes for which it was collected, unless a longer retention period is required by law.

  • Integrity and Confidentiality: We process personal data in a manner that ensures appropriate security, including protection against unauthorized access, loss, or damage.

4. Types of Data Collected

Agapitos, Georgiou & Partners collects and processes the following categories of personal data:

  • Client Data: Name, contact details, identification documents, financial information, and case-related information.

  • Employee Data: Personal information necessary for employment, including payroll details, identification documents, and performance evaluations.

  • Business Contact Data: Name, contact details, and other information necessary for maintaining business relationships.

5. Legal Basis for Processing

We process personal data based on one or more of the following legal bases:

  • Consent: When individuals have given clear consent for us to process their data for specific purposes.

  • Contractual Necessity: When data processing is necessary to fulfill a contract with the individual (e.g., providing legal services to a client).

  • Legal Obligations: When processing is necessary to comply with a legal obligation (e.g., tax laws, employment regulations).

  • Legitimate Interests: When processing is necessary for the legitimate interests of Agapitos, Georgiou & Partners or a third party, provided these interests are not overridden by the rights of the data subject.

6. Data Security Measures

Agapitos, Georgiou & Partners implements appropriate technical and organisational measures to safeguard personal data, including but not limited to:

  • Access Controls: Limiting access to personal data to authorized personnel who require it for their job responsibilities.

  • Encryption: Using encryption technologies to protect personal data transmitted electronically.

  • Physical Security: Ensuring that paper records and IT systems are stored in secure locations with controlled access.

  • Regular Audits: Conducting regular audits of our data protection practices to ensure compliance and identify potential risks.

7. Data Sharing and Disclosure

We only share personal data with third parties when necessary for the provision of legal services, to fulfil a legal obligation, or where the data subject has provided consent. Third-party service providers who process data on our behalf are subject to confidentiality agreements and must comply with our data protection standards.

We may disclose personal data in the following circumstances:

  • To courts, regulatory bodies, or law enforcement agencies when required by law or to protect our legal rights.

  • To third-party service providers who assist us in providing services (e.g., IT support, data storage providers), subject to strict confidentiality obligations.

8. Data Subject Rights

Individuals whose personal data we process have the following rights under data protection laws:

  • Right to Access: The right to request access to personal data we hold about them.

  • Right to Rectification: The right to request correction of inaccurate or incomplete personal data.

  • Right to Erasure (Right to be Forgotten): The right to request deletion of personal data, subject to certain legal exceptions.

  • Right to Restrict Processing: The right to request a restriction on the processing of their personal data.

  • Right to Data Portability: The right to receive personal data in a structured, commonly used format and transfer it to another data controller.

  • Right to Object: The right to object to the processing of personal data based on legitimate interests or for direct marketing purposes.

To exercise any of these rights, individuals can contact us at contact@agapitosgeorgiou.com.

9. Data Breach Response

In the event of a data breach that poses a risk to individuals' rights and freedoms, Agapitos, Georgiou & Partners will promptly notify the relevant data protection authorities and affected individuals, as required by law.

10. Data Retention

We retain personal data for as long as necessary to fulfil the purposes for which it was collected or as required by law. Once personal data is no longer needed, we securely delete or anonymise it to prevent unauthorised access.

11. Training and Awareness

We provide regular training to all employees on data protection practices and their responsibilities under this policy. Employees are required to comply with this policy and related data protection procedures.

12. Policy Review and Updates

This Data Protection Policy will be reviewed regularly and updated as necessary to reflect changes in legal requirements or business practices. Any updates will be posted on our website and communicated to relevant stakeholders.

13. Contact Information

For questions or concerns about this Data Protection Policy, or to exercise your data protection rights, please contact us at:

contact@agapitosgeorgiou.com