WHO WE ARE
Totalserve Management Limited is a company registered in Cyprus under the registration number HE 27196 having its registered office and head office at 17 Gr. Xenopoulou Street, 3106 Limassol, Cyprus.
Email address: [email protected]
Postal address: Totalserve House, 17 Gr. Xenopoulou Street, 3106 Limassol, Cyprus
YOUR DUTY TO INFORM US OF CHANGES
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
COLLECTION OF YOUR DATA
Personal data, or personal information, means any information about an individual from which that person can be identified.
If you are a prospective client, or a non-client counterparty in a transaction of a client or an authorised representative/agent or beneficial owner of a legal entity or of a natural person which/who is a prospective client, the relevant personal data which we collect may include:
Identity Data such as first name, maiden name, last name, username or similar identifier, marital status, title, date of birth (city and country) and gender. Contact Data such as residential or business address, email address and telephone numbers. Marketing and Communications Data like your preferences in receiving marketing from us. Additionally we may collect banking details, marital status, employed/self-employed, if you hold/held a prominent public function (for PEPs), FATCA / CRS info, authentication data (e.g. signature), IP addresses, financial account information such as bank details, insurance information, family member information, nationality, credit reference agency data, residence or work permit in case of non-EU nationals, own and/or third party security (e.g. if an existing personal guarantor), employment position, educational background, employment history. We may also obtain personal data arising from the performance of our contractual obligations, tax information (e.g. defence tax, tax residency, tax identification number), financial info (as expected annual credit/debit turnover, nature of transactions, source of income, source of assets).
We understand the importance of protecting children's privacy. We may collect personal data in relation to children, only provided that we have first obtained their parents’ or legal guardian’s consent or unless otherwise permitted under the law.
IF YOU FAIL TO PROVIDE PERSONAL DATA
Where we need to collect personal data by law, or under the terms of a contract we have with you and/or any other legal purpose and you fail to provide information when requested, we may not be able to perform our contractual obligations we have or are about to enter into with you (for example, to provide you with our services). In this case, we may have to abort all contractual obligations with yourself but we will notify you if this is the case at the time.
WHETHER YOU HAVE AN OBLIGATION TO PROVIDE US WITH YOUR PERSONAL DATA
For us to enter into a contractual relationship with you, you must provide your personal data to us, which is necessary for the required commencement and execution of our contractual obligations. We are furthermore obligated to collect such personal data given the provisions of the money laundering law, which require that we verify your identity before we enter into a contract or a business relationship with you or the legal entity for which you are the authorised representative/agent or beneficial owner.
Please note that if you do not provide us with the required data, then we will not be allowed to commence or continue our contractual relationship to you as an individual or as the authorised representative/agent or beneficial owner of a legal entity.
HOW YOUR PERSONAL DATA IS COLLECTED
We collect and process different types of personal data, which we receive from our clients (potential and current) in person or via their representative in the context of the contractual relationship.
We may also collect and process personal data which has been lawfully obtained, not only from the clients but from other entities within the Totalserve Group, or third parties e.g. public authorities or companies that introduce the client to us. We may also collect and process personal data from publicly available sources (e.g. the Department of Registrar of Companies and Official Receiver, the Land Registry, the Bankruptcy Archive, commercial registers, the press, media and the internet).
PURPOSE OF DATA PROCESSING AND LEGAL BASIS
Personal data may be processed in compliance to the obligations imposed on us to obtain information about clients as well as individuals related with clients and client company/ies/trust structures. The purpose of that is to combat money laundering/terrorist financing and to comply with tax reporting requirements, including those concerned with US Foreign Account Tax Compliance Act (FATCA), the Common Reporting Standard (CRS) and/or other applicable European and/or Cyprus Legislation. In holding and processing your personal information, we also comply with legislation of the Processing of Personal Data (Protection of Individuals) Law 138 (I)/2001) as amended from time to time.
Most commonly, we will use your personal data in accordance with the GDPR and the local data protection law for one or more of the following reasons:
CHANGE OF PURPOSE
We will only use your personal data for the purposes for which we have collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at: [email protected]
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis, which allows us to do so.
We may process your personal data to inform you about our services and newsletters that may be of interest to you or your business.
You may "opt out" of receiving such email updates, newsletters and/or other emails by clicking the “unsubscribe" link in any email communication that we send you. You will then be removed from our mailing list. You have also the right to object at any time to the processing of your personal data for marketing purposes, by contacting us at any time in writing.
Our website uses small files known as cookies to make it work better in order to improve services we offer you, to improve marketing and provide site functionality.
A cookie is a small, unique text file that a website can send to your computer when you visit a site. The website may automatically collect information as you browse, such as your internet service provider, browser type and version, operating system and device type, pages viewed, information accessed, the Internet Protocol (IP) address used to connect your computer to the internet and other relevant statistics. It also collects demographic information (country - city).
If you do not want us to deploy cookies to your browser, you can set your browser to reject cookies or to notify you when a website tries to put a cookie on your computer. Rejecting cookies may affect your ability to use our web site.
WHO DO WE SHARE YOUR PERSONAL DATA WITH
In the course of the performance of our contractual and statutory obligations, your personal data may be provided to different departments within Totalserve but also to other companies of the Totalserve Group and/or third party/ies providing service/s to and/or acting as agents of Totalserve and/or to any subsidiary and/or affiliate company/ies of Totalserve for the purposes and/or in the context of the provision of our services. Consequently, other service providers and suppliers may also receive your personal data so that we may perform our services and/or legal obligations. Such service providers and suppliers enter into contractual agreements with us by which they observe confidentiality and data protection according to the data protection law and GDPR.
It must be noted that we may disclose data about you for any of the reasons set out hereinabove, or if we are legally required to do so, or if we are authorised under our contractual and statutory obligations or if you have given your consent. We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We strictly prohibit our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. We only provide the necessary information they need to perform their specific services.
Under the circumstances referred to above, recipients of personal data may be, for example: income tax authorities, criminal prosecution authorities, the Cyprus Bar Association, auditors and accountants, legal consultants and external legal consultants, service providers, suppliers, share and stock investment and management companies, agents, business partners, valuers and surveyors, financial and business advisors, file storage companies, archiving and/or records management companies, cloud storage companies, delivery couriers, IT companies who support our website and other business systems and so on.
We share your personal data within the Totalserve Group. Your personal data however may be transferred to third countries; countries outside of the European Economic Area (EEA) in such cases as e.g. to execute our services or if this data transfer is required by law. We ensure that your personal data shall be protected by requiring all our group companies to follow the same rules when processing your personal data; namely, the “binding corporate rules”. For further details, protection is provided by ensuring at least one of the following safeguards is implemented:
Appropriate security measures have been put in place, in order to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to employees, agents, contractors and other third parties. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
Procedures have been put in place, to deal with any suspected personal data breach and we shall notify you and any applicable regulator of a breach where we are legally required to do so.
We will only retain your personal data for as long as necessary, to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements, unless a longer retention period is required or permitted by law.
The criteria used to determine our retention periods include:
You have the right to delete your data; to request erasure. This enables you to instruct us to erase your personal data (known as the ‘right to be forgotten’) where its process is of no further use or interest.
YOUR LEGAL RIGHTS
You have the following rights in terms of your personal data we hold about you:
If you wish to exercise any of the rights set out above, please contact our Data Protection Officer at: [email protected]
RIGHT TO LODGE A COMPLAINT
You have the right to make a complaint at any time to Office of the Commissioner for Personal Data (the “Commissioner”), the Cyprus supervisory authority for data protection issues (http://www.dataprotection.gov.cy/dataprotection/dataprotection.nsf/home_el/home_el?opendocument). We would, however, appreciate the chance to deal with your concerns before you approach the Commissioner so please contact us in the first instance.
We would, however, appreciate the chance to address your queries, so you may contact us at [email protected]