At KPST AUDITORS we are committed to protecting personal data and to fair and transparent processing. Please read our privacy statement, it will help you to understand how we collect and use personal data from individuals, our clients, suppliers or others during the course of our business. We will only use personal data for the purposes described in this privacy statement or as stated at the point of collection.
As a data controller & processor, we may collect and process personal data about:
This Privacy Statement also sets out information about data subject rights and our obligations under data protection law.
We do not use cookies on our websites.
Words herein such as “our”, “us” and “we” refer, individually, to each entity making this Privacy Statement.
There are instances where we invite or request individuals to provide us with their personal data, including through our website. In addition, individuals may volunteer their personal data to us by various means of communication, e.g. by telephone, email or via our website.
In the course of our business, we may also receive personal data indirectly. Categories of such personal data include: names, addresses, contact information and other information that is relevant to the conduct of our business.
Purpose(s) for Processing | Indicative Legal basis/bases |
---|---|
Communicating with persons in the course of our business | To support our legitimate interests in managing our business and/or in providing services to our clients, unless otherwise mandated by applicable law |
Providing our services to clients and/or managing our business (including for administration, billing and marketing purposes, for other purposes incidental to the provision of our services, and for receiving services from third party service providers) | As above, though processing for marketing purposes is specifically based on your continuing consent, which you may withdraw at any time by an email to ptrmail@kpst.com.cy with subject 'Consent Withdrawal' |
In the course of (a) any judicial proceedings for the settlement of any dispute arising out of or in connection with any agreement with you (including a dispute relating to the existence, validity or termination of such agreement or any non-contractual obligation arising out of or in connection with such agreement), so long as the processing is made in good faith; and/or (b) defending ourselves in the context of any administrative and/or disciplinary and/or civil and/or criminal proceedings anywhere in the world, to the extent that, acting in good faith and reasonably, we resolve that such processing is necessary for properly defending ourselves | As above |
Maintaining and operating our website | As above |
Processing of job applications | (a) To perform or enter into a contract with the data subject; (b) to support our legitimate interests in managing our business and /or in providing services to our clients, unless otherwise mandated by applicable law |
To comply with our legal obligations (such as under anti-money laundering legislation or for the purpose of responding to a binding request from a public authority or court etc.) | To support our legitimate interests in complying with our legal obligations |
Transferring information to third parties, as described in Section 3, below | (a) To support our legitimate interests in managing our business and/or in providing services to our clients, unless otherwise mandated by applicable law; (b) to support our legitimate interests in complying with our legal obligations; or (c) to protect vital interests. |
Information communicated in connection with the provision of our services is subject to client confidentiality obligations and may be protected by legal professional privilege.
Subject to any agreement in writing between the personal data provider and us, the purposes for which we use personal data and the indicative legal bases for why that processing is necessary or permitted are:
We may process personal data for the period(s) necessary to fulfill the purpose(s) for processing that is/are relevant to such data.
Provided that in the case of clients, we shall, to the maximum extent permitted by applicable law and independently of any other provision of this Privacy Statement, have the right to retain personal data until the end of February of the 13th year following the year during which the client shall have fully and finally settled all of the client’s debts in connection with our engagement, unless we are required by European Union or European Union Member State law to otherwise delete or retain the personal data. In this regard, we recall that, in Cyprus, following the filing of a tax return by a local company, the authorities can, under certain circumstances, raise an enquiry vis-à-vis such tax return during the period extending to the end of the 12th year after the tax year which the tax return concerns; inquiries can range from simple information requests to detailed technical challenges.
Provided further that in the case of persons providing us with goods and/or services (including any employees), we shall, to the maximum extent permitted by applicable law and independently of any other provision of this Privacy Statement, have the right to retain personal data until the end of February of the 13th year following the year during which the provision of goods and/or services to us by the relevant provider shall have fully and finally ended, unless we are required by European Union or European Union Member State law to otherwise delete or retain the personal data.
Provided lastly that in the case of job applicant candidates, we shall, to the maximum extent permitted by applicable law and independently of any other provision of this Privacy Statement, have the right to retain personal data for no more than one year. However if a job applicant candidate wishes their personal data to be removed from our database, they should send an email to ptrmail@kpst.com.cy with subject ‘Database Removal’.
We may disclose personal data to:
To the extent that it is necessary to transfer personal data outside of the European Union, we will ensure appropriate safeguards are in place to protect the privacy and integrity of such personal data pursuant to applicable law.
Our website may, from time to time, contain links to and from other websites. If you follow a link to any of those websites, please note that those websites have their own privacy policies and we do not accept any responsibility or liability for those policies. Please check those policies before you submit any personal data to those websites.
To the extent that we are a controller and processor of your personal data you may request access to, rectification, or erasure of your personal data, or restriction of processing or object to processing of your personal data, as well as the right to data portability. In each case, these rights are subject to restrictions as laid down by law and, to the maximum extent permitted by applicable law, this Privacy Statement as well as any agreement in writing between you and us.
The following is a summary of your rights (which, as stated above, are or may be subject to restrictions):
You have the right to lodge a complaint with the Data Protection Authority, in particular in the European Union Member State of your residence, place of work or place of an alleged infringement, if you consider that the processing of your personal data infringes the General Data Protection Regulation (Regulation (EU) 2016/679).
If you wish to exercise any of these rights, please contact us (see Section 8, below). We will respond to your request within one month. That period may be extended by two further months where necessary, taking into account the complexity and number of requests. We will inform you of any such extension within one month of receipt of your request. We may request proof of identification to verify your request. We have the right to refuse your request where there is a basis to do so in law, or if your request is manifestly unfounded or excessive, or to the extent necessary for important objectives of public interest.
We employ technical and organizational security measures appropriate to the risks of KPST AUDITOR’s processing of personal data. Unfortunately, however, no physical or electronic security system is entirely secure. We cannot guarantee the complete security of our database, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the Internet or otherwise, such transmission being at your own risk. Where we have given you a password which enables you to access certain parts of our website, you are responsible for keeping that password confidential. We ask you not to share your password with anyone.
To the maximum extent permitted by applicable law, we reserve the right to change this Privacy Statement from time to time at our sole discretion. If we make any changes, we will post those changes here and update the “Last Updated” date at the bottom of this Privacy Statement. However, if we make material changes to this Privacy Statement, we will notify you by means of a prominent notice on the website at least 21 days prior to the change becoming effective.
To the maximum extent permitted by applicable law, you shall be bound by any changes to this Privacy Statement as of the time that such changes become effective.
Questions, comments, requests and complaints regarding this Privacy Statement and the personal data we hold are welcome and should be addressed by email to ptrmail@kpst.com.cy or by letter to KPST AUDITORS LIMITED, Att. Panayiotis Triantafillides, 58 Nikou Psara str., 2nd Floor, P.O Box 33175, 5311 Paralimni – Cyprus. We will seek to deal with all requests promptly and efficiently.
Please note that at this point in time the relevant data protection officer (“DPO”) George Thrasivoulou who may be contacted at the email address: george@icsi.co.uk
Working Hours Monday- Friday 07:45-15:30