GDPR

Privacy Statement

At KPST AUDITORS we are committed to protecting personal data and to fair and transparent processing. Please read our privacy statement, it will help you to understand how we collect and use personal data from individuals, our clients, suppliers or others during the course of our business. We will only use personal data for the purposes described in this privacy statement or as stated at the point of collection.

As a data controller & processor, we may collect and process personal data about:

  • individuals whose personal data is provided to us in connection with the provision of our services
  • visitors to any website of ours
  • individuals who apply for jobs through any website of ours
  • subscribers to or users of our online services, if any.
  • individuals who we communicate or interact with in the course of our business

 This Privacy Statement also sets out information about data subject rights and our obligations under data protection law.

We do not use cookies on our websites.

Words herein such as “our”, “us” and “we” refer, individually, to each entity making this Privacy Statement.

SECTION 1. INFORMATION THAT WE COLLECT

There are instances where we invite or request individuals to provide us with their personal data, including through our website. In addition, individuals may volunteer their personal data to us by various means of communication, e.g. by telephone, email or via our website.

In the course of our business, we may also receive personal data indirectly. Categories of such personal data include: names, addresses, contact information and other information that is relevant to the conduct of our business. 

Purpose(s) for ProcessingIndicative Legal basis/bases
Communicating with persons in the course of our businessTo support our legitimate interests in managing our business and/or in providing services to our clients, unless otherwise mandated by applicable law
Providing our services to clients and/or managing our business (including for administration, billing and marketing purposes, for other purposes incidental to the provision of our services, and for receiving services from third party service providers)As above, though processing for marketing purposes is specifically based on your continuing consent, which you may withdraw at any time by an email to ptrmail@kpst.com.cy with subject 'Consent Withdrawal'
In the course of

(a) any judicial proceedings for the settlement of any dispute arising out of or in connection with any agreement with you (including a dispute relating to the existence, validity or termination of such agreement or any non-contractual obligation arising out of or in connection with such agreement), so long as the processing is made in good faith; and/or

(b) defending ourselves in the context of any administrative and/or disciplinary and/or civil and/or criminal proceedings anywhere in the world, to the extent that, acting in good faith and reasonably, we resolve that such processing is necessary for properly defending ourselves
As above
Maintaining and operating our websiteAs above
Processing of job applications(a) To perform or enter into a contract with the data subject; (b) to support our legitimate interests in managing our business and /or in providing services to our clients, unless otherwise mandated by applicable law
To comply with our legal obligations (such as under anti-money laundering legislation or for the purpose of responding to a binding request from a public authority or court etc.)To support our legitimate interests in complying with our legal obligations
Transferring information to third parties, as described in Section 3, below(a) To support our legitimate interests in managing our business and/or in providing services to our clients, unless otherwise mandated by applicable law; (b) to support our legitimate interests in complying with our legal obligations; or (c) to protect vital interests.

Information communicated in connection with the provision of our services is subject to client confidentiality obligations and may be protected by legal professional privilege.

SECTION 2. HOW WE USE PERSONAL DATA

Subject to any agreement in writing between the personal data provider and us, the purposes for which we use personal data and the indicative legal bases for why that processing is necessary or permitted are:

We may process personal data for the period(s) necessary to fulfill the purpose(s) for processing that is/are relevant to such data.

Provided that in the case of clients, we shall, to the maximum extent permitted by applicable law and independently of any other provision of this Privacy Statement, have the right to retain personal data until the end of February of the 13th year following the year during which the client shall have fully and finally settled all of the client’s debts in connection with our engagement, unless we are required by European Union or European Union Member State law to otherwise delete or retain the personal data. In this regard, we recall that, in Cyprus, following the filing of a tax return by a local company, the authorities can, under certain circumstances, raise an enquiry vis-à-vis such tax return during the period extending to the end of the 12th year after the tax year which the tax return concerns; inquiries can range from simple information requests to detailed technical challenges.

Provided further that in the case of persons providing us with goods and/or services (including any employees), we shall, to the maximum extent permitted by applicable law and independently of any other provision of this Privacy Statement, have the right to retain personal data until the end of February of the 13th year following the year during which the provision of goods and/or services to us by the relevant provider shall have fully and finally ended, unless we are required by European Union or European Union Member State law to otherwise delete or retain the personal data. 

Provided lastly that in the case of job applicant candidates, we shall, to the maximum extent permitted by applicable law and independently of any other provision of this Privacy Statement, have the right to retain personal data for no more than one year. However if a job applicant candidate wishes their personal data to be removed from our database, they should send an email to ptrmail@kpst.com.cy with subject ‘Database Removal’.

SECTION 3. DISCLOSURE OF YOUR INFORMATION

We may disclose personal data to:

  • Third parties to the extent that such disclosure has been expressly and in writing authorized by you;
  • Third parties to the extent that the data disclosed has already entered the public domain in circumstances not engaging our liability;
  • Third parties to the extent that such disclosure is required pursuant to applicable law;
  • Third parties in the context of any judicial proceedings for the settlement of any dispute arising out of or in connection with any agreement with you (including a dispute relating to the existence, validity or termination of such agreement or any non-contractual obligation arising out of or in connection with such agreement), so long as the disclosure is made in good faith;
  • Third parties in the course of defending ourselves in the context of any administrative and/or disciplinary and/or civil and/or criminal proceedings anywhere in the world, to the extent that, acting in good faith and reasonably, we resolve that such disclosure is necessary for properly defending ourselves;
  • Third party providers of banking and/or business consulting and/or company administration/management and/or human resources and/or insurance and/or technology and/or legal and/or security (such as data security etc.) to KPST AUDITORS, to the extent necessary for the purposes of such providers’ provision of such services to KPST AUDITORS and provided that the relevant provider is subject to a duty of confidentiality;
  • Third parties where it is necessary to protect the vital interests of the data subject or another natural person.

To the extent that it is necessary to transfer personal data outside of the European Union, we will ensure appropriate safeguards are in place to protect the privacy and integrity of such personal data pursuant to applicable law.

SECTION 4. LINKS TO OTHER WEBSITES

Our website may, from time to time, contain links to and from other websites. If you follow a link to any of those websites, please note that those websites have their own privacy policies and we do not accept any responsibility or liability for those policies. Please check those policies before you submit any personal data to those websites.

SECTION 5. DATA SUBJECT RIGHTS

To the extent that we are a controller and processor of your personal data you may request access to, rectification, or erasure of your personal data, or restriction of processing or object to processing of your personal data, as well as the right to data portability. In each case, these rights are subject to restrictions as laid down by law and, to the maximum extent permitted by applicable law, this Privacy Statement as well as any agreement in writing between you and us.

The following is a summary of your rights (which, as stated above, are or may be subject to restrictions):

  • The right of access enables you to receive a copy of your personal data
    • The right to rectification enables you to correct any inaccurate or incomplete personal data we hold about you
    • The right to erasure enables you to ask us to delete your personal data in certain circumstances
    • The right to restrict processing enables you to ask us to halt the processing of your personal data in certain circumstances
    • The right to object enables you to object to us processing your personal data on the basis of our legitimate interests (or those of a third party)
    • The right to data portability enables you to request us to transmit personal data that you have provided to us, to a third party without hindrance, or to give you a copy of it so that you can transmit it to a third party, where technically feasible.

 You have the right to lodge a complaint with the Data Protection Authority, in particular in the European Union Member State of your residence, place of work or place of an alleged infringement, if you consider that the processing of your personal data infringes the General Data Protection Regulation (Regulation (EU) 2016/679).

 If you wish to exercise any of these rights, please contact us (see Section 8, below). We will respond to your request within one month. That period may be extended by two further months where necessary, taking into account the complexity and number of requests. We will inform you of any such extension within one month of receipt of your request. We may request proof of identification to verify your request. We have the right to refuse your request where there is a basis to do so in law, or if your request is manifestly unfounded or excessive, or to the extent necessary for important objectives of public interest.

 

SECTION 6. SECURITY

We employ technical and organizational security measures appropriate to the risks of KPST AUDITOR’s processing of personal data. Unfortunately, however, no physical or electronic security system is entirely secure. We cannot guarantee the complete security of our database, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the Internet or otherwise, such transmission being at your own risk. Where we have given you a password which enables you to access certain parts of our website, you are responsible for keeping that password confidential. We ask you not to share your password with anyone.

SECTION 7. CHANGES TO THIS PRIVACY STATEMENT

To the maximum extent permitted by applicable law, we reserve the right to change this Privacy Statement from time to time at our sole discretion. If we make any changes, we will post those changes here and update the “Last Updated” date at the bottom of this Privacy Statement.  However, if we make material changes to this Privacy Statement, we will notify you by means of a prominent notice on the website at least 21 days prior to the change becoming effective. 

To the maximum extent permitted by applicable law, you shall be bound by any changes to this Privacy Statement as of the time that such changes become effective.

SECTION 8. CONTACT US

Questions, comments, requests and complaints regarding this Privacy Statement and the personal data we hold are welcome and should be addressed by email to ptrmail@kpst.com.cy or by letter to KPST AUDITORS LIMITED, Att. Panayiotis Triantafillides, 58 Nikou Psara str., 2nd Floor, P.O Box 33175, 5311 Paralimni – Cyprus. We will seek to deal with all requests promptly and efficiently.

Please note that at this point in time the relevant data protection officer (“DPO”) George Thrasivoulou who may be contacted at the email address: george@icsi.co.uk

Book an Appointment