This Privacy Policy (“Policy”) describes how P. Kyprianou and Associates Law Firm (“the Firm”, “we”, “our”, “us”) collects, processes, shares, and stores personal data. This Policy applies to our website, sub-pages, and services (collectively referred to as “Services”).

Types of personal data held by the Firm

We may collect and hold the following categories of personal data:
(a) Basic identifying information (such as name, address, telephone number, and email address);
(b) Employment-related information relevant to our services;
(c) Information necessary to deliver our legal services, including any data stored in the records we manage concerning you.

Purposes of processing personal data

We process your personal data in order to provide our services and fulfill our obligations under the relevant contract and applicable legal framework. Additionally, we may use your information to send newsletters and updates about the Firm, provided that you have subscribed or not objected to receiving such communications.

Our legal grounds for processing your personal data include:
(a) the necessity to provide our services;
(b) compliance with legal obligations; and
(c) the establishment, exercise, or defense of legal claims.
For the purposes of newsletters or event invitations, your consent is the legal basis.

Data sharing

We are committed to not disclosing personal data to third parties except in the following cases:
(a) To competent authorities and courts, where necessary to comply with legal obligations or protect our rights;
(b) To service providers, including IT support, translation agencies, or cooperating attorneys, strictly for purposes necessary to assist us or you. These providers process data on our behalf under clear instructions and are not permitted to use the data independently.

Website access and log file creation

Data is automatically collected and stored in log files whenever our website is accessed. This includes:

  • IP addresses and technical details required for site functionality.

Temporary storage of these files is lawful under Article 6(1) of the General Data Protection Regulation (GDPR). IP addresses are stored only for the time required to facilitate access and ensure system security.

Log files are retained for up to seven days unless further storage is necessary. Where longer storage is required, identifying information (like IP addresses) is anonymized.

Cookies

Our website uses cookies — small text files placed on your device through your browser. These cookies include a unique string that helps us recognize your browser on return visits.

We use cookies to make our website more accessible and user-friendly. The use of cookies is legally justified under Article 6(1) of the GDPR.

Cookies are saved on your device and sent back to us when you visit our site. You can disable or limit cookies via your browser settings. You can also delete saved cookies manually or automatically. Note that deactivating cookies may impact website functionality.

Contact forms and email communication

Our website offers electronic forms for communication. When you complete and submit a form, the data entered is transmitted to us with your consent, which is explicitly requested before submission.

Alternatively, you can contact us by email. In that case, the personal data you include will be stored. This information will not be shared externally.

Data collected through these means is processed lawfully under Article 6(1)(b) GDPR and is stored solely for the purpose of handling your communication. The data will be deleted when it is no longer necessary for that purpose.

Your Data Protection Rights

  1. Kyprianou and Associates Law Firm ensures that all your rights under Chapter III of the GDPR are respected and supported.
  1. Transparent communication regarding your rights
    You are entitled to receive clear and accessible information about your data. Upon request, we will provide responses without undue delay, and within one month unless the complexity or volume of requests requires an extension (of up to two months).
  2. Information at the point of data collection
    You have the right to be informed about the identity of the data controller, the purposes and legal basis of processing, and whether your data will be transferred to another country.
  3. Right of access
    You can request a copy of your personal data being processed. Additional copies may incur a fee based on administrative costs.
  4. Right to rectification
    You may request correction of inaccurate or outdated personal data concerning you.
  5. Right to erasure (“right to be forgotten”)
    You have the right to request deletion of your data when it is no longer needed for its original purpose. If we are processing your data under Article 6(1)(c) GDPR, we may lawfully retain it to comply with our obligations.
  6. Right to restrict processing
    You may request limitations on how your personal data is used. However, we may continue processing data necessary to comply with legal requirements.
  7. Right to data portability
    You can request your data in a machine-readable format and transfer it to another data controller without interference.
  8. Right to object
    You may object to certain processing activities. However, if we process your data under Article 6(1)(c), we may continue to process it in compliance with legal obligations.

Automated decision-making and profiling
You have the right not to be subject to automated decisions, including profiling, that produce legal effects concerning you or significantly affect you.