[vc_row][vc_column]

ARTEMIOU, PIERI & ASSOCIATES LLC

Public Policy for the Protection of Personal Data

V.1-July 2019

Introduction

The General Data Protection Regulation (EU) 2016/679, concerns the protection of personal data of natural persons against processing. Implementation of this Regulation is mandatory from 26 May 2018.

Basic Concepts

Based on Article 4 of Regulation (EU) 2016/679, the basic concepts of Personal Data and its Processing are listed below:

(1) ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

(2) ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

Collection & Processing of Personal Data

Artemiou, Pieri & Associates LLC collects and processes personal data of Subjects – Natural Persons solely for legitimate purposes and for purposes as defined by the relevant Articles 5 and 6 of Regulation (EU) 2016/679. For further processing of Personal Data of Subjects, Artemiou, Pieri & Associates LLC is required to seek the relevant consent of such Subjects.

Rights of Subjects of Personal Data

The Subjects according to Articles 12-23 of Regulation (EU) 2016/679, have rights to:

1) Have access to the PD

2) Rectification of PD

3) Erasure of PD (‘right to be forgotten’)

4) Restriction of PD processing

5) Portability of their PD

6) Object and be excluded from automated individual decision-making, including profiling in automated individual decision-making

Consequently, any Data Subject may contact Artemiou, Pieri & Associates LLC Data Protection Officers on any issue related to the processing of their Personal Data, thereby exercising their rights under the GDPR. The DPO may be contacted at the following address:

Artemiou, Pieri & Associates LLC

5, corner of Thessalonikis & Kyrenias,
Platy Trade Center, BLC B, 1st floor, Office B15
2122, Nicosia, P.O. Box 20405, 2151, Nicosia, Cyprus
Tel: + 357 22458900
Fax: +357 22458901

or by e-mail: dataprotection@aplaw.com.cy

Internal Policies and Procedures for the implementation of Regulation (EU) 2016/679

Artemiou, Pieri & Associates LLC applies appropriate procedures and policies to deal with the processing of Personal Data issues in full compliance with Regulation (EU) 679/2016. The purpose of our internal policies & procedures is:

  1. Full Legitimacy in Collection & Processing of Personal Data.
  2. Facilitating Subjects when and if they wish to exercise their rights
  3. Continuous and consistent compliance with our obligations, as defined by this Regulation.

Thus, in particular, Artemiou, Pieri & Associates LLC, in its internal procedures and policies:

It has appointed Data Protection Officers with all the necessary authorizations and roles laid down in Regulation (EU) 2016/679 with the task of supervising, coordinating and monitoring the implementation of this Regulation and reporting any incidents to the competent Personal Data Protection Authority.

It has carried out a complete analysis of its operations and its relationships in its internal and external environment with regard to the processing of Personal Data of the Subjects which led to the establishment of the relevant Register of Processing of Personal Data as required by Regulation (EU) 2016/679. In addition, it is planned to periodically review the above analysis in order to identify any changes and handle them appropriately, according to the Regulation (EU) 2016/679.

It regularly updates and educates its staff to handle the processing of personal data, and also regularly monitors the performance of its procedures and policies. The purpose of raising awareness of its personnel is the consistent compliance with the requirements and obligations arising from Regulation (EU) 2016/679.

It implements appropriate organizational and technical measures to protect the personal data it processes, such as physical and logical security measures, back-up, malware, handling of changes and security of suppliers and supplies. In the context of organizational and technical measures, and in order to continually improve them, it applies appropriate risk management methodologies for the integrity, confidentiality and availability of personal data.

[/vc_column][/vc_row]