When and how we share Personal Data and locations of processing
Personal Data collected and processed by us will not be sold, leased or rented to any person. We may however share your Personal Data with others, provided that we are legally permitted to do so. Appropriate contractual arrangements and security measures shall be applied in cases where your data is shared so as to protect your data and to maintain compliance with our data protection policy, confidentiality and security standards.
Personal Data held by us may be transferred to the following categories of recipients:
Third parties providing functionality services to us
Third parties are widely used by us for the purpose of providing support to us and to generally help us provide, run and manage our internal IT systems. This includes providers of information technology, cloud-based software, website hosting and management providers, data analysis, data back-up, security and storage services, payment providers including banking institutions. The servers powering and facilitating cloud infrastructure are located in secure data centres in Europe, and Personal Data may be stored in any one of them.
Further details of the majority of this category of service providers is included below. The below list is non-exhaustive:
Name of Recipient /Purpose |
SOFT1 / Communication, document management |
IZIDOCS / Document storage and management, including a record of emails |
GOOGLE mail / Business applications, such as email, documents and calendar |
Third party organisations that otherwise assist us in providing goods, services or information
On certain client engagements, we may engage or otherwise work with other professional providers to help carry out the services which we have been engaged to provide. In such case the client will be notified of the name and details of such service provider and will be urged to consider the privacy policy of such professional.
This type of transfer may include or require transfers to countries outside the European Union and/or countries that do not comply to the standard of protection and safety of Personal Data provided by the GDPR. In such cases we shall take steps to ensure all Personal Data is provided to such parties with adequate protection and done lawfully in accordance with the requirements of the GDPR.
Auditors, insurers and professional advisers
Our auditors are Grant Thornton (Cyprus) Ltd. We have a number of business insurance policies in place and we may need to share Personal Data with the insurer, for example, in the event of a claim. We may use other professional advisers, for example, law firms, as necessary to establish, exercise or defend our legal rights and obtain advice in connection with business related operations. Personal Data may be shared with these advisers as necessary in connection with the products and services they have been engaged to provide.
Law enforcement agencies or other public authorities and regulatory agencies or to other third parties as required by, and in accordance with, applicable law or regulation
Occasionally, we may receive requests from law enforcement agencies, regulatory or other public authorities which relate to or require the disclosure of Personal Data and we may proceed with such disclosures in good faith where we deem such disclosure to be reasonably necessary in order to comply with a legal obligation, to detect, prevent, investigate or otherwise address security, alleged crime, fraud or technical issues, to protect our rights, the rights of our partners, employees or as required by law.
Employee personal data to clients / potential clients
Personal Data relating to employees may be transmitted to clients and or potential clients.
Deliverables
For the purposes of our engagement, we may be required to process Personal Data and such Personal Data may be included in our deliverables (e.g. in court documentation or due diligence reports).
Anonymised/ Pseudonymised Sharing
We are members to several legal and professional networks of legal firms. Anonymised or pseudonymised data regarding yourself may be transferred to such other legal or professional networks, or participant firms, in good faith, for statistical purposes.
Queries and Complaints
In the event that you wish to be provided with further information on any of the particulars of this Privacy Policy or where you wish to make a complaint about how we process your Personal Data, please contact us at dataprotection@nobeltrust.com and we will endeavour to deal with your request as soon as possible.
This does not interfere with your right to raise a complaint with the data protection supervisory authority:
Data Protection Commissioner
1 Iasonos street, 1082 Nicosia
P.O. Box 23378, 1682 Nicosia
Tel:+35722919456
Fax:+35722304565
Email: commissioner@dataprotection.gov.cy
Changes to Privacy Notice
Any changes we make to our Privacy Policy in the future will be posted on our website and we will notify our clients accordingly. Please check back frequently to see any updates or changes to our Privacy Notice. Any changes to this Privacy Policy will become effective when we post the revised Privacy Policy on our website, save as otherwise expressly agreed between us. Your use of the website, or continued participation in accordance with the purpose for which your data is being processed, following these changes means that you accept the revised Privacy Notice.
This Privacy Notice was last updated in September 2018.