Privacy Policy

Who we are

Themia Panagidou & Associates LLC (“we”, “us” or “our”) is a law firm incorporated in the Republic of Cyprus and regulated by the Cyprus Bar Association (“CBA”) with registration number 799 to practice Law and provide legal services.

Who this Privacy Policy is directed to

This Privacy Policy is directed to:

  • Individuals who are considering entering into an agreement with us to offer services to them or who have entered into an agreement with us and/or former clients (“Individuals”)
  • Authorised representatives and/or agents and/or employees of the Individuals
  • Individuals connected or relevant to non-individual clients such as companies, other corporate clients or other legal or non-legal entities who are considering entering into or who have entered into an agreement with us under the terms of which we will provide services to them (the “Legal Entities”). Such persons include shareholders, owners, employees, directors, officers, authorised representatives or agents (e.g. external legal counsel or external auditors) and other associates.

Individuals and Entities are collectively referred as Clients.

  • Other individuals (e.g. staff candidates) that may be in any way connected with the work that we are engaged to provide to our Clients
  • Our employees and other persons working for us
  • Persons applying to us for employment
  • Our Associates (which may include without limitation IT services providers, auditors, other service providers, consultants, insurers, background check providers (collectively referred to as the “Associates”) with whom we may cooperate in offering our services to our Clients (together the “Customers”)

Collection and processing of personal data

We collect and process several types of information relating to you, which may vary according to the circumstances and nature of our engagement with you.

Examples include where you access or apply for our services or where you are our Client and we send our promotional material to you.

We may collect and process information by which you may be personally identified and that is defined as personal data under applicable law such as: 

  • Personal details such as name, surname, place and date of birth, residential address, email address, telephone number, ID, passport
  • Due diligence and know-your-customer information and documentation which we are legally obliged to collect
  • Financial details such as bank account, credit card details, bank statements, loan agreements, credit facilities tax reference, billing information, payment details
  • Employment and professional details such as employment contract, curriculum vitae, academic qualifications, references, and other information
  • Authentication data (e-signature and/or signatures)
  • Other personal data which may be provided to us

Lawful reasons

In order to proceed with a business relationship, you must provide your personal data to us which are necessary for the required commencement, execution and continuation of a business relationship. This is a requirement under the relevant Anti-Money Laundering Law and the regulations of our regulatory authority, CBA.

Failure to provide us with personal data prevents us from commencing or continuing a business relationship with you.

In accordance with the General Data Protection Regulation (“GDPR”) we may rely on the following lawful reasons when we collect and process personal data to operate our business and provide our services:

Compliance with legal obligation

We may process personal data in order to meet legal and regulatory obligations such as Anti-Money Laundering Law, and the regulations of our supervisory authority, that we are subject to for anti-money laundering purposes and due diligence purposes.


We may process personal data for the purposes of providing our services in accordance with our terms and conditions and/ or any other contract that you have with us.


We may rely on your freely given consent at the time you provided your personal data to us for a purpose of the process other than for the purposes set out hereinabove, then the lawfulness of such processing is based on that consent.  You have the right to withdraw consent at any time. However, any processing of personal data will not be affected prior to the receipt of the withdrawal.

Legitimate interests

We may rely on legitimate interests based on our evaluation that the processing is fair, reasonable and balanced. A legitimate interest is when we have a business or commercial reason to use our Clients’ information. Instances of such processing activities can include, initiating legal claims, preparing our defence in litigation procedures, initiating complaints to our regulator etc.

Your rights

You may request to:

  1. Receive access to your personal data (right to access)
  2. Request rectification of your personal information that is in our control (right to data rectification)
  3. Request erasure of your personal information (right to be forgotten)
  4. To receive the personal data provided by you in a structured, commonly used and machine-readable format and to transmit those personal data to another data controller (right to data portability)
  5. Object to the processing of personal information by us (right to object)
  6. Request to restrict processing of your personal information by us (right to restriction of processing)
  7. To withdraw the consent given to us for the processing of your personal data

However, please note that these rights are not absolute, and may be subject to our own legitimate interests and regulatory and legal requirements/obligations.

If you wish to exercise any of the aforementioned rights please contact us at


We will keep our Clients’ personal data for as long as we have a business relationship.

Once our business relationship has ended, we will hold your personal data on our systems for the longest of the following periods:

  • Any retention period that is required by applicable law or professional standards
  • The end of the period in which litigation or investigations might arise in respect of the services or
  • As directed by our own internal retention policies or practices, the length of which is no longer than reasonably necessary for the purposes collected

Protection of personal information

Our employees and/or our associates and/or other third parties with whom we collaborate in order to fulfil our contractual obligations under our engagement, are and will be obliged to confidentiality and compliance with the data protection legislation.

We are committed to keeping your personal data secured and we have taken all appropriate and suitable technical and/or organizational and/or physical and/or other security measures to safeguard and protect against unauthorized or unlawful processing or accidental disclosure of, or access to your personal data and against accidental loss or destruction of, or damage to and/or to other unlawful forms of processing of your personal data.

For instance, (a) the personal data of staff and/or of prospective employees are held in protected folders in the Company’s Recruitment server; (b) only specific staff members of our Company that deal with recruitment have access to such folders; (c) the Company’s server is protected with antivirus software and firewall in order to prevent any unauthorized access and/or accidental disclosure; (d) flagging system of firewall software enables us to detect and/or identify any data breaches and/or other related risks with any undue delay.

Although we will do our best to protect your personal data, the electronic transmission of information (i.e. via the Internet or email) cannot be guaranteed to be secured or virus or error free and such information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete or otherwise be adversely affected or unsafe to use.

Transfer of data outside the EEA

Please note that some data recipients may be located outside the EEA. In such cases we will transfer your data only to such countries as approved by the European Commission as providing adequate level of data protection or enter into legal agreements ensuring an adequate level of data protection.

Privacy Policy updates

This Privacy Policy may be updated from time to time. The updated version of our Privacy Policy will be uploaded in our website from time to time.

How to contact us

If you have any questions about this Privacy Policy or in case you want to exercise your rights set out in this Privacy Policy, please contact us by sending an email to