3A Orfeos street, 1070 Nicosia, Cyprus

vera@lyssiotislaw.com

            

Privacy Policy

At Lyssiotis Law we recognize that privacy is important to you. Lyssiotis Law (“we”, “us”, or “our”) is committed to protecting personal data and maintaining transparency in how we collect, use, and safeguard information in the course of providing legal and related professional services.

This Privacy Policy explains how we process personal data in accordance with applicable data

protection laws, including the General Data Protection Regulation (“GDPR”).

1. Scope of This Policy

This Policy applies to:

• Current, prospective, and former clients;

• Representatives, agents, and beneficial owners of clients;

• Website visitors and individuals who communicate with us; and

• Any other individuals whose personal data we process in the course of our business.

2. Personal Data We Collect

We collect personal data necessary to provide legal services and comply with legal and

regulatory obligations, including:

a. Identity and Contact Data

Full name, date of birth, nationality

Residential address, email address, telephone number

Government-issued identification numbers (e.g., passport or ID number)

b. Professional and Employment Information

Occupation, employment status, industry

Employer details and employment agreements

Curriculum vitae (CV), academic and professional qualifications, certifications, and

training records

Compensation history where relevant to legal matters

c. Financial and Compliance Information

Bank account details (including IBAN), financial standing, and income information

Source of funds and source of income

Proof of funds and bank references

Tax or social insurance identification numbers

d. Identity Verification and Due Diligence Data

Government-issued identification documents

Utility bills or other proof of address

Facial image data or biometric identifiers (only where strictly necessary for identity

verification and processed in accordance with applicable law and explicit consent requirements)

e. Legal and Case-Related Information

Where necessary for the provision of legal services, we may process:

Criminal record information (subject to applicable legal restrictions)

Marital status and family-related information (e.g., marriage certificates, information

about dependents)

Shareholder information and corporate ownership records

Property-related documentation (e.g., title deeds)

Information relating to heirs, estates, or succession matters

Third-party personal data (e.g., guarantors, counterparties, witnesses)

f. Employment and Administrative Records

Leave records and absence certificates

Employment-related documentation and agreements

3. Purposes of Processing and Legal Basis

We process personal data for the following purposes:

Provision of Legal Services

• Legal basis: Contract performance (Art. 6(1)(b) GDPR)

Regulatory Compliance (e.g., KYC/AML obligations)

• Legal basis: Legal obligation (Art. 6(1)(c))

Client Communication and Case Management

• Legal basis: Contract performance and legitimate interests (Art. 6(1)(b), (f))

Identity Verification (including biometric data where applicable)

• Legal basis: Explicit consent (Art. 9(2)(a)) and legal obligation where required

Marketing Communications

• Legal basis: Consent or legitimate interest where permitted by law

Security and Fraud Prevention

• Legal basis: Legitimate interests (Art. 6(1)(f))

4. Sharing of Personal Data

We may share personal data with:

• Professional advisors and service providers (e.g., IT providers, auditors)

• Regulatory authorities or courts, where required by law

• Affiliates, where necessary for service delivery

All third parties are subject to confidentiality and data protection obligations.

5. Transfer and processing of your personal data outside the European Union

When sharing your personal data with third parties as set out in this Privacy Notice, it may be transferred outside the European Union. Such third parties have access to personal data solely for the purpose of performing the services specified in the applicable service agreement, and not for any other purpose. In these circumstances, your personal data will only be transferred on one of the following bases:

• The country that we send the personal data to is approved by the European Commission

as providing an adequate level of protection for personal data;

• The transfer is a recipient in the United States of America who has registered under the

EU/US Privacy Framework;

• The recipient has entered into standard contractual clauses as required by the European

Commission with us or contract terms ensuring adequate data protection; or

• We have received your explicit consent.

6. Data Retention

We retain your personal data for as long as necessary to carry out the purposes for which we originally collected it and based on (i) the length of time we need to retain the information  o achieve the business or commercial purpose for which it was obtained, (ii) any legal or regulatory requirements applicable to such information, (iii) internal operational needs, and (iv) any need for the information based on any actual or anticipated investigation or litigation.

7. Data Subject Rights

Under the GDPR you have the following rights:

• To obtain access to, and copies of, the personal data that we hold about you;

• To require that we cease processing your personal data if the processing is causing

you damage or distress;

• To require us not to send you marketing communications;

• To require us to erase your personal data;

• To require us to restrict our data processing activities;

• To receive from us the personal data we hold about you which you have provided to

us, in a reasonable format specified by you, including for the purpose of you

transmitting that personal data to another data controller; and

• To require us to correct the personal data we hold about you if it is incorrect.

Please note that the above rights are not absolute, and we may be entitled to refuse requests where exceptions apply.

Requests can be submitted to: legal@lyssiotislaw.com

8. Security Measures

We implement appropriate technical and organizational measures to protect personal data.

However, no system can guarantee absolute security.

9. Processing Data as Controller for Agents and Intermediaries

You, in a capacity of an agent or intermediary, will bring the attention of any individuals that you make our services available to any privacy notices or policies we make available for hose

services. You confirm that any personal data of any individual provided to us by you or on your behalf has been collected and disclosed in accordance with the applicable Data Protection legislation. When using our services, you will take reasonable steps to ensure that you and your employees, agents and contractors do not input, upload or disclose to us any irrelevant or unnecessary information about individuals. You will maintain appropriate physical, technical and organisational measurers to protect personal data against accidental, unauthorised or unlawful destruction, loss, alteration, disclosure or access. You will without delay, tell us of any actual or suspected data breach relating to personal data that may impact us or the individuals.

10. Updates to This Policy

We may update this Policy periodically. Updates will be posted on our website with a revised effective date.

11. Contact

For questions or concerns regarding this Policy or data processing practices, contact:

legal@lyssiotislaw.com

Last updated: May 2026