Privacy Policy


This privacy policy (“Privacy Policy”) describes how we, Panayiotou Shamma LLC, a lawyer’s limited liability company registered in the Republic of Cyprus under registration no. HE437405 (“BLegal”, “we”, “us”) collect and use your information in order to assist you in making informed decisions when using our website and/or services.

For the purposes of EU Regulation 2016/676 (the EU General Data Protection Regulation) (the “GDPR”), the data controller is Panayiotou Shamma LLC. We are committed to protecting and respecting your personal data. We will use the information we collect about you in accordance with the GDPR.

By accessing our website or using any of our services, you are accepting and consenting to the practices described in this policy.


We may collect the following types of personal information within the context of providing services to you, in relation to yourselves, your representatives, directors, shareholders, beneficial owners:

  • Personal information, including name and surname, residential address, photograph, identity and/or passport numbers and/or copies, date and place of birth, utility bill(s), bank statement(s)
  • contact details (including names, postal addresses, email addresses and telephone numbers);
  • information required by us to meet any legal and regulatory requirements, in particular in respect of anti-money laundering legislation and compliance obligations such as origin of funds and source of wealth;
  • information provided in the course of the provision of legal and other services (including sensitive personal data such as health, religion or ethnicity, where necessary);
  • payment details, such as bank account number, accountholder name, invoice and payment records;
  • details regarding a browsing or usage session (IP address, Geo-location, device, operating system, internet browser, screen resolution, language and keyboard settings, internet service provider, referring pages, time stamps, etc.)
  • any other information you may provide to us.


We may collect your personal information in the following ways:

  • Directly from you, either as part of our business on boarding procedures or during the course of our business relationship with you;
  • Information available in the public domain;
  • From law enforcement authorities.

In the case you provide personal information to us about other people (such as your customers, directors, officers, shareholders or beneficial owners, employees), you must ensure that you have obtained their consent to such disclosure.


We collect only the personal information necessary to fulfil your request and to provide the requested and/or agreed services. Where additional, optional information is sought, you will be notified of this at the point of collection.

The applicable law allows us to process personal information, as long as we have a ground under the law to do so. It also requires us to tell you what those grounds are. As a result, when we process your personal information, we will rely on one of the following processing conditions:

  • Performance of a contract: this is when the processing of your personal information is necessary in order to perform our obligations under an engagement but also to be able to complete our on boarding procedures so as to provide the relevant services;
  • Legal obligation: this is when we are required to process your personal information in order to comply with a legal obligation, such as keeping records for complying with any regulatory purposes, or providing information to a public body or law enforcement organization;
  • Legitimate interests: where necessary, we may process information about you where there is a legitimate interest for us or a third party in pursuing commercial and business interests, except where such interests are overridden by your interests, fundamental rights and freedoms; or
  • Your consent: we may occasionally ask you for specific permission to process some of your personal information for specific purposes, and we will only process your personal information in this way if you agree to us doing so. You may withdraw your consent at any time by informing us in writing.

Legitimate interests

We have legitimate business interests in:

  •  providing legal advice and legal services, administrative, corporate, trust or other services to you;
  • managing our business and relationship with you or your company or organisation, including any marketing services you agree to;
  • understanding and responding to inquiries and client feedback;
  • enforcing the terms of our engagement, the terms of use of our website and other terms and conditions;
  • managing service quality and improving our services;
  • ensuring our IT and communication systems and premises are secure;
  • ensuring debts are paid.


We do not share personal information with unaffiliated third parties, except as necessary for our legitimate, professional and business needs and interests, to carry out your requests, and/or as required or permitted by law. These include:

  • Our employees, agents and representatives
  • Supervisory and other regulatory and public authorities, including public registries
  • Other firms, management or trust companies
  • External legal or other consultants and associates
  • Auditors
  • Companies that developed, host and maintain our information technology infrastructure and/or other systems

We require all third parties to respect the security of your personal information and to treat it in accordance with the applicable data protection laws. We do not allow our third-party service providers to use your personal information for their own purposes, we require them to have procedures in place to protect data against unauthorized use, access, disclosure, damage or loss and only permit them to process your personal information for specified purposes and in
accordance with our instructions and the provisions of the GDPR.


Personal information that you submit to us may be stored, processed and transferred to countries other than where you live, for example, to our servers or our authorized service providers in the European Economic Area (EEA). By submitting your personal information to us, you consent to these transfers, storing and processing. We will take all reasonable efforts to ensure that your data is treated securely and in accordance with this policy.


We will keep your personal data for as long as we have a business relationship with you as an individual or, in respect of our dealings with a legal entity or body, for as long as you are authorized to represent same as an authorised representative, officer, registered shareholder and/or beneficial owner. After the expiry of such business relationship, we may keep your data for as long as we are obliged and/or entitled to keep such data in accordance to any law or regulation to which we are subject.

For prospective clients (or authorized representatives, officers or owners of a legal entity that are prospective clients) we shall keep your personal data for six (6) months from the date of conclusion of all communications which did not lead to cooperation or provision of services.


We have implemented appropriate technical and organizational security measures to prevent your personal data from being accidentally lost, altered, disclosed, used or accessed in an unauthorized way.

We have in place procedures to deal with any suspected personal data breach and will notify you
and any applicable regulator of a breach where we are legally required to do so.


In general, if you have submitted personal information to us, you have the following rights:

  • The right to access information about you and to obtain information about how it is processed;
  • The right to request that your information is corrected if it is inaccurate or incomplete;
  • The right to request that your information is erased (depending on the circumstances and agreements in place). We may continue to retain your information if another legitimate reason for doing so exists.
  • The right to object to the use of your personal data where we are relying on legitimate interest as the basis for processing. However, we may continue to use your personal data, despite your objection, where there are compelling legitimate grounds to do so or we need to use your personal data in connection with any legal claims;
  • The right to request that we restrict the processing of your information if the information provided to us is not accurate, the processing is unlawful and your request for erasure is opposed or when we no longer need your data for the purpose of processing but they are required by you for the establishment, exercise or defence of legal claims;
  • The right to withdraw your consent to our processing of your information (depending on the circumstances and agreements in place). We may continue to process your information if another legitimate reason for doing so exists;
  • The right to receive certain information you have provided to us in an electronic format and/or request that it is transmitted to a third party. This applies when: (a) The lawful basis for processing this information is consent or for the performance of a contract; or (b) the processing is carried out by automated means.
  • The right to lodge a complaint with the Data Protection Commissioner if you think that we have not processed your personal data in accordance with data protection legislation.

You can exercise your rights by submitting a request by email to We will make all reasonable and practical efforts to comply with your request within one month, if it is consistent with applicable laws and regulations. Otherwise, we will request for an extension to the abovementioned period or we will inform you of our refusal along with the relevant justifications.


We may update this policy from time to time by publishing a new version on our websites. We encourage you to check back periodically to review this Privacy Policy for any changes since your last visit. This will help ensure you better understand your relationship with us, including the ways we process your personal information.


If you still feel that your personal data has not been handled appropriately according to the law, you can contact the Office of the Commissioner for Personal Data Protection, at: 1 Iasonos Street, 1082 Nicosia, P.O. Box 23378, 1682 Nicosia Tel: +357 22818456 Fax: +357 22304565, email:

We would, however, appreciate the chance to deal with your concerns before you approach the Commissioner so please contact us in the first instance at the contact details stated below.


If you have questions, complaints, reports about this Privacy Policy or security vulnerabilities please email us at

Last updated: August 2022