Skip links
scroll
Guricon

PRIVACY POLICY 

v.3 as of 13/05/2024 

1. Introduction 

GURICON LIMITED is committed to protecting the personal data of its employees,  customers, suppliers and other stakeholders and to ensuring its compliance with all  relevant legislation. As part of its business, GURICON LIMITED relies upon a number of  third party organisations to assist in providing a high level of service to its customers, in  offering complete suite of business solution to its clients, in ranging from tax planning,  fiduciary services, consulting, administrative support and compliance, and in looking  after its employees, amongst a wide range of other activities. 

Guricon Limited consists of highly skilled professionals with many years of experience in  International business and professional services in the form of taxation, management  accounting and consulting, so Guricon Limited respect the trust and confidentiality of  its clients, employees, suppliers and other stakeholders where them peace of mind is  most upmost importance. 

This procedure is intended to be used when a data subject exercises one or more of  the rights they are granted under the European Union General Data Protection  Regulation (GDPR). 

Each of the rights involved has its own specific aspects and challenges to GURICON  LIMITED in complying with them and doing so within the required timescales. In general,  a proactive approach has been taken that places as much control over personal data  in the hands of the data subject as possible, with a minimum amount of intervention or  involvement required on the part of GURICON LIMITED. 

2. Our Firm 

When you become our client, you entrust us with your personal and financial data, and  may entrust us with the custody of your assets as well. We recognize that our  relationship is based on trust, and that you expect us to act responsibly and in your best  interests. Because your personal and financial data is your private information, we hold  ourselves to the highest standards in its safekeeping and use. 

This means, most importantly, that we do not sell client information, whether it is your  personal information or the fact that you are our client, to anyone. Instead, we use  your information primarily to complete transactions and services that you request. 

You typically provide personal information to us when you complete and sign the  relevant questionnaire with us and before you sign the engagement letter as per AML  regulations and/or legislations (Know your Client). 

This Privacy Policy explains how information about you is collected and used by our  Firm. 

By using our website, providing personal information and/or using any of our services,  you agree that: 

  • you consent to this Privacy Policy, as updated from time to time; and if you have provided personal information to us relating to any other person, you: (a) have a right to provide that information 

(b) have provided a copy of this Privacy Policy, as updated from time to time, to that  person; and 

(c) each such person has agreed to those terms. 

In such cases, references in this Privacy Policy to terms such as “you” and “your” also refer to such persons. 

3. Definitions 

Personal data: any information relating to an identified or identifiable natural person  (‘data subject’); an identifiable natural person is one who can be identified, directly or  indirectly, by reference to an identifier such as a name, an identification number,  location data, an online identifier or to one or more factors specific to the physical,  physiological, genetic, mental, economic, cultural or social identity of that natural  person; 

‘processing’: any operation or set of operations which is performed on personal data  or on sets of personal data, whether by automated means, such as collection,  recording, organisation, structuring, storage, adaptation or alteration, retrieval,  consultation, use, disclosure by transmission, dissemination or otherwise making  available, alignment or combination, restriction, erasure or destruction; 

‘controller’: the natural or legal person, public authority, agency or other body which,  alone or jointly with others, determines the purposes and means of the processing of  personal data; where the purposes and means of such processing are determined by  Union or Member State law, the controller or the specific criteria for its nomination may  be provided for by Union or Member State law;

4. What information do we collect ABOUT YOU? 

For general web-browsing of this website, your personal data is not revealed to us,  although certain statistical information is available to us via our internet service provider as well as through the use of special tracking technologies. Such information tells us  about the pages you are clicking on or the hardware you are using, but not your name,  age, address or anything we can use to identify you personally. 

However, if you wish to use certain services offered on our website, obtain certain  information made available by us, or request us to provide you with corporate or  fiduciary services through our Contact Us page or by contacting our Team directly,  then you may be asked for information such as full name, email address, telephone  number, fax number and residential address. 

If you enter into a business relationship with us, either as a client or as one of our business  partners, vendors or suppliers, then the kinds of personal information that we collect  and hold about you may include: 

  • identifying information, such as your full name, occupation, age, and any  photographs found in your identity verification documentation; 
  • contact information, such as your email address, mailing address or phone number; records of our communications with you; and/or 
  • Information we may have obtained from other sources (such as risk intelligence  service providers, lexis nexis) in order to identify who we are doing business with as  part of the ‘know your clients’ obligations contained in relevant legislation. 
  • Information that you provide to us in a relation to your source and size of funds as part of the ‘know your clients’ obligations contained in relevant legislation. 

In these cases the provision of your personal data will be a contractual requirement or  a requirement relating to entering into a contract, and you will be obliged to provide  the personal data we require in order to comply with our legal obligations and provide  the services to you under that contract. Without this information, we may not be able  to provide you with our services or to respond to queries or requests that you submit to  us. You may, however, visit our website anonymously.

5. Why do we collect this information? 

Legal grounds for processing 

We always ensure we respect your privacy rights. This means we can only collect your  personal data if we have lawful grounds for doing so. In most cases, we may rely on  the following grounds: 

  • we may have a contractual arrangement with you and to fulfil our obligations  we need to process your personal data (e.g. you are a client, external  providers, third parties) 
  • there may be a legal obligation for us to process your personal data (e.g. so  we can properly identify you and comply with relevant anti-money laundering  legislation) 
  • we may want to fulfil a compelling legitimate interest we may have in a manner  that does not outweigh your rights and freedoms (e.g. ensuring security of our  IT infrastructure and systems, or monitoring the use and effectiveness of our  website) 
  • you may have expressly asked us to do something or have otherwise given your  clear consent to us that you are happy for us to process your data (e.g. for  marketing purposes, or simply responding to a question you may have asked us  or other feedback you may have given us) 

In most cases, we collect personal data that you choose to provide to us so that we  can provide you with a service you have requested from us such as establishment of a  corporate organization for example. The relevant information is then used by us to  communicate with you on any matter relating to the conduct of your instructions in  general. Specifically, if you are a client, this would be providing the services agreed  with you in accordance with our Terms and Conditions (as may be amended) and as  necessary for the performance of our contract with you. If you choose not to provide  certain information, we may not be able to provide you with some services. 

Other reasons we may process your information include: 

  • maintaining our administrative or client relationship management systems; providing you with information about us and our range of services, otherwise known as ‘Direct Marketing’; 
  • management of enquiries and complaints; 
  • if you have applied for a job with us, so we can consider you for employment. if you are attending one of our events 

We also process information relating to our employees, and prospective applicants, for  general employment and recruitment purposes. These purposes will be disclosed in  more detail at the time we collect personal data from such persons.

6. What do we do with this information and how we used this information? 

We use your information in a number of ways. When we use your personal information,  we must do so lawfully. In every case, we will use your information for the purposes for  which it was provided by you or lawfully obtained by us, and where such purposes  change or cease to exist, we will inform you that we need additional information or  shall erase your information in accordance with the retention policies described in this  Privacy Policy. 

This information may be used: 

  • to verify your identity when you are dealing with us, so we may satisfy our obligations  with respect to crime (including tax evasion) prevention and detection, anti-money  laundering, due diligence, as well as any other relevant legal or regulatory obligations  we may be subject to; 
  • to carry out lawful obligations arising from contracts entered into between you and us  and to provide you with the information and services that you have requested from us  or otherwise process transactions on your behalf such as settling invoices payable by  you to us or to third parties; 
  • to notify you about changes to our services or this Privacy Policy; 
  • as permitted by law or regulation, and as required by law or regulation, or as requested  by government or regulatory authorities, for the protection of persons or property or to  establish or exercise our legal rights or defend against legal claims, including to comply  with anti-money laundering obligations; 
  • in connection with an acquisition, merger, restructuring, sale or other transaction  involving all or any portion of our business or assets; 
  • to ensure that content from our website is presented in the most effective manner for  you and for your device(s); and/or 
  • to administer our website and for internal operations, including troubleshooting, data  analysis, testing, research, statistical and survey purposes, or otherwise as part of our  efforts to keep our website safe and secure. 

We may also use aggregate information and statistics for the purposes of monitoring  website usage in order to help us to develop our website and our services. We may  also provide such aggregate information to third parties. These statistics will not include  information that can be used to identify you, as the information is anonymised and ‘de 

identified’. More information is found in our Cookie Policy. 

Direct Marketing 

Your information may also be used to provide you with information about us and our  range of services, otherwise known as ‘Direct Marketing’. To this end, we may use your  information:

  • to allow you to participate in interactive features of our services, when you choose to  do so; 
  • to inform you about and manage your involvement with our services and events,  including educational or corporate hospitality events 
  • to measure or understand the effectiveness of advertising we serve to you and others,  and to deliver relevant advertising to you, including making suggestions and  recommendations to you and other users of our website about goods or services that  may interest you or them; and/or 
  • to provide you, with news bulletins, newsletters, brochures, or general information  about other goods, services and events which we offer that are similar to those that  you have already purchased or enquired about, or otherwise feel may be of interest  to you (unless you have opted-out of receiving such information). 

In circumstances where you are an existing client or we otherwise have an existing  relationship with you we will rely on our legitimate interests as the lawful ground for  processing your personal data for direct marketing purposes. To this end, it may be  necessary to process your personal data so we can directly market in our legitimate  interest. In addition, we consider it reasonable for you to expect you may receive  marketing material from us in the same methods we normally communicate with you  (e.g. via email) and that there is no disproportionate impact to your individual privacy  rights in this case. 

In circumstances where you are not a client or we do not otherwise have an existing  relationship with you, marketing our materials, events and services (or those of others)  to you shall be subject to your consent which shall be requested at the latest on our  first communication to you, where you will be given the option to elect to receive such  information (known as ‘opting-in’) by checking the appropriate boxes on the forms we  use to collect your data or in links provided within our email communications. 

Please note that any administrative or service-related communications (to offer  corporate or fiduciary services, or notify you of an update to this Privacy Policy or our  Terms and Conditions etc.) will solely be directed at our clients or business partners, and  such communications generally do not offer an option to unsubscribe as they are  necessary to provide the services requested. Therefore, please be aware that your  ability to opt-out from receiving marketing and promotional materials does not change  our right to contact you regarding your use of our website or as part of a contractual  relationship we may have with you. 

If you wish to be removed, we will retain your details in our marketing database(s)  specifically for the purposes of suppressing your details from inclusion in all future  marketing campaigns. These database(s) are restricted for access only by members of  our marketing team. Your unsubscription request will only affect these database(s) and  will not change any existing information on our other databases that you have

provided to us or we have otherwise obtained for the purposes of providing our services  to you or for any other lawful purposes. 

7. What rights do you have? 

As from the 25th May 2018 the General Data Protection Regulation (Regulation (EU) 2016/679, more commonly known as the ‘GDPR’) gives data subjects (like you) more  rights in relation to their personal data. You can find out more about the GDPR and  your rights by accessing the European Commission’s website

If you are a natural person (in other words, a human being and not a company) you  have the right to: 

  • information about the processing of your personal data (and if you did not give it to us,  information as to the source). 
  • obtain access to the personal data held about you. 
  • ask for incorrect, inaccurate or incomplete personal data to be corrected. request, in certain cases, that personal data be erased when it’s no longer needed or  if processing it is unlawful. 
  • object to the processing of your personal data for marketing purposes or on grounds  relating to your particular situation. 
  • request the restriction of the processing of your personal data in specific cases. receive your personal data in a structured, commonly used and machine-readable  format, or ask us to send it to another person (‘data portability’) and request that decisions based on automated processing concerning you or significantly  affecting you and based on your personal data are made by natural persons, not only  by computers. You also have the right in this case to express your point of view and to  contest the decision. 

Please note these rights may only apply in certain cases. For example, some rights only  apply where our lawful ground of processing is your consent, or where we have a  contract with you. 

You also have a right to lodge a complaint with the appropriate data protection  authority whose details are provided below, and in certain cases may receive  compensation from us, as data controller, for any damage you suffer. 

We want to ensure that your personal information is accurate and up to date. If any of  the information that you have provided to us changes, for example if you change your  email address or name, please let us know the correct details by contacting us on the  details below. You may ask us, or we may ask you, to correct information you or we  think is inaccurate, and you may also ask us to remove information which is inaccurate.

8. How can you access information we hold on you and enforce your rights? 

You can enforce the rights described above by means of a written request to us at the  contact details below. To protect the integrity and security of the information we hold,  we may ask that you follow a defined access procedure, which may include steps to  verify your identity and completion of a form so that we can better understand the  nature of your request and the information you are after. You will need to provide  information to confirm your identity so we are sure it is actually you requesting your  data (and not someone else trying to steal it!). We must respond to your requests  without undue delay and at the latest within 1 month. 

There may be cases where we are unable to provide the information you request, such  as where it would interfere with the privacy of others or result in a breach of  confidentiality. In these cases, we will let you know why we cannot comply with your  request. 

In addition, you can enforce your right to object to direct marketing as described in  the Direct Marketing section above. 

Even if you do not request access to and/or correct your personal information held by  us, if we are satisfied that, having regard to the reasons for which we hold your personal  information, that personal information is inaccurate, incomplete, out-of-date, irrelevant  or misleading, we may take reasonable steps to correct that information.

9. Who might we share your information with? 

In certain cases we may access, preserve, and disclose to third parties information  about you if we believe disclosure is in accordance with, or required by, any  contractual relationship with you, applicable law, regulation or legal process, unless  such information is protected by duties of confidentiality owed to our clients or to other  persons. Personal data may be processed by us and/or our affiliates, agents, vendors,  consultants or suppliers, as well as any other third party service providers who are  performing certain services on our behalf for the purposes specified above (for  example, our agents located in various jurisdictions where we do business who provide  trust and corporate services similar to us, financial institutions, and/or relevant  custodians and investment managers) or on your specific instructions (for example,  where you ask us to transfer to another service provider your personal information  and/or documents relating to an entity we manage or a service we have provided to  you). Such third parties have access to personal data solely for the purposes of  performing the services specified in our Terms and Conditions or to comply with  applicable laws and not for any other purpose (unless you instruct us to transfer  personal information and/or documents to another service provider, in which case that  service provided shall be given such access to your personal data as you expressly

authorise us to give or otherwise under any applicable contract you may have with  them). We require these third parties to undertake security measures consistent with  the protections specified in this Privacy Policy. Such third parties may be located within  or outside of Cyprus. 

In addition we may be required by law or by a court to disclose certain information  about you or any contract we may have with you to relevant regulatory, law  enforcement and/or other competent authorities, unless such information is protected  by duties of confidentiality owed to our clients or to other persons. We may also need  to share your information in order to enforce or apply our legal rights under our agreed  Terms and Conditions. 

Finally, if our business enters into a joint venture with or is merged with another business  entity, your information may be disclosed to our new business partners. 

Transport abroad 

In connection with the provision of our services, personal data may also be transferred  to countries or territories outside the European Economic Area (EEA) where necessary.  For example if you ask us to establish a corporate vehicle outside of Cyprus as part of  the services specified in our Terms and Conditions your data may be transferred to our  agents and business partners in jurisdictions. 

Further, in the context of international legal proceedings or cross-jurisdictional services,  or other services you request from us, we may need to use other service providers  located outside the EEA, such as legal or tax advisors. In which case we will arrange for  contractual safeguards where such territories do not offer an adequate level of  personal data protection similar to the EEA. The EEA comprises the EU member states  plus Norway, Iceland and Liechtenstein. 

We may also rely on derogations for specific situations as set forth in Article 49 of the  GDPR. In particular, we may collect and transfer your Personal Data outside the EEA  only: with your consent; to perform a contract with you; or to fulfil a compelling  legitimate interest we may have in a manner that does not outweigh your rights and  freedoms. For example, if you are settling an invoice via telephone then in order to  effectively process credit or debit card transactions it may be necessary for our  bank/card processing agency to verify your personal details for authorisation outside  the EEA; in such a case, such information will not be transferred out of the EEA for any  other purpose.

We do not sell your information 

Communicating via the Internet and sending information to you by other means  necessarily involves your personal information passing through or being handled by  third-parties, but we do not sell or distribute without your permission your personal  information to third parties for purposes of allowing them to market products and  services to you. Any information we share with marketing companies, data analytics  companies, website developers, and similar service providers and their affiliates is for  the sole purpose of developing, hosting, managing, operating and supporting the  content on our website, or otherwise improving our website and the manner in which  we market Guricon Limited. We ensure that in such cases, the information cannot be  used to identify you and is anonymised and ‘de-identified’. More information is found  in our Cookie Policy.

10. How do we secure your information? 

We are committed to taking appropriate measures designed to keep your personal  data secure. Our technical, administrative and physical procedures are designed to  protect personal data and non-personal data from loss, theft, misuse and accidental,  unlawful or unauthorised access, disclosure, alteration, use and destruction. We follow  generally accepted standards to protect the personal information submitted to us,  both during transmission and once it is received. 

To prevent unauthorised access as required by the Data Protection Act, we follow strict  security procedures in the storage and disclosure of information which you have given  us. Our security procedures mean that we may request proof of identity before we are  able to disclose personal data to you following a request from you for us to do so. We  implement security measures across the firm to ensure our clients’ data is protected  within secured and encrypted servers we control, which are located in Cyprus. We may  also keep hard copy records of this personal information in physical storage facilities  with access restricted solely to our personnel. 

In order to improve the quality of our procedures in a matter of protection of your  personal data and in order to avoid any leak based on the human error of our  employees and/or data processors, we ensure and secure new method which will be  the following: lock any document that will be exchanged through emails, so the  document can only be unlocked through a secure code that we will provide to you. 

We also take steps to monitor access to and modification of your information by our  contractors, advisers, consultants and staff members, and ensure that they are aware  of and properly trained in their obligations for managing your privacy.

We update and test our security technology on an ongoing basis. We restrict access  to your personal data to those employees who need to know that information to  provide benefits or services to you. In addition, we train our employees about the  importance of confidentiality and maintaining the privacy and security of your  information. We commit to taking appropriate disciplinary measures to enforce our  employees’ privacy responsibilities. 

Our website does not collect your personal information and you may browse  anonymously. More information is found in our Cookie Policy. If you have any further  questions about the security of your personal information, you can contact us on the  details below. 

Risks of using the Internet 

We use reasonable physical, electronic, and procedural safeguards to protect the  personal information that we obtain from you from loss, misuse, and unauthorised  access, disclosure, alteration, and destruction. Please note that we are not responsible  for the security of any data you are transmitting over the Internet, or any data you are  storing, posting, or providing directly to a third party’s website, which is governed by  that party’s policies. Please note that no method of transmission over the Internet or  method of electronic storage is 100% secure and we cannot ensure or warrant the  security of any information you transmit to us. Transfer of your data via these means is  therefore at your own risk. 

Data Breaches 

A loss of personal data is known as a data breach. The GDPR imposes requirements on  businesses to identify, assess and report breaches in a timely manner (within 72 hours).  We undertake to inform you if your personal data is compromised and there is a risk to  your rights and freedoms as a result. 

11. How long do we keep your informationfor? 

Our retention policies 

We shall retain a record of our engagement with all our clients, as well as all files and  documentation relating to clients and/or the particular matter that forms the basis on  the legislation for a minimum period of 5 (five) years from the end of the business  relationship described in the relevant engagement documentation, unless: 

  • we are required by law to retain such records for a longer period;
  • continued retention is necessary for the establishment, exercise or defense of legal  claims; or 
  • in order to protect your vital interests or the vital interests of another natural person. 

We will attempt to minimize personal data to what is necessary to identify the client  and the services provided by Guricon Limited, and after the applicable retention  period has expired shall destroy all personal data and other records. At our discretion,  we may retain personal information for less than or longer than the said period of 5  (five) years if we consider it necessary or desirable to do so to meet our legal or  regulatory obligations, or at your specific request (for example, if you ask us to retain  certain documents). 

For more information on where and how long your personal data is stored, and for more  information on your rights of erasure and portability, please contact us on the details  provided below. 

Information about you that is no longer necessary and relevant to provide our services  may be de-identified and aggregated with other non-personal data to provide insights  which are commercially valuable to us, such as statistics of the use of our services or  our main sources of work. This information will be de-associated with your name and  other identifiers and the data will therefore be anonymised. 

Likewise, certain statistical information obtained from our website is already  anonymised. More information is found in our Cookie Policy. Such information may be  kept by us for longer periods than those specified in this Privacy Policy, provided that  such retention is in accordance with applicable laws and regulations. 

12. How can you contact us or make a complain?  

Contact information of Data Controller 

The Data Protection Officer for any personal data you provide to us, is Mrs. Kalliopi  Tsouri. If you have any questions, concerns or comments or if you would like further  information about this Privacy Policy, how we handle your Personal Data, or  otherwise wish to enforce your data protection rights please contact us at: 

Kalliopi Tsouri 

Inomenon Ethnon 48, 

GURICON HOUSE 6042 Larnaca, Cyprus 

Email: 

ktsouri@tsourillc.com 

Phone: (+00357)24821200  

Fax:(+00357)24821201

Your right to complain 

We try to meet the highest standards in order to protect your privacy. However, if you  are concerned about the way in which we are managing your personal information  and think we may have breached any applicable privacy laws, or any other relevant  obligation, you are encouraged to raise any complaints regarding the processing of  personal data to us directly on the contact details above. 

We will make a record of your complaint and refer it to our internal complaint resolution  committee for further investigation. We will deal with the matter as soon as we can,  and keep you informed of the progress of our investigation. 

If we have not responded to you within a reasonable time or if you feel that your  complaint has not been resolved to your satisfaction, you are entitled to make a  complaint to the Data Protection Commissioner under the Data Protection Act, which  is presently the Cyprus Regulatory Authority (CRA). The CRA is responsible for ensuring  that your rights and obligations are respected. The CRA is also competent to hear your  complaints and may prohibit or restrict the processing of your personal data in certain  cases. You may contact the GRA on the below details: 

Cyprus Data Protection Commissioner  

Cyprus Regulatory Authority 

Τ.Θ. 23378, 1682 Nicosia 

Email: commissioner dataprotection.gov.cy 

Phone: (+00357) 22818456 

Fax: (+00357) 22304565 

13.Additionalinformation 

Links 

Occasionally, at our discretion, we may include links to third party products, services or  websites on our website. Please be aware that we are not responsible for the privacy  practices of any third party sites, nor do we verify nor accept any responsibility or  liability for their content. The privacy policies of others may differ significantly from our  Privacy Policy. Therefore, we encourage you to read the privacy statement/policy of  each and every website that collects personal data. 

Governing Law and Jurisdiction

All issues regarding our website and Privacy Policy are governed by Cyprus law and  are subject to the exclusive jurisdiction of the Cyprus courts. 

No Waiver 

Delay or failure on our part in enforcing any of our rights shall not constitute a waiver  by us of our rights and remedies. If any part of this Privacy Policy is held to be invalid or  unenforceable, the validity or enforceability of the remainder will not be affected. 

Privacy Protections for Children Using the Internet 

Protecting children’s privacy is important to us. For that reason, we do not collect or  maintain information on our website from those we actually know are under the age  of 16, nor is any part of our website targeted to attract anyone under 16. We request  that all visitors to our website who are under 16 not disclose or provide any personal  data and discontinue use of our website. 

Revisions to this Privacy Policy 

On this website, you can always view the latest version of our Privacy Policy and our  Cookie Policy. We may modify this Privacy Policy from time to time. If we make changes  to this Privacy Policy, we will provide notice of such changes, such as by sending an  email notification, providing notice through our website or updating the ‘Last  Updated’ date at the beginning of this Privacy Policy. The amended Privacy Policy will  be effective immediately after the date it is posted. By continuing to access or use our  website after the effective date, you confirm your acceptance of the revised Privacy  Policy and all of the terms incorporated therein by reference. We encourage you to  review the Privacy Policy whenever you access or use our website to stay informed  about our information practices and the choices available to you. If you do not agree  to the revised Privacy Policy, you may not access or use this website. If you are an  existing client and do not agree to the revised Privacy Policy, your only option will be  to terminate your relationship with us under our Terms and Conditions or other  contractual arrangement that may be in place. Please contact us on the above  details should you wish to enforce any of these rights.