This Privacy Notice sets out how we, Nicholas Ktenas & Co LLC (“NKC”/ “we”/ “us”), collect and process personal data of visitors to our website, job applicants, potential clients and/ or clients to who we may provide services pursuant to an Engagement Letter signed and/ or instructions received by email, telephone or in any other way by which an attorney-client relationship is considered to be established (“Engagement”), (“you”/ “your”).

This Privacy Notice includes all the information NKC must provide to you as “data subject” under the GDPR and applicable law, in relation to the collection, use and disclosure of your personal data by NKC in the context of the lawyer-client relationship established under our relevant Engagement with you, or in any other context you may decide to contact us (whether via our website, by email, in person or over the phone) by explaining:

  1. Who we are
  2. What personal data we collect about you
  3. How we Collect your personal data
  4. Purposes of processing personal data
  5. How we store your personal data
  6. Who can access your personal data
  7. Retention periods
  8. Transfers to third countries
  9. Your rights
  10. Cookies
  11. Changes to Privacy Notice

This Privacy Notice applies only where and to the extent that NKC may be considered as “controller” in relation to the processing of your personal data under the provisions of Regulation (EU) 2016/679 (“GDPR”) and applicable law, including Law 125(I)/2018 and any relevant guidelines issued by the Office of the Commissioner for Personal Data Protection in Cyprus.

If you are visiting or using our website (, please note that NKC has no control over and is not responsible for any third-party websites, plug-ins or applications which may be accessible through links from our website. Clicking on those links may allow third parties to collect or share data about you. Third party websites are responsible for providing their own privacy policies and notices which you will need to consider before you submit any personal data to such third-party websites.

By providing your personal data to us, you agree to the processing of your personal data in accordance with this Privacy Notice.

1. Who we are

NKC is a boutique law firm registered as a lawyers’ limited liability company (LLC) in Cyprus and based in Nicosia, consisting of lawyers who have the experience, skills and knowledge of a top tier international law firm while maintaining the benefits and attentiveness of a small local practice, offering a value-for-money service of the highest quality and a competitive advantage to all our clients.

We are based in Nicosia and our offices are situated at 15 Vyzantiou Street, 1st Floor, Office 105, 2064 Strovolos, Nicosia, Cyprus.

We recognise and value the trust that individuals place in us when they provide us with their personal data, and we are committed to ensuring the confidentiality and protection of any personal data entrusted to us. All our partners, associates and employees are provided with the appropriate training for handling personal data securely and in accordance with the law. We also ensure that all business partners and external service providers we work with comply with their respective legal obligations and apply the same high standards when it comes to the protection of personal data and privacy.

2. What personal data we collect about you

Depending on the scope of our Engagement, we may collect different types of personal data that is necessary for the purpose of providing our services to you. These include:

  • Basic personal details such as your full name and job title,
  • Identification and other background verification information, such as a copy of ID card or passports collected as part of our client onboarding and ongoing monitoring procedures,
  • Contact information such as postal/ residential address, email address, telephone numbers, etc,
  • Financial information such as payment related information or bank account details,
  • Information relating to the matter of our Engagement and personal data provided to us by or on your behalf or generated by us in the course of providing our services, which may, where relevant, include special categories of personal data,
  • Information required by law to meet legal and regulatory requirements applicable to NKC, such as anti-money laundering and Know Your Client (KYC) obligations, including utility bills or evidence of beneficial ownership or the source of funds to comply with Marital/ family status, criminal record, educational and business background, employment record, Curriculum Vitae, Bank references, utility bills, information on source of funds and/ or wealth, etc),
  • Recruitment related information such as your curriculum vitae, your education and previous employment history, details of any professional memberships and any other information relevant the position you are applying for at NKC (job applicants only).
  • Any other information of a personal nature that you may provide to us.

In certain circumstances, we may have to process certain personal data relevant to you, which is considered Special Category Data under the GDPR, such as information which reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning your sex life or sexual orientation or data relating to your criminal record or alleged criminal activity.

We will only process such Special Category Data in accordance with the relevant requirements of the GDPR, including but not limited to obtaining your explicit consent (e.g. where you have specifically provided such data to us for any of the purposes stated in paragraph 4 below) and/ or where this is necessary for the purposes of carrying out our contractual obligations towards you.

We will process all your personal information lawfully, fairly and in a transparent manner at all times.

We do not take any decisions concerning you based solely on automated decision-making processes or profiling.

At your request, we may also collect and process personal data concerning your employees, any other third parties to who you provide services and/ or who provide services to you and/ or with who you are affiliated and/ or associated and/ or the representatives of such third parties who are natural persons (employees, consultants, business partners, etc). We will only collect and process such data as instructed by you, as processors, on your behalf and for the purposes of complying with our contractual obligations towards you. In respect of any such personal data, you are the controller according to the GDPR and you may have an obligation to inform the data subjects and/ or obtain their prior consent where this is required under the GDPR and/ or applicable law.

3. How we collect your personal data

We may collect or receive your personal data in a number of different ways:

  • Directly from you, for example by email, or via other direct interactions with us for the purposes of our Engagement such as by telephone or online, through our website (i.e. if you use our “contact us” form)
  • By monitoring use of, or interactions with, our websites, any marketing communications we may send to you, or other email communications sent from or received by NKC,
  • From third parties, for example, collecting information about you for the purposes of our client onboarding procedures or in the context of carrying out “know your client” checks,
  • From publicly available sources, for example to verify or update any contact details we already hold for you.

4. How we use your personal data


We collect and process your personal data only for the purposes that we are permitted to do so by applicable law and in particular (depending on our relationship with you):

  • To comply with our contractual obligations towards you:

To establish a lawyer-client relationship and to provide our services to you as agreed under our Engagement with you.

  • To comply with legal obligations to which we are subject:

To fulfil our legal, regulatory, or risk management obligations, including compliance with obligations regarding KYC/ AML, sanctions, fraud prevention, identifying conflicts of interests, statutory reporting requirements, etc.

  • Pursuing a legitimate interest:

Generally, to ensure the security of our staff and premises, for internal training purposes, following up on enquiries and complaints, promotion and marketing (i.e. newsletters), to ensure IT recovery and business continuity, to proceed with a reorganisation of our business (as part of any due diligence process or business transfer), etc.

If you are a client, to notify you about changes to our General Terms and Conditions of Service for legal services or to this Privacy notice, to ensure the quality of our services, to ensure that we receive payment for our services, for the establishment, exercise or defence of legal claims, etc.

If you are a website visitor and/ or user – to facilitate your use of our website, to respond to requests for information or enquiries from you and to ensure that our website content is relevant and is presented to you in the most effective manner, etc.

If you are a job applicant, to enable us to process your employment application and to assess your suitability for any position for which you may apply at NKC.

  • Any other purpose specified by you and/ or with your consent:

Where your prior consent is required under applicable law, you will be presented with a relevant consent form in relation to any such use and you may withdraw your consent at any time.

You do not have an obligation to provide us with your personal data. If, however, you do not do so we may not be able to provide you with our services.

5. How we protect your personal data

We process your personal data mainly from our head offices in Nicosia (15 Vyzantiou Street, 1st Floor, Office 105, Strovolos, 2064 Nicosia, Cyprus), where they are kept and stored in physical form.

We use third parties who provide Secure Document and Records Management services to us for the storage of physical records and files which may contain personal information.

We also use third parties who provide Information Technology services to us which are relevant to the electronic storage of and access of your data, including recovery and business continuity services, to the extent this is necessary for the purpose of allowing us to provide our services to you without disruption (i.e. working remotely) and generally to ensure that our legitimate interests are duly protected.

While we recognise that the storage and transmission of information, especially over the internet, cannot be guaranteed to be secure from intrusion by third parties, for the storage and security of your personal data the Company takes all the necessary physical, technical and organisational measures to protect personal data from unauthorised access, use, disclosure, alteration or destruction and to ensure that the processing is carried out in accordance with the law and the GDPR (access control, antivirus, firewalls, encryption, etc).

Information stored on our service providers’ secure premises and/ or servers is only accessed and used subject to strict security policies and standards agreed with them, to ensure the confidentiality of personal data.

6. Who can access your personal data

Within NKC, your personal data is accessible only to those who need to access it for the purposes specified in paragraph 5 above, with a duty of confidentiality.

Outside NKC, recipients of your personal data may include subcontractors, agents and third-party service providers, including business partners and organisations who provide professional services to us such as:

  1. Accountants/ Auditors,
  2. Insurers/ brokers,
  3. Banks or credit institutions,
  4. Secure Document and Records Management Services,
  5. Information Technology businesses who provide technical services such as software development, installation and maintenance, file backup, recovery and continuity, etc

For the purposes of compliance with our legal or regulatory requirements external recipients of your personal data may also include:

  1. Professional bodies and regulators, such as the Cyprus Bar Association
  2. Local or government authorities such as the Ministry of Labour, Welfare and Social Insurance, the Ministry of Health, the Ministry of Finance, etc,
  3. Other regulatory authorities or law enforcement agencies, such as the Cyprus Police, in connection with enquiries, proceedings or investigations anywhere in the world.

We choose our associates and external service providers very carefully, after carrying out all necessary checks and obtaining sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of this GDPR and applicable law.

7. Retention periods

We keep your personal data only for as long as necessary to fulfil the purposes for which it was collected or any other relevant permitted purpose (subject to legitimate interest or regulatory requirements), or-in the case of consent-until you withdraw your consent.

After this period, your personal data will be irreparably destroyed.

8. Transfers to third countries

If your personal data will be transferred to entities or other third parties whose headquarters or place of business is not located in the European Union (EU) or the European Economic Area (EEA), we ensure before forwarding the data, that outside of legally permitted exceptional cases pertaining to the recipient (reasons of public interest or recipient’s consent), an appropriate level of data protection exists (e.g. through an adequacy decision of the European Commission or through the use of Standard Contractual Clauses approved by the European Commission for these purposes, after due assessment of the law and the practice of the third country).

9. Your rights

In accordance with the GDPR and applicable data protection laws, you may have the following rights in relation to the personal data that we hold about you:

  • Right of Access: the right to require further details from us on how we use your personal data and a copy of any personal information in our possession,
  • Rectification: the right to require us to update or correct any personal data in our possession,
  • Erasure: the right to require us to delete any personal data in our possession, subject to any legitimate interest of statutory obligations we may have,
  • Restriction: the right to require us to restrict the processing of your personal data and limit the way we use it in certain circumstances and for a particular reason (such as contesting the accuracy of the information, the lawfulness of the purpose, etc),
  • Right to Object: the right to object to any processing on grounds relating to your particular situation, unless we have legitimate grounds which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims,
  • Withdrawal of Consent: Where processing is based on consent, you have the right to withdraw your consent so that we stop carrying out such processing.

You may exercise any of the above rights by contacting us by email at or by calling us at +357 22 510 197.

If you wish to complain about the way we may have handled your personal information, you may contact us at the above email address and telephone number. We will examine your complaint and contact you to try and resolve the matter.

If you still fee that your personal information has not been handled appropriately according to the law, you can submit your complaint with the Office of the Commissioner for Personal Data Protection in Cyprus.

10. Cookies

We use cookies from third-party partners such as Google to help improve functionality or tailor information to provide website visitors with more relevant pages. For details of the cookies we use on our website, please see our Cookie Policy, which forms part of this Privacy Notice. We may also analyse website traffic to see how visitors move around our website when they are using it so we can tailor our website accordingly and ensure that users are finding what they are looking for easily.

11.Changes to Privacy Notice

We may change and update our Privacy notice and Cookie Policy from time to time in the future. You are encouraged and advised to review them when you visit our website to stay informed of how we are collecting and using your personal data.

This Privacy notice was last updated in July 2021.

We are using cookies to give you the best experience. You can find out more about which cookies we are using or switch them off in privacy settings.
AcceptPrivacy Settings