Taxcom is committed to protecting the privacy of your personal data in accordance with Data Protection legislation. This Data Protection Notice (‘Notice’) sets out the basis on which we will process your personal data.
In this Notice, ‘we’ (and any related expression) refers to Taxcom Services Limited, a company registered in Cyprus, with registered office at 5 Archimidous Street, Flat 104, Strovolos 2018, Nicosia, Cyprus.
This Notice applies whether you are, or you are acting on behalf of, a client or potential client, or you are a professional or business contact, or you are a job applicant.
EU General Data Protection Regulation (GDPR), effective from 25 March 2018.
Personal data is any information that directly or indirectly identifies a living individual.
For the purposes of the GDPR, we will be the controller of any personal data that we collect from or about you in connection with the provision of our professional services, or related activities such as market research or, where relevant, dealing with job applications.
Under the GDPR, data controllers are required to process personal data lawfully, fairly and in a transparent manner, and in a manner that ensures appropriate security of the personal data. Personal data must be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes, and the data must be adequate, relevant and limited to what is necessary in relation to those purposes, accurate and, where necessary, kept up to date, and kept in a form which permits identification of data subjects for no longer than is necessary for those purposes. Data controllers are responsible for, and must able to demonstrate, compliance with these principles.
If you make an enquiry
If you contact us with an enquiry about our professional services (either through our website or by phone, email or post), we will ask you to supply essential contact details (your name, e-mail address, phone number and, where applicable, the company or other person you represent and your job title), which we need in order to identify you and deal with your enquiry.
Depending on the nature of your enquiry, we may collect from you further details, such as the circumstances in which you are making the enquiry, the professional services that may be of interest to you or, where you are interested in a possible position with us, your CV and related information.
If you are or become a client
If you are or become a client (or the company or other person you represent is or becomes a client), and in the course of providing our professional services, we may collect further personal data from you, depending on the nature of the services we are providing. In certain cases, the information that we collect from you may be of a sensitive nature, but we will only ask you to provide the information that is necessary and appropriate.
We may also need to ask you to provide further personal data, and may need to carry out background checks about you with credit reference agencies and AML/fraud prevention agencies, in order to satisfy our obligations under the Prevention and Suppression of Money Laundering and Terrorist Financing Laws of 2007, 2010, 2012 and 2013 and any other applicable legislation or professional principle or code concerning money laundering, tax evasion, crime prevention and fraud protection. If you do not provide us with the information we need, we will not be able to provide our professional services for you or the company or other person you represent.
When you make a personal payment for our services, details of the method of payment, your bank details or your credit or debit card number will be processed.
If you are a professional or business contact
If you provide us with your professional or business contact details or other relevant personal data, we will use this in order to keep in touch with you and exchange information that we believe is, or may become, relevant to our and your business or profession.
If you enquire about a job
If you submit a job application or another person does so on your behalf, we will ask you (or them) to provide relevant personal information about you. Further details of the personal data that we collect, and of the basis on which we will process your personal data, will be provided by our Human Resources representative at the time.
When you make an enquiry, we will process the personal data that you give us, or we collect from you or about you, to be able to supply you with the information that you have requested about our professional services, on the basis that it is necessary for our legitimate interests in promoting and marketing our professional services, or in order to provide a quotation for our services.
If you are or become a client (or the company or other person you represent is or becomes a client), we will process the personal data that you give us, or we collect from you or about you, in order to carry out our work (or the company or other person you represent).
We will also process your personal data for internal record keeping, billing and accounting, and to respond to any queries, complaints or requests for further information, and for the purposes of archiving. The basis on which we do so is that it is necessary for our performance in order to carry out our work (or the company or other person you represent), or is necessary for our legitimate interests in managing our business and improving our professional services, and to comply with our regulatory obligations.
In appropriate circumstances we will use the personal data that you provide or that we collect about you on the basis that we are required to do so in order to comply with our regulatory obligations, including those under applicable legislation such as that concerning money laundering, tax evasion, crime prevention and fraud protection.
We will not use your personal data for any other purpose, or disclose it to any third party, without your consent unless we are required to do so by law, or as mentioned in this section.
Other professionals and other bodies
In order to provide some of our professional services, we may use the input of third parties such as counsel, lawyers, accountants, and other experts, or we may refer you to such third parties, with your consent or where this is necessary for the performance of our work for you (or the company or other person you represent). This will require the disclosure to such third parties of your contact details, as well as further personal data about you which is relevant to the services they provide. We may also be required to disclose your personal data to regulators, by order of the court, Government departments and local authorities and similar bodies in order to comply with legal obligations or to perform our work for you (or the company or other person you represent).
Data processing services
Some of our data processing services are supplied by third party providers, who will need to have access to your data for that purpose. Such third party suppliers will be appointed on the basis that they provide sufficient guarantees to implement appropriate technical and organisational measures so that the processing will meet the requirements of the applicable Data Protection legislation and ensure the protection of the rights of the data subjects, and will carry out processing only on our written instructions, or where we have a legitimate interest in doing so, as indicated above.
Transferring our rights and duties
We may transfer your personal data to anyone to whom we may transfer our rights and duties under the terms of our retainer with you (for instance, if you wish to change your professional service provider or if our business is merged with or we are acquired by a third party). We will do this in order to perform our work for you (or the company or other person you represent) or where this is necessary for the legitimate interests we have in improving our business and services.
Compliance with legal obligations
We may disclose your personal data if we are required to do so in order to comply with any legal or regulatory obligation or request, or where we have a legitimate interest in doing so, such as in order to enforce or apply our contract with you, to investigate potential breaches, or to protect our property and rights or those of others. This may include exchanging information with other companies and agencies for the purposes of credit risk reduction and to comply with legislation concerning money laundering, tax evasion, crime prevention and fraud protection.
Professional or business contacts
If you are not a client (or a representative of a client) but have provided us with your professional or business contact details or other relevant personal data, we may share your personal data with our other professional or business contacts, on the basis that it is necessary for our legitimate interests in promoting and marketing our professional services, unless you indicate otherwise.
If you contact us with an enquiry about our professional services but you do not subsequently become a client (or the company or other person you represent does not do so), it is our policy to delete your personal data after twelve months.
If you are or become a client (or the company or other person you represent is or becomes a client), we normally retain contract information (including personal data) for a minimum period after the end of the relevant contract or client relationship, or for longer where it is necessary for us to do so for compliance with regulatory or other legal obligations, or for the establishment, exercise or defence of legal claims, or where we agree with you to do so. In some cases it may be necessary for us to retain records indefinitely.
Personal data relating to our professional contacts will be retained for so long as deemed necessary, or until you indicate otherwise to us, but we will aim to update our contacts’ preferences on a periodic basis.
In certain cases, it may not be physically possible to delete certain data (for instance, where it is stored on a secure external server), in which case we will take appropriate steps to ensure that it is not available for re-use or disclosure to third parties.
As a data subject, you have certain legal rights including the right:
- to access the personal data held about you and request a copy of it;
- to ask us not to process your personal data for marketing purposes;
- to withdraw at any time any consent you have given to receive marketing material from us, or in any other case where we process your personal data on the basis of a consent that you have given (and not on some other legal basis);
- to ask us to rectify inaccurate personal data about you;
- to ask for the restriction of personal data about you that is inaccurate, unlawfully processed, or no longer required;
- to ask for the transfer of your personal data in a structured, commonly used and machine readable format where appropriate;
- to ask for the erasure of personal data about you where processing is no longer necessary, or the legitimate interests we have in processing your personal data are overridden by your interests, rights and freedoms as the data subject; and
- to make a complaint to the Office of the Commissioner for Personal Data Protection
Transfer Pricing Cyprus