Privacy Policy (Effective October 2025)
- General Statement of Commitment
MOUZOURIS & VASSILIOU LLC (“the Law Firm,” “we,” “our,” or “us”) is dedicated to maintaining the
confidentiality, integrity, and lawful use of all personal data collected in the course of our
professional practice.
This Privacy Policy outlines how we obtain, manage, and protect your information, in accordance
with the General Data Protection Regulation (EU) 2016/679 (“GDPR”), Cyprus Law 125(I)/2018, and
other applicable European legislation. - Identity of the Data Controller
The data controller responsible for the processing of personal information is:
MOUZOURIS & VASSILIOU LLC
Naousis 1, Karapatakis Building, 2nd Floor
6018 Larnaca, Cyprus
Email: info@mvadvocates.com
For any data protection queries, or to exercise your legal rights, you may contact the Law Firm via
the above channels. - Scope of Application
This Policy applies to all personal data processed by the Law Firm in connection with:
Provision of our services as illustrated in our website; – https://mvadvocates.com/services/
The provision of legal, corporate, administrative, and fiduciary services;
Business administration, communications, and marketing activities;
Compliance with professional, statutory, and regulatory obligations; and
Internal governance and security management operations.
It covers data relating to clients, representatives, suppliers, business partners, website users, and
any other individuals whose personal data may be processed by the Law Firm. - Nature of Personal Data Collected
Depending on the engagement or interaction, the Law Firm may collect and process:
4.1. Identification Information – full name, date of birth, nationality, identity or passport
number, and other official documentation.
4.2. Contact Details – address, telephone, fax, and email.
4.3. Financial Data – billing details, payment records, IBAN, SWIFT, or other account identifiers.
4.4. Professional Information – occupation, employer, and information connected to legal or
corporate representation.
4.5. Compliance Documentation – data obtained through due diligence, anti-money laundering
(AML) procedures, or sanctions screening.
4.6. Sensitive or Special Category Data – such as health or criminal record data, processed only
when required by law or for legal representation.
4.7. Marketing and Preference Data – subscription preferences, consent records, and
communications history.
4.8. Supplier Data – contact and invoicing information of vendors or external service providers.
The Law Firm observes the principle of data minimisation and collects only information necessary for
lawful and specific purposes.
- Sources of Information
Personal data may be obtained through:
Direct communications with you (emails, calls, forms, or meetings);
Public registries or official databases;
Your employer or authorised representatives;
Compliance and screening service providers;
Regulators, courts, or law enforcement agencies; and
Internal records generated in the course of our services. - Purposes and Legal Basis for Processing
6.1. Purposes
We process personal data to:
Provision of our services as illustrated in our website; – https://mvadvocates.com/services/
Conduct client identification, onboarding, and verification procedures;
Manage contracts, billing, and client accounts;
Maintain secure and efficient IT and office systems;
Communicate with clients and business partners;
Fulfil statutory and professional obligations;
Prevent fraud, money laundering, or other unlawful conduct; and
Exercise, establish, or defend legal claims.
6.2. Lawful Bases
Dat processing is carried out on one or more of the following bases:
Performance of our Services as illustrated in our website.
https://mvadvocates.com/services/
To provide requested legal and/or related services and recover outstanding fees.
Legal Obligation: To comply with laws and professional regulations (e.g., AML or tax
compliance).
Legitimate Interests: To ensure business continuity, system security, and service
improvement.
Consent: For specific purposes such as marketing communications, where freely given and
revocable at any time.
- Data Disclosure and International Transfers
7.1. Data Sharing
Personal data may be shared, strictly on a need-to-know basis, with:
Clients, counterparties, or associates involved in a matter;
Professional advisers, auditors, or technology providers assisting the Law Firm;
Governmental or judicial authorities, when legally required;
Compliance and screening service providers; and
Public registries or regulators for statutory filings.
The Law Firm does not sell, lease, or commercially exploit personal data.
7.2. International Data Transfers
As a general rule, personal data remains within the European Economic Area (EEA).
Where transfers outside the EEA are necessary, these occur under approved safeguards such as:
Adequacy decisions issued by the European Commission;
Standard Contractual Clauses (SCCs); or
Binding corporate or professional rules ensuring equivalent data protection standards. - Data Security and Retention
8.1. Security Measures
We implement appropriate measures to protect against unauthorised access, misuse, loss, or
alteration of data.
Any suspected data breach will be promptly investigated, and notifications will be made to affected
individuals and the supervisory authority where required.
8.2. Data Retention
Personal data is retained only for the period necessary to completely fulfil its processing purpose or
to satisfy legal, accounting, or regulatory obligations.
In cases involving disputes or ongoing proceedings, relevant data may be retained until the matter is
dully resolved.
- Data Subject Rights
The provider has the following rights under GDPR and Cyprus data protection law:
Access: to obtain confirmation and a copy of personal data held by the Law Firm.
Rectification: to correct inaccurate or incomplete data.
Erasure: to request deletion of data under lawful conditions.
Restriction: to limit processing in specific cases.
Portability: to receive or transfer data in a structured, commonly used format.
Objection: to processing based on legitimate interests or for direct marketing.
Withdrawal of Consent: applicable when consent is the legal basis.
Complaint: to the Office of the Commissioner for Personal Data Protection (Cyprus) via
www.dataprotection.gov.cy.
Requests to exercise these rights may be submitted to: info@mvadvocates.com. - Marketing and Communications
We may from time to time and/or occasionally send newsletters, updates, or event invitations to
those who have given explicit consent.
Recipients may withdraw consent or unsubscribe at any time through the contact details provided
above. - External Links
Our website and electronic communications may include links to external resources or third-party
sites.
We are not responsible for their data protection practices and/or content and recommend reviewing
their individual privacy notices and/or policies prior to providing personal data. - Processing of Children’s Data
Our professional services are directed to adults and legal entities.
We do not knowingly collect personal data from individuals under the age of 14. - Regulatory and Legislative Framework
Our processing practices are governed primarily by:
The General Data Protection Regulation (EU) 2016/679 (GDPR);
Cyprus Law 125(I)/2018 on the protection of natural persons regarding the processing of
personal data; and
Emerging EU legislative instruments, including:
o EU Data Act (2025) on data access and portability;
o EU–US Data Privacy Framework for international transfers;
o DORA (Digital Operational Resilience Act) and the Cyber Resilience Act on ICT
security; and
o Forthcoming EU AI Act, reinforcing transparency in automated processing.
Our Law Firm actively monitors these frameworks to maintain ongoing compliance and best practice
standards.
- Updates to This Policy
The Law Firm reserves the right to revise or amend this Privacy Policy at any time to reflect changes
in law, technology, or internal procedures.
All revisions will be posted on our website and will indicate the date of the latest update.
Last updated: October 2025