Privacy & Data Protection Policy
1. Introduction
1.1 N. Connor LLC (“we”, “our”, or “the Firm”) is a boutique Cyprus law firm incorporated as a limited liability company, registration no. HE 446471, authorised and regulated by the Cyprus Bar Association, Reg. No. 1060. Our registered office is at Polyviou Dimitrakopoulou 3, 2nd Floor, Office 201, Nicosia, 1090 Cyprus.
1.2 This Privacy & Data Protection Policy (“Policy”) is issued in accordance with Regulation (EU) 2016/679 (the General Data Protection Regulation – “GDPR”) and Law 125(I)/2018 of the Republic of Cyprus. It explains how we collect, use, store, transfer, and protect your personal data.
1.3 We are committed to ensuring the confidentiality and integrity of the personal data we handle, in line with our professional obligations as legal practitioners and data controllers.
2. Scope and Purpose
2.1 This Policy applies to all personal data processed by the Firm in the course of providing legal, consultancy, and associated services.
2.2 “Personal Data” refers to any information relating to an identified or identifiable natural person, including names, contact details, identification numbers, location data, and other identifiers.
2.3 This Policy is reviewed and updated periodically. Any material updates will be posted on our website and communicated where appropriate.
3. Categories of Personal Data We Collect
Depending on your interaction with us, we may collect:
– Identification data (e.g., name, title, nationality, date of birth)
– Contact information (e.g., phone number, email address, home or business address)
– Verification and compliance data (e.g., passport/ID copies, utility bills, TINs)
– Financial and transactional data (e.g., bank details, payment records)
– Communications and case correspondence
– Technical data (e.g., IP address, device/browser data, website usage)
In limited cases, we may also process special categories of data (e.g., health data, racial or ethnic origin) when legally justified under Article 9 GDPR, including by obtaining your explicit consent.
4. Data Controller Responsibilities
4.1 N. Connor LLC is the data controller. We determine the purposes and means of processing your personal data.
4.2 We follow these principles:
– Lawfulness, fairness, and transparency
– Purpose limitation
– Data minimisation
– Accuracy
– Storage limitation
– Integrity and confidentiality
– Accountability
5. How We Collect Personal Data
We may collect data from:
– Direct interactions (e.g., consultations, calls, emails)
– Website forms and cookies (see Section 12)
– Public sources, regulators, or business partners
– Client referrals or third-party disclosures
If you provide third-party data (e.g., of employees or relatives), you confirm that they have been informed and consented.
6. Legal Grounds and Purpose for Processing
We rely on the following legal bases:
a. Contractual Necessity
– To provide legal or consulting services
– To manage invoicing and payments
b. Legal and Regulatory Obligations
– Compliance with AML laws, sanctions, and regulations
– Maintenance of legal records
c. Legitimate Interests
– Efficient operation and risk management
– Client relationship management
– Internal audits and administration
d. Consent
– For marketing and newsletters
– For processing special categories of data
7. Use of Personal Data
Your personal data may be used to:
– Deliver legal or consultancy services
– Conduct due diligence and compliance
– Issue invoices and process payments
– Fulfil legal or regulatory obligations
– Provide relevant legal updates
– Support business operations and IT systems
8. Your Rights as a Data Subject
Under the GDPR, you have the right to:
– Access – Know what data we hold about you
– Rectification – Correct inaccuracies
– Erasure – Request deletion
– Restriction – Limit data processing
– Objection – Object to processing based on legitimate interests or for marketing
– Data Portability – Transfer your data to another provider
– Withdraw Consent – At any time, where processing is based on consent
You may contact us using the details in Section 16 to exercise your rights. We will respond within legal timeframes.
9. Data Security and Retention
9.1 We implement appropriate security measures to prevent accidental or unlawful destruction, loss, alteration, or unauthorised disclosure or access.
9.2 We retain data only for as long as necessary for the purposes it was collected or as required by law.
10. Sharing of Personal Data
We may share your personal data with:
– Professional advisers (e.g., accountants, consultants, IT support)
– Regulatory or governmental authorities
– Banks and payment institutions
– Courts or opposing parties (where legally required)
Third parties are contractually bound to confidentiality and data protection obligations.
11. International Data Transfers
If data is transferred outside the EEA, we ensure adequate safeguards, such as Standard Contractual Clauses or adequacy decisions.
12. Use of Cookies and Online Tracking
Our website uses cookies to improve user experience and analyse website traffic. Cookies may track usage but do not collect personally identifiable data unless voluntarily provided. See our Cookie Policy for more.
13. Children’s Data
We do not knowingly collect personal data from individuals under 16 years old. If we become aware of such data, it will be deleted.
14. Automated Decision-Making
We do not conduct automated decision-making or profiling that has legal or similarly significant effects.
15. Complaints and Supervisory Authority
If you believe your data has been mishandled, you may file a complaint with us or contact:
Office of the Commissioner for Personal Data Protection
1 Iasonos Street, 1082 Nicosia, Cyprus
P.O. Box 23378, 1682 Nicosia
Tel: +357 22 919456
Email: [email protected]
16. Contact Us
For any inquiries about this Policy or your personal data, please contact:
N. Connor LLC
Email: [email protected]
Website: www.connorlegalllc.com
Tel: +357 22210075
Address: Polyviou Dimitrakopoulou 3, 2nd Floor, Office 201, Nicosia, 1090 Cyprus
Effective Date: 27 April 2023
Last Updated: 10 July 2025