Introduction
FSMO Corporate Services Limited, a company number HE384623, registered in Cyprus is licensed by the ICPAC to provide accounting, tax, auditing and fiduciary services in accordance with license no. E1042/A/2018.
This privacy policy explains how we use any personal information that we collect about you, as a client or associate of FSMO Corporate Services Limited.
How we use personal information about you
FSMO Corporate Services Limited takes the protection of personal data extremely seriously and we always strive to ensure that, at all times, it is protected with appropriate procedural, organisational and technical measures, and that data is only collected and used for appropriate and legitimate purposes.
FSMO Corporate Services Limited will only use your personal information to provide the services previously agreed with you in the Letter of Engagement and any supporting Schedules. We will only use this information in accordance with your instructions and current data protection regulations.
We may receive personal information from you that falls into the category of sensitive personal data, required in order to complete money laundering checks. This information will only be used for the purpose of preventing money laundering and terrorist financing, by any express consent from you, or as otherwise required by law.
What personal data we may collect about you
FSMO Corporate Services Limited is bound by the requirements of the General Data Protection Regulation (GDPR). As a client of FSMO Corporate Services Limited, we may need to ask for personal information about you, your family, partners, associates and employees. Depending on the services agreed to in the Letter of Engagement, this data may include:
- Personal information including addresses, contact details, date of birth, marital status, national insurance numbers and tax references.
- Any sensitive personal details required to satisfy money laundering requirements.
- Bank account details.
- KYC and AML procedures.
- Accounting information.
- Payroll information.
- Pension details.
How will this data be processed?
Personal information is only processed by FSMO Corporate Services Limited in accordance with the services previously agreed in the Letter of Engagement and supporting Schedules with you. For example, this might include but may not be limited to:
- Bookkeeping.
- Tax returns.
- Accounts preparation.
- Payroll.
- Audit.
- Nominee directors and secretarial services.
Please note that we may also process some of this personal information for the following purposes:
- Updating our client records system.
- Analysis for management purposes.
- Statutory returns.
- Legal and regulatory compliance.
- Crime prevention.
How long we keep your data for
We will typically hold your personal information for 7 years after the closure of your account in line with regulatory data retention requirements. Data may be retained longer than 7 years if required for legal purposes, for an on-going litigation (litigation hold), or where explicitly requested by you.
Sharing and transmitting personal data
FSMO Corporate Services Limited will NEVER sell, rent, share or disseminate any of the controller’s data to any third party, except where necessary in order to provide the services agreed in the Letter of Engagement.
Your personal data may be transferred to appropriate third parties as follows:
- HMRC for the purpose of complying with statutory requirements, e.g. filing tax returns, VAT returns, social insurances returns, bank reporting and real-time reporting.
- Registrar of companies for the purpose of statutory company reporting.
- To and from any of your cloud based systems such as accounting and invoicing platforms.
- Mortgage companies and landlord reference check agencies but only with your consent.
- Any other accountancy practice but only with your written consent.
We may occasionally need to transfer your personal data to one of our software providers, where the data has become damaged and needs to be repaired. In these circumstances we will always request permission from you and ensure that the data is transferred in a secure and encrypted form.
How we communicate with you
FSMO Corporate Services Limited may contact you using telephone numbers, email addresses or addresses ‘volunteered’ by you as part an initial communication with FSMO Corporate Services Limited, or provided when agreeing services in the Letter of Engagement.
We may occasionally send text messages to your mobile phone number, but this will only be in relation to services agreed with you. These texts will never contain your personal details and will never be used for marketing purposes.
We will only send text messages to your mobile if you specifically agree to receive them.
We may also occasionally use your personal information to send you relevant information about third parties that we think you may be interested in. For example, we may send details about tax investigation insurance policies. However we will never send your details to these third parties without your express permission.
We will only send you these types of communications if you specifically agree to receive them.
Security of Data
FSMO Corporate Services Limited is committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure we have put in place various physical, electronic and managerial procedures to safeguard and secure the information.
Right of access to data about you
GDPR gives you the legal right to access personal data about you that is held by FSMO Corporate Services Limited. It allows you to check the lawfulness of any data processing, to ask for incorrect data to be changed, and for data about you to be erased (within any legal or regulatory constraints).
We have appointed a Data Protection Officer who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the Data Protection Officer using the details set out below.
Contact details
Our full details are:
• Full name of legal entity: FSMO Corporate Services Limited
• Name or title of Data Protection Officer: Constantinos Moullotos
• Email address: cm@fsmocy.com
• Postal address: Agiou Andreou 302, Office A, 3035 Limassol, Cyprus
You have the right to make a complaint at any time to the relevant data protection supervisory authority. We would, however, appreciate the chance to deal with your concerns before you approach the supervisory authority so please contact us in the first instance.
Changes to our privacy policy
We regularly review this GDPR privacy policy. Any changes will be applied to the GDPR section on our website and to our office at Agiou Andreou 302, Office A, 3035 Limassol, Cyprus, with ‘material’ changes being communicated directly to you at our next opportunity.
Glossary of Terms
Personal Data
Personal data refers to any information that could identify an individual, or when combined with other accessible data, could make that person identifiable. This may include (but is not limited to):
- Names and contact information, for example emails, addresses and telephone numbers.
- National Insurance Numbers.
- Employment history.
- Employee numbers.
- Credit History.
- Banking details.
- Personal tax.
- Payroll and accounting data.
Sensitive Personal Data
Sensitive personal data may include:
- Convictions.
- Biometric data such as the photo in an electronic passport.
Data Controller
For the General Data Protection Regulation (GDPR), the term ‘data controller’ refers to the person or organisation that determines what data is required and controls how this personal data is processed.
In this instance, the data controller is FSMO Corporate Sercices Limited. The data protection officer is Constantinos Moullotos, Assurance Director who can be contacted at cm@fsmocy.com.
Data Processor
For GDPR, the term ‘data processor’ refers to a person or organisation which processes personal data for the data controller. In the case of FSMO Corporate Services Limited, this is likely to include HMRC, Companies House and pension providers.
Data Processing
Data processing is any operation performed upon personal data both manually and via an automated system. Example may include: collecting, recording, transmitting, storing, altering, using, disclosing, disseminating, erasing and destruction.
Keeping your personal data secure
Measures in place to ensure the safety of personal data.
Article 32 of the GDPR obliges data controllers and data processors to implement the technical, physical and organisational measures necessary to ensure an appropriate level of security in relation to data processing.
We have set out the below physical, technical and organizational security measures in place to ensure the safety of personal data processing:
Physical security measures
• Keeping offices and storage units locked;
• Only authorised persons have access to personal data;
• Personal data are locked in the cabinets if the authorized person is away from his desk;
• Keeping server rooms or cabinets locked;
• Cabling desktop machines and laptops to desks;
• Implementing clean desk policies;
• Ensuring that shredders are in place and that they are functioning correctly;
• Ensuring that fire alarms are in place and that they are functioning correctly;
• Ensuring that ICT equipment such as hard drives and old laptops, computers and mobile devices are securely disposed of at end of life;
• Conducting periodical audits of the above measures.
Technical security measures
• Ensuring that all computing devices such as PCs, mobile phones, and tablets are using an up-to-date operating system;
• Encryption of data;
• Ensuring all computing devices are regularly updated with manufacturer’s software and security patches;
• Using antivirus software on all devices;
• Implementing a strong firewall;
• Ensuring data backups are taken and are stored securely in a separate location;
• Ensuring that data backups are periodically reviewed and tested to ensure they are functioning correctly;
• Ensuring that data is collected and stored securely;
• Ensuring that two-factor authentication is enabled for remote access;
• Email disclaimer paragraph;
Organisational security measures
• Communicating the importance of company data and all the measures they can take to protect it to employees;
• Conducting ongoing staff training on data protection;
• Documenting data collection and retention policies;
• Ensuring the use of strong passwords by having a password policy in place that is enforced;
• Ensuring remote access is supported by a remote access policy;
• Documenting data back-up policies;
How to complain
We hope that we can resolve any query or concern you may raise about our use of your information.
The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in Cyprus is the Commissioner of Personal Data Protection who may be contacted at http://www.dataprotection.gov.cy/dataprotection/dataprotection.nsf/All/2FBD2ACD407DEFE8C22582B9002E7019.
How to contact us
Please contact us and/or by post, email or telephone if you have any questions about this privacy policy or the information we hold about you.
Frequently asked questions
To help you understand the basic principles of Data Privacy Law and address some of the common questions that arise with regard to the protection of your personal data, please contact our Data Protection Officer at cm@fsmocy.com