Privacy Policy


1. Consulco Law Policy Statement

At Consulco Law («we», «us», «our») the protection of your personal data is a top priority. Keeping your data secure and private is part of our philosophy for delivering high standards of services. These values are the cornerstone of our corporate culture and for this purpose it is our commitment to process your personal data as follows:

This privacy notice describes how we process your personal data during and after the provision of our services, in accordance with the EU Regulation 2016/679 for the protection of natural persons with regard to the processing of personal data and on the free movement of such data («GDPR»), and related Cyprus Laws, and it applies to personal data provided to us, both by yourself or by third parties.

Consulco Law offers a wide spectrum of services through a number of affiliate companies, and any reference to our company’s services in this privacy notice includes the operations of our affiliate companies. 

We will work closely with you and third parties, where appropriate, to ensure that all statutory requirements and our policies dealing with personal data protection, strike an effective balance between your personal interests and the legitimate interests of our company as a service provider.

During the course of providing our services, we will collect, use, store, distribute and generally process your personal data. All data users within our company are obliged to comply with the provisions of this privacy notice and our internal data management and protection policies when processing your personal data.


2. Identity and contact details of the Data Controller and Data Processing Officer

  (a) Data Controller

Consulco Law Limited, a Cyprus private limited liability company, having registration number HE58332, is the «Data Controller» pursuant to the GDPR, and related Cyprus Laws, and determines how your personal data is kept and processed. 

The main establishment and the central administration of the Data Controller is situated at 73 Metochiou Street, 2407, Engomi, Nicosia, Republic of Cyprus.  

  (b) Data Processing Officer («DPO»)

We have designated a Data Processing Officer («DPO»), who is responsible to monitor compliance with this notice as well as the applicable Laws and liaise with the Cyprus Supervisory Authority, namely the Office of the Commissioner for Personal Data Protection.

The DPO may be contacted directly with regards to all matters concerning this notice and the processing of your personal data including the enforcement of all applicable and available rights. 

Official requests may be made by post at 73 Metochiou Street, 2407, Engomi, Nicosia, Republic of Cyprus, or electronically at

3. The kind of information we hold about you

Consulco Law, as a licensed administrative services provider, collects and processes the minimum and a specific set of personal data allowing the company to comply with its contractual and statutory obligations.

To the same end we may obtain personal data concerning you from publicly available and accessible sources, as well as from other sources such as credit reference agencies, data intelligence databases and internet search engines. Should this be the case, you will be informed accordingly.

In addition to the above, the categories of personal data which may be processed include the following:

Should there be a need to further process the personal data for a purpose other than that for which they were initially collected, you will be informed about the additional purpose and the relevant details in respect to the further processing. 

When required by law or with your express consent we may collect special categories of personal data. Pursuant to the definition given by the GDPR, these data may include racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, the processing of genetic data, biometric data, data concerning health, sex life or sexual orientation and criminal records. 

4. How we will use your personal information

The purposes for which our company will process your personal data include:

  (a) Providing the requested services

Based on the requested services, we use the respective personal data in respect of providing our professional services.

  (b) Administration / Management / Business development

Personal data is used by us for the purpose of managing the business relationship with you, developing our business operations and services, including the provision of statistical analysis, and also archiving and IT backup and security purposes.

  (c) Provide information about our services

Subject to your approval and consent, we will provide you with information on the company’s range of services, including commercial information and newsletters on a variety of related and associated operations.

  (d)Compliance purposes

Our company is subject to legal and regulatory compliance obligations. Thus, your personal data will be used to carry out a compliance and risk assessment of your profile and activities to certify that our company is not statutorily prevented from providing to you the requested services.

The personal data we have collected on you will be shared with fraud prevention agencies who are dedicated to fraud and money laundering prevention and identity verification services. Fraud prevention agencies may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime. 

As part of the above compliance requirements and applicable laws, our company may be required to disclose specific personal data to supervisory and governmental authorities.    

  (e) Automated decision – making / profiling

We may use an automated decision making system to evaluate, analyse and assess whether you pose a fraud or money laundering risk, and our ability to provide the services in question prior to or after having entered into a contract with you. You have the right to contest any such decision by means of requesting human intervention, express your point of view and enquire on how such decisions are made, their significance and consequences.

(Some of the above grounds for processing overlap and there may be several grounds which justify our use of your personal data).

The basis for collecting your personal data would be your express written consent (where applicable), our mutual rights and obligations governing our agreement to provide the requested services and the performance of that agreement, our legal obligation to comply with the rules and regulations under the relevant applicable laws and our company’s legitimate interest in delivering our professional services as required by law. We also have a legitimate interest in preventing fraud and money laundering in order to protect our business and to comply with laws that apply to us.

If you fail to provide information upon request or if fraud is detected, we shall not be able to enter into a contract or perform the contract we have entered into with you as we shall be prevented from complying with our statutory obligations. 

We may request your written consent for processing special categories of data. If we do so, we shall provide you with full details of the information needed and the purpose, so that you can carefully consider whether you wish to consent. You should be aware that agreeing to any request for consent from our company is not a condition to enter any services agreement with us.

We reserve the right to make backup data files and hold secure multiple copies of personal data (including any electronic copies), in order to protect our company’s interests in the event of data loss.  

Should there be a need to further process your personal data, for a purpose other than that for which they were initially collected, you will be informed accordingly.

5. Recipients and Users of personal data

We will only use your personal data for the purposes mentioned above, for performing our commercial agreement and for legitimate purposes. Your data may be processed through our secure computer network systems and accessed only by authorised users and employees within our company.

6. Third Party Processors

Data processing may be carried out on behalf of us by third party data processors, pursuant to written and express authorisation for specific purposes contained in the relevant authorisation. We have taken all necessary steps, including the implementation of appropriate legal, technical and organisational measures, to ensure that the data processing meets all applicable statutory requirements, thus safeguarding your rights.  

7. Transfer of personal data to third countries or international organisations

Our company operates within the European Union (EU), the European Economic Area (EEA) and other third countries, and therefore your personal data or part of them may have to be transferred overseas. 

We have taken all reasonable steps to ensure that personal data is provided with adequate protection based on international protection frameworks and that all transfers of data are conducted pursuant to our written agreements and the supervisory authority’s guidelines (if required) and/or other legal and/or regulatory requirements. 

8. Data Retention policy

We will only retain your personal data for as long as it is required to fulfil our contractual obligations and any legal, accounting, tax, reporting and/or other statutory obligations. 

Where no such contractual or statutory obligation applies, it is our policy to keep the personal data for 6 (six) years after the provision or termination of the requested services.

The personal data processed for marketing and/or other commercial purposes shall be kept with us until you notify us that you no longer wish for it to be used for such purpose.   

9. Security

Here at Consulco Law, security of your personal data is taken very seriously. For both hard and electronic copy processing we have data management systems which are periodically updated in accordance with technological development and a framework of multilevel security policies to hold data confidential and secure. Security measures have also been taken to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. 

Moreover, we have procedures to deal with suspected data security breaches or threats and should a breach ever materialise, you will be notified accordingly, along with the supervisory authority, if we are required to do so. 

More information on our security framework is available upon request. 

10. Children’s data

We respect the importance of protecting children’s personal data. Personal data concerning children shall only be collected upon receiving their parents’ or legal guardian’s consent or unless otherwise permitted by law.

Our company will not use children’s personal data to make solely automated decisions on them, nor for marketing or other related purposes.   

For the purposes of this privacy notice, «children» are individuals who are under the age of 18 (eighteen) years old.  

11. Your rights in connection with personal data

You enjoy a number of rights relating to the processing of your data. Any personal data related requests shall be processed within reasonable time and in any case within 1 (one) month from the signed written request. This period of time may be extended under certain circumstances by further 2 (two) months.

You will not have to bare any cost to exercise any of your rights. We may though charge a reasonable fee should your requests be clearly unfounded or excessive, due to their repetitive character, or refuse to comply with such request.  

We may request specific information to assist us confirm your identity and ensure your capacity to enforce your rights. This is part of our security measures to certify that personal information is not disclosed to any person who has no right to receive it. 

Save for any statutory provisions to the contrary, the rights available to you by law are the following:

  (a) Right of Access 

You have the right to enquire and obtain information from us, as to whether or not your personal data is being processed, including information on the purposes and legal standing of the processing, the categories of data, the recipients or group of recipients and where possible, the envisaged period for which the personal data will be stored.

Where applicable, you may also enquire in respect of any transfer of personal data to a third country or international organisation as well as to obtain more information about our existing security measures / safeguards governing such transfer.  
(b) Rectification / Amendment 

 We aim in having up-to-date personal data kept in our records. Any inaccurate or incomplete personal data may be updated or rectified pursuant to a formal request.   

  (c) Right of erasure («right to be forgotten») 

 Save for any limitations provided by express legal or regulatory provisions, including our policies for data retention, you have the right to request your personal data to be erased from our database, should any of the following occur:

   (d) Restriction of data processing 

 Provided that no statutory exceptions apply, should any of the following apply, you have the right to request from us to restrict the further processing of your personal data:

  (e) Right to object / withdraw consent

Where the personal data processing is based exclusively on consent, you have the right to request from us to withdraw such consent at any given time and object to the further processing. Such withdrawal will not affect the lawfulness of any data processing based on that ground prior to your withdrawal. 

Upon receiving you request, we will no longer process your information for the purposes you originally agreed to, unless another legal basis exists, or for the establishment, exercise or defence of legal claims.

Should there be a distinct processing operation based on consent, we will take all necessary steps to ask for your separate consent. 

The right of objection may also be exercised against the receipt of commercial / marketing information and materials. 

  (f) Right of portability 

In case the processing is based on consent or for the performance of a contract, where personal data is processed by automated means, you have the right to receive the personal data in a structured, commonly used and in a machine-readable form. Where it is technically feasible, you have the right to request the personal data to be transmitted directly from one data controller to another; thus, from one organisation to another. 

Subject to any statutory requirement, the right of portability does not extend to personal data produced by us, such as activity registry or other results of algorithmic analysis.  

12.Changes to the Privacy Notice

We reserve the right to amend or update this privacy notice at any time, and you will be informed when this shall take place. We may also notify you in other ways from time to time about the processing of your personal data.


Complaints relating to the processing of any personal data may be communicated directly to the DPO, either by post at 73 Metochiou Street, 2407, Engomi, Nicosia, Republic of Cyprus or electronically at

Complaints may also be lodged before the Office of the Commissioner for Personal Data Protection, by post at 1 Iasonos Str. 1082, Nicosia, Republic of Cyprus.


This cookie policy is part of our company’s privacy notice.

Our website uses cookies to improve our website’s performance and to enhance your browsing experience. Certain areas of our website also use cookies to understand more about you, so we can offer you a more personalised browsing experience.

What are cookies:

Cookies are small text files that are placed on your computer by the websites that you visit. They are widely used in order to make websites work, or work more efficiently as well as to provide information to the administrators and hence the owners of the website. The use of cookies is now standard for most websites.

All visitors to a website with cookies must have access to information stating that the website contains cookies and the purpose for which cookies are used. Visitors must also approve such cookies being used. If you are uncomfortable with the use of cookies, you can manage and control them through your browser, including removing cookies by deleting them from your «browser history» (cache) when you leave the site. In that case you may find other functionality in the website impaired.  

Types of cookies:

«Session» cookies remain in your browser during your browser session only;

«Persistent» cookies remain in your browser after the session (unless deleted by you);

«Performance» cookies collect information about your use of the website, such as web pages visited and any error messages; they do not collect personally identifiable information, and the information collected is aggregated such that it is anonymous. Performance cookies are used to improve how a website works.

«Functionality» cookies allow the website to remember any choices you make about the website or enable services.

Use of cookies:

The following table explains the way in which our company uses cookies on this website.

By using this website, you agree that we can place the following cookies on your computer and/or device for the stated purposes: 

Cookie Name
 Google analytics
 3rd party
 Google analytics
 3rd party
 Google analytics
 3rd party
 Google analytics
 3rd party
 Google analytics
 3rd party
1st party

Analytics Tools for the Website:

On this website the web analytics tool Google Analytics is used to get an overall picture of how visitors use the site. Google Analytics uses cookies to collect information in an anonymous form (aggregated) about how visitors use the website, for example, the number of page views, how visitors have arrived at the website, and the number of visits. 

The purpose is to help us improve the usability of the website. The information generated through your website usage is redirected to and stored by Google Inc. This site uses IP Anonymization in Analytics. The IP anonymization feature in Analytics sets the last octet of IPv4 user IP addresses and the last 80 bits of IPv6 addresses to zeros in memory shortly after being sent to the Analytics Collection Network. The full IP address is never written to disk in this case.