Welcome to the web page of Arsen Theofanidis LLC! Your privacy is important to us.

The present Privacy Notice sets out our step-by-step way of processing personal data, along with the client’s rights regarding that personal data.

In this document, Arsen Theofanidis LLC (hereinafter called “The Firm”), is the data controller of the client’s personal data. Any queries that may arise, regarding this Privacy Notice should be addressed to us in written form.

This Privacy Notice is in accordance with the EU General Data Protection Regulation 2016/679 (“GDPR”) and the governing Laws of the Republic of Cyprus.



We collect your data in the following way :

  1. From information/documents provided to us by you directly
  2. From information/documents provided to us by your company or an intermediary
  3. From our registered written or digital communications with you
  4. From your agents, advisers, intermediaries and custodians of your assets
  5. From public organizations or other third parties
  6. From publicly accessible sources or background checks performed on you
  7. From business cards
  8. From Cookies on our website



  1. Name and contact details
  2. Financial information such as income, expenditure, assets and liabilities, sources of wealth, bank account details etc
  3. Authentication data such as nationality, tax ID number, ID/Passport details, domicile etc
  4. Reference letters
  5. CV
  6. Personal information such as family status or personal circumstances, where appropriate
  7. Information in respect of anti-money laundering legislation
  8. Information regarding your public exposure
  9. Any other information you may provide to us
  10. Information that will help us to offer you the best possible services


  1. Client’s Consent
  2. Performance of a contract
  3. The vital interests of the data subject
  4. The legitimate interests of the Data controller such as network and information security, prevention of fraud etc
  5. Public interest or exercise of official authority


  1. Firm’s Employees acquainted with the GDPR
  2. Service Providers (banks, public authorities, legal, financial institutions) if necessary and appropriate to fulfill the purposes set out above
  3. Firm’s affiliates, partners, agents, sub-contractors
  4. Courts or tribunals
  5. Third parties for event or marketing purposes
  6. Law enforcement agencies, where necessary and appropriate
  7. Regulators or other governmental or supervisory agents with legal right or legitimate interest in the data information
  8. Public registries
  9. International recipients solely for the purposes of executing the services specified in the agreement between the Client and the Firm. International processings are strictly subject to the Client’s explicit consent and they only concern countries approved by the European Commission



  1. The right to be informed
  2. The right of access to their personal data
  3. The right of rectification of their personal data
  4. The right of erasure of their personal data, except for the case of a lawful reason for continued processing
  5. The right to restrict processing
  6. The right to data portability
  7. The right to object
  8. The right no to be subject to automate decision-making such as profiling



The Firm stores all personal data that has been collected, in accordance with the Data Retention Policy. The Firm creates a personal data protection file for each client and retains the file until the purposes for which the data was collected are fulfilled. Upon fulfillment of the purposes, the personal data is guarded in discretion for a maximum period of six (6) years, in accordance with the governing Laws of the European Union and the Republic of Cyprus, and at the expiration of that time period, the file is destroyed.



According to the new legislation, Data Subjects must be able to withdraw their consent any any time with as much ease as giving it. The Data Subjects consent must be :

  1. Freely given
  2. Specific
  3. Informed
  4. Unambiguous
  5. Balanced


Please note that you have the right to withdraw your consent, at any time, by sending us an email to the following email address :



The Firm  might send you marketing newsletter or invitations, regarding our services and legal information that may interest you. Your personal data shall not be shared to any third parties for commercial and marketing reasons. If you wish to receive marketing notifications from us, please contact us  at the following email address :




In the highly unlikely event of a breach of security, leading to accidental or unlawful destruction or/and unauthorized disclosure of data information, the Data Controller of our Firm will send a written notification to the Client concerned and to the the Data Commissioner of the Republic of Cyprus within seventy-two (72) hours from awareness of the breach.

Your security is vital to us and therefore our Firm has created a specific mechanism of breach detection. The measures adopted by our Data Protection Officer are listed down below :

  1. Detection of the Breach
  2. Report
  3. Investigation
  4. Pseudonymisation
  5. Regular testing and evaluation
  6. Procedures of timely restoration of availability and access in case of a technical accident



Our Data Protection Officer (“DPO”) is the Firm’s agent responsible to collect and process the personal data provided by our Clients.

You can contact our DPO at the following email address :



For any complaints you may also contact the Data Commissioner of the Republic of Cyprus at the website listed down below :




The present Privacy Notice is subject to change, according to the Laws relating to privacy and personal data. Any updates will appear on our Firm’s website.


This Privacy Notice was last updated on  the 26th of June 2019..