PANAGOS & PANAGOS LLC respects your privacy and is committed to protecting your personal data. This privacy policy sets out how we process and use the personal data we collect from you, or that you provide to us. It also describes the privacy rights you have and how the law protects you.

This policy is established by PANAGOS & PANAGOS LLC, a lawyer’s limited liability company registered in the Republic of Cyprus and by PKGP SERVICES LTD.

Should you have any queries or if you want to exercise your legal rights, do not hesitate to contact us using the details set out below:


14 Promitheos,
1st floor,
1065 Nicosia, Cyprus.
Tel:  (+ 357) 22 671671

Please read this policy carefully, together with any other notices we may provide from time to time in order for you to understand our policies and practices regarding your personal data when:

(a)  you are using our website;

(b)  you are calling us;

(c)  we provide services to actual or prospective clients;

(d)  suppliers and service providers provide products and services to us;

(e)  guests or others visit any of our offices;

(f)  we interact with any entity, including representatives, directors, direct or indirect shareholders, beneficial owners and other stakeholders of client organisations;

(g)  you take part in legal proceedings, transactions etc;

(h)  we process the personal details of all the employees and staff of all the entities abovementioned.

Please also note that by reaching out to PANAGOS & PANAGOS LLC, whatever the way and means used, we may collect and process personal data that relates to you.

This policy shall apply whenever you communicate with us, whatever the method or medium used and that during any such communication you acknowledge that you have read, understood and agreed to be bound by this policy. You also acknowledge that you have read and understood any terms of use that apply to our website and agree to be bound by them.

If you reach us, it forms a valid consent to any and all processing of data as described and detailed in this policy. You may withdraw your consent at any time, unless it is prohibited by any applicable legislation, and request that we cease to process your data and/or delete it, although this will not affect the validity of any earlier processing. Please note that we may also process your personal data on other legal basis.

If you do not consent or fail to provide some of the necessary personal data to us, you must not use our websites and we may not be able or decline to provide you with our services.
Please note that, this website is not intended for children and we do not knowingly collect data relating to children.



A “controller” is an entity who alone or jointly with others determines the purposes for which, and the manner in which, any personal data is, or is likely to be, processed. This policy is established on behalf of PANAGOS & PANAGOS LLC as controller. For the purposes of this policy PANAGOS & PANAGOS LLC and PKGP SERVICES LTD are controllers. Unless we notify you otherwise, we are the controller for your personal data.



Personal data includes any information about an individual from which that person can be identified directly or indirectly, but not where the identity has been removed. Special categories of personal data include details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. In limited circumstances PANAGOS & PANAGOS LLC collects special categories of personal data about you as it is described in detail below.

PANAGOS & PANAGOS LLC collects information about criminal convictions and offences if it is required to do so for legal or regulatory purposes (for example, where required pursuant to anti-money laundering laws) or where you consented for a specific service we are providing.

We may collect, use, store and transfer different kinds of personal data about you as follows:

(a) Personal Information: including your fist name, middle name, maiden name, surname, marital status, title, photographic identification, nationality, date of birth, gender, relationship to a person, position, role, company or organization, employer, copy of passport or national identity, utility provider details, bank statements;

(b) Contact Information: including your billing address, delivery address, email address, telephone number(s) (including mobile phone number(s) where provided) fax numbers and any data for communication purposes);

(c) Financial and transaction information: including bank account and payment card details, payment related information and financial information required for anti-money laundering or compliance purposes and in general details of payment from and to individuals;

(d) Usage information: includes information about your use of our website, our networking facilities and other electronic services;

(e) Technical information: includes data obtained when you access our website, your IP address, login data, browser type and version, time zone and location, browser plug-in types and versions, operating system and platform and in general the technology on the devices you are using;

(f) Business information: data identifying you in relation to matters on which you instruct us or in which you are involved;

(g) Payment details: billing address, payment method, bank account number, accountholder name, account security details, invoice records, payment records, SWIFT details, IBAN details, payment amount, payment date, records of cheques;

(h) Identification and background information provided by you or collected by us as part of our business acceptance processes, anti-money laundering and compliance obligations;

(i)  Information from publicly available sources;

(j)  Cookies, website and other information of other tracking tools: includes information used by this Website or by the owners of third-party services used by this Website which serves the purpose of providing the service required.

(k) Information in connection with investigations or proceedings: where this is necessary to provide our services to you;

(l) Personal information provided to us by or on behalf of our clients and partners or generated by us in the course of providing services, which may include special categories of data. Special category data in the EU refers to sensitive data such as your racial or ethnic origin, religious beliefs or health data;

(m) Professional information: including job title, email address, phone number and address;

(n) Consent records: records of consents given to us and any related information;

(o) Supplier information: contact details and other information about the supplier who provides services to PANAGOS & PANAGOS LLC;

(p) Special categories of data: if permitted by national or EU legislation and appropriate to do so, such as existence of prior criminal offences (or confirmation of clean criminal record), for legal and regulatory purposes;

(q) Any information that you may provide to us, such as health personal data, if required in order to be able to provide legal and other services to you e.g. to file legal proceedings for you.

We take all necessary measures to ensure that your personal data processed is limited to the specific client services we are providing.

We do not process data about children, only when we act for you in relation to certain private matters or only where necessary for the specific client services we are providing.

It is important that the personal data we hold about you is accurate and up to date. Please keep us informed if there is a change when we are acting for you by communicating all changes to Note that we will not be responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete personal data that you provide to us.

If you fail to provide us with the personal data required by law or under the terms of a contract we have with you or for the specific services we provide, we may decline to provide or receive the relevant service.



We may collect or obtain your personal data in different ways including the channels set out below:

Direct communication: Information is given to us by you in your direct interactions with us. Such personal data includes all the information abovementioned. Such direct communication includes, for example, instances when you:

(a) file a form on our website;

(b) correspond with us by email or post through;

(c) speak to us in person or over the telephone, or whilst visiting our offices;

(d) seek our services;

(e) provide services to us;

(f) give us personal data necessary for a specific service;

(g) instruct us to provide a service for you and we are performing it;

(h) instruct us and we are obliged to carry out our “know your client” processes and other background checks;

(i) give us your business card, or otherwise personally give us your personal data;

(j) make information public;

(k) or your organisation seek legal advice or services from us;

(l) make information available to public or regulatory or governmental or other authorities, registers, sources, records and services, accessible on internet or not (for example, Companies Registrar in the Republic of Cyprus).

It is significant to understand that we may create personal data about you, such as records of communication and interactions with us.

We also obtain information about you from third parties. This may happen, when we provide our client services or when other parties share with us your personal data to enable the provision of those service, when we conduct our “know your customer” and other background checks or when you share your personal data with a third party for the purpose of sharing it with us.



We use your personal data in the following circumstances:

(a) performance of a contract/agreement: when we are obliged to perform a contract which we are about to enter into or have entered into with you as a party or to proceed at your request before entering into such a contract;

(b) provision of our services: when processing is necessary in connection with your instructions or to provide legal advice or other services;

(c) legal or regulatory obligation: when it is required by national or EU legislation or regulation we are subject to;

(d) legitimate interests: when it is necessary to safeguard the interests of PANAGOS & PANAGOS LLC (or those of a third party), provided that your fundamental rights and freedoms do not override such interests. For example when we are dealing with our business and relationship with you, when we are responding to inquiries and feedback, when we are improving our services, when we are enforcing the terms and conditions of our engagement and website, when we are promoting or ensuring security of our premises, IT and communication systems and when we are collecting debts that are unpaid and

(e) consent: where you have provided your consent, provided that you have not withdrawn it at any later stage.

Please note that we will not process your personal data for activities where our interests are overridden by your interests, unless you consented, or it is permitted or required by the relevant legislation.

We will use your personal data for the following purposes:

(a) providing legal advice and other services;

(b) managing and administering our relationship with you, your company or organisation including keeping records about business contacts, services, billing and collection, and payments; operating and managing our website and services provided to you, communicating and interacting with you and notifying you of any changes to our website or services;

(c) communicating with you through the phone, fax, emails, and any other form of communication to keep you posted of legal developments;

(d) carrying out know your client (KYC) checks and confirming and verifying your identity;

(e) carrying out client due diligence checks in order to ensure that clients and contacts are genuine. This kind of checks is necessary to prevent fraud or crime;

(f) providing security, monitoring and protection to our premises, information assets and technology platforms from unauthorised access or usage;

(g) compliance with our legal and regulatory obligations including record keeping obligations, compliance screening, anti-money laundering and sanctions checks and reporting to and being audited by regulatory bodies. We are also obliged to comply with court orders, applicable law and other legal and regulatory requirements and obligations

(h) exercising or defending legal claims or proceedings;

(i) detecting, preventing and investigating any form of fraud;

(j) managing and administering the payment of our fees;

(k) managing suppliers who provide services for our benefit, including but not limited to processing payments, accounting auditing billing and collection;

(l) managing and administering our IT systems and ensuring that we have adequate security measures in place;

(m) pursuing our legitimate business interests as aforementioned.

Your personal data is processed only for the purposes abovementioned, unless we reasonably believe that we have to process it for another reason, which is compatible with the original purpose. If you wish to receive further information about the new purpose, please contact us.

If it is necessary to process your personal data for another purpose that does not relate to the purposes described, we will notify you and provide an explanation accordingly.



We may have to disclose and share your personal data with other entities as set out below:

(a) PANAGOS & PANAGOS LLC may share your personal data with PKGP SERVICES LTD, including their management, lawyers, staff and contractors in order to provide legal or other services and for administrative, billing and other business purposes;

(b) in certain occasions we may collect your personal data in the course of providing our services to any of our clients, therefore, we may disclose it to that client and where permitted by law, to others for the purpose of providing those services;

(c) where required, we share your personal information with certain trusted third parties which provide services to us for the normal working of our business. For example, we may disclose information to our professional advisers, auditors, bankers, accountants and insurers providing consultancy, legal, banking, audit, accounting or insurance services to us, suppliers and processors to whom we outsource certain support services, IT service providers, software providers and communication suppliers. All necessary measures to protect the confidentiality and security of the personal data are taken in such circumstances;

(d) where required by third parties which provide services to you or your organization and we are requested by you or your organization to do so;

(e) we may share your personal data with any person or entity to whom we are required or requested to make such disclosure by any court of competent jurisdiction or tribunal or by any regulatory authority, law enforcement agency or similar body;

(f) we may share your personal data with law enforcement bodies and regulators, such as courts, tribunals, or other competent authorities in accordance with legal requirements or to exercise or defend a legal claim;

(g) any party as required in connection to legal proceedings;

(h) in certain circumstances, personal data will be shared with your company or organisation when we are providing legal, administrative, corporate, trust and other services;

(i) screening service providers, financial institutions and regulatory bodies: in order to comply with legal obligations in relation to the prevention or protection of crime, fraud, anti-money laundering, sanctions screening and other required checks;

(j) registrars of public records, when we have a legal obligation to proceed with any registration in public records.

(k) when personal data is passed to us for recruitment activities, we will only use this personal data to contact you or in any other way which may you have requested.

Please note that, we will not disclose your personal data to any other party, unless you give us specific instructions or permission or we are required by applicable law or regulations or judicial or official authorities to do so, or to investigate actual or suspected fraudulent or criminal activities.

If you provide personal data to us about other people (such as your customers, employees and shareholders), you shall ensure that you have the right to do so, that we are permitted to collect, use and disclose that personal data as described herein and that the individual concerned is aware of our private policy.



We shall not transfer your personal data outside the European Economic Area (EEA), except as abovementioned.

Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it. This means that:

(a) we may transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission,

(b) we may use specific contracts approved by the European Commission which give personal data the same protection it has within the EEA; and

(c) where we use providers based in the US, we may transfer personal data to them if they are certified under the EU-US Privacy Shield which requires certified providers to have in place and maintain a similar level of protection to the personal data as if it was processed within the EEA.



Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, PANAGOS & PANAGOS LLC has implemented appropriate technical and organizational security measures, as it is required by the relevant legislation, in order to prevent your personal data from being accidentally lost, altered, disclosed, used or accessed in an unauthorized way.

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk of processing, including:

(a) the pseudonymisation and encryption of personal data;

(b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;

(c) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; and

(d) a process for regularly testing, assessing and evaluating the effectiveness of
technical and organisational measures for ensuring the security of the processing.

(e) those who have access to personal data, or that are involved in the processing of personal data, are trained and informed of their rights and responsibilities in when processing personal data.

There are in place procedures to deal with any suspected personal data breach and you or any authority will be immediately notified if there is a breach and it is required to do so.



Personal data may be kept on our personal IT systems, those of our contractors or in paper files.

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or regulatory reporting requirements.  We will, in particular, retain your personal data where required to assert or defend against legal claims until the end of the relevant retention period or until the claims in question have been settled.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.



Under certain circumstances, you have rights under data protection laws in relation to your personal data. If you would like to exercise, or discuss any of these rights, please contact us.

According to the relevant legislation you have the right to:

(a) request access to your personal data, provided that we are processing your data. In such case, you have the right to receive a copy of the personal data we hold about you and certain other information about it;

(b) request correction of your personal data if it is incomplete or inaccurate, though we may need to verify the accuracy of the new data you provide to us;

(c) request erasure, meaning that you are entitled to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Please note that we may not always be able to comply with your request for erasure, for specific legal reasons which will be notified to you, if applicable, at the time of your request. One example is where the personal data is required for compliance with law or in connection with claims;

(d) object to processing, where we are processing your personal data based on legitimate interests (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms.  However, we may demonstrate that we have compelling legitimate interests to process your information which override your rights and freedoms;

(e) request restriction or suspension of processing of certain of your personal data, in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds or a legal obligation to use it;

(f) request transfer of certain of your personal data to another party;

(g) withdraw consent at any time;

(h) right to complain to the supervisory authority in Cyprus, the Office of the Commissioner of Personal Data (www.

We try to respond to all legitimate requests within one calendar month. Occasionally it may take us longer than one calendar month if your request is particularly complex or you have made a number of requests. In this case, we will notify you.



In our communication, you may find different kinds of links to and from the websites of others. The treatment of your personal data by such websites is not our responsibility.



This privacy policy was last updated in May 2018. If there is any change in the legal framework, which is important, this policy will change accordingly.