+357 99 086085 · office@prestigeconsultants.net
Mon – Fri  09:00 – 18:00
GDPR Compliant

Privacy Policy

How Prestige Business Consultants Ltd collects, uses, and protects your personal data — in full compliance with the EU General Data Protection Regulation (GDPR) and Cyprus data protection law.

Last updated: 1 January 2026
GDPR & Cyprus Law 125(I)/2018
01

Data Controller

This Privacy Policy applies to Prestige Business Consultants Ltd, a company registered in Cyprus (the "Company", "we", "us", or "our"), acting as the data controller in respect of the personal data we process.

Prestige Business Consultants Ltd

str. Christaki Kranou 44, Limassol 4042, Cyprus

Email: office@prestigeconsultants.net

Tel: +357 99 086085 / +357 25 044083

02

Information We Collect

We collect personal data in the following ways:

Information you provide directly

  • Name, surname, email address, and phone number submitted via our contact or consultation request forms
  • Company name, registered address, and business activity details provided for company formation or corporate services
  • Passport or ID copy, proof of address, and other identity documents required for KYC / AML compliance and immigration applications
  • Financial information required for bank account opening assistance or tax advisory engagements
  • Correspondence, enquiries, and instructions you send to us by email, phone, or in person

Information collected automatically

  • IP address, browser type, device type, and operating system when you visit our website
  • Pages visited, time spent on the site, and referring URL (via analytics cookies)
  • Approximate geographic location derived from IP address

We do not collect or store sensitive categories of personal data (such as health data, biometric data, or political opinions) unless strictly required for a specific service you have engaged us for and with your explicit consent.

03

How We Use Your Data

We use the personal data we collect for the following purposes:

  • Responding to your enquiries and providing you with a free consultation
  • Performing the professional services you have engaged us to provide — including company formation, immigration applications, bank account opening, real estate transactions, and tax advisory
  • Complying with our legal and regulatory obligations under Cyprus and EU law (including anti-money laundering and know-your-customer requirements)
  • Communicating service updates, status notifications, and relevant regulatory changes that may affect you
  • Sending marketing communications about our services, events, and publications — only where you have consented or where we have a legitimate interest and you have not opted out
  • Improving and maintaining the functionality and security of our website
  • Analysing website usage data (in aggregated, anonymised form) to improve user experience
04

Legal Basis for Processing

Under the GDPR (Regulation (EU) 2016/679), we process your personal data on the following legal grounds:

  • Performance of a contract — where processing is necessary to provide the services you have requested or to take steps prior to entering into an engagement with us
  • Legal obligation — where processing is required to comply with our obligations under applicable law, including Cyprus AML Law 188(I)/2007 and related EU directives
  • Legitimate interests — where processing is necessary for our legitimate business interests (such as improving our services, fraud prevention, and direct marketing), provided those interests are not overridden by your rights
  • Consent — where you have given clear, freely given, specific, informed, and unambiguous consent, for example for marketing communications or the processing of sensitive data

You may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

05

Data Sharing & Third Parties

We do not sell or rent your personal data to any third party. We may share your data with:

  • Service providers acting as data processors — such as IT hosting providers, email delivery services, and CRM software vendors — who are bound by data processing agreements and may only process your data on our documented instructions
  • Professional advisers — including lawyers, notaries, accountants, or auditors, where necessary to deliver our services
  • Government authorities and regulators — including the Cyprus Department of Registrar of Companies, Civil Registry and Migration Department, Tax Department, and financial regulators, where required by law or for the purpose of your service engagement
  • Banks and financial institutions — solely where you have engaged us to assist with bank account opening or related financial services

Any third party with whom we share your data is contractually required to maintain appropriate technical and organisational security measures and to process your data only in accordance with our instructions and applicable law.

06

International Transfers

Your personal data is primarily processed and stored within the European Economic Area (EEA). Cyprus is an EU member state and fully subject to GDPR.

Where we use third-party service providers that process data outside the EEA, we ensure adequate safeguards are in place, which may include:

  • European Commission adequacy decisions for the recipient country
  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Other appropriate safeguards as permitted under Article 46 GDPR
07

Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected and to comply with our legal obligations. Our standard retention periods are:

  • Client engagement records — 7 years from the end of the engagement, in line with Cyprus tax and accounting requirements
  • KYC / AML documentation — 5 years from the end of the business relationship, as required by Cyprus AML legislation
  • Website enquiries and contact form submissions not resulting in an engagement — 12 months
  • Marketing consent records — until consent is withdrawn, plus 6 months thereafter
  • Website analytics data — 26 months in anonymised / aggregated form

When personal data is no longer required, it is securely deleted or anonymised in accordance with our data retention policy.

08

Your Rights

Under the GDPR, you have the following rights in relation to your personal data:

  • Right of access — to obtain a copy of the personal data we hold about you
  • Right to rectification — to request correction of inaccurate or incomplete data
  • Right to erasure — to request deletion of your data in certain circumstances ("right to be forgotten")
  • Right to restriction of processing — to request that we limit how we use your data in certain circumstances
  • Right to data portability — to receive your data in a structured, commonly used, machine-readable format
  • Right to object — to object to processing based on legitimate interests, or to direct marketing at any time
  • Right to withdraw consent — to withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact us at office@prestigeconsultants.net. We will respond within 30 days.

You also have the right to lodge a complaint with the Office of the Commissioner for Personal Data Protection of the Republic of Cyprus (the supervisory authority), if you believe your data has been processed unlawfully.

09

Cookies

Our website uses cookies — small text files stored on your device — to improve your experience and analyse site usage. We use the following categories of cookies:

  • Strictly necessary cookies — required for the website to function (session management, security). These cannot be disabled.
  • Analytics cookies — used to collect anonymous information about how visitors use the site (e.g. pages visited, time on site), allowing us to improve content and navigation. We use Google Analytics for this purpose.
  • Preference cookies — used to remember choices you make (such as language or region) to provide a more personalised experience.

You can control and manage cookies through your browser settings. Disabling analytics or preference cookies will not prevent you from using the site but may affect functionality. Where required by law, we obtain your consent before placing non-essential cookies.

10

Security

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, accidental loss, destruction, or alteration. These measures include:

  • Encryption of data in transit using TLS/HTTPS
  • Access controls limiting data access to authorised personnel only
  • Secure document handling and physical access controls at our premises
  • Regular review of security practices and staff data protection training

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and, where required, inform you directly without undue delay.

11

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable law. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you by email.

We encourage you to review this page periodically to stay informed about how we protect your data.

12

Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy or the way we handle your personal data, please contact us:

Prestige Business Consultants Ltd

str. Christaki Kranou 44, Limassol 4042, Cyprus

Email: office@prestigeconsultants.net

Tel: +357 99 086085 / +357 25 044083

Mon – Fri, 09:00 – 18:00 (EET/EEST)