Privacy Policy

1. Introduction
ODIA Services (“we”, “us”, “our”) is committed to protecting the privacy and security of personal data that we collect and process in the course of providing our audit, tax, accounting and advisory services. Our firm is registered in Cyprus and regulated by the Institute of Certified Public Accountants of Cyprus (ICPAC).
This Privacy Policy explains how we collect, use, store and disclose your personal data, and how we comply with the requirements of the European Union General Data Protection Regulation (“GDPR”) (EU 2016/679) and the Cyprus Data Protection Law (Law 125(I)/2018) and any other relevant legislation.

2. Data Controller
ODIA Services is the Data Controller for the personal data processed in connection with our services.
If you have any questions or wish to exercise your rights concerning your personal data, you may contact our Data Protection Officer (DPO) at [insert DPO email] or at our registered office: [insert address].

3. Personal Data We Collect
We may collect and process various categories of personal data depending on our relationship with you (for example: client, prospective client, employee, supplier, beneficial owner, director of a client entity). Such personal data may include:

  • Identification and contact details (e.g., name, address, telephone, email);

  • Corporate information (e.g., legal entity name, registration number, directors, beneficial owners);

  • Financial, tax and accounting information (e.g., bank account details, financial statements, tax returns, source of funds);

  • Technical and usage data (e.g., IP address, browser type, website usage, cookies) when you visit our website;

  • KYC/AML & compliance-related data (e.g., passport/ID numbers, due diligence information, where required by law);

  • Other information necessary for the performance of our services or for regulatory compliance.

4. Legal Basis for Processing
We process your personal data only when there is a lawful basis to do so, such as:

  • Performance of a contract to which you are a party, or taking steps at your request prior to entering into a contract;

  • Compliance with a legal or regulatory obligation to which we are subject (for example under audit, tax, anti-money laundering or accounting laws);

  • Our legitimate interests in conducting, managing and improving our business and services, provided that those interests are not overridden by your rights and freedoms;

  • Your consent (in certain circumstances) for specific processing activities (for example marketing communications).

5. How We Use Your Data
We use your personal data for the following purposes:

  • To provide you with the services you have engaged us for (audit, accounting, tax, consulting);

  • To fulfil our contractual obligations and carry out your instructions;

  • To comply with legal and regulatory obligations (including KYC/AML, tax legislation, professional regulations of ICPAC etc);

  • To manage and administer our records, client relationships, billing and collections;

  • To operate, maintain and improve our website and IT systems;

  • To send you relevant communications (where you have given your consent or where we have a legitimate interest) such as service updates or industry news;

  • To protect the security and integrity of our business (fraud prevention, IT security, internal audit).

6. Sharing and Disclosure of Personal Data
We do not sell or rent your personal data. We may share your personal data in the following circumstances:

  • With third-party service providers or subcontractors (such as IT/cloud providers, invoicing/billing agents, courier services) who act on our behalf and under our instructions;

  • With regulators, tax or audit authorities, law enforcement or other official bodies when required by law or regulation;

  • With other professional advisors (e.g., lawyers, auditors) when necessary to provide our services or to protect our legal rights;

  • Within our group or related entities, where appropriate for the management of our professional services.

When we transfer personal data to third parties, we ensure that appropriate safeguards are in place (such as contractual obligations, standard contractual clauses, or other required mechanisms) to protect the data.

7. International Transfers
Your personal data may be transferred outside the European Economic Area (EEA) in certain situations (for example using cloud services, software platforms, or when required for outsourcing). In such cases, we ensure that appropriate safeguards are in place (for example adequacy decisions, standard contractual clauses) in accordance with GDPR.

8. Data Retention
We retain personal data only for as long as necessary for the purposes for which it was collected, and in accordance with applicable laws, regulations, professional standards and internal record-keeping policies. For example, certain records may be retained for audit, tax or anti-money laundering obligations (often 5-10 years or more). Once data is no longer required, we will securely delete, anonymise or destroy it.

9. Your Rights
Under GDPR and Cyprus law you have certain rights in relation to your personal data, subject to applicable exemptions. These include:

  • The right to access the personal data we hold about you;

  • The right to request correction (rectification) of inaccurate or incomplete data;

  • The right to request erasure (deletion) of your data in certain circumstances;

  • The right to request restriction of processing;

  • The right to data portability (to receive your data in a structured, commonly used, machine-readable format);

  • The right to object to processing (including for direct marketing or profiling) in certain circumstances;

  • The right to withdraw consent (where processing is based on consent) at any time, without affecting processing prior to withdrawal;

  • The right to lodge a complaint with the supervisory authority: the Office of the Commissioner for Personal Data Protection Cyprus (Tel: +357 22 818456, Email: commissioner@dataprotection.gov.cy).

10. Security
We take appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, disclosure, alteration or destruction. These measures include access controls, encryption, secure storage, staff training, restricted access and other industry-standard safeguards.

11. Cookies and Website Use
Our website may use cookies or other tracking technologies to enhance user experience and for analytics. You can manage or disable cookies via your browser settings. More details on our cookie policy can be found [here – insert link if applicable].

12. Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our processing practices, legal or regulatory requirements, or business operations. Any changes will be posted on our website with an updated “Last updated” date and you will be deemed to have accepted the changes if you continue to use our services or website after publication.

13. Contact Details
If you have any questions about this Privacy Policy or our processing of your personal data, or wish to exercise any of your rights, please contact us.