Privacy Policy – C.I. Advantegis Auditors Ltd

Privacy Policy

How we collect, use and protect personal data under the GDPR and Cyprus law.

1. Introduction

This Privacy Policy explains how C.I. Advantegis Auditors Ltd (“we”, “us”, “our”) collects and processes personal data when you visit our website or engage us for audit, tax and advisory services. We act as a data controller for most processing and comply with the EU General Data Protection Regulation (GDPR) and applicable Cyprus data protection laws.

Scope: website visitors, prospective clients, clients and their representatives, suppliers and other business contacts.

2. Who is the Controller & How to Contact Us

Controller: C.I. Advantegis Auditors Ltd
Address: [Registered address, Cyprus]
Email: privacy@yourdomain.com  |  Tel: +357 [number]

If you have concerns, you may also contact the Office of the Commissioner for Personal Data Protection (Cyprus).

3. Personal Data We Collect

3.1 Website & Enquiries

  • Identification & contact details (e.g., name, email, phone) that you provide in forms or emails.
  • Usage data (IP address, device/browser type, pages viewed, timestamps) captured for security and analytics.
  • Cookie data (see Section 6) for essential site functions and optional analytics.

3.2 Client Engagements

  • Business contact details and engagement information.
  • Financial/accounting records and supporting documentation required for audit, tax and advisory work.
  • KYC/AML information where required by law (e.g., identity documents, beneficial ownership details).
  • Contract: to enter into and perform our engagement with you or your organisation.
  • Legal obligation: to meet statutory and regulatory requirements (e.g., audit, tax, anti-money laundering).
  • Legitimate interests: to manage our business, secure our systems, improve our services and communicate with you in a business context.
  • Consent: for specific activities (e.g., certain marketing communications). You may withdraw consent at any time.

5. How We Use Personal Data

  • To respond to enquiries and provide proposals.
  • To plan and deliver audit, tax and advisory services and issue reports.
  • To maintain engagement records, billing and practice management.
  • To protect our website and systems (fraud prevention, access logs, diagnostics).
  • To comply with professional, legal and regulatory obligations.
  • To send service updates or event/news information where permitted (you can opt out at any time).

6. Cookies & Similar Technologies

We use essential cookies to operate the site and may use optional analytics cookies to understand traffic and improve content. You can manage non-essential cookies via your browser settings. Blocking some cookies may affect site functionality.

7. Disclosures & Recipients

We do not sell personal data. We may share data with:

  • Professional and technical service providers (e.g., IT support, website analytics, secure email delivery) bound by confidentiality and data processing terms.
  • Other professional advisers (e.g., lawyers) and counterparties where necessary for an engagement and agreed with you.
  • Regulators and public authorities where required by law or professional standards.

We do not rely on third-party cloud storage for client files (as per our current practice). If our storage approach changes, this Policy will be updated.

8. International Transfers

Our services are primarily delivered in Cyprus. If a transfer of personal data outside the European Economic Area becomes necessary, we will ensure appropriate safeguards (e.g., adequacy decisions or EU Standard Contractual Clauses) and inform you where required.

9. Data Retention

We retain personal data only for as long as needed for the purposes described above and to meet legal, regulatory or professional requirements.

  • Engagement files: kept for the period required by professional standards/regulation.
  • KYC/AML records: retained for the period mandated by law.
  • Website enquiries: typically up to 12 months after last contact.

After the applicable period, data is securely deleted or anonymised.

10. Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure or loss. While no system is completely secure, we continually assess and enhance our controls.

11. Your Rights

Subject to conditions and exemptions under the GDPR, you have the right to:

  • Access your personal data and request a copy;
  • Request rectification of inaccurate or incomplete data;
  • Request erasure or restriction of processing;
  • Object to processing based on legitimate interests or for direct marketing;
  • Data portability (for data you provided to us where processing is based on consent or contract and carried out by automated means);
  • Withdraw consent where processing relies on consent.

To exercise your rights, contact us at privacy@yourdomain.com. You also have the right to lodge a complaint with the Office of the Commissioner for Personal Data Protection (Cyprus).

12. Changes to This Policy

We may update this Policy from time to time. The latest version will be posted on this page with an updated “Last Updated” date.

Last Updated: [Insert date]

Questions about privacy?

We’re happy to help. Contact our team for any data protection queries or requests.

Email our Privacy Team