Privacy Statement


Costas Indianos & Co (the “Company”) gathers and process your personal information in accordance with this privacy statement and in compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679.  This statement provides the necessary information regarding the data subject’s rights (your individual rights as data subject) and our obligations on how, why and when we process your personal data.

Who we are

Costas Indianos & Co is composed of two entities: Costas Indianos & Co, Advocates & Legal Consultants (incorporated 16.3.2001) that covers all Court related legal matters & Costas Indianos & Co Limited (incorporated 27.2.2001) that covers all other area of practice of the Law Firm. The legal practice was originally established in 1924.

Information that we collect

Costas Indianos & Co processes your personal information to meet our legal, statutory and contractual obligations and to provide you with our services. We will never collect any unnecessary personal data from you and do not process your information in any way, other than as specified in this statement.The sources of data may include clients, intermediaries, data subjects directly, third parties connected to the data subject (for example, another service provider who provides services to the data subject) or open-source material.

The type of data we may collect & process includes:

  • Contact details (including names, postal addresses, email addresses and telephone numbers);
  • Information required by the Company to meet legal and regulatory requirements, especially in respect of anti-money laundering legislation, including information on source of funds and source of wealth;
  • Information provided during the provision of our services (for example, information on professional relationships and background, financial wealth and assets held, transactions entered I, tax status, disputes and court proceedings engaged in);
  • Banking and financial information, such as payment related information;
  • Meetings attended and visits to our offices;
  • Any other information you may provide to us.

How we use your personal data

The Company takes your privacy very seriously and will never disclose, share or sell your data without your consent, unless required to do so by law or under a Court order. We only retain your data for as long as it is necessary and for the purposes specified in this statement. Your personal data is processed for reasons of compliance and/or for the purpose of providing you with any of our legal services as enumerated in our website

Your rights

Data subjects in the European Union (or any jurisdiction with equivalent legislation to the European Union General Data Protection Regulation) have certain rights in respect of their personal data.

Any such data subject wishing to exercise any rights under applicable data protection laws (including the right to withdraw any consent to processing previously given; the right of access to data; or to have data corrected, updated, rectified or erased; or for access to data to be restricted or provided to any third party; or to object to any particular processing) should send the request in the first instance to

In any case in which a data subject chooses not to provide any personal data or where any of the rights set out above are exercised to limit the processing of personal data the Company may be unable to provide relevant services, or there may be a restriction on the services which can be provided.

Sharing and disclosing your personal information

We do not share or disclose any of your personal information without your consent, other than for the purposes specified in this statement or where there is a legal requirement.

The provision of data to one entity in the Company may result in that data being accessible by all members of the staff.  Reasonable endeavours are made to ensure that data is only accessible by those with a need for access to fulfil the purposes set out above. Requests for access to be restricted in any particular manner should be made to and will be considered and, where possible with reference to legal and regulatory obligations, actioned.

The following is a list of potential recipients of data (in each case including respective employees, directors and officers):

  • Other providers of services (legal, governance or otherwise, including any bank or financial institution providing services in relation to any matter on which the Company is instructed) where disclosure to that provider of services is considered necessary to fulfil the purposes set out above;
  • Any sub-contractors, agents or service providers of the Company;
  • Courts or tribunals;
  • Law enforcement agencies where considered necessary for the Company to fulfil legal obligations applicable to it;
  • Regulators or other governmental or supervisory bodies with a legal right to the material or a legitimate interest in any material;
  • Any registrar of a public register where the data is to be included in a public registry;

Where the Company is entering into an engagement with a third party pursuant to which data may be processed by that third party, we will seek to enter into an agreement with that third party setting out the respective obligations of each party and will seek to be reasonably satisfied that the third party has measures in place to protect data against unauthorised or accidental use, access, disclosure, damage, loss or destruction.

In the event that any such third party is outside of the European Union and where the data being transferred would include personal data which would be protected under applicable Data Protection regulation we will ensure we meet the relevant requirements of that Data Protection regulation prior to carrying out any such transfer. This may include only transferring the data where we are satisfied that:

  • the non-European Union country has Data Protection laws similar to the laws in the European Union;
  • the recipient has agreed through contract to protect the information in the same Data Protection standards as the European Union;
  • we have obtained consent from relevant data subjects to the transfer; or
  • if transferred to the United States of America, the transfer will be to organizations that are part of the Privacy Shield.

How long we keep your data

  • The Company only keeps data for as long as necessary to fulfil the purposes (as set out above) for which we collected it. The Company’s policy is to retain data in relation to a client relationship for 5 years from the conclusion of that relationship. This is subject to certain exceptions such as for trusts (where, in each case, records may be kept indefinitely) or in instances where the personal data is relevant to a dispute after termination of the relationship or where the data cannot be deleted for legal, regulatory or technical reasons.
  • Any requests for further information in relation to the continued processing of specific data, and requests for destruction of data, should be made to

Lodging a complaint

  • The Company only processes your personal information in compliance with this privacy statement and in accordance with the relevant data protection laws. If, however you wish to raise a complaint regarding the processing of your personal data or are unsatisfied with how we have handled your information, you have the right to lodge a complaint with the supervisory authority.

 Contact Details

  • The Company has a Data Protection Officer and all enquiries in respect of this Privacy Statement or any request to exercise any of the rights set out above should be directed to the Data Protection Officer via or by post at Data Protection Officer, Costas Indianos & Co – Advocates & Legal Consultants, Diagorou 4, Kermia Building, Flat/Office 601, 6th Floor, 1097 Nicosia, Cyprus.

Contact us!

+357 22675231

Send us a message!

Visit our office!

Diagorou 4, Kermia Building, Office 204, 1097 Nicosia, Cyprus

Working hours:

Mon - Thu: 8:30 am - 6 pm
Fri: 8:30 am – 2:30 pm