Last revised: 8 March, 2023

Concord Debt Management Ltd (hereinafter referred to as the “Company” or “we” or “us” or “our”) is committed to protecting the privacy and security of the personal data it receives from its clients in an open and transparent manner. The personal data that the Company, as a data controller, collects and processes will vary depending on the services provided to you.

This privacy policy (“Privacy Policy”):
  • sets out the types of personal data we collect, how we collect and process that personal data, who we may share it with and why, and how you can exercise your privacy rights under the EU General Data Protection Regulation ((EU) 2016/679) (“GDPR”) and any laws or regulations supplementing or implementing the GDPR, including the Protection of Natural Persons with Regard to the Processing of Personal Data and the Free Flow of Such Data Law of 2018 (N. 125(I)/2018) as amended, replaced or superseded from time to time (together with the GDPR, the “Applicable Data Protection Legislation”); and
  • relates to personal data collected from clients or the clients’ representatives, whether such data concern them directly or relate to third parties who are natural persons.

For the purposes of this Privacy Policy:
  • when we refer to “personal data” or “personal information” we mean data which identifies or may identify you and which may include, for instance, your name, address, identification number, telephone number, etc.;
  • when we refer to “processing” we mean the handling of your personal data by us, including collecting, protecting and storing your personal data;

1. Who we are
Concord Debt Management Ltd is a limited liability company registered in Cyprus with registration number HE380934, having its registered office at Theklas Lyssioti, 29, CASSANDRA CENTRE, Floor 3, Flat/Office 301, 3030, Limassol, Cyprus.

2. Personal Data we collect
We may collect and process the following personal data from you:
  • Biographical and Identification Data, including your name, email, identity number, your gender;
  • Contact Data, including your address, phone number and email address;
  • Financial and Payment Data, including your bank account number and other data necessary for processing payments;
  • Information pertinent to fulfilling our services to you, including information provided in the course of the contractual or client relationship between you and your organisation and the Company, or otherwise voluntarily provided by you or your organisation.

3. Personal data about other people
On certain occasions, in the course of our client services, you may provide us with personal data of individuals who are not aware of our involvement or of our processing of their personal data (such as family members, customers, counterparties, employees, directors, shareholders or beneficial owners). In such cases, we are likely to not have direct contact with individuals whose personal data we are processing or, it may for other reasons (such as, for example, to maintain confidentiality) not be appropriate for us to provide them with a privacy notice setting out how we handle their personal data. Before you disclose any such personal data to us, you must ensure that the relevant individuals have received this Privacy Policy or have otherwise been informed of our client services.

4. If you fail to provide personal data
Where we need to collect personal data by law in order to process your instructions (for instance in relation to anti-money laundering or other KYC checks) or perform a contract we have with you and you fail to provide that data when requested, we may not be able to carry out your instructions or perform the contract we have or are trying to enter into with you. In this case, we may have to cancel our engagement with you, but we will notify you if this is the case at the time.

5. How we collect your personal data
We obtain your personal data mainly through any information you provide directly to us, through information provided by third parties or through publicly available sources, as follows:

Direct interactions with you: We may collect personal data about you by corresponding with us by email, by speaking to us in person or over the telephone or whilst visiting our office. These interactions may include instances when you:
  • enquire about our services or ask us to provide you with a quotation;
  • seek advice from us;
  • visit our premises;
  • give us personal data necessary for a specific client service we are performing for you, or for the purposes of our KYC procedures; or
  • give us your business card in an event or meeting, or otherwise personally give us your personal data.

Third-party sources: We receive personal data about you from third parties when:
  • our KYC forms have been completed by your representative or your organisation;
  • other parties, including our existing clients, send us your personal data to enable the provision of our services (e.g. in cases where you are an underlying client);
  • we conduct our KYC and other background checks, including conflict checks;
  • we interact with governmental or regulatory bodies or other authorities in relation to you or on your behalf.

Publicly available sources: We collect personal data concerning you from:
  • public registers of companies;
  • public registers of sanctioned persons and entities; and
  • other public sources including any services accessible on the Internet which you are using for professional networking purposes.

6. Why we need your personal data
We will only use and share your information where it is necessary for us to lawfully carry out our business activities. We may process your personal data in connection with any of the purposes set out below on one or more of the following legal grounds:

A. CONTRACTUAL NECESSITY
We may process your information where it is necessary to enter into an engagement with you for the provision of our legal services or to perform our obligations under that engagement. This may include processing to:
  • assess and process your request for our services, including checking whether we have a conflict of interests in providing our services to you and carrying out background checks, where permitted;
  • take you on as a new client or open a new matter for you;
  • administer and manage our relationship with you or your organisation and deliver client services to you;
  • communicate with you about the services you receive from us and in order to notify you about any changes to our general terms of business, this Privacy Policy or other policies which may affect you; and
  • to manage payments, fees and charges and to collect and recover money owed to us.
Please note that if you do not agree to provide us with the requested information, it may not be possible for us to provide you with our services.

B. LEGAL OBLIGATIONS
We may process your personal data in order to comply with legal and/or regulatory obligations that we are subject to, as well as to keep records of our compliance processes. Such processing may include KYC and anti-money laundering checks as well as politically exposed persons and sanctions screenings.

C. LEGITIMATE INTERESTS
We may process your personal information where it is in our legitimate interests to do so as an organisation and without prejudicing your interests or fundamental rights and freedoms. In particular we may process your personal information:
  • in the day-to-day running of our business and financial affairs and to ensure that our processes and systems operate effectively. This may include processing in order to:
(i) monitor, maintain and improve internal business processes, information and data and technology solutions and services;
(ii) ensure business continuity and disaster recovery and respond to information technology and business incidents and emergencies;
(iii) to protect the security of our communications and other systems and to prevent and detect security threats or other malicious activities;
(iv) perform general, financial and regulatory accounting and reporting;
(v) to manage access to our premises for security and crime prevention purposes;
(vi) to exercise or defend our legal rights, or to comply with court orders;
(vii) enable a sale, reorganisation, transfer or other transaction relating to our business.

  • to ensure that we provide you with the most appropriate services and that we continually develop and improve as an organisation. This may require processing your personal information in order to:
(i) identify new business opportunities and develop enquiries into proposals for new business and to develop our relationship with you;
(ii) communicate with you to keep you up-to-date on the latest developments, announcements, and other information about our services and solutions (including briefings, newsletters and other information), events and initiatives, and
(iii) assess the quality of our customer services and to provide staff training.

D. ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS
We may process special categories of personal data that you may disclose to us in order to be able to act on your behalf in court proceedings or any administrative or out-of-court procedures.

7. Who we share your personal data with
We may share your personal data with:
  • certain service providers we have retained in connection with the consulting services we provide;
  • if we have collected your personal data in the course of providing consulting services to any of our clients, we may disclose it to that client, and where permitted by law to others for the purpose of providing those services;
  • with any competent law enforcement body, regulator, government agency, court or other third party where we believe disclosure is necessary as a matter of applicable law or regulation or in order to exercise, establish or defend our legal rights;
  • suppliers and service providers who support our business including IT and communication suppliers, file storage, archiving and/or records management companies and security solutions companies;
  • if we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets to whom we assign or novate any of our rights and obligations, and
  • to a person you have given us your consent to disclose to.

8. International transfers
From time to time, your personal data may be transferred to and stored at a destination outside the European Economic Area (“EEA”) depending on the nature of the services we provide to you. When such transfer occurs, we will use, share and safeguard that information as described in this Privacy Policy and will ensure that at least one of the following safeguards is implemented:
a) We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
b) If we engage service providers outside the EEA, we may put in place standard contractual clauses approved by the European Commission which give personal data the same protection it has in the European Union.
We may additionally, in rare occasions, transfer your personal data to a party outside the EEA where we have your prior explicit consent to do so or where such transfer is necessary for the provision of our services to you.

9. How long we keep your personal data for
We will keep your personal data for as long as we have a business relationship with you. Once our business relationship with you has ended, we may keep your personal data for the longest of the following periods: (i) any retention period which is in line with regulatory requirements relating to retention; or (ii) the end of the period in which any legal action or investigations might arise in respect of the services provided.
To determine the appropriate retention period for personal data, we consider the amount, nature of the personal data, the potential risk of harm from authorised use and whether we can achieve those purposes through other means, and the applicable legal requirements.
We may keep your data for longer if we cannot delete it for legal, regulatory or technical reasons. If we do, we will make sure that your privacy is protected and that your personal data are only used for those purposes.

10. Security
We are committed to ensuring that your personal information is secure with us and with the third parties who act on our behalf.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, processed or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

11. Your data protection rights
We want to make sure you are aware of your rights in relation to the personal data we process about you. We have described those rights and the circumstances in which they apply further below.
You have the following rights in terms of the personal data we hold about you:
  • Receive access to your personal data. This enables you to receive access or receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal data we hold about you. If you believe that any of the information that we hold about you is inaccurate or incomplete, you have a right to request that we correct the inaccurate personal information.
  • Request erasure of your personal information. You may request that we delete your personal information if you believe that:
a) we no longer need to process your information for the purposes for which it was provided;
b) we have requested your permission to process your personal information and you wish to withdraw your consent; or
c) we are not using your information in a lawful manner.
Please note that if you request us to delete your information, we may have to suspend the services we provide to you.
  • Object to the processing of your personal data where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground. If you exercise your right to object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. Depending on the circumstances, we may need to restrict or cease processing your personal data altogether or, where requested, delete your personal information. Please note that if you object to us processing your personal data, we may have to suspend the services we provide to you.
  • Request the restriction of processing of your personal data. This enables you to ask us to restrict the processing of your personal data, i.e. use it only for certain things, if:
a) it is not accurate; or
b) it has been used unlawfully but you do not wish for us to delete it; or
c) it is not relevant any more, but you want us to keep it for use in possible legal claims; or
d) you have already asked us to stop using your personal data but you are waiting for us to confirm if we have legitimate grounds to use your data.
Please note that if you request us to restrict processing your personal data, we may have to suspend the services we provide to you.
  • Request the transfer of your personal data. Where we have requested your permission to process your personal information or you have provided us with information for the purposes of entering into a contract with us, you have the right to receive the personal information you provided to us in a portable format. You may also request us to provide it directly to a third party, if technically feasible. We are not responsible for any such third party’s use of your account information, which will be governed by their agreement with you and any privacy statement they provide to you.
To exercise any of your rights, or if you have any other questions about our use of your personal data, please contact us at [·].com.

We will endeavor to address all of your requests promptly.

12. Right to complain
If you have exercised any or all of your data protection rights, or otherwise still feel that your concerns about the use of your personal data have not been adequately addressed by us, you have the right to complain by contacting us at [·].com.

13. Changes to this Privacy Policy
We reserve the right to update and change this Privacy Policy from time to time in order to reflect any changes to the way in which we process your personal data or changing legal requirements.
We will notify you by email or otherwise when we make material changes to this Privacy Policy and we will amend the revision date at the top of this page. We do encourage you to review this statement periodically so as to be always informed about how we are processing and protecting your personal data.

Made on
Tilda