top of page

Privacy Policy

Privacy Policy of AM MALLAS LLC

​

1. Introduction

AM MALLAS LLC (“we”, “us”, “our”) respects your privacy and is committed to protecting your personal data.
This Privacy Policy explains how we collect and process personal data:

  • in the course of providing our services (legal, corporate, tax, real estate, immigration/residency, private-client / family-office / asset-custodianship advisory services), and

  • when you use our website, subscribe to newsletters, fill in online forms, or otherwise interact with us digitally (e.g., email, contact forms).

  • ​

This Policy is issued in accordance with the European and Cypriot data-protection framework (e.g. the EU General Data Protection Regulation (GDPR) and relevant Cypriot data-protection law).

This Privacy Policy applies to:

  • prospective, current or former clients of AM MALLAS LLC;

  • authorised representatives, directors, officers, shareholders, beneficial owners of our corporate or trust clients;

  • counterparties or other individuals involved in matters on which we act;

  • visitors to our website or recipients of our marketing communications;

  • any other individuals whose personal data we may lawfully process in connection with our services or operations.

This Policy supplements any engagement letters, terms and conditions, or other notices we may issue. It does not override the terms of those documents.

2. Who We Are – Data Controller and Contact Details

AM MALLAS LLC is a company incorporated under the laws of the Republic of Cyprus.
For the purposes of this Privacy Policy, AM MALLAS LLC acts as the Data Controller.

If applicable, in certain cases associated entities or third-party providers may act as joint controllers or processors; if so, we will inform you separately where required by law.

Data Protection Contact / DPO

  • Name: Artemios Mallas

  • Email: hello@artemiosmallas.com

  • Postal address: 57 Spyros Kyprianou, Office 35, 6051, Larnaca, Cyprus

All requests related to this Privacy Policy or to your data-protection rights should be addressed to the Data Protection Contact.

3. Your Duty to Inform Us of Changes

It is important that the personal data we hold about you is accurate and up to date.
Please inform us if your personal data changes during your relationship with us (for example, a change of address, passport/residency status, contact details, or tax-residency information).

4. What Personal Data We May Collect and Process

“Personal data” means information relating to an identified or identifiable natural person. Depending on the nature of the engagement or matter, we may collect and process one or more of the following categories of personal data:

4.1 Identification and Contact Data

  • Name, surname, former names, title, date and place of birth, nationality

  • Identification numbers and documents (passport, ID card, driver’s licence, residency or immigration permits)

  • Residential, correspondence or business addresses; email addresses; telephone and other contact details

4.2 KYC / AML / Compliance / Risk-Profiling Data

  • Data required under anti-money laundering (AML), counter-terrorist financing (CTF), and sanctions-screening legislation (e.g., source of funds/wealth; employment or business profile; tax residency; tax ID numbers)

  • Politically Exposed Person (PEP) status and related declarations

  • FATCA / CRS / other tax-reporting / regulatory data

  • Information from compliance databases, public registries, sanctions lists, and other relevant screenings

4.3 Professional, Corporate and Structuring Data

  • Profession, job title, employer

  • Directorships, shareholdings, roles within companies or trusts

  • Data related to companies, partnerships, trusts, foundations or other legal structures — e.g., shareholder/beneficial-owner registers, corporate charts, trust deeds, fiduciary, nominee or substance-planning arrangements

4.4 Financial, Tax and Banking Data

  • Bank account / payment / escrow / cash-management data, payment instructions

  • Information on assets, liabilities, investments, credit relationships

  • Tax status, filings, tax-planning and structuring information (corporate and personal)

  • Invoices, billing and payment history

4.5 Real Estate, Relocation, Immigration & Residency Data

  • Property-ownership and transaction details (acquisition, disposal, lease, management)

  • Documentation relevant to immigration or residency applications, work permits or foreign-resident permits

  • Data related to relocation planning, residency applications (for clients and their family members)

  • Family data when needed for trust, estate-planning or family-office structuring

4.6 Contractual / Matter-Related Data

  • Information and documentation you or third parties provide in the context of our mandates (e.g. contracts, correspondence, corporate approvals, court filings, legal opinions)

  • Records of advice, meetings, calls, emails and instructions connected to a matter

4.7 Website & Technical Data

  • IP address, browser type and version, operating system and platform

  • Time zone setting, device information

  • Browsing activity — pages visited, click streams, session duration

  • Cookie or similar tracking-related data

4.8 Marketing & Communications Data

  • Your preferences regarding receiving newsletters, updates, invitations to events or seminars, or other marketing communications

  • Records of your interactions with our marketing content (e.g. e-mail opens, link-clicks, unsubscribes)

4.9 Special Categories of Personal Data

  • In limited circumstances and where strictly necessary, we may process sensitive data (e.g. health data, criminal record, immigration-background) — for example, in the context of immigration/residency applications, compliance checks, litigation matters or with your explicit consent.

  • Such data shall only be processed when lawful and necessary.

4.10 Children’s Data

  • We do not intentionally collect personal data of minors through our website.

  • If our services involve minors (e.g. estate planning, relocation of a family), we will only process children’s data with the consent or authorisation of the relevant parent or legal guardian or as otherwise permitted by law.

5. How We Collect Your Personal Data

We may collect personal data from you or other sources through any of the following:

  • Directly from you — e.g., when you engage our services, complete client-onboarding / KYC / AML forms, send us documents, correspond by email/telephone/post, meet with us in person, subscribe to our newsletter, fill in contact forms, or otherwise communicate with us.

  • From third parties — e.g., from professional advisers, intermediaries, banks, former service providers, introducers, property agents, migration/immigration agents, public authorities or regulators, courts and counterparties.

  • From public sources — e.g., registries (company registries, land registries), sanctions lists, publicly available records, social media, publicly-available publications, open data, etc.

  • Automatically — when you use our website, via cookies and similar technologies (see “Cookies” below).

6. Legal Bases and Purposes for Processing Personal Data

We will only process your personal data where there is a lawful basis under applicable law (e.g., GDPR). Depending on the context, we rely on one or more of the following grounds:

6.1 Performance of a Contract / Pre-contractual Steps

Processing necessary to:

  • assess whether we may accept you as a client;

  • deliver our services (legal, corporate, tax, real estate, immigration/residency, wealth planning, asset-custodianship, family-office advisory);

  • open and administer client and matter files;

  • facilitate payments, escrow arrangements, bank-account opening or fiduciary cash management;

  • coordinate with third-party advisers, counterparties or authorities related to your matters;

  • communicate with you about services or matters we handle for you.

6.2 Compliance with Legal and Regulatory Obligations

Processing required to comply with applicable law and professional/regulatory obligations, including:

  • AML / CTF / sanctions screening / due diligence;

  • tax-reporting, CRS / FATCA or other international exchange-of-information obligations;

  • corporate, trust or fiduciary service regulation;

  • data-protection, accounting, audit or record-keeping requirements;

  • responding to lawful requests from courts, regulators, tax or other authorities;

  • professional-services regulation (attorney-client, fiduciary-client, regulatory, compliance).

6.3 Legitimate Interests

Where necessary for our legitimate interests (or those of a third party), provided your rights and freedoms do not override those interests. Typical uses include:

  • managing and developing our business, services, website and IT systems;

  • ensuring security of our systems, premises and confidential information;

  • managing client relationships, billing, debt collection and internal reporting;

  • evaluating potential transactions and structuring options for clients;

  • defending or enforcing legal claims; handling complaints or disputes; risk management; internal quality control and staff training;

  • organising events, seminars or publications for existing or prospective clients;

  • sharing data within our group / associated entities for client-onboarding, compliance and service delivery.

Before relying on legitimate-interest grounds, we will perform an assessment to ensure a fair balance between our interests and your rights/expectations.

6.4 Consent

In certain situations, we may rely on your explicit consent — for example:

  • sending you marketing communications (newsletters, events, updates) where required by law;

  • processing special categories of personal data (e.g. health, criminal records) when not otherwise strictly required;

  • transferring data to a third country where no other lawful basis or safeguard exists (subject to applicable data-protection rules).

Where processing is based on consent, you have the right to withdraw consent at any time. Withdrawal does not affect the lawfulness of processing conducted before withdrawal.

7. Obligation to Provide Data / Consequences of Failure

In many cases, the data we request is necessary to satisfy our statutory obligations (e.g., AML / KYC / sanctions screening), or to provide our services.
If you fail or refuse to provide such information when requested, we may not be able to start or continue our relationship, or provide services, and we may be forced to terminate or decline the engagement.

8. Change of Purpose

We will only use your personal data for the purposes for which it was collected, unless we reasonably consider the new purpose to be compatible with the original purpose and the legal basis permits it.
If we need to process your personal data for an unrelated purpose, we will notify you and explain the legal basis before doing so.

9. Marketing / Communications and Updates

With respect to marketing communications (newsletters, updates, notifications, invitations to events, publications), we may use your identification, contact and marketing-preference data to:

  • send you legal, tax or regulatory updates relevant to Cyprus (or other jurisdictions as relevant);

  • notify you about new services, events, seminars or publications;

  • invite you to participate in surveys, feedback or research exercises.

You may opt-out of marketing at any time — e.g. by clicking “unsubscribe” in any marketing email, or by contacting us at hello@artemiosmallas.com.
Opting out will not affect our other communications with you in connection with any active matters or services.

10. Cookies and Website Tracking

Our website may use cookies and similar tracking or analytics technologies for purposes including:

  • operating and securing the website;

  • remembering your preferences;

  • collecting statistics on website use;

  • improving website content and user experience.

You are in control of cookies via your browser settings. Blocking certain cookies may impair some website functionality.
If we maintain a separate Cookie Policy, that should be read together with this Privacy Policy.

11. Sharing Your Personal Data (Disclosure / Recipients)

In the course of our business, and only for the purposes outlined above, we may disclose your personal data to:

  • Personnel of AM MALLAS LLC (employees, directors, consultants) who need access for the performance of their duties — subject to confidentiality obligations.

  • Associated entities, member firms or related service providers engaged in your matter — e.g. external law firms, tax advisors, auditors, accountants, notaries, valuation professionals, compliance consultants, immigration or real-estate agents, property managers, business-advisory consultants.

  • Financial institutions and payment / escrow / fiduciary service providers — banks, payment processors, escrow agents, custodians — when facilitating banking, cash-management or fiduciary arrangements.

  • Corporate and fiduciary service providers — company secretaries, corporate administrators, trustees, registrars, nominee/director services — where necessary for corporate structuring, administration or substance compliance.

  • IT and infrastructure providers — cloud-service providers, document management, email / archiving services, cybersecurity and hosting providers, analytics providers.

  • Public authorities, regulators and courts — for example, the Cyprus Registrar of Companies, Land Registry, tax authorities, migration / immigration authorities, supervisory bodies (bar associations, compliance regulators), law-enforcement agencies or tribunals — when required by law or when necessary for your matter.

  • Counterparties and their advisers — as reasonably required in the context of transactions, negotiations, legal disputes, real-estate or corporate matters.

  • Event or marketing partners, where necessary — e.g. organisers, venues or mailing-platform providers supporting events or publications we host or distribute.

We require that all recipients acting as processors or sub-processors:

  • process your personal data only on our instructions;

  • apply adequate technical and organisational measures to protect it;

  • maintain confidentiality.

We do not sell or rent your personal data to third parties for their independent marketing or commercial use.

12. International Transfers

Because our work often involves cross-border clients, jurisdictions, counterparties or service providers, there may be cases where your personal data is transferred to recipients outside the European Economic Area (EEA).
Where such transfers occur, we will ensure one of the following safeguards is in place, as required by law:

  • The recipient country is subject to an adequacy decision by the European Commission;

  • Standard Contractual Clauses (SCCs) or other lawful contractual protections are in place;

  • Other appropriate safeguards permitted by data-protection law; or

  • We rely on explicit consent or other permitted derogations under applicable law, where relevant.

13. Data Security

We implement appropriate technical and organisational measures designed to protect personal data against unauthorised or unlawful access, alteration, disclosure or destruction, as well as against accidental loss, damage or destruction.
Examples include encryption of electronic data, secure physical storage for hard-copies, restricted access control, securely managed IT systems and regular security assessments.

While we take reasonable steps to protect your data, no system of transmission over the internet or method of electronic storage is completely secure.

If we become aware of a personal-data breach that may result in a risk to your rights and freedoms, we will notify you and, where required by law, notify the relevant supervisory authority.

14. Data Retention

We will retain your personal data only for as long as necessary to fulfil the purposes for which it was collected — including:

  • the performance of our engagement and the management of our relationship with you (e.g. until the matter is concluded and any ongoing obligations end);

  • compliance with legal, regulatory or professional obligations (such as AML / tax / company / fiduciary / record-keeping obligations);

  • the establishment, exercise or defence of legal claims, or obligations arising from liabilities or warranties.

When the retention period expires and there is no further lawful reason to retain data, we will securely delete or anonymise your personal data (unless applicable law or professional rules require retention for a longer period).

15. Your Rights

Subject to applicable law (e.g. GDPR), you have, under certain conditions, the following rights with respect to your personal data:

  1. Right of access — you can ask us whether we process personal data about you, and request a copy of your data plus information about how it is processed.

  2. Right to rectification — you can ask us to correct inaccurate or incomplete personal data.

  3. Right to erasure (“right to be forgotten”) — in certain circumstances (e.g. data no longer necessary; processing based on consent withdrawn) you may request deletion, subject to our legal and professional obligations.

  4. Right to restriction of processing — you can ask us to limit the processing of your personal data in certain circumstances (e.g. while we verify accuracy, or if you object to processing).

  5. Right to data portability — where applicable, you may request your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.

  6. Right to object — you may object to processing based on legitimate interests (or third-party interests), or object at any time to processing for direct-marketing purposes.

  7. Right to withdraw consent — where processing is based on consent, you may withdraw consent at any time (this does not affect processing already performed).

  8. Rights in relation to automated decision-making or profiling — we do not currently carry out automated decision-making producing legal or similarly significant effects for you; if this changes, we will notify you and provide information on how to exercise rights accordingly.

To exercise your rights, please contact our Data Protection Contact (see Section 2). We may ask you to provide sufficient information to confirm your identity before fulfilling your request. We aim to respond within one month (or within any extended period permitted by law, if the request is complex).

16. Right to Lodge Complaint

If you are unhappy with how we process your personal data, you are encouraged to contact us first — we will try to address your concerns.
You also have the right to lodge a complaint with the competent supervisory authority for data protection in Cyprus (or other relevant jurisdiction), as appropriate.

17. Third-Party Websites / External Links

Our website may contain links to third-party websites or services.
We do not control these websites and are not responsible for their privacy practices.
If you follow a link to such a website, please read its privacy policy.

18. Changes to this Privacy Policy

We may update this Privacy Policy from time to time (e.g. to reflect changes in law, regulation, services we offer, or how we process personal data).
The updated version will include a revised “Effective Date” and will be posted on our website.
Your continued use of our services or website after such changes constitutes your acknowledgement of the updated Privacy Policy.

bottom of page