The Data Controller responsible for your personal data is Aristeus Financial Services Ltd, with a registered office at 66 Acropoleos Avenue, 2012, Strovolos, Nicosia, Cyprus.

• We may collect the following categories of personal data: Identity Data: First and middle names, surname, date of birth, gender, marital status, passport/ID copies, specimen signatures.
• Contact Data: Company and residential address, email, telephone numbers.
• Profile / Financial Data: Details to substantiate wealth, profession, reference letters.
• Transaction Data: Records of payments, meetings, and services provided.
• Technical Data: IP addresses, browser type, time zone, device information, cookies.

We do not intentionally collect special categories of personal data (e.g., religion, political opinions, sexual orientation).

We collect personal data:

• Directly from you through emails, forms, or phone calls.
• From third parties acting on your behalf.
• From publicly available sources.
• Automatically via our website using cookies and analytics tools.

We process personal data only when permitted by law under the following bases:

• Consent (Art. 6(1)(a) GDRP): For optional communications, or non-essential cookies.
• Contract (Art. 6(1)(b) GDRP): To provide requested services.
• Legal Obligation (Art. 6(1)(c) GDPR): To comply with laws, regulations, or supervisory authority requirements.
• Legitimate interests (Art. 6(1)(f) GDPR): For website security and analytics.

We may rely on more than one lawful basis depending on the purpose of processing.

We may use your personal data to respond to inquiries, provide and improve services, maintain website security, comply with legal and regulatory obligations, or send marketing communications (with consent).

We may share your data with:

Internal Third Parties:

• Companies within our group or affiliated companies.

External Third Parties:

• IT, hosting, or service providers under GDPR-compliant contracts (Art. 28 GDPR).
• Regulatory and / or supervisory and / or other competent authorities, when we are obliged to do so under law or court order.
• Professional advisers such as legal advisors, auditors, insurers, etc., as may be necessary from time to time, in assisting them in adhering to their legal obligations, carrying out their duties and providing the services which they have been engaged to carry out.

Personal data is never sold.

If data is transferred outside the EEA, an adequate level of protection is ensured via Adequacy Decisions (Art. 45 GDPR) or Standard Contractual Clauses (Art. 46 GDPR).

Personal data shall be retained for:

• as long as necessary to fulfil the purposes for which it was collected for;
• any retention period that is required by a compelling legal obligation (e.g. by law, pursuant to litigation or investigation which might arise, etc.);
• any retention period as per our Firm’s Data Retention Policy (details of which may be made available upon request).

Under the regulation of GDPR, you have the right to:

• Access (Art. 15) your personal data.
• Rectify (Art. 16) inaccurate or incomplete data.
• Erase (Art. 17) of personal data, subject to legal obligations.
• Restrict (Art. 18) processing under certain circumstances.
• Data Portability (Art. 20) for machine-readable formats.
• Object (Art. 21) to processing for legitimate interests or marketing.
• Withdraw Consent (Art. 7(3)) at any time.

For any privacy-related queries or exercising your rights please contact our Data Protection Officer (DPO) or complete the Data Subject Rights Form and submit it to the dpo@aristeus.com.cy.

If you are not satisfied with our response, you may also lodge a complaint with:

Office of the Commissioner for Personal Data Protection
1 Iasonos Street, 1082 Nicosia, Cyprus
Tel: +357 22 818 456
Email: commissioner@dataprotection.gov.cy
Website: https://www.dataprotection.gov.cy

Our website uses cookies and similar technologies to ensure functionality, analyze traffic, and improve user experience. Non-essential cookies are used only with your consent. You can manage preferences via our cookie banner or browser settings.

We implement organizational and technical measures (Art. 32 GDPR) such as encryption, access control, regular audits, and employee confidentiality obligations to ensure data security.

Our website may include links to external sites. We are not responsible for the content or privacy practices of those websites.

We may update this Privacy Policy periodically. The latest version will always be available on our website.