Privacy Policy


The Cyprus Fiduciary Association (CYFA) respects your privacy and is committed to protecting your personal data. This privacy policy explains how we look after your personal data and inform you about your privacy rights and how the law protects you.

Purpose of this Policy

This privacy policy aims to give you information on how the CYFA collects and processes your personal data, including any data you may provide to us through this website or when you consent to be included in our communication list or sign up to our newsletter or if you request other marketing materials. This website is not intended for children and we do not knowingly collect data relating to children.


CYFA as a Data Controller is bound by the requirements of the General Data Protection Regulation (GDPR). CYFA is the controller of personal data you may input to this website and is responsible for this website.

Our General Manager is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the General Manager using the details set out below.

Our full details are:
Cyprus Fiduciary Association

6, Emmanuel Roide Str., Office 402
1095 Nicosia, Cyprus

Tel: +357 22-256263, Fax: +357 22-256364

Email address:

Right to complaint

If you are not happy with the way we treat your personal data, you have the right to make a complaint at any time to the Data Protection Commissioner’s or the data controller responsible for your personal data. We would appreciate the chance to deal with your concerns before you approach the relevant authorities so please do contact us at first instance. Please keep us informed if your personal data changes during your relationship with us as it is important to have accurate and updated information on your personal data.

Third Party Links 

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and we are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

The Data we collect about you 

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer different kinds of personal data about you as follows:

  • Identity Data includes [first name, maiden name, last name, title, date of birth and gender].
  • Contact Data includes [ postal and email address and telephone numbers].
  • Technical Data includes [internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website].
  • Usage Data includes information about how you use our website.
  • Marketing and Communications Data includes your preferences in receiving marketing material from us and our third parties and your communication preferences.

We do not collect any Special Categories of Personal Data about you via this website (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

How is your personal data collected and how it is used?

Your personal data is collected by direct input from you. You may give us your Identity and Contact Data by filling in forms or by corresponding with us via this website or by email or by phone. This includes personal data you provide when you complete our “Contact Us” form, email communication, subscribe to any of our publications, request marketing material to be sent to you and enter a competition, promotion or survey.

Your personal data will only be used when the law allow us. Usually we will use your personal data in order to send you further information about our services, when we need to communicate with you about important announcements, when it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests and when we need to comply with a legal or regulatory obligation.

Note that you have the right to withdraw consent to marketing at any time by contacting

Purpose for which your personal data is used

We have set out below a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are, where appropriate.



Type of data 


Lawful basis for processing including basis of legitimate interest 


To register you in our database as a potential member/user of our services and marketing material (a) Identity 

(b) Contact


Necessary for our legitimate interests: to expand our members/interested parties database, the promotion of the Fiduciary Sector in Cyprus and the encouragement for further investment by existing investors in Cyprus.
To manage our relationship with you which will include: 

(a) Notifying you about changes to our terms or privacy policy

(b) Asking you to carry out a review or participate in a survey/questionnaire

(c) Informing you about events, seminars and other activities of CYFA and issues related to the fiduciary sector

(d) Contact you directly over the phone on issues related to the fiduciary sector

(a) Identity 

(b) Contact

(c) Marketing and Communications


(a) to comply with a legal obligation 

(b) Necessary for our legitimate interests (to keep our records updated and to study how customers use our services)


To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) 


(a) Identity 

(b) Contact

(c) Technical


(a) Necessary for our legitimate interests (for running our provision of administration and IT services, network security) 

(b) Necessary to comply with a legal obligation


To deliver relevant website content, marketing and advertisements to you 


(a) Identity 

(b) Contact

(c) Usage

(d) Marketing and Communications

(e) Technical


Necessary for our legitimate interests (to study how members/interested parties use our products/services, to develop them and to define our marketing strategy) 


To use data analytics to improve our website, products/services, marketing, customer relationships and experiences 


(a) Technical 

(b) Usage


Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant and to define our marketing strategy)
To make suggestions and recommendations to you about goods or services that may be of interest to you 


(a) Identity 

(b) Contact

(c) Technical

(d) Usage


Necessary for our legitimate interests (to develop our services) 



We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. You will receive marketing communications from us if you have requested information from us or if you provided us with your details and expressly consented to receiving that marketing material.

Third Party Marketing

We will never share your personal data with any company outside CFA for marketing purposes.

Opting Out

You can ask us to stop sending you marketing messages at any time by email to or by letter to 1, Menandrou Street, Frosia House, 4th floor, 1066, Nicosia, Cyprus

Change of Purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact the General Manager.If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Transfer of Information outside of Europe

As part of the services offered to you through this website, the information which you give to us may be transferred to countries outside the European Union (“EU”). For example, some of our third-party providers may be located outside of the EU.  Where this is the case we will take steps to make sure the right security measures are taken so that your privacy rights continue to be protected as outlined in this policy.  By submitting your personal data, you’re agreeing to this transfer, storing or processing.

If you use our services while you are outside the EU, your information may be transferred outside the EU to give you those services.

Data Protection

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

Data Retention

We will only hold your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

Your Legal Rights

You have the right to:

  • Request access to your personal data.
  • Request correction of your personal data.
  • Request erasure of your personal data.
  • Object to processing of your personal data.
  • Request restriction of processing your personal data.
  • Request transfer of your personal data.
  • Right to withdraw consent.

If you wish to exercise any of the rights set out above, please contact the General Manager. As a security measure we may need to contact you to request specific information to assist us confirm your identity and ensure your right to access your personal data.

Time limit to respond

We will try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.