1. Introduction

Aqualis Ltd ("Aqualis", "we", "us" or "our") is a firm of chartered accountants and tax advisers registered in Cyprus. We are committed to protecting the privacy and security of the personal data we collect from visitors to our website, clients and prospective clients.

This Privacy Policy explains what personal data we collect, how we use it, how long we keep it, who we share it with and what rights you have in relation to your data. It applies to all personal data processed through our website (www.aqualis.com.cy) and in connection with our professional services.

Aqualis is the data controller for the purposes of the General Data Protection Regulation (EU) 2016/679 ("GDPR") and the Cyprus Processing of Personal Data (Protection of the Individual) Law of 2001, as amended.

2. Personal Data We Collect

We may collect and process the following categories of personal data:

Information you provide to us directly:

• Full name, email address, telephone number and company name when you complete our contact or consultation form

• Information contained in correspondence you send to us by email, telephone or other means

• Financial and tax-related information provided in connection with our professional services

• Identification documents provided for client onboarding and anti-money laundering verification

Information collected automatically:

• IP address, browser type, operating system and device information

• Pages visited, time spent on pages and referral source

• Cookies and similar tracking technologies (see Section 7 below)

3. How We Use Your Personal Data

We process your personal data for the following purposes and on the following legal bases:

• To respond to your enquiries and provide our services — processing is necessary for the performance of a contract or to take steps at your request prior to entering into a contract

• To comply with legal and regulatory obligations — including anti-money laundering requirements, tax reporting obligations and professional regulatory standards

• To send you relevant updates about our services, regulatory changes or events — based on your consent, which you may withdraw at any time

• To improve our website and services — based on our legitimate interest in understanding how visitors use our website and improving user experience

• To protect our legal rights — based on our legitimate interest in establishing, exercising or defending legal claims

4. Who We Share Your Data With

We do not sell, rent or trade your personal data to third parties for marketing purposes. We may share your personal data with the following categories of recipients where necessary:

• Cyprus government authorities and regulatory bodies (Tax Department, Social Insurance Services, Registrar of Companies, Civil Registry and Migration Department) as required for the provision of our services

• Professional advisers in other jurisdictions where we coordinate cross-border matters on your behalf, and only with your knowledge

• Banks and financial institutions in connection with account opening or transaction processing

• IT service providers who support our infrastructure, subject to appropriate data processing agreements

• Auditors and professional bodies as required by law or professional regulation

All third parties with whom we share data are required to respect the security of your personal data and to treat it in accordance with applicable law.

5. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy any legal, regulatory, accounting or reporting requirements.

As a general guide:

• Client engagement records and working papers are retained for a minimum of six years after the end of the engagement, or longer if required by law

• Anti-money laundering records are retained for five years after the end of the business relationship

• Website enquiry form submissions are retained for 12 months unless you become a client

• Marketing consent records are retained until you withdraw your consent

6. Your Rights Under GDPR

Under the General Data Protection Regulation, you have the following rights in relation to your personal data:

• Right of access — you have the right to request a copy of the personal data we hold about you

• Right to rectification — you have the right to request correction of inaccurate or incomplete personal data

• Right to erasure — you have the right to request deletion of your personal data where there is no compelling reason for its continued processing

• Right to restrict processing — you have the right to request that we limit the processing of your personal data in certain circumstances

• Right to data portability — you have the right to receive your personal data in a structured, commonly used and machine-readable format

• Right to object — you have the right to object to the processing of your personal data where we are relying on a legitimate interest

• Right to withdraw consent — where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one month.

7. Cookies

Our website uses cookies and similar technologies to improve your browsing experience, analyse website traffic and understand where our visitors come from.

We use the following types of cookies:

• Strictly necessary cookies — required for the website to function properly, such as remembering your preferences

• Analytics cookies — help us understand how visitors interact with the website by collecting information anonymously

You can control and manage cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of the website.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, loss or destruction. These measures include:

• Encryption of data in transit and at rest

• Access controls limiting data access to authorised personnel only

• Regular security reviews and updates

• Staff training on data protection and confidentiality

• Secure disposal of records that are no longer required

While we take all reasonable steps to protect your data, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security.

9. International Data Transfers

Your personal data is primarily processed and stored within the European Economic Area (EEA). Where we need to transfer data outside the EEA — for example, when coordinating with advisers in non-EU jurisdictions on your behalf — we ensure that appropriate safeguards are in place, such as standard contractual clauses approved by the European Commission or an adequacy decision.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.

11. Complaints

If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the Commissioner for Personal Data Protection in Cyprus:

Office of the Commissioner for Personal Data Protection
1 Iasonos Street, 1082 Nicosia, Cyprus
Website: www.dataprotection.gov.cy

12. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:

Aqualis Ltd
51C Stadiou Street, 2058, Nicosia, Cyprus
Phone: +357 22515030
Email: [email protected]