Policy Statement


This Privacy statement describes when and what personal data we gather about you, how we use such personal data, and who we give such personal data to. We may use personal data provided to us for any of the purposes described in this privacy statement or as otherwise stated at the point of collection. It also sets out your rights in relation to your personal data and who you can contact for more information or queries.


LOUCAS & LOUCAS AUDITORS LTD (the Cyprus firm), the limited liability company registered in the Republic of Cyprus under registration no. 302296 and with its registered address at 12 Demostheni Severi, 6th floor, Office 602, 1080 Nicosia, Cyprus (“LOUCAS & LOUCAS AUDITORS LTD”, “us”, “our” or “we”) is strongly committed to protecting personal data, and this privacy statement details our approach on such issues.

Personal data includes any information relating to an identified or identifiable living person. LOUCAS & LOUCAS AUDITORS LTD processes personal data for numerous purposes, and the means of collection, lawful basis of processing, use, disclosure, and retention periods for each purpose may differ. Please refer to the various provisions of this privacy statement for specific information on particular processing activities.

Our role as Data Controller

LOUCAS & LOUCAS AUDITORS LTD is the data controller of any personal data collected by you. This means that LOUCAS & LOUCAS AUDITORS LTD is responsible for deciding how we hold and use personal information about you. We will process such data in accordance with the provisions of applicable Data Protection law. If you have any question regarding this privacy statement or how and why we process your data, please contact us at:

Data Protection Officer


12 Demostheni Severi, 3rd floor, Office 302, 1080 Nicosia, Cyprus

Email: info@mloucas.com

Phone: +35722875808

Collection of personal data

When collecting and using personal data, our policy is to be transparent about why and how we process personal data. To find out more about our specific processing activities, please refer to the relevant sections of this statement.


We have implemented generally accepted standards of technology and operational security in order to protect personally identifiable data and information from loss, misuse, alteration or destruction. In particular, we ensure that all appropriate confidentiality obligations and technical and organisational security measures are in place to prevent any unauthorised or unlawful disclosure or processing of such information and data and the accidental loss or destruction of or damage to such information and data.

Transfer to third parties

We do not share personal data with unaffiliated third parties except as necessary for our legitimate professional and business needs, for the purpose of executing your instructions or requests and/or as required or permitted by applicable legislation, professional standards or any applicable agreement between us. When we share data with others, we may, whenever required, put contractual arrangements in place to protect the data and to comply with our data protection, confidentiality and security standards.

In common with other professional service providers, we use third parties located in other countries to help us run our business. As a result, personal data may be transferred outside the countries where we and our clients are located. This includes to countries outside the European Union (“EU”) and to countries that do not have laws that provide specific protection for personal data. We have taken steps to ensure all personal data is provided with adequate protection and that all transfers of personal data outside the EU are done lawfully. Where we transfer personal data outside of the EU to a country not determined by the European Commission as providing an adequate level of protection for personal data, the transfers will be under an agreement which covers the EU requirements for the transfer of personal data outside the EU, such as the European Commission approved standard contractual clauses.

Personal data held by us may be transferred to the following categories of persons:

Third party organisations

We use third party organisations to support us in providing services and process data on LOUCAS & LOUCAS AUDITORS LTD behalf, including providers of information technology, cloud based software as a service provider, identity management, website hosting and management, data analysis, data back-up, security and storage services. The servers powering and facilitating that cloud infrastructure are located in secure data centres around the world, and personal data may be stored in any one of them.

We also use third party organisations to physically store files for us and our clients. The organisations keep basic information as to the clients for referencing location and traceability purposes of the files.

Law enforcement, governmental or regulatory authorities or to other third parties as required by, and in accordance with, applicable law or regulation

We may also disclose personal data to respond to requests of the courts, governmental authorities or where it is necessary or prudent for compliance with applicable legislation, for criminal investigations or security purposes, for establishing, exercising or defending legal rights.

Individual’s rights and how to exercise them

Individuals have certain rights over their personal data and data controllers are responsible for fulfilling these rights. Where we decide how and why personal data is processed, we are a data controller and include further information about the rights that individuals have and how to exercise them below.

Access to personal data

It is important that the personal data we hold about you is accurate and current. Should your personal information change, please notify us of any changes of which we need to be made aware by contacting us, using the contact details below.

Your rights in connection with personal data

Under certain circumstances, by law you have the right to:

  • Request access to your personal data. This enables you to receive details of the personal data we hold about you and to check that we are processing it lawfully.
  • Request correction of the personal data that we hold about you.
  • Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
  • Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this basis. You also have the right to object where we are processing your personal information for direct marketing purposes.
  • Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your personal data to you or another data controller if the processing is based on consent, carried out by automated means and this is technically feasible.

If you want to exercise any of the above rights, please email our data protection point of contact info@mloucas.com

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

Amendment of personal data

When we keep personal data submitted to us, we do not assume responsibility for verifying the ongoing accuracy of the content of personal information. When practically possible, if LOUCAS & LOUCAS AUDITORS LTD is informed that any personal data processed by us is no longer accurate, we will make any appropriate corrections based on your updated information. If you would like to update any personal data you have submitted through this site, please do so via the original registration page or please email us at info@mloucas.com.

Unsubscribe/Withdrawal of consent

Where we process personal data based on consent, individuals have a right to withdraw consent at any time. We do not generally process personal data based on consent (as we can usually rely on another legal basis). Should visitors subsequently choose to unsubscribe from mailing lists or any registrations, we will provide instructions, on the appropriate webpage or in communications to our visitors, or a visitor may contact by email to info@mloucas.com.


We understand the importance of protecting children’s privacy, especially in an online environment. The websites covered by this Privacy statement are not intentionally designed for or directed at children, and all users should be above the age of majority in their local country. We adhere to laws regarding marketing to children. We will not knowingly collect or maintain personal information about individuals under the age of 14, except as part of an engagement to provide professional services and only following the express consent of their legal guardian or parent.


If you have any questions or complaints about this Privacy Statement or the way we process your personal data or would like to exercise one of your rights set out above please send an email with the details of your complaint to info@mloucas.com.

You also have a right to lodge a complaint with the Data Protection Commissioner (the Cyprus data protection regulator). For further information on your rights and how to complain to the Data Protection Commissioner

please visit the page: http://www.dataprotection.gov.cy/dataprotection/dataprotection.nsf/page1i_gr/page1i_gr?opendocument 


Our processing activities:

Collection of personal data

We obtain personal data about you, for example:

  • when you request a proposal from us in respect of the services we provide;
  • when you, your employer, organisations with whom you have dealings (including but not limited to banks and other professional service providers), or our clients engage us to provide our services;
  • when you contact us by email, telephone, post or social media (for example when you have a query about our services); or
  • when you submit an application for employment through our website or email or other communication;
  • from third parties and/or publicly available resources (for example, from representatives of our clients, your employer or from the Registrar of Companies).

Information we hold about you:

The information we hold about you may include the following:

  • your personal details (such as your name, address, telephone, email etc);
  • information we are legally required to collect for compliance purposes, such as ‘know your client’ information (such as your ID number and/or passport number, CV, reference letters, economic profile, tax returns, income, expenses, assets and liabilities)
  • details of contact we have had with you in relation to the provision, or the proposed provision, of our services;
  • details of bank accounts;
  • details of any services you have received from us;
  • our correspondence and communications with you;
  • information about any complaints and enquiries you make to us;
  • details provided as part of an application for employment;
  • information from research, surveys, and marketing activities obtained in compliance with the GDPR;
  • Information we receive from other sources, such as publicly available information, information provided by your employer, organisations with whom you have dealings, our clients or information from our member network firms.

Use of personal data

We may process your personal data for the purposes of responding to requests for services and/or other enquiries including in relation to performance of our contract with you (for example, in relation to accounting, audit, consultancy and/or administration services we may provide), your employer, organisations with whom you have dealings or to comply with our legal obligations.

We may process your personal data for the purpose of performing our contract with our clients. This may include processing your personal data where you are an employee, subcontractor, supplier or customer of our client.

We may process your personal data for the purpose of compliance with regulations, professional rules and laws applicable to us (such as Anti Money Laundering Laws and Tax Laws) that we are subject to.

We may also process your personal data to comply with court orders, orders from any regulatory body to which we are subject and/or to defend our legal rights.

We may process your personal data for the purposes of our own legitimate interests provided that those interests do not override any of your own interests, rights and freedoms which require the protection of personal data. This includes processing for marketing, business development, statistical and management purposes always in accordance with the GDPR.

We may process your personal data for certain additional purposes with your consent, and in these limited circumstances where your consent is required for the processing of your personal data then you have the right to withdraw your consent to processing for such specific purposes.

Please note that we may process your personal data for more than one lawful basis depending on the specific purpose for which we are using your data.

Data retention

The personal data you submit to us will only be retained for as long as is required for the purposes for which it was collected and as required by applicable law, our internal policies, our contractual relationship with you (if applicable) and the legitimate interests of the parties as more specifically stated in the specific processing activities.

We will only retain your personal data for as long as is necessary to fulfil the purposes for which it is collected.

  • When assessing what retention period is appropriate for your personal data, we take into consideration:
  • the requirements of our business and the services provided;
  • any statutory, regulatory or legal obligations;
  • the purposes for which we originally collected the personal data;
  • the lawful grounds on which we based our processing;
  • the types of personal data we have collected;
  • the amount and categories of your personal data; and
  • whether the purpose of the processing could reasonably be fulfilled by other means.


Cookies are small text files placed on your computer by websites you visit. They are widely used to make websites work more efficiently for visitors, and to provide information to the owners of the site. Some of the cookies we use are essential in order for parts of the website to operate. In the table below, we have given a description and purpose for each cookie we use.

How do we use cookies on the website?

We use cookies on the website for our own internal purposes, to track how users navigate through the website. This helps us to evaluate and improve the website and our online services.

We use information derived from cookies in order to:

Compile statistics on how our website is being used, which can help us to improve our website and online services

  • Facilitate users’ ability to navigate through the website
  • Ascertain whether the website is operating effectively
  • Personalize and improve the service we offer you by understanding your preferences and establishing which areas of the website are most relevant to you
  • We also use cookie technology with our online registration forms to ensure we maintain your confidentiality and security as you move through secure or password protected areas of the our websites

Use of Cookies

Circumstances may arise when we may need to gather information about your computer to help provide appropriate services to you. Please note that no identifying information will be shared about our visitors and how they made use of our site. Any computer has the option to decline cookies. Your web browser options include an “enable” button to decline cookies. It is imperative that you understand by declining cookies you may be limiting your access to sections of our website.

Third Party Cookies

We use Google Analytics to better understand how people are using our website. It is also used by Google to better understand the performance of its own websites. What information are they tracking? The Google Analytics cookie enables our website to recognize you if you visit again – as well as information about the pages you visit; when you visit; how long you visit our website; the IP address and what site you were looking at before arriving at our site (the referring url).