GDK Optimus - Privacy Policy

Privacy Policy

1. Who We Are

GDK Optimus Audit Services Ltd (“we”, “us”, “our”) is a firm of Certified Public Accountants & Registered Auditors providing accounting, audit, tax and business advisory services. We are established in Cyprus and act as an independent data controller under the EU General Data Protection Regulation (“GDPR”).

2. Personal Data We Collect

We may collect and process the following types of personal data about you:
• Identity data (name, job title, company name);
• Contact data (email address, postal address, phone numbers);
• Financial information relevant to the services we provide;
• Identification documents for anti-money-laundering (AML) and know-your-customer (KYC) purposes;
• Communications with us (emails, meeting notes).

3. How We Collect Data

We collect personal data directly from you (e.g., when you engage us or communicate with us), from public sources, and from third parties such as tax authorities or regulators when necessary.

4. Purposes and Legal Basis

We process your personal data for the following purposes:
• To provide and manage our professional services;
• To comply with our legal and regulatory obligations (tax, AML, audit standards);
• To maintain our client records and billing;
• To send you updates or information you request.

Our legal bases for processing are: performance of a contract with you, compliance with legal obligations, and our legitimate interests in running our business. Where we rely on consent (e.g., marketing emails), you may withdraw it at any time.

5. Sharing Your Data

We will not sell or rent your personal data. We may share data only with:
• Our employees and professional advisers who need to know it;
• Tax or regulatory authorities when required by law;
• Third-party service providers (IT hosting, email services) under written contracts requiring them to safeguard your data.

6. International Transfers

We do not routinely transfer your personal data outside the EEA. If we ever do, we will ensure appropriate safeguards are in place.

7. Data Retention

We retain personal data for as long as necessary to fulfil the purposes for which it was collected, including any legal, accounting, or reporting requirements. Typically, client records and working papers are retained for seven years after the end of the engagement unless legal reasons require longer retention.

8. Your Rights

You have the right to:
• Access your personal data and obtain a copy;
• Rectify inaccurate data;
• Erase your data (where applicable);
• Restrict or object to processing;
• Data portability;
• Lodge a complaint with the Office of the Commissioner for Personal Data Protection (Cyprus).

To exercise these rights, please contact us (see below).

9. Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure or destruction.

10. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact:

George Droushiotis
GDK Optimus Audit Services Ltd
1, Anastasi Sioukri street, Themis Tower, Offices 601 & 603, 3105, Limassol, Cyprus
Tel: +357 25101040
Email: info@gdkoptimus.com

11. Updates

We may update this Privacy Policy from time to time. Any changes will be posted on our website and, where appropriate, notified to you by email.