Privacy Policy

This version was last updated on: 3rd July 2024



TOTALSERVE TRUSTEES LIMITED, (collectively referred to as “Totalserve Trustees, “we”, “us” or “our” in this privacy policy) respects your privacy and is committed to protecting your personal data. The personal data that we collect depends on the service requested and agreed in each case. This privacy policy explains as to how we collect and process your personal data and informs you about your privacy rights under the Processing of Personal Data (Protection of individuals) Law 125 (I)/2018) as amended from time to time and the EU General Data Protection Regulation (“GDPR”) 2016/679.

  • This Privacy Policy is directed to natural persons who are either current or potential clients of Totalserve Trustees, or are authorised representatives/agents or beneficial owners of legal entities of natural persons.
  • It is also directed to natural persons who had such a contractual or other legal relationship with Totalserve Trustees in the past.
  • It also contains information about sharing your personal data with other members of Totalserve Trustees and other third parties, such us other service providers or suppliers.
  • This Privacy Policy aims to provide you with information on how we collect and process your personal data through your use of this website, including any data you may provide through this website when signing up to our newsletter and/or during our contractual relationship.

It is important that you read this privacy policy together with any other privacy policy or fair processing notice we may provide on specific occasions when we are collecting or processing your personal data so that you are fully aware of how and why your data is being used. This privacy policy supplements the other policies and it is not intended to override them.



TOTALSERVE TRUSTEES LIMITED, incorporated and registered in Cyprus under Registration No. HE 36457 whose registered office is at 17 Gr. Xenopoulou Street, Limassol, 3106 Cyprus.

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to privacy issues. If you have, any questions about this privacy policy, including any requests to exercise your legal rights, please contact the DPO using the details set out below:


Name: Xenia Kasapi

Email address:

Postal address: 17 Gr. Xenopoulou Street, 3106 Limassol, Cyprus



It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.



Personal data, or personal information, means any information about an individual from which that person can be identified.

If you are a prospective client, or a non-client counterparty in a transaction of a client or an authorised representative/agent or beneficial owner of a legal entity or of a natural person which/who is a prospective client, the relevant personal data which we collect may include:

Identity Data such as first name, maiden name, last name, username or similar identifier, marital status, title, date of birth (city and country) and gender. Contact Data such as residential or business address, email address and telephone numbers. Marketing and Communications Data like your preferences in receiving marketing from us. Additionally we may collect banking details, marital status, employed/self-employed, if you hold/held a prominent public function (for PEPs), FATCA/CRS info, authentication data (e.g. signature), IP addresses, financial account information such as bank details, insurance information, family member information, nationality, credit reference agency data, residence or work permit in case of non-EU nationals, own and/or third party security (e.g. if an existing personal guarantor), employment position, educational background, employment history. We may also obtain personal data arising from the performance of our contractual obligations and/or compliance with regulatory laws, tax information (e.g. defence tax, tax residency, tax identification number), financial info (as expected annual credit/debit turnover, nature of transactions, source of income, source of assets).



We understand the importance of protecting children’s privacy. We may collect personal data in relation to children, only provided that we have first obtained their parents’ or legal guardian’s consent or unless otherwise permitted under the law.



Where we need to collect personal data by law, or under the terms of a contract we have with you and/or any other legal purpose and you fail to provide information when requested, we may not be able to perform our contractual obligations we have or are about to enter into with you (for example, to provide you with our services). In this case, we may have to abort all contractual obligations with yourself but we will notify you if this is the case at the time.



For us to enter into a contractual relationship with you, you must provide your personal data to us, which is necessary for the required commencement and execution of our contractual obligations. We are furthermore obligated to collect such personal data given the provisions of the money laundering law, which require that we verify your identity before we enter into a contract or a business relationship with you or the legal entity for which you are the authorised representative/agent or beneficial owner.

Please note that if you do not provide us with the required data, then we will not be allowed to commence or continue our contractual relationship to you as an individual or as the authorised representative/agent or beneficial owner of a legal entity.



We collect and process different types of personal data, which we receive from our clients (potential and current) in person or via their representative in the context of the contractual relationship.



Personal data may be processed in compliance to the obligations imposed on us to obtain information about clients as well as individuals related with clients and client company/ies/trust structures. The purpose of that is to combat money laundering/terrorist financing and to comply with tax reporting requirements, including those concerned with US Foreign Account Tax Compliance Act (FATCA), the Common Reporting Standard (CRS) and/or other applicable European and/or Cyprus Legislation. In holding and processing your personal information, we also comply with legislation of the Processing of Personal Data (Protection of Individuals) Law 138 (I)/2001) as amended from time to time.

Most commonly, we will use your personal data in accordance with the GDPR and the local data protection law for one or more of the following reasons:

  1. Where we need to perform the contract we are about to enter into or have entered into with you.
  2. Where it is necessary that our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; we process personal data so as to safeguard the legitimate interests pursued by us or by a third party. A legitimate interest is when we have a business or commercial reason to use your information. Examples of such processing activities include, initiating legal claims and preparing our defence in litigation procedures and/or measures to manage business and for further developing services, sharing your personal data within Totalserve Trustees for the purpose of updating/verifying your personal data in accordance with the relevant anti-money laundering compliance framework and/or for the performance of the services.
  3. Where we need to comply with a legal or regulatory obligation; there are a number of legal obligations emanating from the relevant laws to which we are subject as well as statutory requirements, e.g. the Cyprus Banking Law, the Money Laundering Law, the Cyprus Investment Services Law, Tax Laws. There are also various supervisory authorities whose laws and regulations we are subject to such as the Cyprus Bar Association. Such obligations and requirements are imposed on us for personal data processing activities for identity verification, compliance with court orders, tax law or other reporting obligations and anti-money laundering controls. To comply with applicable AML/CFT measures by assessing the risks involved, we need to carry out checks in order to prevent money laundering, fraud and to combat international terrorism.
  4. Promoting the best interest of the client.
  5. Where disclosure is necessary for the relevant tax authorities, auditors and/or reporting accountants, to perform their respective services.
  6. You have provided your consent; Provided that you have given us your specific consent for processing (other than for the reasons set out above) then the lawfulness of such processing is based on that consent. You have the right to revoke consent at any time. However, any processing of personal data prior to the receipt of your revocation will not be affected.



We will only use your personal data for the purposes for which we have collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at:

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis, which allows us to do so.



We may process your personal data to inform you about our services and newsletters that may be of interest to you or your business.

You may “opt out” of receiving such email updates, newsletters and/or other emails by clicking the “unsubscribe” link in any email communication that we send you. You will then be removed from our mailing list. You have also the right to object at any time to the processing of your personal data for marketing purposes, by contacting us at any time in writing.



This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.



Our website uses small files known as cookies to make it work better in order to improve services we offer you, to improve marketing and provide site functionality.

A cookie is a small, unique text file that a website can send to your computer when you visit a site. The website may automatically collect information as you browse, such as your internet service provider, browser type and version, operating system and device type, pages viewed, information accessed, the Internet Protocol (IP) address used to connect your computer to the internet and other relevant statistics. It also collects demographic information (country – city).

If you do not want us to deploy cookies to your browser, you can set your browser to reject cookies or to notify you when a website tries to put a cookie on your computer. Rejecting cookies may affect your ability to use our web site.



In the course of the performance of our contractual and statutory obligations, your personal data may be provided to different departments within Totalserve Trustees and/or third party/ies providing service/s to and/or acting as agents of Totalserve Trustees  for the purposes and/or in the context of the provision of our services. Consequently, other service providers and suppliers may also receive your personal data so that we may perform our services and/or legal obligations. Such service providers and suppliers enter into contractual agreements with us by which they observe confidentiality and data protection according to the data protection law and GDPR.

It must be noted that we may disclose data about you for any of the reasons set out hereinabove, or if we are legally required to do so, or if we are authorised under our contractual and statutory obligations or if you have given your consent. We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We strictly prohibit our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. We only provide the necessary information they need to perform their specific services.

Under the circumstances referred to above, recipients of personal data may be, for example: income tax authorities, criminal prosecution authorities, the Cyprus Bar Association, auditors and accountants, legal consultants and external legal consultants, service providers, suppliers, share and stock investment and management companies, agents, business partners, valuers and surveyors, financial and business advisors, file storage companies, archiving and/or records management companies, cloud storage companies, delivery couriers, IT companies who support our website and other business systems and so on.



Your personal data may be transferred to third countries; countries outside of the European Economic Area (EEA) in such cases as e.g. to execute our services or if this data transfer is required by law. We ensure that your personal data shall be protected by requiring all our group companies to follow the same rules when processing your personal data; namely, the “binding corporate rules”. For further details, protection is provided by ensuring at least one of the following safeguards is implemented:

  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.
  • Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
  • In case that we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield.



Appropriate security measures have been put in place, in order to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to employees, agents, contractors and other third parties. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

Procedures have been put in place, to deal with any suspected personal data breach and we shall notify you and any applicable regulator of a breach where we are legally required to do so.



We will only retain your personal data for as long as necessary, to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements, unless a longer retention period is required or permitted by law.

The criteria used to determine our retention periods include:

  1. The length of time we have an ongoing relationship with you and provide the services to you (for example, for as long as you keep using our services).
  2. Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them).
  3. Whether retention is advisable considering our legal position (such as, litigation or regulatory investigations).

You have the right to delete your data; to request erasure. This enables you to instruct us to erase your personal data (known as the ‘right to be forgotten’) where its process is of no further use or interest.



You have the following rights in terms of your personal data we hold about you:

  • Request access to your personal data: You may request a confirmation as to whether or not personal information is being processed by us and to obtain a copy of that information.
  • Request correction of your personal data: You may request rectification if your personal information is inaccurate.
  • Request erasure of your personal data: You may request that your personal information is erased in certain situations.
  • Object to processing of your personal data: You may object to the processing of your personal data in certain situations e.g. for use of your data for ad targeting.
  • Request restriction of processing your personal data: You may request restrictions of the processing of your personal data in certain situations e.g. if your personal information is inaccurate or unlawfully processed.
  • Request transfer of your personal data: You may request to obtain and reuse your personal data for your own purposes across different services.
  • Right to withdraw consent that you gave us with regard to the processing of your personal data at any time. Note that any withdrawal of consent shall not affect the lawfulness of processing based on consent before it was withdrawn or revoked by you.

If you wish to exercise any of the rights set out above, please contact our Data Protection Officer at:



You have the right to make a complaint at any time to Office of the Commissioner for Personal Data (the “Commissioner”), the Cyprus supervisory authority for data protection issues ( We would, however, appreciate the chance to deal with your concerns before you approach the Commissioner so please contact us in the first instance.

We would, however, appreciate the chance to address your queries, so you may contact us at



This version was last updated on 03/07/2024. This Privacy Policy may be amended from time to time. We do however encourage you to review this statement periodically so as to be always informed about how we are processing and protecting your personal information.