Send a request
bg

Privacy Policy for MARILEX LTD

Introduction

MARILEX LTD ("Firm", "we", "our", "us"), a professional services firm registered in Cyprus (Registration No. HE 442090), is committed to respecting and protecting your privacy. This Privacy Policy outlines our practices for collecting, using, disclosing, and safeguarding personal data when you visit our website, engage with our legal services, or contact us. By using our services or accessing our website, you agree to the terms of this Privacy Policy. 

About This Privacy Policy

This Privacy Policy explains what personal data is, why we need it, how we process it, and the rights you have under applicable data protection laws. Personal data refers to any information that can identify you, either directly (e.g., name, email) or indirectly (e.g., IP address, device ID). As a legal services firm, MARILEX LTD is committed to handling your personal data responsibly and in compliance with the General Data Protection Regulation (GDPR) and Cyprus national data protection laws ("Data Protection Laws"). The purpose of this document is to provide transparency about our data practices and to help you understand how your information is collected, used, disclosed, and protected.

Scope and Applicability 

This Privacy Policy applies to:

  • Individuals who use our website (www.marilex.ltd), including visitors, job applicants, and subscribers.
  • Current and prospective clients, contractors, and third parties with whom we communicate as part of legal services.
  • Any personal data processed in the course of providing legal services, including data collected offline (e.g., paper intake forms) and online (e.g., website forms, email communications).

Purposes of Processing and Lawful Bases

We process personal data for the following purposes and rely on the corresponding lawful bases:

a) Legal Services and Client Management (Performance of a Contract / Legitimate Interests): 

- To deliver legal advice, representation, and other professional services under an engagement letter or retainer agreement. 

- To maintain client records, manage cases, perform conflict-of-interest checks, and bill for fees.

b) Compliance with Legal Obligations (Legal Obligation): 

- To comply with anti-money laundering (AML) and know-your-client (KYC) requirements, tax and accounting laws, court orders, and regulatory obligations.

c) Firm Administration and Risk Management (Legitimate Interests): 

- To administer our practice (e.g., staffing, accounting, IT infrastructure), manage risk, conduct internal audits, and ensure IT security.

d) Marketing and Business Development (Consent / Legitimate Interests): 

- To send legal newsletters, event invitations, and informational materials about our services, provided you have opted in or where we have a legitimate interest and you have not objected.

e) Website Operation and Analytics (Legitimate Interests): 

- To operate and maintain our website, analyze usage patterns, detect and prevent fraud or security incidents, and improve user experience.

Categories of Personal Data Collected

Depending on your interaction, we may collect some or all of the following categories of personal data:

a) Identity Data: Full name, date of birth, nationality, national ID or passport number, professional credentials. 

b) Contact Data: Email address, postal address, telephone and mobile numbers. 

c) Case Data: Information and documentation related to legal matters, such as contracts, agreements, court filings, witness statements, and evidence, whether received electronically or in hard copy. 

d) Financial and Billing Data: Billing address, bank account or payment card details, tax identification numbers, invoicing and payment history. 

e) Special Categories of Personal Data: Where necessary for legal representation and with explicit consent or other lawful basis, sensitive data such as criminal records, health information, and other special categories (e.g., racial or ethnic origin, religious beliefs). 

F) Technical and Usage Data: IP address, browser type and version, operating system, geolocation data, device identifiers, and browsing behavior on our website (e.g., pages visited, links clicked, session duration), collected through cookies and analytics tools. 

g) Marketing and Communication Preferences: Information about your preferences for receiving communication from us, including newsletters, seminars, and events, and preferred communication channels. 

h) Social Media Data: Profile details and contact information obtained when you interact with us on social media platforms, such as LinkedIn.

Sources of Personal Data 

We obtain personal data from various sources:

You: Directly when you provide information via intake forms, online contact forms, email, phone, or postal mail.
Third Parties: Co-counsel, opposing counsel, courts, public registries, regulatory bodies, and other professional advisors involved in your legal matters.
Automated Technologies: Our website and IT systems using cookies, web beacons, server logs, and analytics tools (e.g., Google Analytics) to collect technical and usage data.
Publicly Available Sources: Publicly accessible registries, corporate filings, and other public databases.

Use of Cookies and Similar Tracking Technologies 

We use cookies and similar tracking technologies as described in our Cookies Policy to:

Ensure the proper functioning of our website.
Analyze website performance and user behavior to improve site functionality and content.
Deliver personalized content and targeted advertisements where permitted.
Enhance website security and detect fraudulent activity.
For more information, please refer to our separate Cookies Policy, which explains the types of cookies we use, their purposes, and your control options.

Disclosure of Personal Data 

We may share personal data with the following categories of recipients, subject to confidentiality and data protection safeguards:

a) Co-Counsel, Opposing Counsel, and Expert Witnesses: Legal professionals and experts engaged in your case where necessary to provide legal services. 

b) Courts, Tribunals, and Government Authorities: When required by law, regulation, or court order, or to protect our legal interests or pursue legal claims. 

c) Service Providers and Vendors: Third-party processors such as IT support, cloud hosting providers, data storage, document management, translation services, couriers, and payment processors that support our operations. All such providers are bound by contracts requiring compliance with Data Protection Laws. 

d) Professional Advisors: External accountants, auditors, banks, insurance brokers, and tax advisors engaged to support billing, compliance, or risk management. 

e) Regulatory and Law Enforcement Agencies: In connection with AML/KYC checks, tax inquiries, or law enforcement investigations. 

f) Acquirers in Corporate Transactions: In the event of a merger, acquisition, reorganization, or sale of our business or assets, personal data may be transferred to the acquiring entity under confidentiality and data protection obligations.

International Data Transfers 

Your personal data may be transferred to, and processed by, recipients located outside the European Economic Area (EEA). When transferring data internationally, we implement appropriate safeguards, such as:

Standard Contractual Clauses (SCCs) approved by the European Commission.
Binding Corporate Rules (BCRs) for intra-group transfers, where applicable.
Data Transfer Impact Assessments and supplementary measures if required by Data Protection Laws.

Data Retention 

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected and to comply with legal, regulatory, or professional obligations, including:

Client Files: Retained for a minimum of 10 years from the date of case closure, in accordance with Cypriot legal professional retention requirements.
Billing and Financial Records: Retained for at least 7 years for tax and audit purposes.
Marketing and Communication Data: Retained until you withdraw consent or unsubscribe; thereafter, data is archived for 3 years to prevent re-subscription without consent.
Website and IT Logs: Retained for up to 24 months for security, fraud prevention, and analytics, after which they are deleted or anonymized.
At the end of the retention period, personal data is securely destroyed or irreversibly anonymized.

Security Measures 

We implement robust technical and organizational measures to protect personal data from unauthorized access, disclosure, alteration, or destruction, including:

  • Encryption and Secure Transmission: Use of SSL/TLS encryption for data in transit and encryption at rest where feasible.
  • Access Controls: Role-based access restrictions, strong password policies, and multi-factor authentication for systems storing personal data.
  • Secure Document Storage: Physical documents stored in locked cabinets; digital documents stored on secure servers with encrypted backups.
  • Data Minimization: Collecting only the minimum necessary personal data for each processing purpose and anonymizing data where possible.
  • Staff Training and Confidentiality: Regular training on Data Protection Laws, GDPR compliance, and professional secrecy obligations; confidentiality undertakings from all employees and contractors.
  • Incident Response Plan: Established procedures to detect, contain, and remediate data breaches, including notification to affected individuals and supervisory authorities as required by law.

Your Rights Under Data Protection Laws 

Under GDPR and applicable Data Protection Laws, you have the following rights concerning your personal data:

  • Right of Access: Request confirmation of whether we process your personal data and, if so, obtain a copy of that data and related processing information.
  • Right to Rectification: Request correction of inaccurate or incomplete personal data.
  • Right to Erasure (Right to be Forgotten): Request deletion of personal data when processing is no longer necessary, consent is withdrawn, or processing is unlawful, subject to professional retention obligations.
  • Right to Restrict Processing: Request restriction of processing where accuracy is contested, processing is unlawful, or data is required for legal claims.
  • Right to Data Portability: Request a copy of personal data in a structured, machine-readable format for transfer to another controller, where processing is based on consent or contract.
  • Right to Object: Object to processing based on legitimate interests or direct marketing; processing will cease unless we demonstrate compelling legitimate grounds.
  • Right to Withdraw Consent: Withdraw any consent given for processing with future effect.
  • Right to Lodge a Complaint: Lodge a complaint with the supervisory authority if you believe our processing violates Data Protection Laws. In Cyprus: Office of the Commissioner for Personal Data Protection Address: Kimonos Street 1, 1051 Nicosia, Cyprus Website: https://www.dataprotection.gov.cy
    To exercise your rights, please contact our Data Protection Officer at info@marilex.ltd. We may request proof of identity to verify your request.

Confidentiality and Professional Secrecy 

As a legal services firm, we are bound by professional secrecy and confidentiality obligations. We will not disclose your personal data to any third party without your informed consent, unless required by law, regulation, or court order, or necessary to provide legal services.

Children’s Data

Our website and services are not intended for individuals under 16 years of age. We do not knowingly collect personal data from children under 16. If you believe personal data of a child under 16 has been collected, please contact us immediately, and we will remove the data without undue delay.

Third-Party Websites and Links 

Our website may contain links to third-party websites not operated by us. We have no control over the content, privacy policies, or practices of third-party sites. We encourage you to review the privacy policy of each site you visit.

Updates to This Privacy Policy 

We may update this Privacy Policy to reflect changes in legal requirements, business practices, or technology. We will notify clients of material changes and post the updated policy on our website with a revised "Last Updated" date. Please review this policy periodically for any updates.

Contact Us

In the event that you have any questions about this Privacy Statement or you want to exercise any of your rights regarding your Personal Information please contact us at info@marilex.ltd

Last Updated: June 4, 2025

 

Send a request
Next