Privacy Policy

This Data Protection Privacy Policy shall be effective as and from the 1st March 2020.

This Privacy Policy constitutes the guide according to which G&P manages personal data and outlines the approach of G&P under the General Data Protection Regulation 2018 (GDPR). In this guide it is explained how G&P collects personal information about the Users, how G&P uses it and how the Users can interact with G&P about it.


  1. 1.1.Applicable Law shall mean the laws and regulations of the Republic of Cyprus and the GDPR.
  2. 1.2.BTM shall mean BTM Travel Logistics Management Lab Ltd.
  3. 1.3.Business Day shall mean a day other than Saturday, Sunday or a public holiday, when Banks in Cyprus are open for business.
  4. 1.4.Calendar Month shall mean 30 (thirty) consecutive calendar days.
  5. 1.5.Cyprus shall mean the Republic of Cyprus.
  6. 1.6.Data shall mean the User’s or any Third Party’s name, ID number and details, Passport number and details, date of birth, Inland Revenue Number or any foreign equivalent, phone numbers, telefax numbers, email address, IP address, online user identifiers, cookie identifiers, CCTV images, bank account details, debit and credit card details and include and Sensitive Data.
  7. 1.7.G&P shall mean G&P LAZAROU ESTATE AGENTS LTD.
  8. 1.8.GDPR shall mean the General Protection Regulation 2018.
  9. 1.9.Guide shall mean this Data Protection Privacy Policy.
  10. 1.10.Property shall mean the property under sale by electronic online auction.
  11. 1.11.Sensitive Data shall mean sensitive personal information about a User such as political, social, religious or ethical beliefs or affiliations, colour, race, ethnic or national origins, and sexual preferences or practices.
  12. 1.12.Third Party shall mean any person, individual or corporate, except G&P, BTM, the Vendor and the User.
  13. 1.13.User or Users shall mean each one user separately and all the users collectively of the Website.
  14. 1.14.Vendor or Vendors shall mean the vendor of the Property.
  15. 1.15.Website shall mean and all subdomains.


There are a number of reasons why G&P collects information, such as to know how to contact the User, to be certain of User’s identity and to understand User’s circumstances so that G& P can offer User the best possible customer experience.

The type of information that G&P may collect from Users includes:

  • User’s identity & contact name, copies of ID (which may include the date of birth), I.R. number (or foreign equivalent), online user identifiers (such as login details), IP addresses, cookie identifiers, email addresses and contact phone numbers.
  • Bank account details, credit/debit card details, authorized signatory details, information relating to power of attorney arrangements.
  • Information User provides to G&P about others or others provides to G&P about User. An example relates to information concerning bidder and purchaser details for a property when somebody is registering to bid at an auction. Before User discloses information to G&P about another person, he/she needs to be sure that he/she has their agreement to do so.
  • Sensitive categories of Data – G&P may hold information about User which includes sensitive Data. G&P only holds this Data when it needs to for purposes of the service it provides to Users or where G&P has a legal obligation to do so. G&P is required to process sensitive Data when it seeks his/her ID or passport in order to comply with its anti-money laundering obligations.
  • The information which the User has consented to G&P using such as allowing G&P to contact and send the User property related communications on a periodic basis. G&P also collects information about User’s internet activity using the technology known as cookies which can often be controlled through internet browsers. A cookie is a little piece of text that G&P’s server places on User’s device when he/she visits the Website. A cookie helps G&P to make the Website work better for the Users.
  • G&P uses technologies to automatically collect information about User’s internet browser settings or Internet Protocol (IP) address, login information, location-based data and google analytics to improve its Website offering to Users and to enhance User’s online visit to G&P.
  • G&P may also collect CCTV images at its office locations (but only for security reasons and to help prevent fraud or crime). G&P will also hold information on data access, correction, restriction, deletion, porting and complaints relating to the Users.


G&P collects information about Users in a number of ways, included but not limited to:

  • When User sets up an online account with G&P.
  • When User registers with G&P to participate in an auction.
  • When User makes a request to be added to G&P’s marketing database.
  • When User uses G&P’s Website.
  • When User or others give G&P information verbally or in writing. This information may be by way of registration forms, viewing attendee sheets, through correspondence with G&P or if the User makes a complaint.
  • From User’s online activities with third-parties where User has given G&P his/her consent (e.g. by consenting to G&P’s use of certain cookies or other location tracking technologies).


G&P may use User’s Personal Data for matters such as confirming his/her identity in order to enable G&P in the processing of an application for one of G&P’s services or to improve the User’s customer experience with G&P.

Data is used to manage and administer User’s account. Personal Data is also used to process transactions.

G&P may use User’s Personal Data to contact him/her by post, phone, text message, email or social media using the Website or other means but not in a way that is contrary to User’s instructions to G&P, legitimate interest or contrary to the Applicable Law. G&P may monitor and record its conversations when it speaks on the telephone (to verify the User’s instructions to it and for training and quality purposes) by advising the User accordingly. Personal Data may also be used to recover debts the User’s may owe and to manage and respond to a complaint the User may have.

G&P may also use Personal Data to manage its business for its legitimate interests, such as gathering location information from User’s mobile phone or another electronic device the User may use to interact with G&P. Another legitimate interest of G&P is to conduct marketing activities such as direct marketing and research, including customer surveys, analytics, and related activities.

Personal Data may be used to carry out strategic planning and business portfolio management. This could include compiling and processing User’s information for audit, statistical or research purposes (including, making the User’s Data anonymous) to help G&P understand trends in its customer behaviour and to understand its risks better, including providing management information, operational and data risk management.

G&P may use User’s Data to protect its business, reputation, resources and equipment, to manage network and information security (developing, testing and auditing the Websites and other G&P’s systems, dealing with accidental events or unlawful or malicious actions that compromise the availability, authenticity, integrity and confidentiality of stored or transmitted Data, and the security of the related services).

G&P protects User’s information with security measures under Applicable Law, and G&P meets international standards in doing so. G&P keeps its equipment, files, and buildings secure. Data could be used to prevent and detect fraud, dishonesty and other crimes (such as preventing someone from trying to steal User’s identity), including using CCTV at G&P office premises.

G&P may in the future wish to sell, transfer or merge part or all of its business or assets or to buy a new business or the assets, of another business or enter into a merger with another business. If so, G&P may disclose User’s Data under strict duties of confidentiality to a potential buyer, transferee, merger partner or seller and their advisers, so long as they agree to keep it confidential and to use it only to consider the possible transaction.

G&P needs to use User’s Data to manage and administer legal and compliance matters within G&P, including compliance with regulatory, legislative and voluntary codes of practice to which G&P has committed. G&P uses its data to comply with User’s information rights, to establish User’s identity and to comply with laws and regulations concerning the prevention of money laundering, fraud, and terrorist financing. As a result, G&P may need to disclose information to the government and other statutory bodies. User’s Data may be used to comply with binding court orders, search warrants, requests to assist the Police Authorities and MOKAS with the investigation or prevention of an offence and orders relating to requests for mutual legal assistance in criminal matters received from foreign law enforcement agencies.

In relation to properties which G&P offers for sale, legal documentation is uploaded onto the Website by Licensed Lawyers acting on behalf of Vendors. This documentation is uploaded for the sole purpose of allowing interested parties to carry out due diligence prior to placing a bid in relation to a property. The legal documentation will generally only be available to view for the marketing period relating to an auction, unless a property has been sold prior to, or is withdrawn prior to, the auction. If a property is unsold at auction, the legal documents will remain available 7 (Seven) Business Days after the auction.


G&P does not use automated processing in relation to the information it collects from the User’s as part of its business.

G&P uses analytics only for statistical purposes in order to be able to make more informed business decisions, including improving the quality of services it can offer.


G&P only shares the User’s information with a certain number of other parties and only as necessary in particular cases, some examples of which are the following:

  • User’s authorized representatives. This would include his/her Attorney-in-Fact and any other party authorized by the User to receive his/her Data.
  • Third Parties G&P needs to share User’s information with in order to facilitate payments (for example, stripe, SWIFT, credit card issuers and merchant banks) and those the User asks to share his/her information with.
  • In the event that the User is proposing to purchase a property from G&P which G&P is offering for sale, it may disclose User’s Data to the Vendor of that property in order for User’s offer to be assessed.
  • Companies that provide support services for the purposes of protecting G&P’s legitimate interests. User’s Data remains protected when G&P’s service providers use it. G&P only permits service providers to use User’s information in accordance with its instructions, they will have appropriate measures in place to protect your information. G&P’s service providers include marketing and market research companies, IT and telecommunication service providers, software development contractors, data processors, debit/credit card companies, computer maintenance contractors, printing companies, property contractors, document storage and destruction companies, business advisers, debt collection agencies, accountants, auditors and other consultants, including legal advisers.
  • Statutory and regulatory bodies (including central and local government) and law enforcement authorities. These bodies include the likes of The Data Protection Commissioner/Authorities, the Property Regulatory Authorities, the Police Authorities/Enforcement Agencies, the Revenue Commissioner, MOKAS and the US, EU and other designated authorities in connection with combating financial and other serious crime.


The Website may, from time to time, contain links to and from other websites and web platforms. In addition, Third Parties’ websites may also provide links to the Website. The User when following a link to any of those websites or web platforms, should note that those websites and web platforms have their own privacy policies and that G&P does not accept any responsibility or liability for those policies. The User is encouraged to check those policies before he/she submits any Data to those websites. G&P does not accept, and it disclaims, any responsibility for the privacy statements and information protection practices of any Third Party website (whether or not such website is linked on or to the Website). These links are provided to the Users for convenience purposes only, and he/she accesses them at his/her own risk. It is the User’s responsibility to check the Third Party website’s privacy statements before he/she submits any Data to their websites.

The Website may also have “plugins” (such as the Facebook “share” or “like” button) to Third Party sites or offer login (such as login with Facebook) through a Third Party account. Third Party plugins and login features, including their loading, operation, and use, are governed by the privacy policy and terms of the Third Party providing them.


The length of time G&P holds your Data depends on a number of factors, such as regulatory and statutory requirements. Other considerations are the type of data G&P holds about the User, whether the Data is required for a legal dispute and whether the User or a regulatory authority asks G&P to keep it for a valid reason.

As a general rule, G&P keeps User’s information for a period of 5 (Five) years. Nevertheless, G&P shall delete the Data of a User prior to the elapsing of the 5-year period in case this User will request so unless there is a legally valid reason not to delete the Data.


Sharing information with G&P is in both User’s interest and G&P’s. G&P needs User’s information in order to provide its services to the User, fulfil any contracts it has with the User, to manage its business for its legitimate interests and to comply with its legal obligations.

The User can choose not to share information with G&P but must understand that this may limit the services we are able to provide to you. G&P may not be able to provide the User with certain services that he/she requests. Thus, G&P may not be able to approve the User to bid on a property when registering for an auction.


G&P will use User’s Data and may share that Data where:

  • Its use is necessary for relation to a service or a contract that the User has entered into or because he/she has asked for something to be done so that he/she can enter into a contract with G&P or so that it can provide a service to the User.
  • Its use is in accordance with G&P legitimate interests. Where G&P processes User’s information for its legitimate interests, it ensures that there is a fair balance between its legitimate interest and User’s fundamental rights and freedoms. G&P may use User’s Data to manage its everyday business needs, including internal reporting, market research, to progress and respond to legal claims, to ensure appropriate IT security and to prevent fraud. G&P’s legitimate interest here is the effective management of G&P’s business. G&P may use User’s Data for marketing reasons, i.e. to update User in relation to property related matters. G&P’s legitimate interest here is to connect with User and to update User on properties and services it provides which may be of interest to the User. The User will always have an option to unsubscribe from marketing communications every time G&P contacts him/her.
  • Its use is necessary because of a legal obligation that applies to G&P.
  • The User has consented to the using of his/her data (including special categories of Data) in a specific way.
  • Where the User has made clearly sensitive categories of Data about User’s public.
  • Where the processing of special categories of Data is necessary for the establishment, exercise or defence of legal claims.


User’s information is stored on secure systems within the premises of G&P and with providers of secure information storage. G&P does not generally transfer information about Users outside the EU.

In certain circumstances, G&P may allow the transfer of information about a User outside the EU by its service providers, but only if they agree to act solely on its instructions and to protect User’s information to the same standard that applies in the EU. Where G&P authorises the processing/transfer of a User’s Data outside of the EU, it requires User’s Data to be protected to at least EU standards.


User has several rights in relation to how G&P uses User’s Data and it has significant obligations in this regard.

User has the right to:

  • Find out if G&P uses his/her information, to access his/her information and to receive copies of the information it has about him/her. When User contacts G&P to ask about his/her information, G&P may ask him/her to identify himself/herself. This is to help protect User’s Data. If User makes his/her request electronically, G&P will, where possible, provide the relevant information electronically unless User asks it otherwise.
  • Request that inaccurate information is corrected, and incomplete information updated.
  • Object to particular uses of his/her Data where the legal basis for G&P’s use of User’s Data is G&P’s legitimate business interests. However, doing so may have an impact on the services G&P can/is willing to provide.
  • Object to use of User’s Data for direct marketing purposes.
  • Have User Data deleted or its use restricted – User has a right to this under certain circumstances.
  • Obtain a transferable copy of certain Data which can be transferred to another provider, known as “the right to data portability”. This right applies where Data is being processed based on consent or for the performance of a contract and the processing is carried out by automated means. The right also permits the transfer of Data directly to another provider where technically feasible.
  • Withdraw consent at any time, where any processing is based on consent. If User withdraws his/her consent, it will not affect the lawfulness of processing based on his/her consent before its withdrawal.

G&P shall process User’s request without undue delay. In most instances, G&P will process User’s request within one calendar month. If G&P is unable to deal with User’s request fully within a Calendar Month (due to the complexity or number of requests), it may extend this period by a further two Calendar Month period. Should this be necessary, G&P will explain the reasons why.

The user has also the right to complain to G&P, the Data Protection Commissioner or another supervisory or regulatory authority. If User has a complaint about the use of his/her Data, he/she should let G&P know and G&P shall seek to resolve his/her issue as soon as possible. If User wishes to make a complaint to G&P, he/she may do so in person, by telephone, in writing or by email. The User must be assured that all complaints received by G&P will be fully investigated. G&P asks that User supplies as much information as possible to help it to resolve his/her complaint quickly.


G&P may process the Data of a User provided that that User has not objected to G&P using his/her Data in any way.


G&P will update this Data Protection Privacy Policy from time to time. Any changes will be made available on this Guide.


Should the User have any questions about how his/her Data is gathered, stored, shared or used, or if he/she wishes to exercise any of his/her Data rights, he/she can check G&P’s Privacy Policy or contact its Data Protection Officer at:

+357 22 024949
Postal Address:
27, Alamanas Street, PC 2547 Dhali, Nicosia


Should the User not be satisfied with how G&P is dealing with User’s complaint, he/she should contact the Cyprus Data Protection Commissioner at:

+357 22818456
Postal Address:
P.O. Box 23378, 1682 Nicosia