This policy explains how Kleanthis Sokratous, trading as Sokratous Advisory, collects and uses your personal data when you visit this website or contact us. We are committed to protecting your privacy in accordance with the EU General Data Protection Regulation (GDPR) and Cyprus data protection law.
1. Who We Are
Data Controller: Kleanthis Sokratous, trading as Sokratous Advisory
Address: Paphos, Cyprus
Email: k@sokratous.com
As a Cyprus-based advisory service operating within the European Union, all personal data we process is subject to GDPR (Regulation 2016/679) and the Cyprus Processing of Personal Data (Protection of Individuals) Law of 2018.
2. What Data We Collect
We collect personal data in the following ways:
- Enquiry and contact forms: name, email address, phone number, and any details you share about your situation
- Calendly booking: name, email address, time zone, and any pre-call notes you provide when booking a strategy call
- WhatsApp: your phone number and message content when you contact us via WhatsApp
- Website usage data: IP address, browser type, pages visited, and time spent on pages (via essential cookies only — see our Cookie Policy)
- Email correspondence: any information you share by emailing us directly
We do not collect sensitive personal data (such as health information, financial account details, or passport numbers) through this website. If such information is required for a formal application, it will be handled under a separate client engagement agreement.
3. Why We Process Your Data and Our Legal Basis
- To respond to your enquiries — Legal basis: legitimate interests (Article 6(1)(f) GDPR). We have a legitimate interest in responding to prospective clients who contact us.
- To schedule and manage strategy calls — Legal basis: legitimate interests / performance of a pre-contractual arrangement.
- To provide advisory services — Legal basis: performance of a contract (Article 6(1)(b) GDPR), once you engage us.
- To comply with legal obligations — Legal basis: compliance with a legal obligation (Article 6(1)(c) GDPR), including Cyprus anti-money laundering requirements.
- Website analytics and performance — Legal basis: legitimate interests, limited to essential/functional cookies only.
We do not use your personal data for automated decision-making or profiling.
4. How Long We Keep Your Data
- Enquiries that do not lead to engagement: 12 months from last contact
- Booking records (Calendly): 12 months
- Client engagement records: 7 years from end of engagement (Cyprus tax and professional obligation requirements)
- Email correspondence: 2 years from last contact, unless you become a client
5. Who We Share Your Data With
We do not sell your personal data. We share data only with the following third parties who act as data processors on our behalf:
- Calendly, LLC (USA) — our booking system. Calendly participates in the EU-US Data Privacy Framework. Calendly Privacy Policy
- Meta Platforms (WhatsApp) — when you contact us via WhatsApp. WhatsApp Privacy Policy
- Google LLC (Google Fonts) — fonts loaded from Google's CDN. Google may receive your IP address. Google Privacy Policy
- Zoom Video Communications — for video strategy calls. Zoom Privacy Policy
- Licensed Cyprus law firm — formal residency and company applications are filed by our licensed legal partner. Data shared under a client data processing agreement.
All transfers outside the EEA are made under appropriate safeguards (Standard Contractual Clauses or adequacy decisions).
6. Your Rights Under GDPR
You have the following rights regarding your personal data:
- Right of access — request a copy of the personal data we hold about you
- Right to rectification — ask us to correct inaccurate or incomplete data
- Right to erasure — ask us to delete your data where there is no overriding legal reason to retain it
- Right to restriction — ask us to pause processing of your data in certain circumstances
- Right to data portability — receive your data in a structured, machine-readable format
- Right to object — object to processing based on legitimate interests
- Right to withdraw consent — where processing is based on consent, you may withdraw it at any time
To exercise any of these rights, email us at k@sokratous.com. We will respond within 30 days.
7. Cookies
This website uses essential cookies only. We do not use advertising or tracking cookies without your consent. For full details, see our Cookie Policy.
8. Complaints
If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Cyprus Commissioner for Personal Data Protection:
Commissioner for Personal Data Protection
Iasonos 1, 1082 Nicosia, Cyprus
Website: www.dataprotection.gov.cy
Email: commissioner@dataprotection.gov.cy
9. Changes to This Policy
We may update this Privacy Policy from time to time. The date at the top of this page reflects the most recent revision. Continued use of this website after any changes constitutes acceptance of the updated policy.
10. Contact
For any privacy-related questions: k@sokratous.com