Privacy Policy

This privacy policy set out information about the Company and our privacy practices and your rights.

At A.M.Y Realty Ltd and its subsidiaries the protection of your personal data is a top priority. Keeping your data secure and private is part of our philosophy for delivering high standards of services.

The purpose of this privacy policy is to provide a clear explanation of when, why and how we collect and use personal data. We have designed it to be as user friendly as possible and have separate it in sections to make it easy for you to find the information that is most relevant to you.

Reference to ” the Company”, “we” or “us” in this privacy policy shall mean A.M.Y Realty Ltd. We may amend this privacy policy at any given time and for any reason. The updated version will be available by following the “privacy” link on our website footer at [insert website link]. You should check the privacy policy regularly for changes and familiarise yourself with such changes.

By submitting data to us and/or using our services, and/or website, you accept and agree that all personal data that you submit may be processed by us in the manner and for the purposes described in this privacy policy, and you agree to the terms and conditions of this privacy policy.


Amy REALTY Ltd. is a company registered in the Republic of Cyprus with Registration number HE433754 with its registered office located at Athinon 82, Akinita Ieras Mitropoleos, 2nd floor, Flat/Office 211, 3040 Limassol, Cyprus.


The Company is bound by the European Union (“EU”) General Data Protection Regulation 2016/679 (“GDPR”) and local data protection laws. In this privacy policy, the terms personal data, controller, processor, data subject, consent, recipient, third party, processing and profiling have meanings given to them in the GDPR. Further to the latter regulations The Company also bound by the personal data regulations under Cyprus Law or any other regulations that might apply in which area we conduct business in.


The Data Controller under this Privacy Policy for processing of person data is: A.M.Y REALTY LTD and affiliated Companies
Telephone: +357 99 966 706



We have designated a Data Protection Officer (herein after referred to as the “DPO”, a responsible person for GDPR, who is responsible to monitor compliance with this privacy policy as well as the applicable Laws and liaise with the Cyprus Supervisory Authority, namely the Office of the Commissioner for Personal Data Protection.

The DPO/ Responsible Person for GDPR may be contacted directly with regards to all matters concerning this policy and the processing of your personal data including the enforcement of all applicable and available rights.

If you have any questions about this privacy policy or about our personal data processing practices, or if you wish to exercise any of your rights as a data subject, you may contact our Data Protection Officer on the following details:

If you have a complaint about our persona data processing practices, you should first contact our Data Protection Officer. If you are not satisfied with our responses, you have the right to lodge your complaint with the following supervisory authorities:
Data Protection Commission

Iasonos 1, 1082 Nicosia, Cyprus
Telephone: +357 22818456

If you are located outside of the EU, you may contact your local data protection authority or any assistance.


The Company only process personal data that you provide us with in course of our services being rendered to you as a Property Development Organization. We also process personal data that we receive from affiliated Companies, third parties and agencies. Further to the above we may also collect and process personal data from databases and/or sources that are publicly accessible that will include but is not limited to the Land Registry, the Registrar of Companies, Ariadne, the Official Receiver, the VAT Department and social media platforms, the press and media.

We collect and use several types of information of individuals we co-operate with, our client’s and/or prospective clients, including information by which you may be personally identified and that is defined as personal data under applicable law such as your first and last name, identification number or passport number, bate of birth, city and country of birth address (which may include any utility bill), contact details (telephone, email), identification data (such as copies and/or photographs of your passport, driver’s license or ID), marriage certificate, information relating to your child(ren) (which may include copies of passports and/or birth certificates), authentication data (e.g. signature), bank account details, income and source of income and/or

proof of funds, shareholding statements and certificates and/or audited financials, criminal record, CV and/or any reference letter from third parties.

Please note that the person data we will collect will vary from the services we may provide you with.


In order to proceed with a business relationship our clients must provide their personal data to us which are necessary for the required commencement, execution and continuation of a business relationship. This is a requirement under the relevant Anti-Money Laundering Law and the regulations of our Regulator (ICPAC- Institute of Certified Public Accountants Cyprus).

Failure to provide us with personal data prevents us from commencing or continuing a business relationship with the clients.

In accordance with GDPR we may rely on the following lawful reasons when we collect and process personal data to operate our business and provide our services:

(a) compliance with legal obligation: We may process personal data in order to meet legal and regulatory obligations such as Anti-Money Laundering Law, Tax Law and the regulations of various supervisory authorities (e.g. the Institute of Certified Public Accountants Cyprus, IFAC and ACCA) that we are subject to for anti-money laundering purposes and due diligence purposes.

(b) contract: We may process personal data for the purposes of providing our services in accordance with our terms and conditions and/ or any other contract that you have with us.

(c) consent: We may rely on your freely given consent at the time you provided your personal data to us for a purpose of the process other than for the purposes set out hereinabove, then the lawfulness of such processing is based on that consent. You have the right to withdraw consent at any time. However, any processing of personal data will not be affected prior to the receipt of the withdrawal.


To enable the Company to provide you with the necessary services that will be detailed in an Agreement and/or Services Contract, the Company will have to process personal data provided to enable us to fulfill our obligation. Our purpose of processing is adjusted according to the nature of the services provided, such as a purchase of a property, assignment of a property, research in relation to a property.

We need to process your data to:

  1. (a)  Customer management: to manage your rental or sale contracts, to provide you with customer support and with notices about your property, including notices about changes to services we offer or provide through it.

  2. (b)  Administering, maintaining and ensuring the security of our information systems, applications and websites.

  3. (c)  Functionality and security: to detect, prevent, and respond to actual or potential fraud and illegal activities.

  4. (d)  Compliance: to enforce our terms and conditions and to comply with our legal obligations as these derive from the applicable laws or our regulators.

  5. (e)  In any other way we may describe when you provide the information; or for any other purpose with your consent provided separately from this privacy policy.


The Company will share your dated within our organization in the course of normal business operations with relevant employees, responsible for the performance of our contractual obligation with you. We may also share your personal data with companies that is part of the A.M.Y Group Ltd.

Under Article 28 of the GDPR the Company have the right to designate a processor. In such circumstances it is likely that the processor will receive your personal data to process. The processor will be processing your data on the same legitimate reason and within the regulations of this privacy policy.

We may also transfer your personal data to various governmental authorities that will include but is not limited to (District Office, Tax Office, VAT Department, Land Registry, Registrar of Companies, Department of Civil Registry and Immigration, Electricity Authority of Cyprus and the Water Board, CYTA, the bank, our duly appointed legal representative.

We will need you express consent to share your details with other individuals, companies and/or organizations.


The Company may process your personal data on the basis that it would be a legitimate interest. This will include processing in the following circumstances:

  1. (a)  Public and/or market research and you did not object to the processing of same.

  2. (b)  Anylegalproceedings.

  3. (c)  In providing information in criminal offences and or the prevention of crime.

  4. (d)  In the instance of the Company improving their services.

  5. (e)  Complyingwithanti-money laundering.

The Company will only rely on our legitimate interest for the processing of your personal data where:

  1. (a)  the processing of your personal data is necessary for the purpose of the legitimate interest.

  2. (b)  the legitimate interest is not overridden by the data subject’s interests or fundamental rights

    and freedoms.


We will keep our clients’ personal data for as long as we have a legal interest and business relationship and interest and as long as necessary for the purpose it was collected.

Reasons for data retention includes:

  1. (a)  Litigation in legal proceedings.

  2. (b)  Security Identity investigations.

  3. (c)  Regulatory requirements

Retention period:

  1. (a)  Contracts–afterexecutionfive(5)years.

  2. (b)  Electronicmails–five(5)years.

  3. (c)  Accounting and financial – twelve (12) years.

  4. (d)  Insurancerecordsandinformation-seven(7)years.

  5. (e)  TaxandVATrecords–seven(7)years.

  6. (f)  Prospective client details – thirteen (13) months.

The personal data processed for the purposes of sending newsletters shall be kept with us until you notify us that you no longer wish your personal data to be used for this purpose.


The Company may transfer your personal data to other countries, service providers and third parties. Our information system is hosted on a centrally located server. In the instance that we would need to transfer details in relation to provide you with our services, we may transfer your personal data. The regulations set out in the GDDP is followed in these instances and when we transfer personal data to non- EU countries then we follow localised regulations as to the protection of personal data. The following safeguards are adopted when we transfer personal data:

  1. (a)  The transfer will be complaint with your home countries data protection laws.

  2. (b)  When the data is transferred to any third party, they will be requested to: (i) to be used only for the purpose it was disclosed (ii) to make use of all technical and organisational measures to secure the data (iii) delete the data when it is no longer required (iv) always

to threat the personal data in accordance with this privacy policy and local privacy data laws and the GDPR.


The Company does not engage in any automated decision-making or profiling.


Our website uses cookies. You may mange your cookies in the footer of our website at any time. Cookies are tiny data files which are downloaded onto your device by the website which you are visiting to improve your experience, which is common practice with most professional websites. The next time you visit the same website, cookies ensure that your device is recognized. By using cookies and/or similar technologies, websites save information about the visits and its visitor. This information may include your internet protocol (IP) address, browser type, the device you may have used, Internet Services Provider (ISP), your clicking behavior, date and time stamp, referring/exit pages, such as specific web pages you might have visit. We use cookies to collect data on how visitors use our website. These cookies are completely anonymous and do not contain any personal data and we will seek your consent before we would store any cookies on your computer. The purpose of the information is for analysing trends, administering the site, tracking users’ movement on the website, and gathering demographic information. You will also have the right you refuse cookies, however this may affect the functionality you can access.


If you are located within an EU member state, you have certain rights in relation to your personal data as follows:

  • Access: You have the right to obtain access to and a copy of any personal data we hold about you. You also have the right to find out whether your personal data has been transferred outside the EU and any safeguards relating to this transfer.

  • Rectification: You have the right if you think the personal data, we hold of you are incorrect or incomplete to ask us to correct or complete that personal data.

  • Erasure: You have the right in certain circumstances to request erasure of your personal data.

  • Restriction of processing; You have the right in certain circumstances to request us not to

    process your person data for certain purposes.

  • Objection to processing: You have the right in certain circumstances to object in processing

    of your person data for certain purposes.

  • Data portability: You have the right in certain circumstances to request a copy of your

    personal data in a structured, commonly used and machine-readable format and manner. us

    not to process your person data for certain purposes.

  • Withdrawing consent: In the event of us processing your personal data due to you consent,

    you may at any stage withdraw your consent.

    If you are located outside of an EU member state, you would still have rights in relation to your personal data under your local data protection laws. To carry out your right please contact our Data Protection Officer as mentioned in Section 3 hereinabove.


To exercise any of the above rights, or for any questions or complaints about our use of your personal data, please contact our Data Protection Officer/ Responsible Person for GDPR, either by post at Athinon 82, Akinita Ieras Mitropoleos, 2nd floor, Flat/Office 211, 3040 Limassol, Cyprus, or electronically at

Complaints may also be lodged to the supervisory authority in Cyprus (Office of the Commissioner for Personal Data Protection, by post at 1 Iasonos Str. 1082, Nicosia, Cyprus. More information can be found at