Who we are

Welcome to the web page of Oasis Residence! Our website address is: Your privacy is important to us.

The present Privacy Notice sets out our step-by-step way of processing personal data, along with the client’s rights regarding that personal data.

In this document, Oasis Residence (hereinafter called “The Company”), is the data controller of the client’s personal data. Any queries that may arise, regarding this Privacy Notice should be addressed to us in written form.

This Privacy Notice is in accordance with the EU General Data Protection Regulation 2016/679 (“GDPR”) and the governing Laws of the Republic of Cyprus.


Sources of Data

We collect your data in the following way:

  1. From information provided to us by you directly
  2. From information provided to us by your company or an intermediary
  3. From our registered written or digital communications with you
  4. From your agents, advisers, intermediaries and custodians of your assets
  5. From public organizations or other third parties
  6. From publicly accessible sources or background checks performed on you
  7. From business cards
  8. From Cookies on our website


Types of Data

  1. Name and contact details
  2. Financial information such as income, expenditure, assets and liabilities, sources of wealth, bank account details etc.
  3. Authentication data such as nationality, tax ID number, ID/Passport details, domicile etc.
  4. Reference letters
  5. CV
  6. Personal information such as family status or personal circumstances, where appropriate
  7. Information in respect of anti-money laundering legislation
  8. Information regarding your public exposure
  9. Any other information you may provide to us
  10. Information that will help us to offer you the best possible services


Lawful Basis for Processing Personal Data

  1. Client’s Consent
  2. Performance of a contract
  3. The vital interests of the data subject
  4. The legitimate interests of the Data controller such as network and information security, prevention of fraud etc.
  5. Public interest or exercise of official authority


Data Recipients

  1. Company’s Employees acquainted with the GDPR who have signed the Company’s Confidentiality and Non-Disclosure Statement
  2. Service Providers (banks, public authorities, legal, financial institutions) if necessary and appropriate to fulfill the purposes set out above
  3. Company’s affiliates, partners, agents, sub-contractors
  4. Courts or tribunals
  5. Third parties for event or marketing purposes
  6. Law enforcement agencies, where necessary and appropriate
  7. Regulators or other governmental or supervisory agents with legal right or legitimate interest in the data information
  8. Public registries
  9. International recipients solely for the purposes of executing the services specified in the agreement between the Client and the Company. International processings are strictly subject to the Client’s explicit consent and they only concern countries approved by the European Commission


Data Subjects Rights

  1. The right to be informed
  2. The right of access to their personal data
  3. The right of rectification of their personal data
  4. The right of erasure of their personal data, except for the case of a lawful reason for continued processing
  5. The right to restrict processing
  6. The right to data portability
  7. The right to object
  8. The right no to be subject to automate decision-making such as profiling


Data Storage

The Company stores all personal data that has been collected, in accordance with the Data Retention Policy. The Company creates a personal data protection file for each client and retains the file until the purposes for which the data was collected are fulfilled.. Upon fulfillment of the purposes, the personal data is guarded in discretion for a maximum period of six (6) years, in accordance with the governing Laws of the European Union and the Republic of Cyprus, and at the expiration of that time period, the file is destroyed.



According to the new legislation, Data Subjects must be able to withdraw their consent any any time with as much ease as giving it. The Data Subjects consent must be:

  1. Freely given
  2. Specific
  3. Informed
  4. Unambiguous
  5. Balanced



Oasis Residence might send you marketing newsletter or invitations, regarding our services and legal information that may interest you. Your personal data shall not be shared to any third parties for commercial and marketing reasons. If you object to receiving marketing notifications from us, please contact us by email at the following address:

[email protected]


Data Breach

In the highly unlikely event of a breach of security, leading to accidental or unlawful destruction or/and unauthorized disclosure of data information, the Data Controller of our Company will send a written notification to the Client concerned and to the the Data Commissioner of the Republic of Cyprus within seventy-two (72) hours from awareness of the breach.

Your security is vital to us and therefore our Company has created a specific mechanism of breach detection. The measures adopted by our Data Protection Officer are listed down below:

  1. Detection of the Breach
  2. Report
  3. Investigation
  4. Pseudonymisation
  5. Encryption of the Personal Data
  6. Regular testing and evaluation
  7. Procedures of timely restoration of availability and access in case of a technical accident


Data Protection Officer

Our Data Protection Officer (“DPO”) is the Company’s agent responsible to collect and process the personal data provided by our Clients.

You can contact our DPO at the following email address:

[email protected]

For any complaints you may also contact the Data Commissioner of the Republic of Cyprus at the website listed down below:


Changes to this Privacy Notice

The present Privacy Notice is subject to change, according to the Laws relating to privacy and personal data. Any updates will appear on our Company’s website.


This Privacy Notice was last updated on the 11th of February of 2019.