Data Protection and Privacy Statement

Client personal information

GDPR stands for General Data Protection Regulation.

This regulatory notice is only intended to provide information.


Describe GDPR.

On May 25, 2018, a new law went into effect with the objective of giving people more control over their personal data. Any information that can directly or indirectly identify a person is considered to be personal data. 1stopentity Advisory Ltd has two options when it comes to handling the personal information of its clients: either as a Data Controller, in which case it decides how and why personal information is used and stored, or as a Data Processor, in which case it keeps track of data processing operations on behalf of another Controller.




The GDPR stipulates that businesses must explain to every client how their personal data is treated. The act of processing involves gathering, documenting, storing, and performing any actions involving the use of personal data. The rights to privacy are also described in this notice.


In relation to provided personal data, 1stopentity Advisory Ltd shall serve as the Data Controller. Name, address, email, phone number, mobile number, temporary residential address, employment address, name of employer, marital status, occupation, country of taxation, source of wealth, size of wealth, ownerships, and directorships are all considered personal data, along with all necessary supporting documentation.


Personal information must be processed for the following reasons:

For providing the services that have been requested of us in accordance with the terms of our engagement letters; For reporting to the client on the services that have been performed; For confirming the client’s identity and doing regulatory checks;

For complying with various laws and regulations that apply to 1stopentity Advisory Ltd such as:


(i)              The Law Regulating Companies Providing Administrative Services and Related Matters of 2012 (i.e. Law 196 (I) 2012) as in force 

(ii)            The Cyprus and Securities Exchanging Commission Directive for the Prevention of Money Laundering and Terrorist Financing (DI144-2007-08 of 2012);

(iii)           (ii) The Prevention and Supervision of Money Laundering and Terrorist Financing Laws of 2007-2018 


All collected personal data is processed in Cyprus by Onestopentity employees. This data is kept on servers housed in the European Union for hosting and maintenance purposes. Clients’ personal information is not accessible to third parties, and Onestopentity never provides client information to third parties unless:

This is necessary to supply a client with the services they have requested from Onestopentity via agents, banks, etc. (Onestopentity depends on those to provide the services outlined in the engagement letters the two parties have agreed upon);

The client gives permission to share personal data by providing a specific consent letter delivered in writing to Onestopentity. The law requires such disclosure, i.e. to regulatory authorities.

The Cyprus Laws and Regulations require Onestopentity to maintain and update a client’s personal information for as long as Onestopentity is providing services to that client. The personal information of the client must be kept for at least five years after the business relationship has ended. The client’s personal information will be deleted after the legally allowed amount of time has passed.


Data Protection Officer

If you have any concerns or queries about how your personal data is processed, or if you want to exercise any of your rights, please contact Data Protection Officer Vikentios Vikentiou at


Official Channel Partner

Designed & Powered By dnaincorporated

One Stop Entity Copyright © 2023 All rights reserved.