privacy policy

MC Compliance Services Limited

MC Compliance Services Limited (MC Cosma) respects your privacy and is committed to protecting your personal data, entrusted to us, compliant with the EU General Data Protection Regulation (GDPR) and National Law L.125/2018.


This Policy sets out current policies and commitment to data protection and privacy. The data that we collect and process is strictly necessary in the context of our relationship with potential clients, partners, users of our websites, applications, tablets and online resources in order to provide services and/ or information for specific and legitimate purposes.


It is important that you read this Privacy Policy. This policy demonstrates your rights in relation to your personal data.


This website is operated by MC Cosma solely.




You may contact MC Cosma team address questions and concerns, regarding the collection of your personal data.




This policy applies to any person to whom we provide services, or anyone who uses, or to anyone for whom we perform any other activities that form part of the operation of our business.




If you are our client, or a candidate client, we may collect or obtain your personal data, to perform our due diligence checks for providing our professional services to you. We may obtain your personal data from you, or from other people who give data of you, or because it is publicly available. We may also collect your personal data if you visit or use our website (


We may collect, use, store and transfer different kinds of personal data about you which we have grouped as follows:


  • Identity Data/ Contact Details (name, username or similar identifier, if you hold prominent public functions (PEPs), residence permit, title, date of birth and gender, postal address, email address and telephone numbers).
  • Professional details (job, career history, educational background, professional memberships)
  • Financial Data (bank account, income, assets, financial status, source of wealth, professional status, employment field, loans, taxes).
  • Technical Data includes (internet protocol (IP) address, your geographical location details using GPS technology, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website, IP address of sender and receiver).
  • Documentary data (details about you stored in documents in different formats or copies of them).
  • Investigations data/ results of due diligence and enhanced due diligence (due diligence checks, sanction and AML checks, information to identify and manage fraud, data regarding criminal conviction and offenses (special category data) as part of compliance measures with regulatory obligations)
  • Usage Data (information about how you use our website, products and services).
  • Marketing and Communications Data (your preferences in receiving marketing from us and our third parties and your communication preferences).

Sensitive / special categories Personal Data, we typically only collect personal data of our own employees. From time to time, we may process, obtain, or hold sensitive personal data of others, either on the instruction of a third party, or with the express consent of the individual, or if required by the law. For example, we may obtain or hold expense receipt submitted for individual tax or account advice that reveal affiliation with trade unions or political opinions, or personal identification documents that may reveal race, ethnicity, biometric data etc.

Child data MC Cosma normally does not collect personal data of any individual/ minor under the age of 14 unless it is to provide our services to a client.




We use different methods to collect data from and about you including through:


Direct interactions. You may give us your Identity, Contact and Financial Data etc, by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:

  • apply for our products or services;
  • subscribe to our service or publications;
  • request marketing to be sent to you;
  • give us some feedback;
  • correspond with us;
  • in some cases, you may have previously provided your personal data to us (e.g. the context of an existing or former Customer relationship)

Indirect Interactions. We may lawfully receive personal data about you from various third parties and public sources as set out below:

  • Technical Data from the following parties:
  • analytics providers such as Google based outside the EU;
  • advertising networks based inside OR outside the EU; and
  • search information providers based inside OR outside the EU.
  • Identity and Contact Data from publicly availably sources, such as from public registers (such as the Registrar of Companies), news and/ or articles, sanctions lists, etc.
  • Business clients, that may engage us to perform professional services which involves sharing personal data they control as part of that engagement. Our services may also include processing personal data under our clients’ control on our hosted software applications, which may be governed by different privacy terms, policies and notices.
  • Recruitment services. We may obtain personal data about candidates from other parties including former employers.




We will use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:


  • Where we need to perform the contract and agreements we are about to enter or have entered into with you.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. Legitimate interests may include
  • Where we need to comply with a legal or regulatory obligation.
  • Where we have your consent by asking for specific permission to process personal information for specific purposes. In the case of specific permission provided by you, you may withdraw your consent any time. The revocation of your consent will not affect the legality of the data processed prior to the revocation.

Generally, we do not rely on consent as a legal basis for processing your personal data other than in relation to sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by Contacting us.




We plan to use your personal data in the most transparent manner and by relying on legal bases, thus the data collected are strictly the data needed for lawful reasons. Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.


We intend to use your data typically for:

  • Providing our professional compliance and business advisory services, authorisation compliance advisory services, AML/CFT Health check audits, compliance and operations health check audits and advisory services, and corporate structures and governance services.
  • Promoting new products and services that might interest you and our existing professional services, products, and capabilities in general.
  • Personalising online landing pages and communications we think would be of interest based on interactions with us.
  • Managing our website and ensuring the security of our information systems for our website.
  • Looking for qualified candidates, and forwarding their information to our responsible team, which may be governed by different privacy terms and policies.
  • Complying with legal and regulatory obligations relating to money laundering and counter financial terrorism and other forms of financial crime.




We may sometimes have to share your personal data with the parties set out below for the purposes as indicated above.


  • External Third Parties being:
  • Service providers such as IT and system administration service providers, telecommunication systems, mailroom support, archiving services, document production services and cloud-based software services. This service providers are required to provide sufficient assurances in accordance with data protection law.  We will only share personal data necessary for them to provide their services.
  • Payment service providers and Payment Systems
  • Marketing service providers
  • Professional advisers who provide consultancy, banking, legal, insurance services.
  • Governmental and Regulatory Authorities (i.e MOKAS, CySec etc.) and/ or Law Enforcement




We do not transfer your personal data outside the European Economic Area (EEA).




There are external third parties, reputable third-party organisations, based outside the European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the EEA for business purposes.


Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring the minimum safeguarding of your personal data methods are implemented.  Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US.

Please Contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.


Given that the Internet is a global environment, using it to collect and process personal data and information involves the transmission of data on an international basis. By browsing our website and communicating electronically with us, you acknowledge and agree to our processing of personal data and information in this way.





When our website uses cookies, a statement will be sent to your browser explicitly explaining the use of cookies.



You have rights under data protection laws in relation to your personal data.


You have the right to:


Request access to your personal data. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.  We cannot provide you with any information which is linked to an ongoing criminal or fraud investigation, or information which is linked to settlement negotiations with you. We will also not provide you with any communication between the Company and its legal advisers.


Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.


Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.


Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.


Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.


Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.


Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

If you wish to exercise any of the rights set out above, please contact us.




We have appropriate security measures in place to prevent unauthorised access to and protect the loss, misuse and alteration/ disclosure of the information under our control. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.


We utilise a series of technology and security solutions to protect data. Nonetheless, security cannot be absolutely guaranteed against all threats despite our best efforts.


We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.




We will only retain your personal data for as long as necessary to fulfil the purposes of collecting them in the first place, including for the purposes of satisfying any legal, accounting, or reporting requirements.


In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.





The Company reserves the right to change this Policy from time to time with immediate effect and we will post an appropriate notification. In such a case, we make the most recent version of this Policy available on our website, informing you accordingly by displaying the update version and the relevant date of update.


It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.