Privacy Notice

FAIRFAX PAYROLL LTD – PRIVACY NOTICE

INTRODUCTION

This Privacy Notice explains how FAIRFAX PAYROLL LTD(“Fairfax”, “we”, “our”, “us”) collects, uses, stores and protects personal data in accordance with Regulation (EU) 2016/679 (“GDPR”) and applicable Cyprus and Malta data protection laws.

Your privacy is important to us, and we are committed to protecting and safeguarding your data privacy rights.

This Privacy Notice applies to:

  • Website users
  • Clients and prospective clients
  • Client employees and payroll beneficiaries (“Payrollees”)
  • Suppliers and service providers
  • Referees and emergency contacts

FAIRFAX PAYROLL LTDHE329977 is the data controller for the purposes of this Privacy Notice.

Depending on the services provided, Fairfax may act either as an independent data controller or as a data processor on behalf of its clients. Where Fairfax acts as a data processor, it processes personal data only on the documented instructions of the relevant client and in accordance with applicable data protection laws.

Contact Details

ERA House,
11 Archimedous Street,
Limassol 3031,
Cyprus
Email: dpo@fairfaxpayroll.com
Telephone: +357 25 558025

What kind of personal data do we collect?

Depending on our relationship with you, we may collect and process the following categories of personal data:

  • Identification details (name, date of birth, ID/passport details)
  • Identification documents (where required for identification, compliance or employment-related purposes)
  • Details about your current remuneration, pensions and benefits arrangements.
  • Contact details (address, telephone number, email address)
  • Employment and payroll information
  • Tax and social insurance information
  • Bank account and payment information
  • Immigration or work permit information
  • Recruitment and CV information relating to job applicants
  • Emergency contact details
  • Website usage, IP address and technical information
  • Communications with us
  • Any other information voluntarily provided to us

A number of elements of the personal data we collect from you are required to enable us to fulfil our contractual duties to you or to others. Where appropriate, some, for example Payrollees’ Social Insurance number are required by law. Other items may simply be needed to ensure that our relationship can run smoothly.

Depending on the type of personal data in question and the grounds on which we may be processing it, should you decline to provide us with such data, we may not be able to fulfil our contractual requirements or, in extreme cases, may not be able to continue with our relationship.

What is our Legal Basis for Processing your data?

Under the GDPR and applicable law we are required to let you know under which legal basis your data is processed.

We process personal data only where we have a lawful basis under Article 6 GDPR, including:

Purpose Legal Basis
Payroll and accounting services Contract and legal obligation
Tax and social insurance compliance Legal obligation
Recruitment and HR administration for employment purposes Legitimate interests, legal obligations and steps prior to entering employment
Website security Legitimate interests
Website analytics cookies Consent
Marketing communications Consent or legitimate interests where permitted
Legal claims and dispute management Legitimate interests and legal claims

 

In limited circumstances, and where permitted under applicable law, we may process special category data and criminal offence data in connection with payroll, employment, tax, social insurance, immigration, sick leave, maternity or other employment-related obligations, including health information, trade union membership or criminal record information where necessary for compliance with legal or regulatory requirements.

Why We Process Your Personal Data

We process personal data for the following purposes:

  • Payroll and accounting services
  • Human resources and employment administration
  • Compliance with tax, social insurance and legal obligations
  • Client onboarding and due diligence
  • Communication and customer support
  • Business administration and record keeping
  • Recruitment activities
  • Website administration, analytics and security
  • Fraud prevention and IT security
  • Direct marketing where permitted by law
  • Establishment, exercise or defence of legal claims

We do not carry out automated decision-making producing legal or similarly significant effects.

For Payrollees: When you provide us with your personal details we may communicate with you to understand your requirements and provide our services effectively. We also inform you what you can expect from us and how your data will be used.

For Clients: We want to ensure that we provide you with the best possible service and so we retain business contact information necessary for the provision of our services and management of the client relationship.

For Suppliers: In order to ensure prompt payment for services you have provided, we need to hold certain information on you and your business so that payments can be made.

For Website visitors/ users: To improve your experience of using our website. If you are also a Payrollee or Client of FAIRFAX YEAMAN LTD, we may use data from your use of our websites to enhance other aspects of our communications with, or service to, you.

How do we collect your personal data?

We may collect personal data:

  • Directly from you
  • From employers, clients or service providers
  • From publicly available sources
  • From regulatory or governmental authorities
  • Through our website, cookies and IT systems
  • Through communications with you

Where we receive personal data indirectly, we will provide relevant privacy information where required under Article 14 GDPR.

Who do we share your personal data with?

Recipients of your personal data may include subcontractors, agents and third-party service providers, including business partners and organisations who provide professional services to us.

We may share personal data with:

  • Group companies
  • Banks and payment providers
  • Insurers/ brokers
  • Tax and regulatory authorities
  • Auditors, accountants and legal advisers
  • IT, cloud hosting and software providers
  • Secure Document and Records Management Services
  • Government agencies and law enforcement authorities where required by law
  • Service providers assisting us with payroll, accounting or business operations

We choose our associates and external service providers very carefully, after carrying out all necessary checks and obtaining sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the GDPR and applicable law.

Where third parties process personal data on our behalf, we ensure appropriate written data processing agreements are in place in accordance with Article 28 GDPR.

All recipients are required to maintain confidentiality and appropriate security measures.

How do we safeguard your personal data?

We are committed to protecting your personal data.

Such measures include access controls, encryption, secure backups, staff confidentiality obligations and IT security protections.

We use third parties who provide Secure Document and Records Management services to us for the storage of physical records and files which may contain personal information.

We also use third parties who provide Information Technology services to us which are relevant to the electronic storage of and access of your data, including recovery and business continuity services, to the extent this is necessary for the purpose of allowing us to provide our services to you without disruption and generally to ensure that our legitimate interests are duly protected.

While we recognise that the storage and transmission of information, especially over the internet, cannot be guaranteed to be secure from intrusion by third parties, for the storage and security of your personal data the Company takes all the necessary physical, technical and organisational measures to protect personal data from unauthorised access, use, disclosure, alteration or destruction and to ensure that the processing is carried out in accordance with the law and the GDPR (access control, antivirus, firewalls, encryption, etc).

Information stored on our service providers’ secure premises and/ or servers is only accessed and used subject to strict security policies and standards agreed with them, to ensure the confidentiality of personal data.

How long do we keep your personal data for?

We retain personal data only for as long as necessary for the purposes for which it was collected, including for the provision of payroll, accounting and related services and to comply with applicable legal, regulatory, tax, social insurance, anti-money laundering, employment and record-keeping obligations under the laws of Cyprus and the European Union.

Indicative retention periods include:

  • Payroll, accounting, tax and Social Insurance records: retained for up to seven (7) years after the end of the relevant tax year, employment relationship or provision of services, unless a longer retention period is required by applicable law or regulatory requirements
  • Employee and Payrollee records: retained for the duration of the employment or service relationship and for a reasonable period thereafter in accordance with employment, tax and Social Insurance obligations
  • Recruitment applications and CVs: retained for up to twelve (12) months following completion of the recruitment process, unless a longer retention period is agreed with the applicant
  • Marketing communications: retained until you unsubscribe, withdraw consent or object to processing
  • Website analytics and cookie-related information: retained in accordance with our Cookie Policy and applicable cookie consent settings
  • Business correspondence and support records: retained for as long as reasonably necessary to manage our relationship, comply with legal obligations and resolve disputes.

In certain circumstances, we may retain personal data for longer periods where required or permitted by law, including where necessary for compliance with legal or regulatory obligations, audits, investigations, fraud prevention, or the establishment, exercise or defence of legal claims.

If we have not had meaningful contact with:

  • Payrollees or clients for forty-eight (48) months; or
  • Suppliers for eighty-four (84) months,

we may securely delete, archive or anonymise the relevant personal data, subject always to any applicable legal or regulatory retention requirements and any need to retain data for the establishment, exercise or defence of legal claims.

“Meaningful contact” may include ongoing communications, provision or receipt of services, active engagement with our services or any other ongoing business relationship.

Where retention is no longer necessary, personal data will be securely deleted, destroyed or anonymised in accordance with our internal policies and applicable law.

International Transfers

If your personal data will be transferred to entities or other third parties whose headquarters or place of business is not located in the European Union (EU) or the European Economic Area (EEA), we ensure before forwarding the data, that outside of legally permitted exceptional cases pertaining to the recipient (reasons of public interest or recipient’s consent), an appropriate level of data protection exists (e.g. through an adequacy decision of the European Commission or through the use of Standard Contractual Clauses approved by the European Commission for these purposes, after due assessment of the law and the practice of the third country).

You may request further information regarding such safeguards by contacting us.

Your rights

Even if we already hold your personal data, you still have various rights in relation to it.

In accordance with the GDPR and applicable data protection laws, you may have the following rights in relation to the personal data that we hold about you:

  • Right of Access: the right to require further details from us on how we use your personal data and a copy of any personal information in our possession,
  • Rectification: the right to require us to update or correct any personal data in our possession,
  • Erasure: the right to require us to delete any personal data in our possession, subject to any legitimate interest or legal obligations we may have,
  • Restriction: the right to require us to restrict the processing of your personal data and limit the way we use it in certain circumstances and for a particular reason (such as contesting the accuracy of the information, the lawfulness of the processing, etc),
  • Right to Object: the right to object to any processing on grounds relating to your particular situation, unless we have legitimate grounds which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims,
  • Withdrawal of Consent: where processing is based on consent, you have the right to withdraw your consent so that we stop carrying out such processing.
  • Right of data portability: you have the right to transfer your data from us to another data controller. Where technically feasible, we may transmit the data directly to another controller at your request.
  • Object to direct marketing: If your interests or requirements change, you can unsubscribe from our marketing content (for example Fairfax Payroll Ltd newsletters).

You also have the right not to be subject to decisions based solely on automated processing where applicable.

For any questions regarding this Privacy Notice or the processing of your personal data, please contact our privacy team at: dpo@fairfaxpayroll.com

If you wish to complain about the way we may have handled your personal information, you may contact us at the above email address. We will examine your complaint and contact you to try and resolve the matter.

If you still feel that your personal information has not been handled appropriately according to the law, you can submit your complaint with the Office of the Commissioner for Personal Data Protection in Cyprus. (www.dataprotection.gov.cy).

Cookies

A “cookie” is a small text file that is stored on your computer’s hard drive. They are used by nearly all websites and do not harm your system.

Our website uses cookies and similar technologies to improve website functionality, analytics, security and user experience.

Strictly necessary cookies are used automatically. Non-essential cookies are used only where you provide consent.

You may manage cookie preferences through your browser settings or our cookie consent tool.

If you don’t want to receive cookies that are not strictly necessary to perform basic features of our site, you may choose to opt-out by changing your browser settings. Most web browsers will accept cookies but if you would rather, we didn’t collect data in this way you can choose to accept all or some, or reject cookies in your browser’s privacy settings. However, rejecting all cookies means that you may not be able to take full advantage of all our website’s features. Each browser is different, so check the “Help” menu of your browser to learn how to change your cookie preferences.

Further information is available in our separate Cookies Policy.

Changes to this privacy notice

We may update this Privacy Notice from time to time.

The latest version will always be available on our website and material changes will be communicated where required by law.

Last Updated: May 2026