Privacy Policy - CRI Group

Privacy Policy

General Information

Corporate Recovery & Insolvency (“CRI”) Group Ltd collects and processes your personal data and information according to this privacy statement and in compliance with the General Data Protection Regulation (“GDPR”) (EU) 2016/679. This statement provides the information required in relation to our obligations on how, why and when we process your personal data and information and what the data subject’s individual rights are.

Our work revolves around procedures in relation to companies in voluntary or compulsory liquidation, companies in receivership or under special administration or examinership, individuals in bankruptcy and/or whose estate is under an appointed trustee and any other relevant insolvency proceedings. Our legal obligation to process personal information and data arises from the work we are required to carry out under insolvency and other related legislation.


Who we are

CRI Group Ltd is a company providing services for individual and corporate restructuring and recovery, incorporated on 11 August 2008.


Information and data collected

The personal information and data we collect are provided to us by the company and/or the individual over which we are appointed to act as Insolvency Practitioners and/or extracted from the company’s and/or individual’s records, which includes but is not limited to payroll and personnel files, debtors’ and creditors’ personal information and data, service providers, such as legal counsels, bank employees and state employees’ personal information and data. Information and data may also be collected either deliberately or incidentally during our investigations into the company’s or individual’s financial affairs and conduct of the directors of the company or the individuals themselves.

The personal information and data collected is processed to meet our legal, statutory and contractual obligations and to provide you with our services. We don’t collect any personal information and data, which are not necessary, and we process such information and data as stated in this statement. The sources of data may include clients, intermediaries, data subjects or third parties connected to the data subjects.

The type of information and data we may collect and process include: 

1. Contact details (names, postal and email addresses, telephone numbers, identity numbers, passport numbers, photographs);
2. Information and data we may need to comply with our legal and regulatory requirements, specifically in relation to anti-money laundering legislation, which includes information and data on source of funds, wealth and assets;
3. Information and data provided during the provision of our services, which may include background, personal and professional relationships, financial statements, assets held, transactions conducted, disputes and court proceedings initiated;
4. Banking and financial information;
5. Any other information you may provide to us or we may collect during the course of our business.

In most cases, the personal information and data we may process in conducting our business as Insolvency Practitioners will be basic details that may identify an individual and will typically be sufficient for the purposes needed. For example, this will include information and data that will


Use of personal information and data

We may process and use personal information and data to the extent that it enables us to carry out our work as Insolvency Practitioners. This includes processing information and data that was held by companies and/or individuals before our appointments together with data obtained during our appointment and handling of each case.

Insolvency Practitioners and any other employees or associates working along with them are data controllers of personal information and data as defined by the GDPR and any other related legislation. CRI Group Ltd will act as data processor in relation to the personal information and data according to the insolvency proceedings as mentioned above.

Any personal information and data will be held secured and be processed only for matters relating to the insolvency procedure being dealt with.


Sharing and disclosing personal information and data

We will not share or disclose any of your personal information and data to third parties without your consent, unless this is necessary under a legal or regulatory duty or if it is necessary to allow us to undertake and carry out our work as Insolvency Practitioners.

Below there is a list of potential recipients of personal information and data (in each case including employees, directors and officers):

1. Any public register in the government;
2. Service providers (legal, governance);
3. Legal counsels to initiate legal proceedings;
4. Courts or tribunals;
5. Financial institutions (banks or financial institutions providing services);
6. Regulators or other governmental or supervisory authorities with a legal right or legitimate interest to the information and data;
7. Sub-contractors, agents or service providers.
8. Police or other law enforcement agency to assist with the prevention and detection of crime.

If we engage in any activities and/or cooperation with third parties during which personal information and data may be used and processed by that third party, we will seek to enter into an agreement with them to set out the obligation each party has to comply with and will seek to be reasonably ensured that any such third party complies with the GDPR.

If such third party is placed outside the European Union and we have to share and/or transfer personal information and data, we will make sure that such third parties are in compliance with the GDPR as well.


How long we keep personal information and data

Personal information and data will be retained for as long as necessary to fulfill and carry out our work for which it was collected as referred above and in accordance with the legislation and regulatory framework that applies in each situation.

Our policy as a company is to retain such personal information and data for up to 6 years, after which it will be destroyed.


The data subject’s rights

You have the right to see and/or receive your personal information and data and be informed on how these are being processed by us. You may also request to know for what purpose your personal information and data is processed and for how long it is being held.

You have the right to request that incorrect and incomplete data is corrected and if for certain information and data your consent is necessary, you may give and withdraw it at any time.



If you have any complaints as to how we handle your personal information and data, you have the right to file a complaint with the supervisory authority, which is the Data Protection Commissioner.


Contact Details of Data Protection Officer

We have appointed a Data Protection Officer (“DPO”) to whom you can address all enquiries in relation to this privacy statement and request to exercise any of your rights as set out above. The DPO is Mr. Marios Kofteros and you can contact him via telephone on 00357-22455545 or via email on or by post at 20 Nikis Avenue, Office 400, 1086 Nicosia Cyprus.