Privacy Notice

The Cyprus Banks Borrowers Protection Association was founded in 2011 with the aim to defend, protect and facilitate the due enforcement of the legal rights and interests of bank borrowers in Cyprus especially as regards, illegal, arbitrary and unfair contract terms, charges and other unlawful conduct from the Cypriot Banks.

We are committed to safeguarding the privacy of information provided to us and information about visitors to our website. Cyprus Banks Borrowers Protection Association is the data controller of any personal information provided to us when you contact us and use our website. 

This Privacy Notice explains how we may collect and use information that we obtain about you, and your rights in relation to that information.

Your use of our services and our website constitutes your acknowledgment of the terms of this Privacy Notice.

When we collect personal information

We receive personal information from you, when you request information from us or provide information to us; when you receive our advisory services; when you visit our website.

Types of personal information we collect

We may collect your:

  • name and surname
  • residential address
  • telephone numbers
  • email address
  • identification data (identity and/or passport numbers)
  • date and place of birth
  • authentication data (e.g. signature)
  • current employment position, other professional activities
  • current income and expenses
  • property ownership
  • banking details
  • tax residence and tax ID
  • curriculum vitae
  • marital status
  • indebtedness

Also we may collect other personal data which may not be obvious to you such as:

  • your internet protocol address and/or your geo-location.

How we obtain personal information

Personal information may be obtained by us:

  • directly from you, or authorised representatives;
  • from publicly available sources (e.g. the Department of Registrar of Companies and Official Receiver, commercial registers/catalogues, the internet, adverts etc)

How we use personal information

We use personal information to:

  • provide our advisory services
  • fulfil our legal, regulatory obligations
  • protect, establish, exercise or defend legal rights; safeguard our legitimate interests or the legitimate interests of a third party (legitimate interests include but are not limited to fraud prevention, and reporting possible criminal acts or threats to public security to a competent authority)
  • process and respond to requests, enquiries or complaints received from you.

We have the right to process your personal data for any reasons other than the reasons mentioned above, provided that you have given us your specific consent for such process, in which case, you have the right to withdraw your consent at any time.

Your rights

You have the right to access, rectify, ask copy, erase your personal information and object to us using your personal data for a particular purpose subject to the limitations referred to in the present Notice and/or of any law or regulation. You can exercise your rights, request clarifications, or lodge a complaint by placing a request in writing. You also have the right to lodge a complaint with the Office of the Data Protection Commissioner. In such a case, we ask you to inform us at

We may refuse to provide you access to your data if the relevant legislation allows us to do so, in which case we will provide reasons for our decision as required by law.

We may charge a fee for the exercise of the rights described above.

In the case of a personal data breach, we shall without undue delay after having become aware of it, notify the personal data breach to the Office of the Data Protection Commissioner, unless the personal data breach is unlikely to result in a risk to your rights. When the personal data breach is likely to result in a high risk to your rights, we shall communicate the personal data breach to you without undue delay.

Where a type of processing is likely to result in a high risk to your rights, we shall, prior to the processing, carry out an assessment of the impact of the envisaged processing operations on the protection of personal data. We shall consult the Office of the Data Protection Commissioner prior to processing where a data protection impact assessment indicates that the processing would result in a high risk in the absence of measures taken to mitigate the risk.  

All the above rights are limited and subject to the provisions of Regulation (EU) 2016/679 and Cypriot Law no. 125(I)/2018.

Retention Policy

We will retain your personal information for as long as you remain in contact with us until the advisory process is concluded. After you receive our advice, we will retain your personal information for twelve (12) months from the date of conclusion of all communications.

Sharing of Personal Data

We may share your personal information with third parties including:

  • regulatory authorities
  • our employees

We do not intend to transfer your personal data to a third country or international organisation.


A Cookie is a piece of information stored on your computer device by websites. Our website is using Cookies to store your preferences like language and time zone settings. You can configure your browser to reject Cookies from our website.

Contact us

You may contact us at 21 Theklas Lyssioti, 3030 Limassol or at 


We reserve the right to amend our Privacy Policy from time to time.