1. Who We Are
MegaServe Nominee Services Ltd is a Cyprus-based corporate services provider. This Privacy Policy explains how we process personal data when you use our website, contact us, or engage our services.
- Data controller: MegaServe Nominee Services Ltd
- Contact: megaserve@megaserve.eu
- Address: Nikis Center 11, Kyriacou Matsi Str., Office 303, 1082 Nicosia, Cyprus
- Phone: +357 22 767770
Where we act as a processor on behalf of a client (for example, when operating systems/portals under client instruction), the client remains the controller for those specific processing activities.
2. Personal Data We Collect
We collect data you provide directly, data generated through your use of our website, and (where relevant) data obtained from third parties to meet legal/compliance obligations.
| Category | Examples | Typical context |
|---|---|---|
| Contact & enquiry data | Name, email, phone, message, service needs | Website forms, email, calls |
| Identity & verification | ID/passport copies, proof of address, signatures | Client onboarding, banking coordination, filings |
| Corporate & beneficial ownership | Directors/shareholders, UBO data, org charts | Corporate administration, compliance |
| Compliance screening | Sanctions/PEP/adverse media screening results | KYC/AML obligations, bank packs |
| Financial & transactional | Invoices, payment references, billing details | Service delivery and accounting |
| Website & device data | IP address, browser type, pages viewed, referrer | Security, analytics, performance |
We aim to collect only what is necessary for the purpose at hand (data minimisation). For compliance-heavy engagements, the minimum required set can be larger due to legal duties and counterparty requirements (e.g., banks).
3. How We Use Personal Data
- To respond to enquiries and provide proposals, checklists, or scope memos
- To deliver services: corporate administration, tax/VAT coordination, migration support, project management
- To comply with legal and regulatory obligations (including KYC/AML and recordkeeping)
- To maintain an audit-ready documentation trail for banks, auditors, and competent authorities
- To prevent fraud, protect systems, and maintain cybersecurity
- To manage billing, payments, and contractual administration
- To improve our website’s usability and performance
4. Legal Bases for Processing
Under the GDPR, we rely on one or more of the following legal bases depending on the context:
- Contract: to take steps at your request before entering into a contract and to perform a contract with you
- Legal obligation: to meet applicable legal/regulatory duties (e.g., AML-related processes and record retention)
- Legitimate interests: to run our business responsibly (security, fraud prevention, service quality, minimal analytics), provided your rights do not override those interests
- Consent: where we request it (e.g., optional marketing updates). You can withdraw consent at any time
5. Sharing of Personal Data
We share personal data only when necessary for service delivery, compliance, or legal duties.
- Banks / EMIs: for onboarding and account administration, where you request coordination
- Professional advisors: lawyers, accountants, auditors where you engage them or we coordinate with them
- Authorities: registries, tax/VAT portals, migration authorities, courts (as required)
- Service providers: hosting, IT, secure storage, email, screening tools, and workflow vendors
Where we use processors (vendors), we aim to implement appropriate contractual safeguards (including confidentiality and security requirements) consistent with GDPR obligations.
6. International Data Transfers
Some vendors or counterparties may process data outside the European Economic Area (EEA). Where this occurs, we aim to use appropriate safeguards (for example, contractual protections and vendor security due diligence) to protect your data in line with GDPR.
Cross-border transfers can also occur when you engage non-EEA banks, advisors, or counterparties and request our coordination.
7. Security Measures
We use organisational and technical measures designed to protect personal data, including:
- Access control (least privilege) and role-based permissions
- Secure transmission channels where appropriate
- Segregated archives and structured evidence repositories
- Audit trails on document handling where feasible
- Policies and training for staff handling sensitive data
No method of transmission or storage is perfectly secure; we reduce risk through layered controls and disciplined handling.
8. Retention
We retain personal data only for as long as necessary for the purposes described in this policy, including legal, regulatory, and contractual requirements.
| Record type | Typical retention driver | Retention approach |
|---|---|---|
| Enquiries / proposals | Legitimate interests (business records) | Retained for a reasonable period unless deletion is requested and lawful |
| Client files (corporate/compliance/migration) | Contract + legal obligations | Retained per statutory/regulatory requirements and professional standards |
| Billing / invoices | Legal obligations (accounting/tax) | Retained per applicable accounting/tax rules |
| Security logs | Legitimate interests (security) | Retained for security operations and incident response needs |
If you want our current retention stance for a specific engagement type, email us and we will outline the relevant retention drivers.
9. Your Rights
Subject to GDPR conditions and applicable exceptions (including legal obligations), you may have the right to:
- Request access to your personal data
- Request correction of inaccurate data
- Request deletion (where lawful)
- Request restriction of processing (where applicable)
- Object to processing based on legitimate interests (where applicable)
- Data portability (where applicable)
- Withdraw consent (where processing is based on consent)
If you wish to exercise your rights, contact megaserve@megaserve.eu. We may need to verify identity before responding.
You also have the right to lodge a complaint with your local data protection authority. If you are in Cyprus, the supervisory authority is the Office of the Commissioner for Personal Data Protection.
10. Cookies & Analytics
We use essential cookies required for site functionality. We also use Google Analytics (GA4) to understand how visitors use our website in aggregate. Google Analytics uses cookies to collect anonymised usage data.
- Essential: security and basic operation
- Analytics (if enabled): aggregate usage patterns to improve content and performance
11. Website Forms & Intake
When you submit forms on our site, we process the information you provide to respond and deliver services. Form submissions may be processed by our hosting/form provider as a processor on our behalf.
If you prefer not to use web forms, you can email us directly at megaserve@megaserve.eu.
FAQs
Do you sell personal data?
No.
Do you process sensitive data?
In regulated contexts (e.g., corporate administration, compliance, migration), we may process sensitive or high-impact identification and compliance information because it is necessary to deliver services and meet legal/counterparty obligations.
Can you delete my data on request?
We will consider deletion requests, but some data cannot be deleted immediately if we must retain it to meet legal, regulatory, or contractual obligations (for example, recordkeeping duties).
How do you secure documents?
We use access controls, disciplined document handling, and structured archives. The exact tooling depends on the engagement and agreed delivery method.