Privacy Policy
- THE PURPOSE OF THIS NOTICE
This notice specifies how and why Westeria LTD (also referred to as “we”, “our”, and “us”) collects and uses personal data and provides information about the rights of individuals following data protection legislation. This applies to the personal data provided to us by both these individuals themselves and others. Personal data refers to any information related to a living person who is actually identified or can be identified.
Data protection legislation refers to all the applicable laws and regulations relating to privacy and data protection, including:
until May 25, 2018 — the Data Protection Act 1998; and
since May 25, 2018 — the EU General Data Protection Regulation (GDPR) and any applicable laws, regulations, and by-laws of specific countries concerning the processing of personal data and the confidentiality of electronic communication, including periodic amendments, replacements, and updates thereof;
Please carefully read the following provisions to understand what we do with your personal data and how we handle them.
- THE BASIC INFORMATION
According to both the Data Protection Act and this notice, we are considered the data controller. This means that we have a right to decide how to store and use the personal data of individuals. The data protection legislation obliges us to notify you of the information contained in this privacy notice.
The main purposes of collecting your personal data are providing you with services, informing our clients, and marketing. We may also use your personal data for secondary purposes closely related to the primary ones in circumstances where such use or disclosure is reasonably predictable. You can request to be excluded from the mailing/marketing lists at any time by contacting us in written form.
When collecting personal data, we explain to you, where appropriate and possible, why we collect such information and how we plan to use it.
Our staff has a member responsible for compliance with the personal data protection rules. He is a contact person for data protection issues who addresses requests regarding this privacy notice and our processing of your personal data. You can write or call our data protection specialist using the contacts specified on the website.
- HOW WE COLLECT YOUR PERSONAL DATA
We collect personal data only for mutually accepted purposes and ask clients to disclose them only when it is absolutely necessary.
When the processing of your personal data is required, we ask clients to provide the data subjects with the necessary information about the use of such data.
Thus, we receive personal data when:
- You are requesting an offer from us related to the provided services;
- We receive relevant information from third parties through routine checks accomplished before including you among our clients;
- You order our professional services as well as when we provide them;
- You contact us by email, phone, mail, through the web-portal, or on social networks (for example, to ask us about our services);
- You are filling out the Annual Questionnaire;
- It is provided by third parties (for example, attorneys, executors, lawyers, financial consultants) and/or open sources (for instance, the Register of Legal Entities).
- THE TYPES OF PERSONAL DATA WE STORE
We process various categories of personal data depending on the services provided.
Corporate clients (as well as individuals associated with them)
We may store the following personal data:
- The information about a CEO, secretary, or shareholder, such as position, full name, contact details (including postal address, email address, etc.), contact history, and transactions with shares;
- Information about family members (if it is relevant for the service provided);
- Date of birth, gender, and/or age;
- Photocopies of the passport, driver’s license, or another identification card required from CEOs, shareholders, and other key staff members;
- Records of your interaction with us, including meeting notes, phone messages, letters, emails, and information that we receive via the web-portal and social networks;
- Information about affiliated parties and transactions with them;
- Our transactions with employees and the related documentation;
- The data from the contract for the provision or intended provision of our services concluded between us;
- The information about all our services you have received;
- Our correspondence and communication with you;
- Information about any complaints and requests that you send to us;
- Information obtained by us from other sources, such as publicly available information and data provided by third parties.
Individual clients
We may store the following personal data:
- The information about a particular trader, partner, or individual client, such as position, full name, contact details (including phone number, mobile phone number, postal address, email address, etc.), and contact history;
- Date of birth, gender, and/or age;
- Photocopies of the passport, driver’s license, or another identification card;
- Records of your interaction with us, including meeting notes, phone messages, letters, emails, and information that we receive via the web-portal and social networks;
- Information about affiliated parties and transactions with them;
- Our transactions with you or employees and the related documentation;
- The data from the contract for the provision or intended provision of our services concluded between us;
- The information about all our services you have received;
- Our correspondence and communication with you;
- Information about any complaints and requests that you send to us;
- Information obtained by us from other sources, such as publicly available information and data provided by third parties.
- HOW WE USE THE STORED PERSONAL DATA
We may process personal data when required by the contract for the provision of professional services as well as to fulfill our obligations under the law. This may imply the processing of personal data of an employee, subcontractor, supplier, a client of our client, or a person affiliated with our client.
We may process personal data to fulfill our legitimate interests, provided that the latter do not infringe on the interests, rights, and freedoms of our clients (as well as persons affiliated with our clients) subject to personal data protection. This includes goals such as marketing, business development, and management.
We may also process personal data for certain other purposes if you agree to that. In such limited cases, when the consent of a particular data subject is required for the personal data processing, such a particular data subject has the right to withdraw his or her consent to the data processing for such a specific purpose.
Please note that there may be several legal grounds for the data processing, depending on the specific purpose for which personal data is to be used.
The situations in which we use personal data
We may use personal data to:
- fulfill our obligations under the contract with the client (as a rule, to provide him or her with the services), for example, to provide advice;
- fulfill our obligations under the contract with the client (as a rule, to provide him or her with the services), in the case when you are a client of our client;
- provide information about our services, events, and activities that are requested from us or that, from our perspective, may be of interest, provided you have given your consent to receive such information;
- collect reviews and opinions about the provided services;
- notify you about any changes in the provided services.
In some situations, we make personal data anonymous or quasi-anonymous so that they are not tied to a specific individual; in this case, we can use them without any notifications.
If an individual refuses to provide us with the particular requested information, this may make it impossible for us to fulfill the contract concluded with such a client. This may also prevent us from fulfilling our obligations imposed by law or regulations.
Under this notice, we may process personal data without the notification and consent of an individual, if required or permitted by law.
The storage of personal data
We store personal data only as long as it is necessary to achieve the purposes for which they are collected.
When choosing the appropriate terms of the personal data storage, we take into account the following:
- the requirements of our business and the nature of the provided services;
- the requirements of the law;
- the purposes for which specific personal data are collected;
- the legal grounds for the personal data processing;
- the type of personal data collected;
- the volume and categories of your personal data;
- the possibility of achieving the goal of the processing by other reasonable means.
Changing a purpose
When we have to use personal data for a purpose other than the one for which it was collected, we use it only to the extent that such a purpose is consistent with the initial one.
If personal data are necessary for a new purpose, we notify the person before the new processing, clarifying the legal grounds for it.
Disclosure of personal data
Your personal data may be disclosed in certain cases, including:
- To third parties if you consent to such use or disclosure of the information;
- When required or permitted by law.
- PROVIDING THE PERSONAL DATA TO THIRD PARTIES
Why may we provide personal data to third parties?
We provide the personal data to third parties when required by law, if it is necessary to manage the relationships between us and our clients, or when we have other legitimate interests to do so.
Which third-party service providers process personal data?
The third parties include third-party service providers and other professional consultants. Their spheres of activity may be as follows: IT services, cloud services, website hosting, data backup, professional consulting services, and banking services.
All our third-party service providers are required to take adequate and commercially reasonable measures to protect personal data. We allow them to process the personal data only for specified purposes and following our instructions.
Can there be other third parties? We may transfer personal data to other third parties, for example, in the context of a possible sale or restructuring of the business. In this case, we will take appropriate measures to ensure the security of the clients’ personal data according to the data protection legislation. If our business is to be transformed, the new owners will be able to use the clients’ data in exactly the same way as described in these terms.
We may also need to provide the personal data to a regulatory authority or comply with other legal requirements.
- PERSONAL DATA SECURITY
We apply appropriate and commercially reasonable security measures to prevent accidental loss, use, alteration, disclosure, or unauthorized access to the personal data. Besides, we restrict access to the personal data, providing them only to those employees, agents, contractors, and other third parties who need them by the nature of their duties. They process the personal data strictly following our instructions and are bound by the obligation to respect confidentiality.
We have adopted special procedures to respond to any alleged data security breaches; we will notify both an individual and the relevant regulatory authority of the alleged breach if required by law.
- ACCESS RIGHTS, CORRECTION, DELETION, AND RESTRICTION
The obligation of individuals to inform us about the changes
It is important for your personal data that we store to be accurate and up-to-date. If they change, let us know about the modifications we need to be aware of; to do this, write or call us at the contacts below.
When your personal data are no longer needed for the purpose they were collected, we take reasonable measures to delete or permanently depersonalize them. However, most of the personal data are contained in the client’s files, which have to be stored for at least seven years.
The rights of individuals regarding the personal data
Under certain circumstances and according to the law, you have the right to:
- Request access to your personal data. This will allow you to find out exactly what data we store and make sure that we process it legally.
- Request to make corrections to your personal data we store.
- Request to delete your personal data. You can ask us to delete your personal data in case we do not have sufficient reasons to continue processing them. You also have the right to ask us to delete your personal data if you object to their processing (see below).
- Object to the processing of your personal data for some reasons of your own, even when we (or a third party) have a legitimate interest in this. You also have the right to object to our processing of your personal data for direct marketing purposes.
- Request to restrict the processing of your personal data. You can ask us to suspend the processing of your personal data, for example, if you want us to check their accuracy or provide the grounds for the processing.
- Ask to transfer your personal data to you or another authorized agent if this is technically feasible and provided the processing is based on consent and is accomplished by automated means.
We may need to request certain information from you to verify your identity and ensure your right to access the data (or any of your other rights). This is a security measure that ensures that personal data does not get to someone who does not have the right to receive it.
Accessing your personal data
With some exceptions, you can access your personal information stored by us as well as update and/or correct it. If you would like to access your personal data, please contact us in written form.
Westeria LTD does not charge for such requests but may charge an administrative fee for providing a copy of the personal data.
In order to protect your personal data, we may ask you to confirm your identity before providing you with the requested information.
- THE RIGHT TO WITHDRAW THE CONSENT
In some cases, when an individual has previously provided his or her consent to the collection, processing, and providing of their personal data for a specific purpose (for example, for direct marketing, to receive newsletters from us), they have the right to withdraw consent to a specific type of processing at any time. To withdraw your consent, please send us an email to the address indicated on this website.
Upon receiving a respective notification, we will stop processing your personal data for the purposes you previously gave consent to, except in cases where we have other legitimate reasons to do so.
- UPDATING THE POLICY
This Policy may occasionally change; you can find it on our website.
If you have any questions or complaints regarding this Privacy Policy, please contact us at the address specified on our website.
Feedback
We welcome your questions and comments on this document via e-mail: [email protected]