August 28, 2018
Introduction
euTHOR Ltd collects and processes your personal data with care and responsibility and according to the Regulation (EC) 2016/679 with the objective of protecting the personal data of individuals.
This Privacy Policy explains how we collect, store, and process personal data in the provision of services to our clients and users of our websites. This policy aims at answering any questions you might have but if not, please do get in touch with us using one of the options in the ‘Contact Us’ section.
It is likely we will need to update our Policy from time to time.
Controller and Processor
We are the “Controller” and “Processor” of your personal information. Your personal information will be securely stored confidentially on our computer systems and/or in paper files. When you are using euTHOR websites, euTHOR Ltd is the data controller. By using our website, you’re agreeing to be bound by our Privacy Policy.
About us
euTHOR Ltd is a compliance services company for Financial Institutions as well as other businesses and professions.
For simplicity throughout this notice, ‘we’ and ‘us’ means euTHOR Ltd and its brands.
The legal bases we rely on
The law on data protection sets out a number of different reasons for collecting and processing your personal data, including:
- Consent: In specific situations, we collect and process your data with your consent. For example, when you select a box to receive email newsletters.
- Contractual obligations: In certain circumstances, we need your personal data to comply with our contractual obligations.
- Legitimate interests: in specific situations, we require your data to pursue our legitimate business interests in a way which might reasonably be expected as part of running our business. We make sure to consider and balance any potential impact on you, and your rights under data protection laws. Our legitimate business interests do not automatically override your interests - we will not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
If you have any concerns about this processing, you have the right to object to processing that is based on our legitimate interests. You can do that by contacting us using one of the options in the ‘Contact Us’ section.
Your rights according to the Regulation?
You have a number of rights in relation to the information that we keep about you and these rights include:
- right to access your personal data: You have the right to access your personal data held by us, receive a copy of these data free of charge and obtain information as to how your data is being processed.
- right to rectification: You may request that we rectify your data if it's inaccurate or incomplete;
- right to erasure: You may request that we erase your personal data.
- right to restriction of processing of your personal data: You may request us to restrict the processing of your personal data if you contest, among other, its accuracy and/or the lawfulness of its processing.
- right to data portability: in some circumstances, you have the right to receive certain information in relation to your data provided to us in an electronic format and/or request that we transmit this data to a third party
- right to object: You have the right at any time to object to the processing of your personal data, including profiling.
- right to withdraw your consent: Where the legal basis for the collection and processing of your personal data is your consent, you have the right at any time to withdraw it. The abovementioned rights apply with the restrictions provided for in the Regulation.
You can exercise your rights by contacting us.
Considering the above rights it should be noted that under certain circumstances we might continue to retain your data if the processing is necessary in order to comply with legal obligations and/or for the exercise of our contractual or legal rights.
How we collect your personal data
Under GDPR personal information is defined as “any information relating to an identified or identifiable natural person”. Personal data or personal information means any information about an individual, from which that person can be identified. We collect personal data, or personal information, directly from you, for example when you:
- Submit information via our websites
- Contact us by any means to enquire about us, our services etc.
- Engage with one of our marketing emails or on social media.
- Engage us to provide services;
- Subscribe to our services;
Other data controllers (including our clients) may also provide your personal data to us.
The personal data we collect
The personal data we may collect about you could include Title, Full Name, Identity or Passport numbers, email address, telephone nos, data of website usage, information about products and services you requested and/or received from us, recruitment data etc.
Use of Data
The Data is used to exercise our contractual obligations, fulfil our legal and regulatory obligations, provide you with information about our services and products, provide you with information of your interest that you have requested, process a job application, get your opinion about our services, notify you of any changes to our products and services, for marketing purposes and based on ‘Legitimate Interests’ (You are free to opt out of at any time) and for other legitimate business purposes.
If you wish to change how we use your data, you’ll find details in the ‘Your Rights’ section above. Remember, if you choose not to share your personal data with us, or refuse certain contact permissions, we might not be able to provide some services you’ve asked for.
Retention period for using your personal data
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, regulatory or reporting requirements. To determine the appropriate retention period for personal data, we consider:
- the amount, nature, and sensitivity of the data;
- the potential risk of harm from unauthorised use or disclosure of the data;
- the purposes for which we process the data; and
- the applicable legal requirements.
Personal data will generally not be held for more than seven years after the end of the relationship/appointment, unless otherwise prescribed by law or regulation.
How we share your information
We do not sell or distribute your personal data for commercial gain. We may process your personal data without your knowledge where this is required or permitted by law.
We may have to share your personal data with:
- Trusted third party service providers;
- Our auditors, insurers or regulatory bodies;
- Our clients’ funders;
- Our mutual clients, whom you have given permission for us to share your data with;
- Third parties to whom we may sell or merge our businesses or assets.
All our third party service providers are required to take appropriate security measures to protect your personal information in line with our policies.