1. Scope of this policy
This policy applies to personal information which is collected and/or used by CorpZone in its capacity as a controller as that term is defined in the EU data protection laws. The contexts in which this might occur are explored under “When do we collect personal information?” below. When we provide Services to clients, we sometimes handle personal information as a processor. This means that we process the information solely on the instructions of our clients, who retain control of the information. Therefore, if our use of your personal information is not covered by this policy, you may need to contact the client (and controller) on whose behalf the processing of your information is carried out. If CorpZone uses your personal information, you may have certain important rights which you can exercise. The rights you will be able to exercise will depend on how and why CorpZone uses your information. The primary point of contact at CorpZone for questions regarding your personal information is contactcorpzoneconsulting.com.
2. Who is your controller?
The CorpZone Consulting Limited responsible for your personal information will be the entity that originally collected information from or about you. Controller in accordance with Article 4 Clause 7 of the EU General Data Protection Regulation (GDPR) is CorpZone Services Ltd 6, Vasili Vryonides Str, Gala Court Chambers, 5th floor, 3095 Limassol, Cyprus +35797607031 firstname.lastname@example.org
3. Your Acceptance
4. When do we collect personal information?
We collect information about you if:
- you use this website;
- you enquire about, or engage CorpZone to provide, its Services (either in a personal capacity, or as a representative for your employer or client);
- the use of your personal information is reasonably necessary to provide our Services (in these circumstances, your personal information may be disclosed to us by our client who may, for example, be your employer or service provider, or we may obtain your personal information from a range of public or subscription sources, directly from you, or from your associates or persons known to you);
- you apply for a position with CorpZone;
- you contact us with any other enquiry, complaint or notice.
5. What types of personal information are collected and what do we use it for?
The following is a summary of the types of personal information we collect, and the purposes for which that information is used.
5.1. Website Users
5.2. CorpZone's Former, Current and Prospective Clients
If you submit an enquiry to CorpZone about our Services (either over the website, or by emailing, telephoning or meeting with one of our colleagues), then we will process information such as your name, job title and contact information in order to respond to your enquiry. If you or the organisation you are associated with becomes a CorpZone client, then we may process your personal information in order to:
- carry out “Know Your Client” checks and screening prior to starting a new engagement (as well as basic contact information, this may mean processing compliance related information such as proof of your identity, information about your professional background, history of directorships and, in some circumstance, details of any criminal convictions or adverse media coverage);
- carry out background checks for the purposes of complying with anti-money laundering and terrorist financing laws;
- carry out client communication, service, billing and administration;
- deal with client complaints;
- and administer claims.
- Taking account of applicable marketing laws, we also process personal information about our clients (former, current and prospective) in order to:
- send our clients newsletters, know-how, promotional material and other marketing communications;
- invite our clients to events (and arrange and administer those events).
6. What is our legal basis for collecting personal information?
All processing (i.e. use) of your personal information is justified by a “lawful basis” for processing. In the majority of cases, processing will be justified on the basis that:
- the processing is necessary for the performance of a contract to which you are a party, or to take steps (at your request) to enter into a contract (e.g. where you request certain Services as an individual client, or where we help advise your employer or service provider on fulfilling an obligation to you under a contract);
- the processing is necessary for us to comply with a relevant legal obligation (e.g. where we are required to collect certain information about our clients for tax or accounting purposes, or where we are required to make disclosures to courts or regulators); or the processing is necessary for the performance of a task carried out in the public interest (e.g. background checks for anti-money laundering and terrorist financing purposes); or
- the processing is in our legitimate interests, subject to due consideration for your interests and fundamental rights (this is the basis we rely upon for the majority of the processing of personal information in connection with the provision of our Services, and also for the purposes of most client on-boarding, administration and relationship management activities).
In limited circumstances, we will use your consent as the basis for processing your personal information, for example, where we are required by applicable law to obtain your prior consent in order to send you marketing communications.
Before collecting and/or using any special categories of data (as that term is defined in the GDPR), or criminal record data, we will establish a lawful exemption which will allow us to use that information. This exemption will typically be:
- your explicit consent;
- the establishment, exercise or defence by us or third parties of legal claims; or
- other uses allowed by applicable law including context specific exemptions provided for under local laws of EU
Member States and other countries implementing the GDPR, such as in relation to the processing of special category data for the purposes of preventing or detecting fraud in relation to instructions from potential clients.
7. Disclosure of Personal Information to Third Parties
- responding to requests from law enforcement agencies, regulators or courts, or to subpoenas, search warrants, or other legal requests;
- the prevention and/or detection of crime;
- establishing legal rights or to investigate or pursue legal claims;
- a merger, acquisition or corporate restructuring to which CorpZone is subject;
- preventing risk of harm to an individual.
8. International Hosting and Transfer of Information
CorpZone may transfer certain personal information collected on its websites across geographical borders to CorpZone offices, personnel, or third parties located throughout the world. CorpZone may also store such information in a jurisdiction other than where you are based including outside of the European Economic Area (“EEA”).
CorpZone will take appropriate steps ensure that transfers of personal information are in accordance with applicable law and carefully managed to protect your privacy rights and interests and transfers are limited to countries which are recognized as providing an adequate level of legal protection or where we can be satisfied that alternative arrangement are in place to protect your privacy rights.
- Where we transfer your personal information outside CorpZone to third parties who help provide us with any of the activities described in this policy, we obtain contractual commitments (such as the Standard Contractual Clauses) from them in order to protect your personal information.
- Where we receive requests for information from law enforcement, courts or regulators (who may be based overseas), we carefully validate these requests before any personal information are disclosed.
You have a right to contact us for more information about the safeguards we have put in place (including a copy of relevant contractual commitments) to ensure the adequate protection of your personal information when this is transferred as mentioned above.
9. Protection of Personal Data
CorpZone has reasonable technical safeguards, security policies and procedures in place to protect personal information from unauthorized loss, misuse, alteration, or destruction. Measures we take include placing confidentiality requirements on our staff members and service providers, limiting access to your personal information on a “need to know” basis, and providing training to appropriate CorpZone personnel. Despite CorpZone’s best efforts, however, security cannot be absolutely guaranteed against all threats.
10. Retention of your personal information
CorpZone retains your personal information for the period of time required for the purposes for which it was collected, any compatible purposes which we subsequently establish, or any new purposes to which you subsequently consent, or to comply with legal, regulatory and CorpZone policy requirements.
This period of time will usually be the period of your, or the relevant client’s, relationship or contract with CorpZone plus a period reflecting the length of time for which legal claims may be made following the termination of such relationship or contract. Some information (such as call recordings, tax records and certain information required to demonstrate regulatory compliance) may need to be kept for longer. Personal information will be kept for a shorter or longer period of time if so required by law or an CorpZone policy, if the information becomes subject to a legal hold (for example, following a communication from our regulator) or if we have identified through a data protection impact assessment that a different retention period is appropriate.
11. Your EEA Rights
Your personal information is processed by a CorpZone in the EEA, therefore it is subject to certain exemptions, and dependent on how and why we use it, you have certain rights in relation to your personal information. We may ask you for additional information to confirm your identity before disclosing any personal information to you. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive.
You can exercise your rights by contacting us. Subject to legal and other permissible considerations, we will make every reasonable effort to honour your request promptly or inform you if we require further information in order to fulfil your request. We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.
11.1 Right to Access
11.2 Right to Rectification
11.3 Right to be Forgotten (Right to Erasure)
You have the right under certain circumstances to have your personal information erased. Your information can only be erased if it is no longer necessary for the purpose for which it was collected, and we have no other legal ground for processing the information.
11.4 Right to Restrict Processing
You have the right to restrict the processing of your personal information, but only where:
- its accuracy is contested, to allow us to verify its accuracy; or
- the processing is unlawful, but you do not want it erased; or
- it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or
- you have exercised the right to object, and verification of overriding grounds is pending.
11.5 Right to Data Portability
You have the right to data portability, which requires us to provide personal information to you or another controller in a commonly used, machine readable format, but only where the processing of that information is based on (i) consent; or (ii) the performance of a contract to which you are a party. Please note that CorpZone rarely relies upon consent as a legal basis, and the performance of a contract basis will only be relevant to the extent that you, as an individual, are party to a contract with CorpZone or a client, and our use of your personal information is necessary for the performance of that contract.
11.6 Right to Object to Processing
You have the right to object to the processing of your personal information at any time, but only where that processing is based on our legitimate interests. If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.
CorpZone may send you information related to its services, products and events that we believe are of interest to you. This information may be sent by post or via email. If at any point you no longer prefer to receive marketing communications from CorpZone you can (i) unsubscribe from CorpZone communications sent by email using a link provided in marketing emails sent from CorpZone; or (ii) contact us to exercise your right to prevent all forms of marketing (both post and email).
14. Changes to this Policy
15. Contact Us
If you have questions or concerns regarding this policy or CorpZone’s personal data processing policies, please contact CorpZone at: email@example.com