- Provides an overview how we collect and process your personal data and tell you about your rights under the Processing of Personal Data (Protection of individuals) Law 138 (I)/2001) as amended from time to time and the EU General Data Protection Regulation (“GDPR”) 2016/679.
- Is directed to physical persons who are either current or potential clients of Adastra, or are authorised representatives/agents or beneficial owners of legal entities or of physical persons.
- contains information about when we share your personal data with third parties, (for example other service providers or suppliers)
For the purposes of this policy, personal data shall mean any information relating to you which identifies or may identify you and which includes, for example, your name, address, identification number.
1. Who We Are
ADASTRA INTERNATIONAL CONSULTANTS LTD is a company registered in Cyprus under the registration number HE 378826 having its registered office and head office at 1, Christaki Kranou, Germasogeia, 4047 Limassol, Cyprus.
A Data Protection Officer (DPO) has been appointed by us who is responsible for overseeing questions in relation to privacy issues. If you have, any questions or want more details about how we use your personal data you can contact our Data Protection Officer using the details set out below:
E-mail address: firstname.lastname@example.org
Postal address: 1, Christaki Kranou, Germasogeia, 4047 Limassol, Cyprus
2. COLLECTION OF YOUR DATA
Personal data, or personal information, as already mentioned above, refers to any information about an individual from which can be used to identify this person. This does not include data where the identity has been removed (anonymous data).
In case you are a potential client, or a non-client counterparty in a transaction/s of a client or an authorised representative/agent or beneficial owner of a legal entity or of a physical person which/who is a potential client, the relevant personal data which we collect may include:
Name, maiden name, last name, username or similar identifier, marital status, title, date of birth (city and country) and gender. Contact Data such as residential or business address, email address and telephone numbers. Marketing and Communications Data like your preferences in receiving marketing from us. Additionally we may collect banking details, marital status, employed/self-employed, if you hold/held a prominent public function (for PEPs), FATCA / CRS info, authentication data (e.g. signature), IP addresses, financial account information such as bank details, insurance information, family member information, nationality, credit reference agency data, residence or work permit in case of non-EU nationals, own and/or third party security (e.g. if an existing personal guarantor), employment position, educational background, employment history. We may also obtain personal data arising from the performance of our contractual obligations, tax information (e.g. defence tax, tax residency, tax identification number), financial info (as expected annual credit/debit turnover, nature of transactions, source of income, source of assets).
3. Personal Data of Children
4. Failure to Provide Personal Data
Where we need by law to collect personal data, or under the terms of a contract we have with you and/or any other legal purpose and failure form your end to provide information when requested, we might not be able to complete our contractual responsibilities we have or are about to enter into with you (for example, to provide you with our services). In this case, we may have to terminate all contractual obligations with yourself but you will be notified by us if this is the case at the time
5. Whether You Have an Obligation to Provide Us with Your Personal Data
Personal data should be provided to us to allow us to enter into a contractual relationship with you, which is necessary for the required commencement and execution of our contractual obligations. Additionally, we are obliged to collect such personal data given the provisions of the anti-money laundering law, which require that we verify your identity before entering into a contract or a business relationship with you or the legal entity for which you are the authorised representative/agent or beneficial owner. In this context, in order for us to comply with out statutory obligation as mentioned above, you must therefore, provide us with your identity card/passport, your full name, place of birth and your residential address so that we may comply with our statutory obligation as mentioned above.
6. How Your Personal Data Is Collected
We process and collect different types of personal data, that we receive from our clients (potential and existing) in person or via their representative in the context of the contractual relationship. In addition, Adastra, may collect data from Adastra email (sender name, recipient name, date and time) or third parties e.g. public authorities or companies that introduce clients to us or publicly available sources (e.g. the Department of Registrar of Companies and Official Receiver, the Land Registry, the Bankruptcy Archive, commercial registers, the press, media and the internet).
e.g. public authorities or companies that introduce the client to us. We may furthermore collect and process personal data from.
7. Why we process your personal data and on what legal basis
We are committed to protecting your privacy and handling your data in an open and transparent manner in accordance with the GDPR and the local data protection law for the reasons listed below:
A. For compliance with legal obligations
There are numerous legal obligations imposed on us from the relevant laws to which we subject to as well as statutory obligations e.g. Money Laundering Law, GDPR and Tax Law,
B. including laws and/or regulations and/or Directives which are concerned with US Foreign Account Tax Compliance Act (FATCA), the Common Reporting Standard (CRS) and/or any other related European and/or Cyprus Legislation. For the performance of a contract
We process personal data in order to complete our acceptance procedure so as to enter into a contract with prospective clients and to perform the contract we are about to enter into.
C. For the purpose of safeguarding legitimate interests
- A legitimate interest is when we have a business or commercial reason to use your information. But even then, it must not unfairly go against what is right and best for you. Examples of such processing activities include
- Initiating legal claims and/or preparing our defence in litigation procedures
- sharing your personal data within Adastra Group for the purpose of updating/verifying your personal data in accordance with the relevant anti-money laundering compliance framework and/or for the performance of the services.
Where disclosure is necessary for the relevant tax authorities, auditors and/or reporting accountants, to perform their respective services.
D. You have provided your consent
- Provided that you have given us your specific consent for processing (other than for the reasons set out above) then the lawfulness of such processing is based on that consent. You have the right to revoke consent at any time. However, any processing of personal data prior to the receipt of your revocation will not be affected.
We may process your personal data to inform you about our services that may be of interest to you or your business.
Cookies are small files used by our website to make it work better in order to improve the services we offer you, marketing and provide site functionality.
Cookies are a small, unique text files that a website can send to your computer when you visit a site. The website may automatically collect information as you browse, such as your internet service provider, browser type and version, operating system and device type, pages viewed, information accessed, the Internet Protocol (IP) address used to connect your computer to the internet and other relevant statistics. It also collects demographic information (country – city).
In the event that you do not want us to deploy cookies to your browser, your browser can be set to reject cookies or to notify you when a website tries to put a cookie on your computer. The rejecting of cookies may affect your ability to use our web site.
10. Who Do We Share Your Personal Data With
During the course of the performance of our contractual and statutory obligations, your personal data could be provided to different departments within Adastra but also to other companies of the Adastra Group and/or third party/ies providing service/s to and/or acting as agents of Adastra and/or to any subsidiary and/or affiliate company/ies of Adastra for the purposes and/or in the context of the provision of our services. Therefore, other service providers and suppliers may also receive your personal data so that we may perform our services and/or legal obligations. Such service providers and suppliers enter into contractual agreements with us by which they observe confidentiality and data protection according to the data protection law and GDPR.
It should be noted that we may disclose data about you for any of the reasons set out hereinabove, or if we are legally required to do so, or if we are authorised under our contractual and statutory obligations or if you have given your consent. We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We strictly prohibit our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. We only provide the necessary information they need to perform their specific services.
Under the above referred circumstances , recipients of personal data may be, for example: criminal prosecution authorities, income tax authorities, Cysec, auditors and accountants, external legal consultants and legal consultants, suppliers, share and stock investment and management companies, service providers, agents, valuers and surveyors, financial and business advisors, business partners, file storage companies, archiving and/or records management companies, cloud storage companies, delivery couriers, IT companies who support our website and other business systems and so on.
11. International Transfers
Your personal data is shared within the Adastra Group. However, your personal data may be transferred to third countries; countries outside of the European Economic Area (EEA) in such cases as e.g. to execute our services or if this data transfer is required by law. We ensure that your personal data shall be protected by requiring all our group companies to follow the same rules when processing your personal data; namely, the “binding corporate rules”. For further details, protection is provided by ensuring at least one of the following safeguards is implemented:
- Your personal date will only transfer to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, seeEuropean Commission: Adequacy of the protection of personal data in non-EU countries.
- It can also be used where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
- Additionally, in case that we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield.
12. Data Security
Suitable security measures have been put in place, in order to avert your personal data from being unintentionally lost, used or accessed in an unauthorised way, altered or disclosed. Additionally, we limit access to your personal data to employees, agents, contractors and other third parties. Your personal data will only be processed by them on our instructions and they are subject to a duty of confidentiality.
Measures have been set up, to deal with any alleged personal data breach and you shall be notified and any applicable regulator of a breach where we are legally required to do so.
13. Data Maintenance
We will only maintain your personal data for as long as needed, to fulfil the purposes it was collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements, except if a longer retention period is required or permitted by law.
The principles used in determining our maintenance periods include:
- The time length of our ongoing relationship with you and provide the services to you (for example, for as long as you keep using our services).
- If there is a legal obligation to which we are subject to(for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them).
- Whether retaining is advisable bearing in mind our legal position (such as, for statutes of limitations, litigation or regulatory investigations).
You hold the right to ask for your data to be deleted; to request erasure. This allows you to instruct us to erase your personal data (known as the ‘right to be forgotten’) where its process is of no further use or interest.
14. Your Legal Rights
It is with your rights under Data Protection Laws in relation to your personal data under certain circumstances to request the following:
- Correction of your personal data: You may request rectification if your personal information is inaccurate.
- Access to your personal data: You may request a confirmation as to whether or not personal information is being processed by us and to obtain a copy of that information.
- Erasure of your personal data: You may request that your personal information is erased in certain situations e.g. if it is no longer necessary to provide the services to you.
- Restriction of processing your personal data: You may request restrictions of the processing of your personal data in certain situations e.g. if your personal information is inaccurate or unlawfully processed.
- Oppose the processing of your personal data: You may object to the processing of your personal data in certain situations e.g. for use of your data for ad targeting.
- Transfer of your personal data: You may request to obtain and reuse your personal data for your own purposes across different services.
- The right to withdraw consent that you gave us with regard to the processing of your personal data at any time. Note that any withdrawal of consent shall not affect the lawfulness of processing based on consent before it was withdrawn or revoked by you.
If you wish to exercise any of the rights set out above, please contact our Data Protection Officer at: email@example.com
15. Amendment of personal data
When we keep personal data submitted to us, we do not assume responsibility for verifying the ongoing accuracy of the content of personal information, when practically possible, if ADASTRA is informed that any personal data processed by us is no longer accurate, we will make appropriate corrections based on your updated information. If you would like to update any personal data you have already submitted, please e-mail us at firstname.lastname@example.org