1. Introduction

AUDITOR+ (referred to as ‘we’, ‘us’, ‘our’, ‘Company’), is the owner of this website. This privacy policy (“Privacy Policy” or “Policy”) explains how the Company collects and processes your personal data and tells you about your rights under the EU General Data Protection Regulation (EU) 2016/679 (‘GDPR’) and the local data protection law(s).

This Privacy Policy is directed to existing and prospective clients, personnel of corporate clients, other persons (excluding employees and job applicants to whom a separate privacy notice applies) and website users whose personal data we may process. This Privacy Policy contains information about how and when we share your personal data with third parties (for example, our service providers).

For the purpose of applicable data protection legislation, the Company being the data controller and is responsible for your personal data.

In this Privacy, your data is sometimes called “personal data” or “personal information”. For the purposes of this Personal Policy personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

2. Where we collect your personal data from Personal data that we receive directly from you If you are an individual existing or prospective client, we will collect personal data from you when provide you: (i) apply for your account and are on-boarded as a client; (ii) request or engage with us in connection with our services; and (iii) interact with us in relation to the management and administration of your account.

Personal data that we receive directly from third parties

Pursuant to any local laws and requirements, we may seek more information about you or your or relevant individuals such as directors from other sources by way of due diligence or other market intelligence such as World Check and ICIJ Offshore Leaks Database. We might process your personal data which we lawfully obtain other third parties e.g. public authorities, companies that process card payments , third party database providers (third party brokers who may provide us with your details in accordance with any regulatory requirements).

Where existing or prospective corporate clients provide us with personal data relating to their directors, employees, or any other person, such data is deemed to have been provided to us on the basis that: (i) those individuals have been informed and understand that their personal data is being provided to us; (ii) those individuals have been provided with information regarding the collection, use, processing, and disclosure of their personal data; (iii) the client has a lawful basis (in accordance with applicable data protection laws and regulations) to provide such personal data to us; and (iv) those individuals are aware of their data protection rights and how to exercise them.

Personal data we receive from other sources

We may also collect and process personal data from publicly available sources. We might. We also may seek more information about you or your organization from other sources by way of due diligence or other market intelligence

To the extent that you access our website or send us an email, if appropriate and in accordance with any regulatory and legal requirements, we may also collect your data automatically.

3. Do you have an obligation to provide us with your personal data?

Collecting your personal data is necessary for the commencement, execution of a business relationship and the performance of our contractual obligations. We are obligated to collect such personal data in order to comply with the current Laws and Anti Money Laundering requirements which mandate that we verify your identity before we enter into a contract or a business relationship with you or with the legal entity you represent.

4. What types of personal data do we collect?

We will collect your contact details (name, telephone numbers, job title and email or postal addresses) when you engage with us in connection with our or your services in order to ensure our relationship runs smoothly. Where we are required to carry out verification checks, to comply with our legal and regulatory obligations, we will collect specific additional information about relevant individuals, including, for example, date of birth, payment details, tax residence information, copies of photo identification documents (such as a driving license and/or passport/identity card), information about nationality/citizenship/place of birth, national identification numbers and other identity verification documents as well as the information if you hold/held a prominent public function (for PEPs).

Further, we collect personal data arising from the performance of our contractual obligations, relative to the order (e.g. payment, transfer and transaction orders), tax information (tax residency, tax identification number), financial info (nature of transactions, source of income, source of assets), authentication data (e.g. signature) and employment information.

Specific information, which we also may request, includes the information regarding the knowledge and experience with the products we offer, investment strategy and scope, personal investment portfolio, personal objectives etc.

We do not collect or otherwise process sensitive personal data (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data) or criminal conviction/offence data unless it is necessary for compliance with a legal and/or regulatory obligation.

5. Children’s data

We neither collect nor process the personal data in relation to individuals who are under the age of eighteen (18).

6. How we process your personal data?

We use the personal data in the following ways: • to store your details (and updating them when necessary) on our database in order that we can contact you in relation to our ongoing services, agreements or in general business with you;
• to administer your account
• to carry out our obligations arising from our contracts with you;
• to undertake anti-money laundering and know your client checks in accordance with our legal and regulatory obligations;
• to maintain records of our conversations so that we can provide relevant services to you and in order to comply with our legal and regulatory obligations;
• to comply with applicable laws or regulations in any country;
• to pursue legitimate interests, including to carry out, monitor and analyze our business or operations;
• to conduct monitoring by us or any other person on our behalf
• to conduct customer surveys, marketing campaigns, market analysis, or promotional activities
• to communicate with you to keep you up to date on the latest developments, announcements and other information about our services, products and technologies;
• in exceptional circumstances, to help us or you to establish, exercise or defend legal claims;

We may use your personal data to contact you regarding your account, or to invite you to events that may be of interest (except where you have asked us not to). You have the right to opt out of receiving such communications from us by either liaising with your Company contact or by electronically unsubscribing from emails we have sent you. After you unsubscribe we will not send you such communication emails but may continue to contact you to the extent necessary for the purposes of any services we are providing to you or as may be needed for regulatory purposes.

7. What is our legal basis for processing your personal data?

We process your personal data in accordance with the GDPR for one or more of the following reasons:

• Processing is necessary for performance of the contract or to take steps preparatory to such contract. We process personal data so we can perform transactions and offer investment services based on contracts with our clients but also to complete our acceptance procedures and decide weather to into a contract with prospective customers.

• Processing for compliance with a legal and regulatory obligations that we are subject to. We are subject to certain legal and statutory requirements from the relevant laws and regulations e.g. the Money Laundering Law, Tax laws, Sanctions Laws and Regulations. There are also various supervisory authorities whose laws and regulations we are subject to. These authorities, laws and regulations impose on us necessary personal data processing activities for checks, identity versification, compliance with court orders, tax and other laws and regulations or other reporting obligations and anti-money laundering controls.

• Processing is necessary for the purposes of our legitimate interest or any third party recipients that receive your personal data, provided that such interests are not overridden by your interests or fundamental rights and freedoms. A legitimate interest is when we have a business or commercial reason to use your information. But even then, it must not unfairly go against what is right and best for you. Examples of such processing activities include: Fraud detection and prevention (crime prevention), Product development and enhancement, Communications, Marketing of the same, or similar, or related products and services; Information, system, network and cyber security, Piracy and malware prevention, initiating legal claims and preparing our defense in litigation procedures; measures to manage business and for further developing products and services.

• Processing based on your consent. Provided that you have given us or to our commercial partners your specific and express consent for processing then the lawfulness of such processing might be based on that consent. You have the right to revoke consent at any time. However, any processing of personal data prior to the receipt of your revocation will not be affected.

8. Who receives your personal data?

Your personal data may be provided to various departments within the Company. In addition, various service providers may also receive your personal data. Such service providers enter into agreements with us by which they observe confidentiality and data protection according the data protection laws and GDPR. Third party service providers who perform functions on our behalf include without limitation: administrators, external consultants, business associates and professional advisers such as lawyers, auditors and accountants, technical support functions and IT consultants carrying out testing and development work on our business technology systems, file storage companies, archiving and/or records management companies, cloud storage companies, payment processing companies, credit and financial institutions, fraud prevention and verification agencies, etc.

All third parties appointed by us to process personal data on our behalf are bound by contract to comply with the GDPR provisions.

Tax, audit, regulatory bodies or other authorities, might receive your personal data when we believe that the law or other regulation requires us to share your personal data (for example, because of a request by a tax authority, in connection with any anticipated litigation or in compliance with our legal and regulatory obligations, judicial or official request to do so, as required to investigate actual or suspected fraudulent or criminal activities).

We also may disclose your data if you have given us your consent.

9. Keeping Personal Information about you secure

We take appropriate technical and organizational measures to keep your personal data confidential and secure. We have in place internal procedures covering the storage, disclosure of and access to personal data as well as a range of technical and organizational measures that include measures to deal with any suspected data breach. We also provide training for our employees on how to handle personal data.

10. Transfer of your personal data to a third country or to an international organization Your personal data may be transferred to countries outside of the European Economic Area (“Third Countries”) in such cases as e.g. to execute your payment orders or to transfer personal data required by law (e.g. reporting obligation under Tax law).

Your personal data is transferred to Third Countries only if such transfer is compliant with the conditions for transfer set out in Chapter V of the GDPR.

Transfers may be made in case the European Commission has decided that such a Third Country (for example Israel and Isle of Man), or an international organization ensures an adequate level of protection.

We may transfer your personal data where the organization receiving the personal data has provided adequate safeguards. In any case your individuals’ rights must be enforceable and effective legal remedies for individuals must be available following the transfer.

11. Automated decision-making and Profiling

In establishing and carrying out a business relationship, we generally do not use any automate decision-making. However exceptionally we do process some of your data automatically in order to assess your knowledge and experience about the financial products that we offer in order to decide whether these products are appropriate for you. You have the right to dispute the scoring and request that we do the appropriateness test manually by contacting us.

12. How we treat your personal data for marketing activities and whether profiling is used for such activities?

We may process your personal data to tell you about our products, services and offers that may be of interest to you. The personal data that we may process for this purpose consists of information you provide to us, a data we collect and/or infer when you use our services, such as information on your transaction. We may study such information to form a view on what we think you may need or what may interest you.

If you are a potential customer we can only use your personal data to promote our products and services to you if we have your explicit consent to do so or, in certain cases, if we consider that it is in our legitimate interest to do so.

You have the right to object at any time to the processing of your personal data for marketing purposes, by contacting us.

14. How long we keep your personal information for

We will keep your personal data for as long as we have a business relationship with you. Once our business relationship with you has ended, we keep your data for as long as necessary to meet our legal, regulatory and business requirements. Retention periods may be extended in case there are some legal, or regulatory requirements to retain data, including where certain data might be relevant to any potential litigation.

When we determine that we no longer need to hold your personal data, we will undertake one or more of the following: delete it from our systems and destroy hard copies, archive the personal data so it is beyond use or anonymize/mask the relevant personal data.

15. Your data protection rights

With respect to European Economic Area residents and where your personal information is processed by the Company you have following legal rights under GDPR in relation to the data that we hold about you:

• Right of access – you have the right to request a copy of the information that we hold about you.

• Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.

• Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records where there is no good reason for us continuing to process it.

• Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.

• Right of portability – you have the right to have the data we hold about you transferred to another organisation.

• Right to object – you have the right to object to certain types of processing such as direct marketing.

• Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.

• Right to withdraw consent – in the event you gave us a consent with regard to the processing of your personal data for certain activities (for example, for certain relationship management arrangements or any automatic profiling), you may withdraw this consent at any time.

16. Changes to this Privacy Policy

This Privacy Policy was last updated on 18/10/2020 . We reserve the right to update and change this Privacy Policy from time to time, for example, in order to reflect any changes to the way in which we process your personal data or changing legal requirements. In case of any such changes, we will post the changed Privacy Policy on our website or publish it otherwise. The changes will take effect as soon as they are posted on our website.

17. Cookies

Cookies are used by nearly all websites and do not harm your system. If you want to check or change what types of cookies you accept, this can usually be altered within your browser settings. We may use cookies to track your use of our website to understand how you use the site and track any patterns that emerge individually or from larger groups. This helps us to develop and improve our website and services in response to what our visitors want and need.