Privacy Policy

 

1. INTRODUCTION 

This Privacy Policy sets out how KENDRIS CAPITAL LIMITED (hereinafter called “we”, “our” or “us”) processes personal data, whether on individuals (including personal data in respect of individuals who are clients, website visitors, intermediaries or other third parties that we interact with, or any individual who is connected to those parties) or otherwise. This Privacy Policy also sets out the rights of the individuals in respect of the personal data that we hold and process.

This Privacy Policy is in line with the provisions of EU Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter called the “General Data Protection Regulation” and/or “GDPR”). We and each of our partners, consultants and employees shall comply with the GDPR in relation to the holding and processing of personal data in the context of the provision of our services.  We recommend that you read this Privacy Policy in full to ensure you are fully informed. 

2. WHAT PERSONAL DATA DO WE HOLD?

“Personal data” is any information that relates to you and that identifies you either directly from that information or indirectly, by reference to other information that we have access to. We process personal data in the context of providing our services to our clients. The categories of personal data we may collect and process, according to the particulars of each case, include:

a) Contact information: Information such as your name, job title, postal address, home address (utility bill), business address, telephone numbers, mobile numbers, Skype address, fax number and email addresses.
b) Payment data & financial information: Data necessary for us to process payments and implement fraud prevention measures, including bank account details, VAT Numbers, Tax Identification Numbers and other such relevant billing details. 
c) Business details: Business information which we necessarily process as part of our instructions or projects we are involved in or otherwise provided by you voluntarily.
d) Compliance details: Information we are legally required to collect for compliance purposes, such as ‘know your client’ information, details relevant to international sanctions and restrictive measures and information about relevant and significant litigation, which may impact our ability to provide our services. Furthermore, information required by us in order to meet legal and regulatory requirements, in particular in respect of anti-money laundering legislation, including information on source of funds, employment details and source of wealth. Please note that for these purposes, we may also request a clean criminal record from our clients. 
e) On-going information: Information provided in the course of the provision our services (for example, information on professional relationships and background, financial wealth and assets held, transactions entered into, tax status, disputes and court proceedings engaged in). 
f) Publicly available information: Information collected from publicly available resources, including but not limited to information collected from databases we use to carry out compliance checks.
g) Statutory Register Information: Information about you on account of an interest or office you may hold in or certain relationships you may have with a corporate entity, partnership, trust or other vehicle to which we provide services (each such entity, a Third-Party Entity).
h) Details for events: In some cases, we may collect information about you, which may include sensitive information in relation to your health, for the purpose of tailoring our events to your needs. The processing of such data is based entirely on your consent; in the event that you do not want us to maintain such data, we may not be able to take the necessary precautions. 
i) Information that we collect about you on our website: When you visit our website, we and our partners may automatically collect, store and use technical information about your equipment and interaction with our website; this information is sent to us from your computer, smartphone, tablet or other device used to visit our website using a variety of cookies. For detailed information about the use of cookies in the website, please read our Website Cookies Policy available on our website. 
j) General: any other information you may voluntarily provide to us.

3. PERSONAL DATA WE COLLECT FROM YOU 

We collect personal data directly from you, for example, as follows:    

a) When you accept an invitation to attend one of our events, we will ask you to provide your contact, guest and other relevant information including meal preferences. 
b) When you use our website, we collect information about your visit and how you interact with our website. 
c) When a client uses our services, we will ask for the information that we need to provide those services; this information includes inter alia contact details, billing information, information necessary to conduct pre-clearance checks, all information about your case and information relevant to the services we provide. Information provided by a client may include personal data that relates to persons whose information is relevant to the instructions we receive from such client. 
d) When a Third-Party Entity engages us to provide services and you hold an office or an interest in or have certain relationships with that Third-Party Entity.
e) When you apply for a job or a traineeship position or a summer intern position or any other position at our company, we will ask you for information relevant to your application. 
f) If you visit our office, we may collect information that we need in order to identify you and complete necessary security checks, such as your identity card or passport. 
g) If you provide information to us about another individual, you must ensure that you comply with any legal obligations that may apply to your provision of the information to us, and to allow us, where necessary, to share that information. In particular, you must ensure that prior authorization was obtained to disclose such personal data to us and the client must ensure that the individual whose personal data the client is sharing with us is aware of the matters discussed in this Privacy Policy, as these are relevant to that individual, including how to get in touch with us, the purposes for which we process personal data as well as our disclosure practices and the rights of such individual under the GDPR. We shall bear no responsibility in the event the client has not obtained the necessary authorization(s) from such individual, and shall proceed to collect, use and disclose such data in the manner described in this Privacy Policy without being required to take any action regarding the necessary authorization the client is required to obtain from such individual. 
h) When you or your organization seek our services.
i) When you or your organization make an enquiry in person, over email, over our website or over the telephone.
j) When you attend one of our seminars or other events we may organize.
k) When you or your organization provide services to us, or otherwise offer to do so. 
l) In some circumstances, we may collect personal data about you from third parties, for example, we may collect personal data from your organization, other organizations with whom you have dealings, including government agencies, an information or service provider or from a publicly available record or regulatory bodies. We may also collect data from publicly available sources of information. We may also receive information about you from various internet search engines. 

4. CAN YOU REFUSE TO SHARE YOUR PERSONAL DATA WITH US?

In general, we receive your personal data where you provide this on a voluntary basis, and there will typically be no detrimental effect for you if you wish not to provide this or otherwise withhold your consent for it to be processed. However, there are certain cases where we will unfortunately be unable to provide our services without receiving such data, for example where we need to carry out legally required compliance screening or require such data to process your instructions or orders. 

Where it is not possible for us to provide you with what you request without the relevant personal data, we will let you know accordingly.

5. HOW WE USE PERSONAL DATA WE COLLECT FROM YOU 

We determine why and how we process your personal data. In each case, your personal data will be controlled by us which you have given instructions to. We will only use your personal data fairly and where we have a lawful basis to do so. We are allowed to use your personal data if we have your consent or another legally permitted reason applies. These include to fulfil a contract with you, when we have a legal duty to comply with, or when it is in our legitimate business interest to use your personal data. We can only rely on our legitimate business interest, if it is fair and reasonable to do so. Our use of your personal data depends on how and where you interact with us. See below a list of the ways that we use your personal data, and which of the reasons we rely on to do so. 

We may process special category data (such as a clean criminal record) only where the processing is necessary for the purposes of providing our client with our services or where this is necessary in order to comply with regulatory requirements such as client identification and knowledge, money laundering prevention and abatement of terrorism financing and fraud prevention arising from the Prevention and Suppression of Money Laundering and Terrorist Financing Law of 2007, as amended, or any other laws and regulations applicable in the Republic of Cyprus as well as any regulations issued by a competent organ of the European Union, always aiming to observe the conditions imposed by the GDPR on the lawfulness of personal data processing. 


INDICATIVE LIST

USES OF PERSONAL DATA OUR LAWFUL BASIS FOR THE USE OF YOUR PERSONAL DATA
To improve our website. Where we have your consent to our Cookies Policy (referred to above) or where it is necessary so that we can deliver our website effectively.
To conduct client due diligence and compliance checks when on-boarding a new client. To comply with our legal and regulatory obligations including compliance with anti-money laundering legislation, fraud and crime prevention.
To provide our services, to manage and administer our business relationships, including to communicate with our clients, their employees and representatives, to manage billing and payments and to keep records. To fulfil our contract with our client(s) and to comply with legal and regulatory obligations including accounting, tax and data privacy.
To fulfil instructions received from the client and provide our services. Personal data may be processed by each of our partners, consultants and employees. To fulfil our contract with our client(s).

6. PRINCIPLES WE ADHERE TO 

We are committed to and adhering to the following principles of processing personal data in accordance with Article 5 of the GDPR. In particular, the personal data we collect is: 

a) Processed lawfully, fairly and in a transparent manner in relation to the individual concerned; 
b) Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; 
c) Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed; 
d) Accurate and, where necessary, kept up to date; 
e) Kept in a form which permits identification for no longer than it is necessary or as required by relevant international or national legislation; 
f) Processed in a manner that ensures appropriate security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical and organizational measures. 

7. HOW DO WE KEEP YOUR PERSONAL DATA SAFE?

We take appropriate technical and organizational measures to keep your personal data confidential and secure, in accordance with our internal policies and procedures regarding storage of, access to and disclosure of personal data. We may keep your personal data in our electronic systems and/or in paper files.

8. SHARING AND TRANSFERRING YOUR PERSONAL DATA 

We treat your personal data with respect and confidentiality and do not share it with third parties except as described below: 

a) We may disclose your personal data to other entities connected to us for the purpose of our internal business processes (such as administration and billing) and for the purpose of providing our services. 
b) Where it is necessary to transfer data from us to anywhere outside of the EU or outside the EEA, we will comply with any transfer requirements applicable under GDPR and national legislation. 
c) We may share personal information if necessary with law enforcement and regulatory authorities. 
d) We may also share your personal data when you have consented to us doing so. 
e) The following is a list of potential recipients of data (in each case including respective employees, directors and officers):

i. Our employees, partners and consultants. Please note that our employees, partners and consultants are subject to a duty of confidentiality; 
ii. Other service providers (legal, governance or otherwise, including any bank or financial institution providing services in relation to any matter on which we are instructed) where disclosure to such provider is necessary to fulfil a contract with our client; 
iii. Any of our sub-contractors, agents or service providers; 
iv. Law enforcement agencies where this is necessary in order for us to fulfil legal obligations;
v. Regulators or other governmental or supervisory bodies with a legal right to the material or a legitimate interest in any material; 
vi. Any registrar of a public register where the data is to be included in a public registry. 

9. KEEPING YOUR PERSONAL DATA

We do not keep your personal data for any longer than is necessary to fulfil the purpose for which we collected it or to comply with any legal, regulatory or reporting obligations or to assert or defend against legal claims.

10. YOUR RIGHTS REGARDING YOUR PERSONAL DATA

You have certain rights regarding how we use and keep your personal data. These are: 

(1) The right to information: the right to be informed about our contact details, the purposes of processing, the categories of data processed, the recipients of the data, the existence of the rights provided by the GDPR and the conditions in which the same can be exercised; 
(2) The right to access to personal data: the right to access the personal data we use and process about you;  
(3) The right to rectification: the right to request and obtain inaccurate data rectification, as well as the completion of incomplete data, concerning you. Please note that we take reasonable steps to check the accuracy of and correct the information, even in case this right is not exercised by you.  Nevertheless, please let us know if any of your information changes so that we can keep it accurate and up to date;         
(4) The right to data deletion: the right to request the deletion of your personal data where there is no compelling reason for its continued processing by us; 
(5) The right to restriction of processing: the right to ‘block’ or suppress the processing of your personal data;
(6) The right to object: the right to object at any time the processing of your personal data, for grounded and legitimate reasons; 
(7) The right to data portability: the right to receive personal data concerning you in a structured manner, commonly used and easily readable format, as well as the right that these data be transmitted by us to another data controller; 
(8) The right not to be subject to an automated decision: the right to request and obtain withdrawal, cancellation or reassessment of any decision based exclusively on processing by automated means which produces legal effects or similarly affects you to a significant extent. Please note that we do not carry out processing activities which produce automated decisions. If at any time we carry such processing activities, we will inform you before such processing takes place;
(9) The right to lodge a complaint with an authority or to address justice: the right to complain to the relevant privacy regulator for personal data processing and the right to address the courts for the defense of any rights guaranteed by the GDPR which have been violated. We can provide you with the details of the relevant regulator upon request.

Please note that under GDPR these rights are subject to certain conditions.  You can learn more for exercising any of these rights by contacting us at 50 Spyrou Kyprianou Avenue, Irida Tower 3, Floor 6, Larnaca 6057, Cyprus, Tel: 00357-24205300, E-Mail: DPO@kendris.com

To enable us to process your request, we will require you to provide satisfactory proof of your identity in order to ensure that your rights are respected and protected. This is to ensure that your personal data is disclosed only to you.

11. AMENDMENTS TO THIS PRIVACY STATEMENT/COMPLAINTS 

We have the right to update the contents of this Privacy Policy from time to time to reflect any changes in the way in which we process your personal data or to reflect legal requirements as these may change. In case of updates, we will post the revised Privacy Policy on our website. Changes will take effect as soon as the revised version is made available on our website. We encourage you to periodically review our website for the latest information of our privacy practices.

This Privacy Policy is governed under Cyprus law. 

This Privacy Policy was last updated on 02/11/2021. For any complaints or further information please contact us at 50 Spyrou Kyprianou Avenue, Irida Tower 3, Floor 6, Larnaca 6057, Cyprus, Tel: 00357-24205300, E-Mail: DPO@kendris.com