“Zimnat”, “we” or “us” means “the Company”. This Privacy Notice applies if you are a client, investor or if you have any other contractual relationship with the Company and it explains how we use your personal data. It has been prepared in accordance with the General Data Protection Regulation “GDPR” and defined terms herein shall be read as defined in the GDPR unless stated otherwise.
We respect the privacy of our clients and we are committed to keeping your Personal data safe. Under the GDPR we are a Data Controller and we are responsible for ensuring that we use process your Personal data in accordance with GDPR.
Type of Personal Data we hold
We will collect and process the following personal data about you: –
Information that you provide to us may include:
- Name and contact details
- Director questionnaire details
- Anti-money laundering documents
- Due diligence responses
- Curriculum vitae
Information we collect or generate about you may include:
- Call recordings
- All emails
- Client relationship management information
- Due diligence documentation
Information we obtain from third party sources. Such information may include:
- Third party due diligence reports, for example, external legal advisers.
How we use your information
Your personal data may be processed by the Company in the following ways and for the following purposes:
- in the ordinary course of our business operations and activities.
- to comply with regulatory requirements
- to comply with anti-money laundering requirements
- to enable us to carry out due diligence.
We are entitled to use your personal data in the aforementioned ways because we:
- have legal and regulatory obligations to do so,
- may need to establish, exercise or defend our legal rights or for legal proceedings,
- have ongoing legitimate business interests.
Disclosure of your information to third parties
We shall take steps to ensure that your personal data is accessed only by our employees that have a legitimate business need to do so for the purposes described in this Privacy Notice.
From time to time we may also share your personal data outside of the Company:
- to third party agents or contractors (for example, our professional advisers or technology suppliers) that provide services to us. These third parties will only use your personal data as described in this Privacy Notice.
- to the extent required to comply with applicable laws and regulations or to establish, exercise or defend our legal rights.
Transfers of personal data outside the European Economic Area
The personal data that we hold about you may be transferred to and stored at a destination outside the European Economic Area “EEA”. It may also be processed outside of the EEA by personnel that work for our affiliates or for one of our third party suppliers.
Where we transfer your personal data outside the EEA, we shall ensure that it is protected in a manner that is consistent with how your personal data will be protected by us when processed within the EEA. For example, this can be done in several ways whereby:
- the country that we send your personal data to is approved by the European Commission.
- the recipient might have signed up to a contract based on “model contractual clauses” approved by the European Commission, obliging them to protect your personal data in accordance with GDPR.
In other circumstances, the law may permit us to otherwise transfer your personal data outside the EEA. In all cases, however, we shall ensure that any transfer of your personal data is made in accordance with the GDPR.
You can obtain more details of the protection given to your personal data when it is transferred outside the EEA (including a copy of model contractual clauses, which we have entered into with recipients of your personal data) by contacting us.
Retention of Personal Data
How long we hold your personal data for will vary. The retention period will be determined by various considerations including:
- the purpose for which we are using it,
- legal and regulatory obligations which may set a minimum period for which we must keep your personal data.
You have several legal rights in relation to the personal data that we hold about you. These include:
- the right to obtain information regarding the processing of your personal data and access to the personal data we hold about you;
- the right to withdraw your consent to our processing of your personal data at any time. Please note, however, that we may still be entitled to process your personal data if we have a legitimate reason for doing so;
- In some circumstances, the right to receive some personal data in a structured commonly used and machine-readable format and/or request that we transmit that personal data to a third party where this is technically feasible. Please note that this right only applies to personal data which you have provided to us;
- the right to request that we rectify your personal data if it is inaccurate or incomplete;
- the right to request that we erase your personal data in certain circumstances. Please note that there may be circumstances where you ask us to erase your personal data but we are legally entitled to retain it;
- the right to object and the right to request that we restrict our processing of your personal data in certain circumstances. Again, there may be circumstances where you object to or ask us to restrict our processing of your personal data but we are legally entitled to continue processing your personal data and/or to refuse that request; and
- the right to lodge a complaint with our offices if you think that any of your rights have been infringed by us.