The General Data Protection Regulation (GDPR) represents a change the law relating to Personal Data and replaces existing data protection laws.
The aim of GDPR is to increase transparency in relation to the way in which Personal Data is collected, stored and used. GDPR will give individuals more control of how their personal information is used. The GDPR comes into effect on 25 May 2018.
Our Privacy Notice provides our clients with information about the processing of your Personal Data by MeritKapital Limited and your rights in relation to the GDPR to be aware on how we collect and process their Personal Data.
Who we are:
MeritKapital Limited (hereinafter referred as `MeritKapital`, `MK`, `we`, `us` or `our`), is a Cyprus based, CySEC licensed investment firm (#077/06).
Our principle place of business and registered office is Eftapaton Court, Arch. Makarios III Avenue 256, 2nd Floor, Limassol 3105, Cyprus. Telephone: +357 25 857900; email: firstname.lastname@example.org; website: www.meritkapital.com
MK gathers and processes your personal information in accordance with this Privacy Notice and in compliance with the relevant data protection regulation and laws. This notice provides you with the necessary information regarding your rights and obligations, and explains how, why and when we collect and process your Personal Data.
What categories of Personal Data do we collect?
Personal Data refers to any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
The Personal Data that we collect: –
- First, maiden and last name
- Telephone Number
- Date of Birth
- Mobile Telephone Number
- Home Address
- National Insurance Number/Personal Tax Reference
- Email/ Skype Address
- Passport / ID Card/ Driver’s License
- Tax information such as tax identification numbers
- Employment status
- Utility bills
How do we collect Personal Data?
We collect, and process different types of Personal Data received from our clients. You may give us Personal Data when you apply to us to perform our services, by entering into a contract with us and/or filling in a client application form or by corresponding with us by telephone, email, post or any other electronic means.
We may also collect, and process Personal Data lawfully obtained both from 3rd parties such as other service providers.
Information that we collect:
We may also collect and process Personal Data from publicly available sources.
We collect information from the following: –
Client Forms, Counterparty Questionnaire, passport, utility bill, bank statement, 3rd party service providers (e.g. LexisNexis Compliance Online screening) and publicly available sources (e.g. Department of Registrar of companies, the bankruptcy archive, published articles).
What lawful reasons do we have for collecting, processing and disclosing Personal Data?
MeritKapital processes your personal information to meet our legal, statutory and contractual obligations and continue providing you with our services. We will never collect any unnecessary Personal Data from you and do not process your information in any way, other than already specified in this notice.
In accordance with GDPR we may rely on the following lawful reasons when we collect and process Personal Data to operate our business.
- Compliance with Legal obligation: We may process your Personal Data to meet legal and regulatory obligations such as Anti-Money Laundering (AML) and Terrorist Financing (TF) Regulations, Tax Laws, FATCA, CRS and the regulations of various supervisory authorities that we are subject to for anti-money laundering purposes and due to diligence purposes.
- Contract: We request and process your data to establish a co-operation with us.
- Consent: We rely on your freely given consent at the time you provide your Personal Data to us to establish co-operation with us. You have the right to withdraw consent at any time. However, any processing of Personal Data will not be affected prior to the receipt of the withdrawal.
- Legitimate Interests: We rely on the legitimate interests based on the evaluation that the processing of your Personal Data is private, reasonable and sensible. A legitimate interest translates to when there is a business reason to use our client’s information.
How we use your Personal Data
MeritKapital takes your privacy very seriously and will not share or sell your data without your consent, unless required to do so by law.
Some of the purposes and reasons for processing your Personal Data are detailed below: –
- We collect your Personal Data to ensure that we comply with our regulatory and legal obligations when providing a service;
- We collect and store your Personal Data as part of our legal obligation for business, accounting and tax purposes;
- It is necessary in order to administer and perform our contractual obligations;
- For the detection, prevention and investigation of illegal or prohibited criminal activities and in the protection of our legal rights;
- Establishing, investigating, pursuing, exercising, defending or remedying claims, complaints, regulatory or investigative inquiries.
We may use your Personal Data to carry out automated online identity and background checks for our know-your-customer (KYC) conducting relevant checks and investigation of illegal or prohibited criminal activities such as AML.
International transfers of data
Personal Data that we collect from you may be shared with external third parties based outside the European Economic Area (EEA) and stored at a destination in any country which may not abide by the same data protection laws or may not have been determined to ensure an adequate level of data protection by the European Commission. Where this is the case, such Personal Data will be held in accordance with local applicable law and we will put appropriate safeguards in place to protect the transferred Personal Data including the use of data transfer agreements in the European Commission’s standard form.
Whenever we transfer your Personal Data outside the EEA, we will ensure that the transfer is necessary and we have assessed all the circumstances surrounding the transfer and have on the basis of that assessment provided suitable safeguards with regard to the protection your Personal Data.
What are your rights under GDPR?
GDPR law gives you certain rights regarding the Personal Data we collect, process or disclose and that is related to you, including the:
- Right to access your Personal Data;
- Right to correct Personal Data concerning you;
- Right to receive the Personal Data provided by you in a structured, commonly used and machine-readable format and to transmit those Personal Data to another data controller;
- Right to object to the use of your Personal Data where such use is based on our legitimate interests or on public interests;
- Right in some cases to restrict the processing of your Personal Data;
- Right to withdraw the consent given to us regarding the processing of your Personal Data at any time.
You can request the information we hold about you at email@example.com.
If we receive a request from you to exercise any of the above rights, we may ask you to verify your identity before acting on the relevant request; this is to ensure that your Personal Data is protected and kept secure.
How Long We Keep Your Personal Data
MeritKapital only ever retains personal information for as long as is necessary. We are required to keep your Personal Data for a minimum of 7 years after which time it will be destroyed. We have strict review and retention policies in place to meet these obligations.
Consequences of Not Providing Your Personal Data
You are not obligated to provide your personal information to MeritKapital, however, as this information is required for us to provide you with our service, we will not be able to offer our services without it.
We might request for specific information from you to confirm your identity and ensure your right to access the information or to exercise any of your rights. This is to ensure that your Personal Data is not disclosed to any non-related person
Changes to our policy
We may change our Privacy Notice from time to time, so as to reflect on our current privacy practices and applicable laws. Anytime there is a change to our Privacy Notice, we will revise the updated date on the top of this page. We suggest you periodically review this Privacy Notice that can be found on our website www.meritkapital.com to keep informed on how we protect your Personal Data.
Lodging a Complaint
MeritKapital only processes your personal information in compliance with this Privacy Notice and in accordance with the relevant data protection laws. If, however you wish to raise a complaint regarding the processing of your Personal Data or are unsatisfied with how we have handled your information, you have the right to lodge a complaint with the supervisory authority.
Commissioner for Personal Data Protection
1 Iasonos str., 1082 Nicosia
P.O.Box 23378, 1682 Nicosia
Tel: +357 22818456
Fax: +357 22304565
For more information about the GDPR, you can visit the Information Commissioner’s Office website at http://www.dataprotection.gov.cy/
The Information Commissioner’s Office is the independent organisation that upholds information rights in the public interest.