WHAT IS THE PURPOSE OF THIS DOCUMENT?
Wealth Looks Ltd with company registration number HE 415920, of Archbishop Makarios 74A, e-mail: [email protected] (“we, “us”, “our”), is committed to protecting the privacy and security of your personal information. Wealth Looks Ltd is a “data controller”. This means that we are responsible for deciding how we hold and use personal information about you.
This privacy notice describes how we collect and use personal information about you when you use our audit, accounting, tax, financial advisory, legal, payroll, compliance advisory services.
This notice does not form part of any contract to provide goods or services. We may update this notice at any time, and we shall make sure that you are notified of any amendments.
It is important that you read this notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using your information.
HOW IS YOUR PERSONAL INFORMATION COLLECTED?
Where you use our services, or engage with us in connection with professional services we provide to an organisation you work for or are affiliated with, we will collect personal data directly from you, or from the organisation you work for or are affiliated with.
We may also collect personal data from third parties such as regulatory authorities, your employer, other organisations with whom you have dealings, government agencies, service providers and publicly available records.
We collect information that you voluntarily provide to us, including when you communicate with us via email or other channels; when you sign up for or request that we send you newsletters, alerts, or other materials; when you sign up for a webinar or event; and when you respond to our communications or requests for information.
We may collect information from other sources, such as social media platforms that share information about how you interact with our social media content, and any information gathered through these channels will be governed by the privacy settings, policies, and/or procedures of the applicable social media platform, which we strongly encourage you to review.
HOW WE WILL USE INFORMATION ABOUT YOU
We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:
Performance of a contract: where we need to collect, and use your personal information to enter into a contract with you or to perform a contract that you have with us. For example, when you use our legal or accountancy services we will use your personal information to provide advice to you, respond to your requests and provide you with such services in accordance with our terms of engagement.
Legitimate interests: Where it is necessary for our legitimate interests and we consider such use of your information as not detrimental to you.
Compliance with a legal obligation: We may be required to process your information due to legal requirements, including employment laws, anti-money laundering regulations, tax laws and other regulatory provisions as providers of regulated professional services.
Consent: You may be asked to provide your consent in connection with certain services that we offer, for example in respect of any processing of your personal information for our marketing purposes, or in respect of certain special categories of personal data such as your health. You can withdraw your consent to such use, at any time by contacting us in accordance with the section 10 (Right to withdraw consent) below.
THE KIND OF INFORMATION WE HOLD ABOUT YOU
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
There are “special categories” of more sensitive personal data which require a higher level of protection. Please see section 5 of this notice for more information about our use of special categories of data.
We will collect, store, and use the following categories of personal information about you for the purposes explained below:
Purpose | Examples of personal data that may be processed | Grounds for processing |
To provide you or your organisation with our professional services and to carry out our obligations arising from any contracts entered into between you and us or between your organisation and us. |
Name, contact details, title, identification, and enquiry/complaint details and information about the organisation with which you are affiliated. We may also collect personal data about your other dealings with us and our clients, including any contact we have with you in person, by telephone, email or online. |
Contract Legitimate interests |
Manage payments, fees and charges and to collect and recover any money owed to us. |
Contact details and information on your bank account and payment card details |
Contract Legitimate interests |
To respond to your enquiries. | Name, contact details |
Contract Legitimate interests |
Asking for your feedback about our services | Name, contact details | Legitimate interests |
To fulfil our legal or regulatory requirements (including in relation to anti-money laundering) and professional obligations (carrying out internal conflicts and other regulatory checks on new client matters and undertaking appropriate client due diligence) |
Name, contact details, proof of identity and proof of address proof of address in the form of either a recent utility bill or latest municipal tax bill or latest bank statement or credit card account statement or bank reference letter, date and place of birth, nationality, passport/ID details |
Legal obligation Legitimate interests |
For our business purposes, including data analysis, submitting invoices, detecting, preventing, and responding to actual or potential fraud, illegal activities, or intellectual property infringement. For research, planning, service development, security or risk management. |
Name, contact details | Legitimate interests |
To maintain and update our records including our database of contacts. To maintain and develop our relationship with you. |
Name, contact details, identification | Legitimate interests |
To provide you on an ongoing basis with information and services, including professional advice, legal updates, and other information or materials, that you request from us or which we feel may interest you where you have indicated that you would like to receive these from us. | Name, contact details | Legitimate interests |
To comply with our legal obligations, respond to legal process or requests for information issued by government authorities or other third parties or protect your, our, or others’ rights. |
Name, contact details, identification. |
Legal obligation Legitimate interest |
Sending you newsletters/marketing communications or contacting you by other means to offer you our client services |
Name, contact details We may also seek information relating to your marketing and communication preferences. |
Legitimate interests Consent |
Change of purpose
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
HOW WE USE PARTICULARLY SENSITIVE PERSONAL INFORMATION
“Special categories” of particularly sensitive personal information require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information. We may process special categories of personal information in the following circumstances:
In certain circumstances, with your explicit written consent.
Where we need to carry out our legal obligations or exercise rights in connection with national laws.
Where it is needed in the public interest, such as for ethnicity.
Less commonly, we may process this type of information where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public.
Our obligations
We will use your particularly sensitive personal information in the following ways:
We will use information relating to ethnicity, which may include country of origin and country of residence to comply with delivering our products to you, complying with national laws, and auditing procedures.
We will use information about your race or national or ethnic origin, to ensure the performance of our contract and compliance with national laws.
We may approach you for your written consent to allow us to process certain sensitive data. If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent.
DATA SHARING
We may have to share your data with third parties, including third-party service providers and other entities in the group.
We require third parties to respect the security of your data and to treat it in accordance with the law.
We may transfer your personal information outside the EU. If we do, you can expect a similar degree of protection in respect of your personal information.
Why might you share my personal information with third parties?
We will share your personal information with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so.
Which third-party service providers process my personal information?
“Third parties” includes third-party service providers (including contractors and designated agents) and other entities within our group. The following activities are carried out by third-party service providers: [Shipping products and billing procedures]
How secure is my information with third-party service providers and other entities in our group?
All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
When might you share my personal information with other entities in the group?
We will share your personal information with other entities in our group as part of our regular reporting activities on company performance, in the context of a business reorganisation or group restructuring exercise, for system maintenance support and hosting of data.
What about other third parties?
We may share your personal information with other third parties, for example in the context of the possible sale or restructuring of the business. We may also need to share your personal information with a regulator or to otherwise comply with the law.
Transferring information outside the EU/EEA
We do not transfer your personal data outside the EU/EEA.
DATA SECURITY
We have put in place measures to protect the security of your information. Details of these measures are available upon request.
Third parties will only process your personal information on our instructions and where they have agreed to treat the information confidentially and to keep it secure.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
DATA RETENTION
How long will you use my information for?
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Details of retention periods for different aspects of your personal information are available in our retention policy which is available from [email protected]. Personal data required for accounting, legal or reporting requirements might be stored for up to 7 years. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances, we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
RIGHTS OF ACCESS, CORRECTION, ERASURE, AND RESTRICTION
Your duty to inform us of changes
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.
Your rights in connection with personal information
Under certain circumstances, by law you have the right to:
Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
Request the transfer of your personal information to another party.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact our support team at [email protected] in writing.
No fee usually required
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
RIGHT TO WITHDRAW CONSENT
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact [email protected]. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
EXERCISE YOUR RIGHTS
If you want to exercise any of the rights described above, please contact us using the contact details in section 1 (What is the purpose of this document?) of this privacy notice, the contact details available on our website, and/or by e-mailing/writing to us at [email protected]. If you have any questions about this privacy notice or how we handle your personal information, please do not hesitate to contact us. You have the right to make a complaint at any time to the Office of the Commissioner for Personal Data, the Cyprus supervisory authority for data protection issues at [email protected] or call at +357 22818456 or contact them at their premises at Iasonos 1, 2nd floor, 1082 Nicosia, Cyprus.
CHANGES TO THIS PRIVACY NOTICE
We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.