This Policy applies to all persons who use, have used, or are going to use our services, as well as those who are indirectly related (for example, to business representatives or other employees), persons who have any contractual relationship with Equite, or their personal data have become known to us, as well as to anyone who visits our websites (hereinafter referred to as “You” or the “Customer”).
Our goal is to ensure the protection of personal data. In pursuing this goal, we consistently adhere to the requirements of the European Union and national legislation. The basic legal acts governing the processing of personal data are the national legislation and the General Data Protection Regulation (2016/679) (hereinafter referred to as the “GDPR”). The GDPR applies to the processing of personal data relating to citizens of the European Union (natural persons) which is carried out by a natural person, a company, or other organisation for business or other non-personal purposes. The reference to “Personal data” in this Policy refers to any information which you can reasonably use to identify you as one of the above persons (hereinafter referred to as “Personal Data”).
The Policy provides a general overview of how we process Personal data. Additional information on the processing of Personal data may be provided in service contracts and in other documents.
We ensure the confidentiality of Personal data in accordance with the requirements of the applicable law and we have appropriate technical and organisational measures in place to protect Personal data from unauthorised access, disclosure, accidental loss, alteration, destruction, or any other unlawful processing.
We can use data processors to process Personal data. In such cases, we will take the necessary steps to ensure that such data processors process Personal data in accordance with our instructions and applicable laws and require the implementation of appropriate Personal data security measures. We ensure that we make every effort to guarantee the confidentiality and integrity of the Personal data of our current, future, and past Customers.
We will use the Personal data you provided to us when sending us your CV or a cover letter. We will keep the data you provide for as long as the recruitment process lasts, or for a longer period only with your consent to save your CV in the database of potential employees of the Company.
We collect the information necessary for us to do business, sign contracts or start any business relationship with you. Such Personal data collection is strictly necessary for us to fulfil our obligations to you as well as for the provision of services to current and future Customers. In certain cases, we may receive your data from other sources.
Execution of legal obligations and identification. We are subject to the obligations related to the requirements of the Law on Money Laundering and Terrorist Financing Prevention (hereinafter referred to as the “Law”). By providing the services, we process Personal data in order to meet our anti-money laundering obligations (AML) and learn more about our customers (KYC).
Fundamentals to Data Processing
Agreement – a contract between us and you, which provides the fundamentals for processing your Personal data;
Consent – the consent given by you through which you have granted us the right to process your Personal data for the purposes stated in your consent and only for such purposes;
Legitimate interest – in some cases, in order to be able to perform the tasks arising from our activities, we process data on the basis of a legitimate interest. Before we begin to process Personal data on this basis, we must verify that legitimate interests do not have a significant impact on the rights and freedoms of those persons.
Legal obligation – this obligation is imposed on us by the European Union and national legislation, such as the Law.
Most of the time, we receive your Personal data from you, our data subjects, but in some cases we may also receive Personal data from third parties. For example, Personal data are provided to us by a representative of a potential Customer, when we sign various agreements containing the representatives’ data, and other cases.
Personal Data Recipients
Our service providers when such services are related to the processing of your Personal data (administration, obligation to combat money laundering, learning more about customers, and for marketing purposes);
Partners with whom we jointly provide services or products;
State institutions and authorities, other persons performing functions delegated to them by law (for example, law enforcement agencies, tax administration, financial crime investigation institutions);
Financial institutions, third parties (such as banks), auditors, legal and financial advisers; our authorised data processors, third parties, managing various registries (including loan registers, the Population Register, the Register of Legal Entities or other registers in which Personal data are processed) or who mediate in the provision of Personal data from such registers.
Other persons who provide services to us, such as IT maintenance companies, communications and mail providers, third parties, whose services we use to ensure the performance of your contract with our Customer or in the performance of administrative functions.
All service providers to whom we transmit your Personal data must follow our instructions on how they must process your Personal data. Your personal data transfer is governed by the data processing conventions we have contracted with independent service providers. All independent service providers are considered as data processors and must guarantee that your Personal data will be processed with the same care and diligence as we take, and they will be legally responsible for the non-performance of such guarantees. All service providers must have technical and organisational measures in place and ensure a level of data protection that is at least as high as ours.
Transfer of Personal Data to Third Parties
As a general rule, Personal data are processed within the territory of the European Union/European Economic Area (EU/EEA), but may, in certain cases, be transmitted and processed outside the EU/EEA.
Personal data may be transmitted and processed outside the EU/EEA where the transfer is necessary for the conclusion and execution of a contract where Personal data may be stored using data storage solutions whose servers are outside the European Economic Area or the Customer has given their consent, and if there are adequate safeguards in place.
By submitting Your Personal data to us or by consenting to the processing of Your Personal data You agree to the processing of Your data, including both data storage and data transfer, outside the EU for the purposes set out in this Policy. We will take all reasonably necessary precautions to ensure that the processing of Your Personal data complies with all applicable Personal data protection Laws. We may transfer Your Personal data based on:
- an adequacy decision by the European Commission;
- standard data protection clauses elaborated by the European Commission;
- standard data protection clauses elaborated by data protection authority;
- using other possible safeguards and derogations where it is allowed by the applicable laws.
Your Rights as a Data Subject
Right to access – you have the right to request access to any of your Personal data that may be stored, including, for example, the right to know whether we process your Personal data, which categories of Personal data we process, and to know for which purposes we process the data.
Right to correct – you have the right to request that we correct any of your Personal data if you believe that they are inaccurate or incomplete.
Right to disagree – you have the right to disagree with the corresponding processing of your Personal data, including, for example, processing your Personal data for marketing purposes or, if your data processing is otherwise based on legal interest.
Right to delete – you may also request that your Personal data are deleted if they are no longer required for the purposes for which they were collected, or if you consider that the processing is illegal, or if you believe that Personal data must be deleted in order not to violate the legal requirement. In certain cases, under statutory regulation, where the laws of the relevant jurisdiction prohibit us from deleting our data stored and processed, we will not be able to fulfil such an obligation, even if you ask us, but we will inform you of the obligations that apply to us.
Right to data transfer – if your Personal data are processed automatically with your consent or on the basis of mutual contractual relations, you may request that we provide such Personal data in a structured, customary and electronic form. You can also request that Personal data be transferred to another controller. Please note that this can only be done where technically possible.
Right to withdraw your consent – in cases where the data are processed with your consent, you have the right at any time to withdraw your consent to the processing of data.
Right to refuse marketing messages – at any time you can opt out of our outgoing communications in which we send you information about our events or any other material that we think may be of interest to you. You can send your refusal at any time by contacting us.
If you are concerned about a potential violation of privacy laws or any other violation of the laws, please contact us by e-mail at firstname.lastname@example.org or write to any of our employees. The responsible person will investigate and transfer the message to the responsible employee, and provide information on further consideration of the complaint.
If you are not satisfied with the investigation of the complaint, you have the right to file a complaint with your country’s data protection authority. You also have the right to apply to the competent jurisdiction court. Information about the authorities responsible for the enforcement of personal data protection legislation:
Social Networks and other Websites
All information that you provide to us via social media (including messages, usage of Like and Follow button clicks, and other communication) is controlled by the social network controller.
We may be linked to third-party sites; links can be made to and from such websites. We have not reviewed neither confirmed, have no influence, and are not responsible for the content or privacy practices of websites that we may be linked to. We do not support third-party sites and we cannot provide guarantees concerning any information, software or other products or materials contained therein that you can find there and the results obtained through the use of it.
This Policy may be changed or updated. The latest version of it will always be published on our websites, so we invite you to familiarise yourself with the latest version from time to time.
Where to get Information
You have the right to contact us in order to submit inquiries, cancel your issued permissions, and submit requests for the exercise of the rights of the data subject and complaints regarding the processing of personal data.
Our contact details are available on the websites listed at the top of the Policy, and you can also contact us by e-mail at email@example.com.