PRIVACY NOTICE
This personal data protection notice explains how IS Advisors Ltd (“I+S Advisors”), as data controller, processes the personal data concerning you and your colleagues that are provided by you or third parties and/or collected by us in carry on our business.
Our head office is at 7/F Nam Wo Hong Building, 148 Wing Lok Street, Sheung Wan, Hong Kong
1. DATA PROCESSED
We may process the following data concerning you and colleagues from your company (employees, collaborators, and senior management), with whom you are required to provide this privacy notice: a) personal data (name, surname, birthdate, address, etc.); b) contact information of people who have dealings with I+S Advisors (phone number, email address, etc.); c) special categories of personal data [1]; and d) any other data connected with working with you.
2. PURPOSE, LEGAL BASES, AND NATURE OF PROVIDING PERSONAL DATA
We process personal data for the following purposes: a) The data referred to in section 1, points a), b), c) and d) will be processed to manage our relationship with you and your company, including to fulfil the related legal, administrative and accounting obligations. The legal basis for processing all the data categories is to fulfil our legal obligations, e.g., under anti-money laundering and anti-terrorism legislation and to perform our engagement with you. If you do not provide the above-mentioned data, we will be prevented from being able to carry out the above activities and fulfil our obligations; b) The personal data referred to in section 1, points a) and b) may be used to send newsletters, institutional communications, invitations to events, etc. The legal basis for the data processing is our legitimate interest in managing and developing our relationship with you. Providing data for this purpose is optional: not providing the data will in no way affect our ability to carry out assignments for you.
3. METHODS OF PROCESSING
Rest assured that your data will be processed in compliance with the principles of correctness, lawfulness and transparency. We have appropriate security, technical and organisational measures in place that ensure a level of security appropriate to the risk of unauthorised access to, and accidental or unlawful destruction, loss, alteration and unauthorised disclosure of, personal data transmitted, stored or otherwise processed. Personal data is processed manually or electronically using automated tools that ensure the security and confidentiality of the data.
4. PLACE OF STORAGE AND DATA RETENTION PERIOD
Personal data will be stored at our head office and retained by us: a) for the purposes referred to in section 2, point a): for the entire term of our relationship with you and for a maximum of 10 years thereafter; and b) for the purposes referred to in section 2, point b): for the entire term of our relationship with you and for five years thereafter. At the end of these periods, the data will be deleted or rendered anonymous.
5. DATA DISSEMINATION, SHARING AND COMMUNICATION
Personal data be known and used by our staff and our professionals. We apply the EU rules on processing personal data, and the related agreements with third parties include the standard clauses approved by the EU Commission. We also use several service providers, which are appointed as external processors. For more information, please email: info@is-advisors.com. Personal data will be disseminated only to the extent necessary for us to fulfil the obligations provided by law or regulations and to manage our relationship with you.
6. YOUR RIGHTS You have the right to obtain confirmation of the existence or non-existence of personal data concerning you. You also have the right to be informed of: a) the origin of the personal data; b) the purpose and methods of data processing; c) the logic applied to the data processed electronically; d) the identity of the data controller and the data processors; and e) the identity of the individuals or categories of individuals to whom your personal data may be sent to or who may acquire your data as appointed representatives of our firm in other countries or as individuals authorised to process your data. You also have the right to: f) have your data updated, corrected and supplemented; g) have the processing of your personal data restricted and any unlawfully processed data erased, made anonymous or blocked; h) require a declaration attesting that the people/companies we communicate or disseminate your data to have been notified and given full details of any of the operations under points f) and g) above having been carried out, unless this proves impossible or implies an effort that is clearly disproportionate to the right to be protected; i) require a declaration attesting that the people/companies we communicate or disseminate your data to have been notified and given full details of any of the operations under points f) and h) above having been carried out, unless this proves impossible or implies an effort that is clearly disproportionate to the right to be protected; and j) obtain, in a structured format commonly used and readable by electronic devices, the personal data provided to I+S Advisors, and to have the data transmitted, directly or through I+S Advisors, to another data controller (known as data portability). You also have the right to object in whole or in part to: k) the processing, on legitimate grounds, of your personal data, including data relevant for the purpose they were collected; and l) the processing of your personal data for the purpose of sending advertising material and direct sales messages, and to carry out profiling and surveys, including on client satisfaction. If you believe your rights have been violated by I+S Advisors or a third party, you have the right to file a complaint with the competent supervisory authorities.
[1] Special data categories are personal data regarding racial, ethnic origin, religious, philosophical or other beliefs, political opinions, membership to parties, trade unions, associations or religious organizations, and personal data capable of revealing an individual’s state of health and sexual orientation.
[2] As permitted under Art. 6, para. 1, point c), of the GDPR.
[3] As permitted under Art. 6, para. 1, point b) of the GDPR.
[4] As permitted under Art. 6, para. 1, point f) of the GDPR.