Wymering Management Ltd (‘Wymering’, ‘We’, ‘us’) is limited liability company incorporated in Cyprus under company number HE65458 and is located at 11 Kyriakou Matsi, Nikis Center, 4th Floor, 1082 Nicosia. Wymering is strongly committed to privacy and confidentiality issues entrusted to it.
This privacy statement describes how we collect and use your personal data and it applies to personal data provided to us, directly by you or by others. We may use your personal data provided to us only for the purposes described in this privacy statement.
Personal data is any information relating to an identified or identifiable living person.
Wymering processes your personal data for numerous purposes, and the means of collection, lawful basis of processing, use, disclosure, and retention periods for each purpose may differ.
When collecting and using your personal data, our policy is to be transparent about why and how we process personal data.
What personal data we collect
During the provision of our services and in this respect we process many categories of personal data, including as appropriate:
• Contact details (i.e. address, phone numbers, fax, emails etc);
• Identification Information (i.e. name, surname, passport/id no., date of birth);
• Business activities; (i.e. holding activities);
• Family information; (i.e. marital status, name and surname of next of kin);
• Economic Profile information; (payroll, size and source of wealth, etc);
• Professional Information; (Employment and academical background etc);
• Publicly available information;
• Investments and other financial interests;
For certain services and when required by law we may also collect special categories of personal data such as health data or criminal records.
Why we collect your personal data
We will only use your personal data when the law allows us to. Most commonly, we will collect, use and process your personal data in the following circumstances:
(a) To fulfil a contract, or take steps linked to a contract, with you or your organisation. This includes:
(i) When you or your organization engages us for the provision of our professional services; i.e. audit and assurance, tax advice, fiduciary services, etc.
(ii) When a Third-Party Entity engages us to provide services and you hold an office or an interest in or have certain relationships with that Third-Party Entity;
(b) To pursue our legitimate interests, in particular:
(i) to administer and manage our relationship with you, including accounting, auditing, and taking other steps linked to the performance of our business relationship including identifying persons authorised to represent our clients, suppliers or service providers;
(ii) to analyse and improve our services and communications and to monitor compliance with our policies and standards;
(iii) to protect the security of our communications and other systems and to prevent and detect security threats, frauds or other criminal or malicious activities;
(iv) to exercise or defend our legal rights or to comply with court orders;
(v) to provide professional services to our clients . In order to provide our clients with such service we are required to process your personal data in order to provide you with the requested advice and/or service and/or other deliverables. For example, we need to use personal data to provide payroll service, audit and assurance service, tax advice, fiduciary services or accounting services.
(c) For purposes required by law, we use and process your personal data in order to fulfil our due diligence procedures required by the prevention and suppression of money laundering and terrorist financing laws of 2007, 2010, 2012 and 2013. In order to fulfil the requirements of the aforementioned laws we are required to collect and process your personal data. As part of our due diligence process, we carry out searches using publicly available sources (such as internet searches and sanctions lists) to identify politically exposed persons and heightened risk individuals and organizations and check that there are no issues that would prevent us from working with a particular client (such as sanctions, criminal convictions (including in respect of company directors), conduct or other reputational issues).
During the performance of the above activities, we may ask you to provide us with the necessary information of other data subjects concerned, such as family members, regarding its use.
From whom we collect your personal data?
Wymering collects your personal data (a) directly from you, (b) from your intermediaries, agents and/or representatives, (c) from public sources i.e. social media, web, world compliance websites etc.
Personal data we receive from you about other people
We maintain and store your personal data processed by us for as long as is considered necessary for the purpose for which it was collected as required by applicable law or regulation.
In the absence of specific legal, regulatory or contractual requirements, our baseline retention period for records and other documentary evidence created in the provision of services is 7 years.
We have implemented generally accepted standards of technology and operational security in order to protect personally identifiable data and information from loss, misuse, alteration or destruction. Only specifically authorized personnel of Wymering are provided access to personally identifiable information and these employees have agreed to ensure confidentiality of this information.
When and how we share personal data?
We recognize that your information is valuable, and we take all reasonable measures to protect your information while it is in our care.
Your personal data may also be transferred to third party service providers who process information on our behalf, including providers of information technology, agents, identity management, and management, data analysis, data back-up, security and storage services. As a result, your personal information may, subject to the provisions of the Regulation (EU) 679/2016 and the Personal Data Law, be transferred outside the country where you are located. This includes countries outside the European Economic Area (EEA) and countries that do not have laws that provide specific protection for personal information.
Wymering may disclose your personal information to courts, law enforcement, regulatory, or other government agencies or to other third parties as required by, and in accordance with, applicable law or regulation.
We may also share your personal data with other professionals and consultants engaged in your matter or foreign law firms for the purpose of obtaining foreign legal advice, as may be relevant;
Your personal information is not shared with any third party, for any secondary or unrelated purposes unless otherwise disclosed. If there is an instance where such information may be shared, your consent will be asked beforehand.
Personal data held by us may be transferred to:
a. Third party organizations that provide IT services to us
We use third parties to support us in running and managing our internal IT systems. For example, providers of information technology, cloud providers, website hosting and management, security and storage services. The servers powering and facilitating that cloud infrastructure are located in secure data centers in EU and personal data may be stored in any one of them.
b. Third party organizations that otherwise assist us in providing goods, services or information.
We may share your personal data with your respective insurers, legal advisors or auditors or a third party to the extent that this is required by law by any court of competent jurisdiction or by a governmental or regulatory authority, or where there is a legal duty or requirement to disclose, provided that (and without breaching any legal or regulatory requirement).
Rights of Data Subjects
Individuals have certain rights over their personal data and data controllers are responsible for fulfilling these rights. Where we decide the means and purposes under which their personal data are processed, we act as a data controller and hereinafter we include further information about the rights of individuals as data subjects and how they may exercise them.
Access to personal data
If you would like to update any personal data you have submitted, please email us at firstname.lastname@example.org
When personally identifiable information is retained, we do not assume responsibility for verifying the ongoing accuracy of the content of personal information. When we are informed that any personal data collected is no longer accurate, we will make appropriate corrections based on the updated information provided by the authenticated data subject.
If you would like details of the information which you have submitted to us through this site, you have a right of access to such information and you may contact us via the above email address.
Rectification of personal data
In case you have identified that the personal data kept by us are obsolete you may contact us by sending us an email at email@example.com
Other data subject rights
This privacy statement is intended to provide information about what personal data we collect about you and how they are processed. As well as rights of access and amendment referred to above, individuals may have other rights in relation to the personal data we hold, such as a right to erasure/deletion, to restrict or object to our processing of personal data and the right to data portability.
If you wish to exercise any of these rights, please contact us by sending us an email at firstname.lastname@example.org
In case you wish to complain for the use of your personal data, please send an email with the details of your complaint to email@example.com.We will look into and respond to any complaints we receive.
You have also the right to file your complaint with the Commissioner for the Protection of Personal data (the Cyprus data protection regulator). For further information on your rights and how to file a complaint to the Commissioner, please refer to www.dataprotection.gov.cy.
Changes to this privacy statement
Our ongoing responsibility to transparency requires us to keep this privacy statement updated through regular review.
This privacy statement was last updated on 9th of October 2018.