There are a number of contact forms on our website that can be filled out. If you use any of them, we may, for example, keep a record of your name, email address, and any other information you voluntarily provide to us.
Additionally, the following categories of personal data may be received from you in the course of business, including through your use of the website, when you contact or request information from us, when we provide services to you or receive services from you:
- Identification data, such as name, gender, title, job title, or address.
- Contact information, including your phone number(s), your email address and social media account or handle where appropriate.
- Financial data, such as bank account information and invoicing details.
- Event registration or mailing list data, such as dietary requirements (which may reveal information about your health or religious beliefs), preferences and interests, subscriptions, downloads, and username/passwords.
- Job applicant data, such as identification data and contact information, CV and other data provided by you or third parties (e.g. recruiters) on our website, online recruitment portal (where applicable) or offline in connection with job openings, which may be subject to additional local requirements based on the country for which the position is advertized.
- Legal and regulatory compliance data as required for purposes such as know your client, anti-money laundering, and market abuse regulations requirements, or as part of our client onboarding process, which may include passport or other identification data, date of birth, home address, and other due diligence data.
- Other service data, such as personal information relevant to the provision or receipt of services, in relation to any of your employees, customers or vendors, and client feedback.
- Cookie and device data, such as information about your visit of our website, IP address, device identifier, browser type and version, operating system and network, location and time zone setting.
We may supplement the information that you provide to us with information that we receive or obtain from other sources, such as from our staff or personnel, clients, professional advisers, partners, and agents of GFLO, third parties with whom we interact, and publicly available sources.
We may use your personal data for the following purposes:
- Provision of services – we use personal data that you voluntarily submit to us on the website or during the course of our engagement, regardless of the media used, such as identification data, contact details, and other service data that we may process in connection with the provision of services. Our work for you may also involve providing such information to third parties, such as other professional advisers or agents in order to ensure the most effective execution of your orders.
- Addressing client inquiries – we use identification data, contact details, and other service data for this purpose. This process is necessary to perform our services. It may also be necessary for our legitimate interests to establish or maintain a relationship with you; it is also in your interest to receive a response from us when you contact us.
- Sending relevant marketing messages and inviting you to events/seminars – we use identification data, contact details, cookie and device data, and mailing list data to communicate with you by way of email alerts and post to provide you with information about our events, seminars, or services that may be of interest to you. This processing is necessary for our legitimate interest to send you tailored marketing messages, client newsletters, and invitations to relevant events and seminars.
- Improving our website – we use cookie and device data to improve the functionality and user-friendliness of our website. This processing is necessary for our legitimate interests to constantly monitor and improve our online presence and services to you.
- Keeping our website and IT systems and processes safe – we use identification data, contact details, financial data, cookie and device data, and other service data. This processing is necessary to perform our services and to ensure the security and confidentiality of your data. It is also necessary for our legitimate interests to prevent illegal activities, including fraud, which could harm you and us.
- Complying with legal or regulatory inquiries/requests – we use identification data, contact details, financial data, cookie and device data, and legal and regulatory compliance data (including for anti-money laundering or fraud detection purposes, statutory returns and fulfillment of the Firm’s ethical obligations). This processing is necessary for the purpose of complying with legal requirements that apply to the Firm.
We may share your personal data with the following categories of recipients:
- other entities within GFLO to provide services to you and to administer any service provided to you that the Firm agrees to undertake;
- professional advisers, partners, and agents of GFLO to provide you with local legal services, as required, and to administer our relationship with you;
- vendors that will process your personal information on our behalf and under our written instructions to carry out their services during the course of our business, such as IT service providers, financial institutions, customer relationship management databases and other cloud-based solutions, third party companies providing us with business analytics and statistics to assist with our marketing campaigns, and third party venues in which we may host events and seminars;
- any law enforcement, regulatory, or government agency requesting personal data in connection with any inquiry, subpoena, court order, or other legal or regulatory procedures, with which we would need to comply. We may also share personal data to establish or protect the Firm’s legal rights, property, or safety, or the rights, property, or safety of others, or to defend against legal claims.
We may send you direct marketing messages including by way of email alerts. If you no longer wish to receive our email alerts, to be part of a mailing list, or to receive any marketing communications, you can opt-out of such communications at any time by clicking on the unsubscribe link in the relevant message or contacting us at email@example.com.
If you are in the European Economic Area (the “EEA”), you have the following rights:
- Access. You have the right to request a copy of the personal data that we are processing about you. If you require additional copies, we may need to charge a reasonable fee;
- Rectification. You have the right to require the correction of any mistake in the personal data, whether incomplete or inaccurate, that we hold about you;
- Deletion. You have the right to require the erasure of personal data concerning you in certain situations, such as where we no longer need it or if you withdraw your consent (where applicable);
- Portability. You have the right to receive the personal data concerning you that you have provided to us, in a structured, commonly used, and machine-readable format and have the right to transmit that data to a third party in certain situations;
- Objection. You have the right to (A) object at any time to the processing of your personal data for direct marketing purposes and (B) object to our processing of your personal data where the legal ground of such processing is necessary for legitimate interests pursued by us or by a third party. We will then abide by your request unless we can demonstrate compelling legal grounds for the processing;
- Restriction. You have the right to request that we restrict our processing of your personal data in certain circumstances, such as when you contest the accuracy of that personal data;
- Withdrawal of consent. If we rely on your consent (or explicit consent) as our legal basis for processing your personal data, you have the right to withdraw that consent at any time. «Explicit consent» would be required if the Firm relies on consent as the condition to lawfully process «special categories of personal data,» as defined in the GDPR.
If you are in the EEA, you also have the right to lodge a complaint with the local data protection authority, such as the Information Commissioner’s Office («ICO») in the UK or la Commission Nationale de l’Informatique et des Libertés («CNIL») in France, if you believe that we have not complied with applicable data protection laws, including the GDPR. Please click here for a list of local data protection authorities in the EEA countries.
Please note that some of these rights may be limited where we have an overriding interest or legal obligation to continue to process the personal data or where data may be exempt from disclosure.
If you are in the EEA and would like to exercise any of those rights, please:
- Email us at firstname.lastname@example.org;
- Provide enough information to identify yourself (e.g., name, email address, etc.);
- Provide proof of your identity and address (a copy of your driver’s license or passport and a recent utility or credit card bill); and
- Provide the data to which your request relates.
We endeavor to take all reasonable steps to protect your personal data, but cannot guarantee the security of any data you disclose online. Please note that email is not a secure medium and should not be used to send confidential or sensitive information. By providing information online, you accept the inherent security risks of providing information over the Internet and will not hold us responsible for any breach of security, unless it is due to our negligence or willful default.
Notification of Changes
Last updated: September 2019