PRIVACY POLICY

GFLO Consultancy as a whole, as well as separate entities within GFLO group (collectively, «GFLO,» the «Firm,» «we,» «us,» or «our») recognizes the importance of protecting the privacy of individuals whose personal data may become available to us. References in this policy to “you” or “your” are references to individuals that are visitors of our website, suppliers of goods and services to the Firm, or any other persons about whom we obtain any personal data. The following policy explains the principles governing our use of personal data that we may obtain about you, it will help you better understand how we collect, use, and otherwise process your personal data, as well as the rights that you have in relation to our processing of that information (the “Privacy Policy”). In this Privacy Policy, “personal data” means information that either by itself or in combination with other data enables you to be identified or recognized.

GFLO is the data controller in relation to any personal data that the Firm processes about you and is responsible for ensuring that such processing complies with applicable data protection laws, including the European Union General Data Protection Regulation (the “GDPR”). Your privacy is important to us. Please be aware that our staff is required to comply with the data privacy practices as set out in this Privacy Policy and other data privacy-related policies that .

If you have any comments or questions in connection with this Privacy Policy, please contact us via email at privacy@gflolaw.com.

Data Collection

There are a number of contact forms on our website that can be filled out. If you use any of them, we may, for example, keep a record of your name, email address, and any other information you voluntarily provide to us.

Additionally, the following categories of personal data may be received from you in the course of business, including through your use of the website, when you contact or request information from us, when we provide services to you or receive services from you:

  • Identification data, such as name, gender, title, job title, or address.
  • Contact information, including your phone number(s), your email address and social media account or handle where appropriate.
  • Financial data, such as bank account information and invoicing details.
  • Event registration or mailing list data, such as dietary requirements (which may reveal information about your health or religious beliefs), preferences and interests, subscriptions, downloads, and username/passwords.
  • Job applicant data, such as identification data and contact information, CV and other data provided by you or third parties (e.g. recruiters) on our website, online recruitment portal (where applicable) or offline in connection with job openings, which may be subject to additional local requirements based on the country for which the position is advertized.
  • Legal and regulatory compliance data as required for purposes such as know your client, anti-money laundering, and market abuse regulations requirements, or as part of our client onboarding process, which may include passport or other identification data, date of birth, home address, and other due diligence data.
  • Other service data, such as personal information relevant to the provision or receipt of services, in relation to any of your employees, customers or vendors, and client feedback.
  • Cookie and device data, such as information about your visit of our website, IP address, device identifier, browser type and version, operating system and network, location and time zone setting.

We may supplement the information that you provide to us with information that we receive or obtain from other sources, such as from our staff or personnel, clients, professional advisers, partners, and agents of GFLO, third parties with whom we interact, and publicly available sources.

Data Usage

We may use your personal data for the following purposes:

  • Provision of services – we use personal data that you voluntarily submit to us on the website or during the course of our engagement, regardless of the media used, such as identification data, contact details, and other service data that we may process in connection with the provision of services. Our work for you may also involve providing such information to third parties, such as other professional advisers or agents in order to ensure the most effective execution of your orders.
  • Addressing client inquiries – we use identification data, contact details, and other service data for this purpose. This process is necessary to perform our services. It may also be necessary for our legitimate interests to establish or maintain a relationship with you; it is also in your interest to receive a response from us when you contact us.
  • Sending relevant marketing messages and inviting you to events/seminars – we use identification data, contact details, cookie and device data, and mailing list data to communicate with you by way of email alerts and post to provide you with information about our events, seminars, or services that may be of interest to you. This processing is necessary for our legitimate interest to send you tailored marketing messages, client newsletters, and invitations to relevant events and seminars.
  • Improving our website – we use cookie and device data to improve the functionality and user-friendliness of our website. This processing is necessary for our legitimate interests to constantly monitor and improve our online presence and services to you.
  • Keeping our website and IT systems and processes safe – we use identification data, contact details, financial data, cookie and device data, and other service data. This processing is necessary to perform our services and to ensure the security and confidentiality of your data. It is also necessary for our legitimate interests to prevent illegal activities, including fraud, which could harm you and us.
  • Complying with legal or regulatory inquiries/requests – we use identification data, contact details, financial data, cookie and device data, and legal and regulatory compliance data (including for anti-money laundering or fraud detection purposes, statutory returns and fulfillment of the Firm’s ethical obligations). This processing is necessary for the purpose of complying with legal requirements that apply to the Firm.
  • Recruitment – personal data about job applicants is collected and processed for purposes of screening, identifying, and evaluating candidates for positions; record-keeping related to hiring processes; analyzing the hiring process and outcomes; and conducting background checks, where and to the extent permitted by applicable law, which may also be subject to relevant local recruitment privacy policy.

Data Sharing

We may share your personal data with the following categories of recipients:

  • other entities within GFLO to provide services to you and to administer any service provided to you that the Firm agrees to undertake;
  • professional advisers, partners, and agents of GFLO to provide you with local legal services, as required, and to administer our relationship with you;
  • vendors that will process your personal information on our behalf and under our written instructions to carry out their services during the course of our business, such as IT service providers, financial institutions, customer relationship management databases and other cloud-based solutions, third party companies providing us with business analytics and statistics to assist with our marketing campaigns, and third party venues in which we may host events and seminars;
  • any law enforcement, regulatory, or government agency requesting personal data in connection with any inquiry, subpoena, court order, or other legal or regulatory procedures, with which we would need to comply. We may also share personal data to establish or protect the Firm’s legal rights, property, or safety, or the rights, property, or safety of others, or to defend against legal claims.

Please note that the Privacy Policy covers the GFLO website only. We are not responsible for the data policies or procedures or content of any linked websites. We recommend that you check the privacy and security policies of each website you visit.

Marketing

We may send you direct marketing messages including by way of email alerts. If you no longer wish to receive our email alerts, to be part of a mailing list, or to receive any marketing communications, you can opt-out of such communications at any time by clicking on the unsubscribe link in the relevant message or contacting us at privacy@gflolaw.com.

Your Rights

If you are in the European Economic Area (the “EEA”), you have the following rights:

  • Access. You have the right to request a copy of the personal data that we are processing about you. If you require additional copies, we may need to charge a reasonable fee;
  • Rectification. You have the right to require the correction of any mistake in the personal data, whether incomplete or inaccurate, that we hold about you;
  • Deletion. You have the right to require the erasure of personal data concerning you in certain situations, such as where we no longer need it or if you withdraw your consent (where applicable);
  • Portability. You have the right to receive the personal data concerning you that you have provided to us, in a structured, commonly used, and machine-readable format and have the right to transmit that data to a third party in certain situations;
  • Objection. You have the right to (A) object at any time to the processing of your personal data for direct marketing purposes and (B) object to our processing of your personal data where the legal ground of such processing is necessary for legitimate interests pursued by us or by a third party. We will then abide by your request unless we can demonstrate compelling legal grounds for the processing;
  • Restriction. You have the right to request that we restrict our processing of your personal data in certain circumstances, such as when you contest the accuracy of that personal data;
  • Withdrawal of consent. If we rely on your consent (or explicit consent) as our legal basis for processing your personal data, you have the right to withdraw that consent at any time. «Explicit consent» would be required if the Firm relies on consent as the condition to lawfully process «special categories of personal data,» as defined in the GDPR.

If you are in the EEA, you also have the right to lodge a complaint with the local data protection authority, such as the Information Commissioner’s Office («ICO») in the UK or la Commission Nationale de l’Informatique et des Libertés («CNIL») in France, if you believe that we have not complied with applicable data protection laws, including the GDPR. Please click here for a list of local data protection authorities in the EEA countries.

Please note that some of these rights may be limited where we have an overriding interest or legal obligation to continue to process the personal data or where data may be exempt from disclosure.

If you are in the EEA and would like to exercise any of those rights, please:

  • Email us at privacy@gflolaw.com;
  • Provide enough information to identify yourself (e.g., name, email address, etc.);
  • Provide proof of your identity and address (a copy of your driver’s license or passport and a recent utility or credit card bill); and
  • Provide the data to which your request relates.

Security

We have implemented technical and organizational security measures in an effort to safeguard the personal data in our custody and control. Such measures include, for example, limiting access to personal data only to staff and authorized service providers on a need-to-know basis for the purposes described in this Privacy Policy, as well as other administrative, technical, and physical safeguards.

We endeavor to take all reasonable steps to protect your personal data, but cannot guarantee the security of any data you disclose online. Please note that email is not a secure medium and should not be used to send confidential or sensitive information. By providing information online, you accept the inherent security risks of providing information over the Internet and will not hold us responsible for any breach of security, unless it is due to our negligence or willful default.

Cookies

Our website uses certain tags, log files, web beacons, and similar tracking technologies from third parties (collectively, «cookies»), of which you should be aware. Please see our Cookie Policy to find out more about the cookies we use and how to manage and delete cookies.

Data Retention

We will only retain your personal data for as long as necessary for the purposes for which that information was collected as set out in this Privacy Policy or for longer as required under any applicable legal, regulatory, accounting, or reporting requirements. Should you opt out or no longer wish to receive marketing messages from us, we will securely delete your personal data from the relevant mailing list(s).

Notification of Changes

We may occasionally update this Privacy Policy as our services and privacy practices change, or as required by applicable legal or regulatory requirements. Where it is practicable, we will notify you by email of any significant changes. However, the last update date is posted below, and we encourage you to review this Privacy Policy periodically to be informed of how we use your personal data.

Last updated: September 2019