Privacy Notice
This Privacy Notice is issued by BGA Law and applies to all its subsidiaries and affiliates (which together are herein referred to as “BGA Law” and “We”).
At BGA Law, we respect and protect your right to privacy and will only process your personal data in accordance with those principles which are set out in applicable privacy laws. As a global organization, we acknowledge that various privacy laws will apply as to how we may collect, use, process and store your personal data. To ensure that your personal data is protected at all times, we have adopted the principles of the General Data Protection Regulation of the European Union (GDPR) as the minimum level of protection afforded to your personal data. Wherever a law requires a higher level of protection to be afforded your personal data, then such higher level shall apply.
How do we collect, use, process and store your personal data?
Personal data means any information relating to an identified or identifiable natural person. We are processing the following types of personal data:
- name, address, email address, telephone number and other contact information;
- date and place of birth;
- nationality;
- gender;
- copies of identity documents (passport, national ID card, driver’s license, employee identification numbers);
- source of wealth;
- utility bill, bank statement;
- tax residency.
Please note that this list is not exhaustive and that we may also collect and process other personal data to the extent it is useful or necessary for the provision of our services.
Data Collection
We collect, control and process personal data in different ways.
Personal data provided to us directly:
- We collect, control and process personal data directly from (prospective) clients, investors, business partners and intermediaries for the purposes of entering into an agreement and/or to meet certain legal requirements.
Personal data obtained from third parties:
- We also collect, control and process personal data from publicly accessible sources such as internet, social networks, World-Check or commercial registers.
Furthermore, we may receive personal data from third parties as part of the service we provide to you or in connection with legal requirements that are applicable to us.
Use of personal data
The majority of the personal data processed by us is necessary for the performance of a contract to which the data subject is a party or to comply with the request of the data subject prior to entering into a contract. We also process personal data in order to comply with our legal and regulatory obligations.
We may furthermore process personal data for our legitimate business interests. Such legitimate interests include general research and development (including statistical research or as a basis to analyze our current security measures) or to develop and improve our services and products or to strengthen our relationship with you. We may provide you with communications or information regarding our service offering which we think will be interesting for you.
When we process your personal data for our legitimate business interests, we will consider and balance any potential impact on you and your rights under the applicable data protection law and any other relevant law. Whenever we process personal data for these purposes, you have the right to object. Where an evident legitimate business interest is absent, we will always ask your consent for the processing of your data.
To whom do we provide data?
We may disclose or transfer personal data collected by us to other companies within BGA Law, insofar as is reasonably necessary for the purposes of our service offering or for compliance purposes, as well as for the legal purposes as set out in this Privacy Notice.
We may disclose or transfer personal data to subcontractors for the purpose of the proper performance of the services we provide to our clients. We may, for example, disclose or transfer such personal data to third party service providers who provide administrative, computer, payment, data processing, debt collecting or other services. We enter into data processing agreements with such subcontractors to ensure that they process your data, on our behalf, with the same level of security and confidentiality as applied by us. Furthermore, we may disclose or transfer personal data when we receive your consent to do so.
In addition, we may disclose or transfer personal data to protect our rights or those of our clients and/or to prevent fraud. We can also be obliged to disclose or transfer personal data to competent authorities in order to comply with our legal and/or regulatory obligations.
Except as described in this paragraph, we will not disclose, transfer or sell your personal data to any third party unless you have consented to this.
International transfers and data storage
We process and store personal data on cloud-based databases which are held on servers located in a third country assessed by the European Commission to have adequate level of protection by means of an adequacy decision. We may disclose and transfer personal data to other companies of BGA Law located outside the European Economic Area, while, if applicable, taking additional measure to ensure the same level of protection.
Where we disclose or transfer personal data to third parties, outside the European Economic Area, we ensure that special safeguards are adopted to ensure that the protection travels with the personal data and where required we ensure the transfer is subject to a contract incorporating model contractual clauses in the form adopted by the European Commission (as amended from time to time).
If disclosure or transfer of personal data is being done in a country that does not ensure an adequate level of protection of your personal data, we will make sure additional safeguards will be put in place.
Retention
We will process and store the relevant personal data for the duration of our services or for the duration of the business relationship. We may also store the data for as long as it is necessary or required in order to fulfill legal, contractual or statutory obligations and, or for the establishment, exercise or defense of legal claims, and in general where it has a legitimate interest for doing so.
Your rights
You have the following rights:
- Access to your information. You have the right to access the personal information that we hold about you at any time.
- Data portability. You may ask us to provide you with a copy of the personal information that we hold about you.
- Correction of your personal information. You have the right to ask us to update and correct any out-of-date or incorrect personal information that we would hold about you.
- You have the right to object to automatic decision making.
- Deletion of your personal information (the right to be forgotten). You have the right to ask us to delete your personal information, to the extent that we have no legal and/or regulatory obligations to keep such personal information.
- Restriction of processing of your personal information. You have the right to ask us to restrict the processing of your personal information where:
- You have contested the accuracy of the personal information held by us;
- The processing is unlawful, but you have objected to the deletion of the personal data and request the restriction of the use instead;
- We no longer need the personal data for the purposes of the processing, but you require it for legal reasons;
- You have objected to processing and we are investigating whether there are legitimate grounds to override your objection.
- Object. You have the right to object at any time to the processing of your personal data for any direct marketing (and related profiling) by us. In addition, you have the right to make a complaint with the local supervisory authority with respect to the way we are processing your personal data or the way we are handling your rights. However, the rights you have to object are not absolute and are subject to various limitations; we reserve the right not to comply with a request, if we believe such limitation is applicable.
Automatic decision making
We never base our decisions on purely automatic means.
Navigation and cookies
Please note that we are the controller of personal data collected through the BGA Law website (“Website”). We will, however, only use this personal data in accordance with the purpose set forth in this Privacy Notice.
We collect personally-identifiable information on certain areas of the Website when users register, request publications or other information, sign up for conferences and events, apply for jobs, and participate in user posting areas, such as bulletin boards, discussion forums, and surveys. The personally-identifiable information collected may consist of information that you provide, such as names, mailing addresses, e-mail addresses, telephone and fax numbers, and, for recruiting purposes, any other personally-identifiable information on your resume.
The Website also uses cookies to identify you and your interests and to track usage of the Website. Cookies are small pieces of text stored on your computer that help us know which browser you are using and where you have been on the Website and on websites to which you may link in order to use some of our features. By accepting our cookie, you will be permitted access to certain pages of the Website without having to log in each time you visit. A user who does not accept the cookie from the Website may not be able to access certain areas of the Website. We also log IP addresses, or the location of computers on the Internet, to help diagnose problems with our server and to administer the Website. If you prefer not to accept a cookie, you can set your web browser to warn you before accepting cookies, or you can refuse all cookies by turning them off in your web browser.
Protection of personal data
We are committed to ensuring the security of your personal data. We take appropriate commercially reasonable technical, physical and organizational measures to prevent unauthorized or unlawful processing of your personal data or accidental loss or destruction of your personal data. We will ensure a level of security suitable to the identified risks and pursuant to applicable data protection laws and, where the processing concerns personal data of EU residents, shall take measures required pursuant to article 32 of the GDPR.
Our employees are trained to handle personal data securely and with utmost respect and they will treat your personal data strictly confidential. Staff members shall be authorized to access personal data only to the extent necessary to serve the applicable legitimate purposes for which the data is processed by us and to perform their job. In addition, all our employees have committed themselves to the confidentiality of the personal data of our clients, as a condition of their employment.
We will not divulge client information to a third party unless we have received explicit client authorization or we are required to do so by law.
Changes to this notice
We may update this Privacy Notice from time to time. We advise you to periodically review this Privacy Notice to keep informed of how we protect your privacy.