OLIVE CONSULTINGPRIVACY NOTICE
Effective Date: 17 APRIL 2023
This Privacy Notice explains how Olive Consulting collects, use and discloses your personal data, and your rights in relation to the personal data it holds.
Olive Consulting (in this Privacy Notice, "us", "we" and "our") is the data controller of your personal data and, is committed to complying with the Data Protection Law, 2017 of the Cayman Islands ("DPL"), the EU General Data Protection Regulation 2016/679 ("GDPR"), and any applicable data protection laws. You may have additional rights under other foreign or domestic laws that may apply to you.
Our Privacy and Data Compliance Officer can be contacted by email: email@example.com
The Effective Date of our Privacy Notice is stated above. We reserve the right to change this Privacy Notice at any time.
Nothing in this Privacy Notice creates any new relationship between you and us or alters any existing relationship between you and us. It is important however that the personal data we hold about you is accurate and up-to-date. Please keep us informed if your personal data changes during your relationship with us.
You have the following rights:
- To be informed about the personal data we collect from you and use;
- To obtain access to, and copies of, the personal data that we hold about you;
- To require that we do not begin or that we cease processing your personal data;
- To require us not to send you marketing communications;
- To require us to delete your personal data, subject to our legal obligations;
- To require us to restrict our data processing activities;
- To receive from us the personal data we hold about you which you have provided to us, in a reasonable format specified by you, including for the purpose of you transmitting that personal data to another data controller;
- To require us to correct the personal data we hold about you if it is inaccurate or incomplete at any time;
- To require that we do not subject you to automated decision-making that uses your personal data; and
- To withdraw consent at any time where we are relying on consent to process your personal data.
Please note that the above rights are not absolute, and we may be entitled to refuse requests where exceptions apply. Additionally, while the rights you have can normally be exercised free of charge, the DPL allows us to charge you if your request is manifestly unfounded or excessive. In such cases, we reserve the right to charge you a fee for processing your request.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any other of your rights). This is a security measure to ensure that personal data is not disclosed to a person who has no right to receive it.
If you have any questions or wish to make a complaint about how we use or collect your personal data, or you wish to exercise any of the rights set out above, please our Privacy and Data Compliance Officer can be contacted by email: firstname.lastname@example.org
You have the right to lodge a complaint with the Cayman Islands Ombudsman or with a supervisory authority in the EU Member State of your habitual residence or place of work or in the place of the alleged infringement if you consider that the processing of personal data relating to you and carried out by us or our service providers infringes the DPL or the GDPR respectively.
The Cayman Islands Ombudsman can be contacted by post at:
Ombudsman PO Box 2252
Grand Cayman KY1-1107 Cayman Islands
How we collect your data
We collect your personal data in a number of ways, for example:
- From the information you provide to us when you meet us;
- From information about you provided to us by your company or an intermediary;
- When you communicate with us by telephone, fax, email or other forms of electronic communication. In this respect, we may monitor, record and store any such communication;
- When you complete (or we complete on your behalf) client on-boarding or application or other forms;
The categories of personal data we collect
We collect the following categories of personal data about you:
- Your name and contact information such as email address and telephone number;
- An understanding of your goals and objectives in procuring our services;
- Information about your employment, and interests, where relevant; and your location.
The basis for processing your personal data (other than with your consent), how we use that personal data and whom we share it with
- Performance of a contract with you
We process your personal data because it is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract.
In this respect, we use your personal data for the following:
- To prepare a proposal for you regarding the services we offer;
- To provide you with the services as set out in our Terms of Engagement with you or as otherwise agreed with you from time to time;
- To deal with any complaints or feedback you may have;
- To update and maintain records and fee calculations; and
- For any other purpose for which you provide us with your personal data.
In this respect, we may share your personal data with or transfer it to the following:
- Third parties whom we engage to assist in delivering the services to you.
- Our professional advisers where it is necessary for us to obtain their advice or assistance, including lawyers, accountants, administrative support service providers, or public relations advisers;
- Other third parties such as intermediaries who we introduce to you. We will wherever possible tell you who they are before we introduce you; and
- Our service providers acting as processors who provide IT, data storage and system administration services.
- Legitimate interests
We also process your personal data because it is necessary for our legitimate interests, or sometimes where it is necessary for the legitimate interests of another person.
In this respect, we use your personal data for the following:
- For direct marketing to you. In this respect, see the separate section on Marketing below;
- Training our staff or monitoring their performance;
- For the administration and management of our business, including recovering money you owe to us, and archiving or statistical analysis;
- Seeking advice on our rights and obligations, such as where we require our own legal advice;
In this respect we will share your personal data with the following:
- Our advisers or agents where it is necessary for us to obtain their advice or assistance;
- With third parties and their advisers where those third parties are acquiring, or considering acquiring, all or part of our business.
We will send you marketing about similar services we provide, as well as other information in the form of alerts, newsletters and invitations to events or functions which we believe might be of interest to you.
We will communicate this to you in a number of ways including by post, telephone, email, SMS or other digital channels.
If you object to receiving marketing from us at any time, please contact us:
By email: email@example.com
Transfer and processing of your personal data
The nature of our operations may involve the transfer of personal data outside the Cayman Islands to recipients who may be located anywhere in the world including without limitation, in the British Virgin Islands, China, Cyprus, Hong Kong, Jersey, Macau, Mauritius, the United States and other jurisdictions. Such countries may not have data protection laws or regulations equivalent to the DPL and the GDPR.
Our servers, storing and keeping your data secure, are located in countries which have an adequate level of protection or with which we have signed agreements incorporating the EU Standard Contractual Clauses under the GDPR.
Where we disclose your personal data as described above to recipients who are located outside of the Cayman Islands or the European Union, we will, wherever possible ensure that adequate legal safeguards and protective measures are put in place for the cross-border transfers of your personal data to third parties to whom personal data will be transferred.
To find out more about transfers by us of your personal data and the countries concerned please contact us:
Retention of your data
We will only retain your personal data for as long as we have a lawful reason to do so.
Protection of Personal Data
We maintain and require that the recipients to which your personal data are transferred maintain appropriate technical and organizational measures to ensure a level of security appropriate to potential risks, including physical, electronic and procedural safeguards that comply with the DPL and GDPR to protect your information, including:
- the pseudonymization and encryption of your personal data where appropriate;
- ensuring ongoing confidentiality, integrity, availability and resilience of processing systems and services;
- ensuring we can restore access to personal data in a timely manner if a physical or technical incident occurs; and
- regular testing, assessment and evaluation of the effectiveness of technical and organizational measures to ensure your personal data is secure.
We restrict access to personal data to those employees who need to know that information in the course of their job responsibilities.
We will destroy, erase or make unreadable, data, computer files and documents containing personal data prior to disposal.
We do not allow third party service providers who process data on our behalf to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
In the unlikely and unfortunate event that your personal data under our control becomes compromised due to a breach of our security, we will act promptly to identify the cause and take the necessary steps to contain and mitigate the consequences of the breach. Where appropriate, we will also notify you of the breach in accordance with the requirements of the DPL and any other applicable law.