PRIVACY POLICY

1. Important information and who we are

This privacy policy explains how Stewardline Limited (“we”, “us”, or “our”) collects and uses your personal data when we provide services to you or your business, through your use of our website and in the course of other interactions with you.

We are the controller with respect to your data, and we are as such responsible for your personal data as well as the website.

2. The personal data we collect about you

Personal data means any information about an individual from which that person can be identified.

We collect and process the following personal data from you:

·       Identity and Contact Data: This includes name, address, email address, telephone number, date of birth, marital status, passport number, employment history, educational or professional background, tax status, employee number, job title and function, and other personal data concerning your preferences relevant to our services.

·       Financial Data: This includes bank account and payment card details as well as any data necessary for processing payments, fraud prevention and billing purposes.

·       Information relevant to our services: This includes corporate data such as details of shareholding, directorships, beneficial ownership, and other information required for corporate administration.

·       Technical Data: This includes internet protocol (IP) address, browser type and version, time zone settings, device ID, and other technology you use to access our website.

·       Usage Data: This includes information about how you interact with and use our website and services.

·       Marketing and Communications Data: This includes your preferences in receiving marketing from us and our third parties and your communication preferences.

If you fail to provide personal data

Where we need to collect personal data by law, or under the terms of our engagement with, and you fail to provide that data when requested, we may not be able to perform the services set out in the engagement letter. We will notify you if this is the case.

3. How is your personal data collected?

We use different methods to collect data from and about you including:

·       In the process of carrying out work for you (or your business) where we will in almost all instances act as a controller. In very limited circumstances we may act as a processor in which case we will let you know and ensure that an appropriate contract is put in place.

·       When we communicate with you by email or other electronic correspondence, by telephone or using video conferencing software. You may give us personal data by filling in forms or by corresponding with us by post, phone, email or otherwise.

·       Networking (for example, at in-person or virtual events).

·       Through your use of our guest Wi-Fi service.

·       By virtue of our access to CCTV footage.

·       Otherwise through providing our services and operating our business.

·       In connection with a recruitment application.

We also collect data from, and about you via our website:

·       Through your actions (for example, when submitting a subscription form or job application).

·       Through automated technologies or interactions. As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, and other similar technologies.

Legal basis

The law requires us to have a legal basis for collecting and using your personal data. We rely on one or more of the following legal bases:

·       Performance of a contract with you: Where we need to perform our terms of business with you.

·       Legitimate interests: Where processing is necessary for the proper management of our business and client relationships.

·       Legal obligation: Where we need to comply with a legal obligation to which we are subject.

·       Consent: We rely on consent only where we have obtained your active agreement to use your personal data for a specified purpose, for example if you subscribe to an email newsletter.

We do not use your personal data for solely automated decision-making or profiling.

Purposes for which we will use your personal data

We have set out below a description of all the ways we may use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

A.      Purpose / Use:

To establish and manage our relationships with clients and counterparties. This includes client onboarding, corporate administration, fiduciary services, company secretarial functions, and processing payments and billing.

We also process data to meet our regulatory obligations, including anti-money laundering and counter-terrorist financing checks, sanctions screening, fraud prevention, tax reporting, and other compliance requirements.

Type of data: Identity and Contact Data; Financial Data; Information relevant to our services.

Lawful basis: Performance of a contract with you; Necessary to comply with a legal or regulatory obligation; Necessary for our legitimate interests (e.g. to prevent fraud or money laundering); Consent (where required).

B.      Purpose / Use:

To conduct our business and pursue our legitimate interests. This includes managing client, supplier, and service provider relationships; ensuring compliance with internal policies and standards; and protecting the security of our premises, communications, and IT systems.

We also use personal data for accounting, auditing, insurance, and legal purposes, including exercising or defending legal rights.

Additionally, we may process personal data to improve our services and client communications.

Type of data: Identity and Contact Data; Financial Data; Information relevant to our services; Marketing and Communications Data.

Lawful basis: Performance of a contract with you; Necessary to comply with a legal obligation; Necessary for our legitimate interests (e.g. to maintain accurate records and manage our business effectively).

C.     Purpose / Use: To administer our website, deliver relevant website content to use and use data analytics to improve our website and services.

Type of data: Technical Data; Usage Data; Marketing and Communications Data.

Lawful basis: Necessary for our legitimate interests (e.g. provision of IT services, service development and business growth).

D.     Purpose / Use: To make suggestions and recommendations to you about services, insights, or events that may be of interest to you.

Type of data: Identity and Contact Data; Technical Data; Usage Data; Marketing and Communications Data.

Lawful basis: Necessary for our legitimate interests (e.g. to develop our products and services and grow our business).

Opting out of marketing

You can ask us or third parties to stop sending you marketing messages at any by following the opt-out links on any marketing message sent to you or by contacting us at any time.

If you opt out of receiving marketing communications, you will still receive service-related communications that are essential for administrative or customer service.

4. Disclosures of your personal data

We may share your personal data with trusted third parties as set out below pursuant to contractual arrangements or regulatory obligations we have with or owe to them, including:

·       third party professional advisers, such as law firms, auditors accountants and our affiliates (for example, Nicos Chr. Kacoullis LLC);

·       banks and financial institutions;

·       suppliers of goods and services, including IT services, word processing, translation, photocopying, e-disclosure and data room provision;

·       our auditors, insurers, brokers and other advisers;

·       third parties involved with the services we provide to our clients, such as family offices, tribunals and courts;

·       regulatory authorities, government agencies and law enforcement agencies; and

·       third parties to whom we may choose to sell, transfer or merge parts of our business or our assets.

5. International transfers

We may transfer your personal data to service providers that carry out certain functions on our behalf. This may involve transferring personal data outside the European Union to countries which have laws that do not provide the same level of data protection as the European Union.

Whenever we transfer your personal data out of the European Union to service providers, we ensure a similar degree of protection is afforded to it by ensuring that the following safeguards are in place:

·       We will only transfer your personal data to countries that have been deemed by the European Union to provide an adequate level of protection for personal data or the transferee is a recipient in the United States of America who has registered under the EU/US Privacy Framework.

·       We may use specific standard contractual terms approved for use by the European Commission which give the transferred personal data the same protection as it has in European Union.

·       We have received your explicit consent.

6. Data security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

7.  Data retention

How long will you use my personal data for?

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

If you want to learn more about our specific retention periods for your personal data established in our retention policy you may contact us at info@stewardline.com.  

8. Your legal rights

You have the following rights with respect to our use of your personal data:

·       You can request access to your personal data (commonly known as a "subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. There are exceptions to this right, so that access may be denied if, for example, making the information available to you would reveal personal data about another person, or if we are legally prevented from disclosing such information.

·       You can request correction of the personal data that we hold about you.

·       Request erasure of your personal data in certain circumstances. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

·       In certain circumstances, you also have the right to object to processing of your personal data and to ask us to block, erase and restrict your personal data.

·       Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format.

If you wish to exercise any of the rights set out above, please contact us at info@stewardline.com and provide a proof of your identity.    

9. Contact details

If you have any questions about this privacy policy or about the use of your personal data or you want to exercise your privacy rights, please contact us:

·       Email address: info@stewardline.com

·       Postal address: 2 Spartakou Str., 3021 Limassol, Cyprus

·       Telephone number: +357 25 871 787

10. Complaints

You have the right to make a complaint at any time to the Data Commissioner of the Republic of Cyprus (https://www.dataprotection.gov.cy/dataprotection/dataprotection.nsf/home_en/home_en?opendocument). We would, however, appreciate the chance to deal with your concerns before you approach the Data Commissioner so please contact us in the first instance.

11. Changes to the privacy policy and your duty to inform us of changes 

We reserve the right to update and change this privacy policy from time to time in order to reflect any changes to the way in which we process your personal data. Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our privacy policy.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us, for example a new address or email address.

12. Third-party links 

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements.