EDG



Home
About us
Our Services
Contact us


  

Privacy Policy of EDG Consulting Cyprus Limited


1. Introduction

In this privacy policy we, EDG Consulting Cyprus Limited, Orfeous 2B & Makariou III Avenue, 1st floor, office 102, 1070, Nicosia, Cyprus (hereinafter we or us), explain how we collect and further process personal data. We provide corporate, accounting and advisory services to you.

The aim of this information is

  • comprehensive information about the processing of your personal data by us;
  • the explanation of your rights in connection with the processing of your personal data; and
  • providing the contact details of the entity responsible for processing your personal data and the data protection officer of EDG Consulting Cyprus Limited.

Your trust is important to us, which is why we take the issue of data protection seriously and ensure appropriate security. We are committed to handling your personal data responsibly. It goes without saying that we comply with the provisions of the Federal Act on Data Protection (FADP), the Ordinance to the Federal Act on Data Protection (OFADP), the Telecommunications Act (TCA), the European General Data Protection Regulation (GDPR) and, where applicable, other provisions of data protection law.

So that you know what personal data we collect from you and for what purposes we use it, please take note of the information below.

2. What personal data do we process and for what purpose?

Depending on your activity, we process the following personal data:

2.1 Visit the website

When you visit our websites, our servers temporarily save each access in a log file. The following data is collected without your intervention and stored by us until automatic deletion (at the latest after 12 months ):

  • the IP address of the requesting computer (shortened);
  • the date and time of access;
  • the name and URL of the retrieved file;
  • the page and address of the website from which you were redirected to our websites and, if applicable, the search term used;
  • the country from which our website is accessed;
  • the operating system of your computer and the browser you use (provider, version and language);
  • the transmission protocol used (e.g. HTTP/1.1).

The collection and processing of this data is carried out for the purpose of enabling the use of our websites (connection establishment), to ensure system security and stability on a permanent basis, to enable the optimisation of our internet offer as well as for internal statistical purposes.

Only in the event of an attack on the network infrastructure or suspicion of other unauthorised or abusive website use will the IP address be evaluated for the purpose of clarification and defence and, if necessary, used as part of criminal proceedings to identify and take civil or criminal action against the users concerned. The legal basis is our legitimate interest within the meaning of Art. 6 (1) sentence 1 lit. f GDPR in providing a stable and functional website.

2.2 When opening a customer relationship

When opening a customer relationship, we process the following personal data:

  • Name, first name*
  • Address*
  • Date of birth*
  • Phone number*
  • Gender*
  • Passport/electricity bill/other proof of address*.
  • Curriculum vitae and client profile
  • World Check by Reuters
  • Source of wealth and cumulative wealth data
  • Reference letters
  • Risk assessment*
  • KYC form/register of beneficial owners/passport/proof of address*.
  • Criminal record in case you provide such

This data processing is necessary in order to enter into a contractual relationship with us.

Certain data are mandatory (marked with *). If you do not provide us with the mandatory information, it is not possible to open a customer account.

Furthermore, this data is used to maintain the business relationship with you, to provide our services and to invoice you.

The legal basis is the necessity for the fulfilment of the contract within the meaning of Art. 6 para. 1 lit. b GDPR.

2.3 When opening a client account with a third party

When opening a client account (e.g. with a custodian bank or broker), we process the following personal data:

  • Name, first name*
  • Address*
  • Date of birth*
  • Phone number*
  • Gender*
  • Passport/electricity bill/other proof of address*.

Certain information is mandatory (marked with *). If you do not provide us with the mandatory information, it will not be possible to open a bank account. We are legally obliged to carry out further clarifications when entering into and maintaining client relationships. In particular, we are subject to an extensive duty of identification with regard to new and existing clients and are also subject to Swiss money laundering legislation.

The legal basis is the necessity for the fulfilment of the contract within the meaning of Art. 6 para. 1 lit. b GDPR.

2.4 Money Laundering Act

The following data is collected as part of audits for compliance with the Money Laundering Act:

  • Name, first name*
  • Address*
  • Date of birth*
  • Phone number*
  • Gender*
  • Passport/electricity bill/other proof of address*.
  • Risk assessment*
  • KYC form/register of beneficial owners/passport/proof of address*.
  • Register of Directors/KYC Form/Passport/Proof of Address*.
  • Name and contact information of the managing director or authorised representative *
  • Name of directors and officers*
  • Criminal record extract
  • All transactional data of the entity used by the client
  • Contracts and agreements
  • -- plus same data as mentioned above

The purpose of this data processing lies in the legal obligation to comply with the provisions of the Money Laundering Act. It is therefore necessary for the fulfilment of the legal obligations.

Certain data is mandatory (marked with *). If you do not provide us with the mandatory information, we will not be able to complete the verification of compliance with the

Anti-Money Laundering Act.

The legal basis is the necessity for the fulfilment of the contract within the meaning of Art. 6 (1) (b) GDPR as well as legal obligation within the meaning of Art. 6 (1) (C) GDPR.

3. From which sources do we collect your personal data?

In principle, we collect personal data directly from you (e.g. via forms, in the course of communication with us, in connection with contracts, when using the website, etc.).

Unless this is inadmissible, we also take data from publicly accessible sources (e.g. debt enforcement registers, land registers, commercial registers, the media or the internet incl. social media) or receive data from other companies within our group, from authorities and from other third parties (such as data collections on criminal activities (such as World Check).

The categories of personal data that we receive about you from third parties include, in particular, information from public registers, information that we obtain in connection with official and legal proceedings, information in connection with your professional functions and activities, information about you in correspondence and meetings with third parties, creditworthiness information, information about you that people close to you provide to us so that we can conclude or process contracts with you or involving you (e.g. information for compliance with legal requirements such as for combating fraud, money laundering and terrorism and export restrictions, information about you from the media and the Internet (where this is appropriate in the specific case).e.g. information to comply with legal requirements such as those relating to combating fraud, money laundering and terrorism and export restrictions, information about you from the media and the Internet.

4. Location of data processing

Your personal data is stored in Switzerland.

5. Is the personal data passed on to third parties?

We share your personal data with the following categories of recipients:

  • Group companies of EDG Consulting Cyprus Limited.
  • Service providers: We work with service providers in Switzerland and abroad who process data about you on our behalf or in joint responsibility with us or who receive data about you from us in their own responsibility (e.g. IT providers, accountants, registered agents, auditors, bank address checkers). Central services provider is our group company Arvis in the Philippines.

We disclose to these service providers the data required for their services, which may also concern you. These service providers may also use such data for their own purposes, e.g. information about outstanding debts and your payment history in the case of credit agencies or anonymised data to improve services. We also enter into contracts with these service providers that include provisions to protect your personal data. Our service providers may also process data about how their services are used and other data arising from the use of their services as independent data controllers for their own legitimate interests (e.g. for statistical analysis or billing purposes). Service providers inform about their independent data processing in their own data protection statements.

  • Banks: Whenever we open accounts for yourself or entities which we set up and manage for you, bank compliance data is shared with the bank. Usually they require the same data about yourself as we require.
  • Authorities: We may pass on personal data to offices, courts and other authorities in Switzerland and abroad if we are legally obliged or entitled to do so or if this appears necessary to protect our interests. The authorities then process this data on their own responsibility.

All these categories of recipients may in turn involve third parties, so that your data may also be made accessible to them. We can restrict processing by certain third parties (e.g. IT providers), but not by other third parties (e.g. authorities, banks, etc.).

6. Transmission of personal data abroad

The personal data is processed in our group companies in Switzerland, the EU/EEA, the Philippines, the UK, the United Arab Emirates, Cyprus, Hong Kong and Singapore. Moreover, in the course of our services, personal data can be transferred to the registered agents, auditors, banks and agent companies in the EU/EAA, British Virgin Islands, Panama, Gibraltar, United Arab Emirates, Hong Kong, Philippines, Hong Kong, West Indies, Marshall Islands and – in specific cases where you wish a relation to another country – other countries..

If a recipient is located in a country without adequate legal data protection according to the EU commission or to the Swiss Federal Council, we contractually oblige the recipient to comply with the applicable data protection (in particular, we use the revised standard contractual clauses of the European Commission (SCC), which are available here: [https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?] ) or we ensure other appropriate safeguards according to Art. 16 FADP and Art. 45 GDPR, insofar as they are not already subject to a legally recognised set of rules to ensure data protection and we cannot rely on an exception. An exception may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interests or if the performance of a contract requires such disclosure, if you have consented or if it is a matter of data that you have made generally accessible and you have not objected to its processing.

We have concluded SCC with all our Group companies in the Philippines, the United Arab Emirates, Hong Kong and Singapore, since these countries do not have an adequate level of data protection. Moreover, we have concluded SCC with registered agents, auditors and agent companies who regularly get data from us in the following countries without having adequate data protection: Philippines and Marshall Islands.

Occasionally, your personal data can be transferred to registered agents, auditors and agent companies in countries without adequate level of data protection: British Virgin Islands, Panama, United Arab Emirates, Hong Kong, Philippines, Isle of Man and West Indies. This transfer is necessary for the performance of the contract and the rendering of services to you.

Please also note that data exchanged via the internet is often routed via third countries. Your data can therefore end up abroad even if the sender and recipient are in the same country.

7. Your rights

You can object to data processing at any time. You also have the following rights:

  • Right of access: You have the right to request access to your personal data stored by us at any time and free of charge if we are processing it. This gives you the opportunity to check what personal data we are processing about you and that we are using it in accordance with applicable data protection regulations.
  • Right to rectification: You have the right to have inaccurate or incomplete personal data rectified and to be informed of the rectification. In this case, we will inform the recipients of the data concerned of the adjustments made, unless this is impossible or involves disproportionate effort.
  • Right to erasure: You have the right to have your personal data erased under certain circumstances. In individual cases, the right to erasure may be excluded.
  • Right to restrict processing: Under certain circumstances, you have the right to have us restrict the processing of your personal data.
  • Right to object: You have the right to object to data processing, in particular to the processing of personal data.
  • Right to data transfer: In certain circumstances, you have the right to receive, free of charge, the personal data you have provided to us in a machine-readable format.
  • Right of withdrawal: In principle, you have the right to withdraw your consent at any time with effect for the future. Processing activities based on your consent in the past do not become unlawful as a result of your revocation.
  • Right of complaint: You have the right to lodge a complaint with a competent supervisory authority, e.g. against the way your personal data is processed.

8. Retention period of personal data

We retain personal data for as long as it is needed for the purpose for which it was collected, or for a period of time that we are obliged to retain it under applicable laws, regulations or contractual agreements, as well as for as long as we have an overriding interest in retaining it. After that, the data will be deleted. Retention obligations that oblige us to retain data result from accounting regulations and tax regulations. According to these regulations, business communication, concluded contracts and accounting vouchers must be kept for up to 10 years. Likewise, certain data must be retained for up to 10 years after termination of the business relationship in accordance with money laundering legislation.

The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR in the efficient management of user data.

9. Data security

We take appropriate technical and organisational security measures to protect personal data from unauthorised access and misuse. These include IT and network security solutions, access restrictions, encryption of data carriers and transmissions, instructions, training and controls.

If third parties have access to our data, special measures are taken which are regulated in the order processing contract.

10. Contact

If you have any questions about data protection, would like information, would like to object to data processing or would like to have your data deleted, please contact us by sending an e-mail to info@edg-consulting.com.

Please send your request by letter to the following address:

EDG Consulting Cyprus Limited
Orfeous 2B & Makariou III Avenue, 1st floor, office 102, 1070, Nicosia, Cyprus

The representative of the responsible person in the EU is:
EDG Consulting Cyprus Limited
Orfeos 2B & Makariou III Avenue, 1st Floor, Office 102,
CY-1070 Nicosia
Cyprus

11. Adaptation

This Privacy Policy does not form part of any contract with you. We may amend this privacy policy at any time. The version published on www.edg-consulting.com is the current version.

Last updated: 1 September 2023


Copyright 2023 Privacy Policy | Impressum