1.1 ASPEN MANAGEMENT SERVICES LIMITED incorporated and registered in the Republic of Cyprus with company registration number ΗE 96455 whose registered office is at 77 Lemesou Avenue, ELIA HOUSE, 2121, Nicosia, Cyprus (hereinafter referred to as the “Company”).
1.2 This Privacy Notice Policy (hereinafter referred to as the “Privacy Notice”) is issued pursuant to and reflects compliance with the requirements and/or obligations and/or duties introduced by the EU General Data Protection Regulation 2016/679 (hereinafter referred to as the “GDPR”), as amended and replaced from time to time, as well as the relevant implementing legislation L.125(I)/2018 of the Republic of Cyprus in relation to all processing activities carried out by the Company in respect of your Personal Data.
2. Scope and Objective of the Privacy Notice
2.1 The Company respects individuals’ rights to privacy and the protection of Personal Data. The scope of this Privacy Notice is to explain and elaborate on how we collect, use, process and store your Personal Data in the course of our business.
2.2 “Personal Data” or “Data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
2.3 The Company may update the Privacy Notice from time to time. When we make any updates, we will communicate such updates to you and publish the updated Privacy Notice on our website, https://aspentrust.com
2.4 We would encourage you to visit our website regularly to stay informed about the purposes of processing of your Personal Data and your rights to control how we collect, use or process your Personal Data.
3. The Personal Data we process
3.1 We collect, use and process various categories of Personal Data at the start of, and for the duration of, your business relationship with us as well as after the termination of our business relationship. The Company will limit the collection and processing of Personal Data to the necessary Data to meet the purpose and legal basis as described in the Section 6 of this Privacy Notice.
3.2 Personal Data may inter alia, include:
- a. Basic Personal Data, including but not limited to name and residential address;
- b. email address, telephone number;
- c. Passport/ID number;
- d. IP address.
3.3 The Company may also process certain special categories of Personal Data for specific and limited purposes and only on the basis of an explicit consent granted by you or on any other legal basis, as described in the Section 6 of this Privacy Notice.
3.4 These special categories of Personal Data include:
- a. Physical or psychological health details or medical conditions;
- b. Information about racial or ethnic origin;
- c. Religious or philosophical beliefs;
- d. Biometric and genetic information, relating to the physical or physiological characteristics;
3.5 Children’s Privacy
Our services do not address anyone under the age of 18 (“Children”).
We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.
4. Controller of Personal Data
4.1 For the purposes of the GDPR the Company, in the most of the cases, is the data controller of the Personal Data provided by you and accordingly is subject to applicable EU and national data protection laws. The Company is responsible for deciding the purposes of the processing, how to hold and retain the data provided and is under an obligation to inform you about the categories of the Personal Data it holds, your rights as well as how it will use the Personal Data.
4.2 Below you may find the principles according to which the Company as data controller complies with:
- a. Lawfulness, Fairness and Transparency: Personal Data is processed lawfully, fairly and in a transparent manner. The data subject is informed on the processing that will occur and the purposes for that processing.
- b. Purpose limitation: Personal Data is collected for specified, explicit and legitimate purposes. No further processing incompatible with these purposes occurs. The processing is limited to only what is necessary to meet the specified purpose.
- c. Data minimisation: Personal Data obtained is adequate, relevant and limited to what is necessary for the intended purposes.
- d. Accuracy principle: data is accurate and updated. Any inaccurate data is rectified and redundant data is deleted.
- e. Storage Limitation: data is kept in a form which permits the identification of the relevant data subject for no longer than necessary for the intended purpose of processing. Data wherever possible, is stored in a way that prevents or limits identification of the data subject.
- f. Integrity and Confidentiality: the Company warrants that data is processed in a manner that ensures the security of the data and that the data is properly protected against unauthorised or unlawful processing, accidental destruction or loss and destruction or damage. The integrity and confidentiality of the data is ensured at all times through the use of appropriate technical and organisational measures.
- g. Accountability: the Company is responsible for and is able to demonstrate compliance with this policy and the law.
5. How Personal Data is collected
5.1 Your Personal Data may be collected:
- a. From you via email in electronic form or by post/courier in hard copy;
- b. From you via audio and video conference software;
More information as to the processing of your personal data via our video conferencing tools:
Google Ireland Limited
Gordon House, Barrow Street
Microsoft Ireland Operations Limited
One Microsoft Place, South County Business Park
Leopardstown, Dublin 18
Zoom Video Communications, Inc.
55 Almaden Blvd, Suite 600
San Jose, CA 95113
- c. From you via social media (such as LinkedIn and Facebook), in case in which you are contacting us on our social media pages (our LinkedIn page or Facebook page);
More information as to the processing of your personal date on our social media pages can be found at:
Facebook Ireland Ltd.
4 Grand Canal Square
Grand Canal Harbour
Dublin 2 Ireland.
LinkedIn Ireland Unlimited Company
Wilton Place, Dublin 2
- d. From third parties, established or located within and/or outside the EEA (via email in electronic form or by post/courier in hard copy);
- e. During our contractual relationship with you (via email in electronic form or by post/courier in hard copy);
5.2 It is your duty and responsibility to provide us with updates as to the Personal Data provided in order for such Data to remain current, accurate and correct and you acknowledge that we rely on the Personal Data provided to us in carrying out our obligations, under the law and our contractual relationship with you.
5.3 Where you are a corporate entity providing to us Personal Data of any individual or where you are an individual providing us with Personal Data of any individual other than yourself, you hereby undertake and represent that such individual, whose Personal Data is collected, used, processed and stored in accordance with this Privacy Notice, has been fully informed of and clearly consented in writing to such collection, use, processing and store of his/her Personal Data under this Privacy Notice and that he/she has beeninformed of his/herrights inrelationto the Personal Data which is collected, used, processed and stored, under this Privacy Notice.
6. Purpose of Processing and legal basis of processing of your Personal Data
6.1 We would like to ensure that you fully understand the purpose and the legal basis of collecting, using, processing and storing of your Personal Data. Thus, in this Section we will describe the purposes for which your Personal Data may be used as well as the legal basis of processing of your Personal Data.
6.A Purpose of processing
6.A.1 We will only collect, use, process, store, share or transfer your Personal Data where it is necessary for us to carry out our lawful business activities and provide our services. We will process your Personal Data for the purpose of or in connection with the provision of our services to you, for performance of our security, and for compliance with our legal obligations.
We set out below in further detail the legal bases on which your Personal Data is being processed.
6.B Legal Basis of processing of your Personal Data
We have described the legal basis for which your Personal Data may be used in detail below:
6.B.1 Performance of a Contract/Contractual necessity
6.B.1.1 We may process your Personal Data where it is necessary to enter into a contract with you for the provision of our services or to perform our obligations or duties under such contract.
6.B.1.2 On the basis of Contractual necessity we may collect, use, process and store Data such as name and surname.
6.B.1.3 Please note that if you don’t agree to provide us with the Data required on the basis of Contractual necessity we may have to suspend or terminate the services provided to you.
6.B.2 Legal and Regulatory Obligations
6.B.2.1 When you establish a business relationship with us in order to provide you with our services, throughout your relationship with us and after the termination of your business relationship with us, we are required by the law to collect, use, process and store certain Personal Data about you.
This may include Personal Data necessary:
- a. To comply with any and all legal and/or regulatory obligations whatsoever under the laws and regulations, in any jurisdiction within or outside the EEA;
- b. To be used in the courts, law enforcement agencies, regulatory agencies, and other public or competent or tax authorities or other authorities, governmental or not, in any jurisdiction within or outside the EEA;
- c. To protect our rights, privacy, safety or property whatsoever;
- d. To be used for the prevention, detection or investigation of crimes whatsoever.
6.B.2.2 The Company may collect, use, process and store Personal Data such as your name, date of birth to comply with the legal and/or regulatory obligations.
6.B.2.3 Please note that if you don’t agree to provide us with the Data required to meet our legal and/or regulatory obligations we may have to suspend or terminate the services provided to you.
6.B.3 Legitimate interests of the Company
6.B.3.1 We may collect, process, use, and store your Personal Data where it is in our legitimate interests and without prejudicing your interests or fundamental rights and freedoms.
6.B.3.2 We may process your Personal Data to manage our business, financial affairs as well as to protect our employees, clients and property. It is in our interests to ensure that our processes and systems operate effectively and that we can continue operating as a business.
6.B.3.3 This may include processing of your Data to:
- a. Monitor, maintain and improve internal business processes, information and data, technology and communications solutions and services;
- b. Ensure business continuity and disaster recovery responding to information technology and business emergencies;
- c. Ensure network and information security, including but not limited to monitoring authorised users’ access to our information technology for the purpose of preventing cyber-attacks, unauthorised use of our telecommunications, trading or other systems and websites, prevention or detection of crime and protection of your Personal Data;
- d. Provide assurance on the management of the Company’s material risks;
- e. Protect our legal rights and interests.
6.B.3.4 It is in the Company’s interest to ensure that it provides you with the most appropriate services.
6.B.3.5 This may require processing of your Data to enable us to:
- a. Understand your actions, behaviour, preferences, expectations, feedback in order to improve our services and develop new services;
- b. Monitor and improve the performance and effectiveness of services.
6.B.3.6 On the basis of legitimate interest we may collect, use, process and store Data such as your telephone number or email address.
6.B.3.7 Please note that if you don’t agree to provide us with the Data collected, used, processed and stored on the basis of the legitimate interest we may have to suspend or terminate the services provided to you.
6.B.4.1 For special category of data and marketing purposes we may only collect, use, process and store Personal Data where an explicit consent has been granted.
7. Your rights
7.1 The Company takes all the appropriate measures to make sure that you are fully informed about your rights in regards with all Personal Data we collect, process, use and store.
7.2 As a result, all rights and the circumstances under which such rights may be exercised are described in the table below. In the event you wish to exercise any of the rights described below or if you have any queries about how we collect, use, process or store your Personal Data that are not answered in this Privacy Notice, or if you wish to complain to our Data Protection Officer, please contact us at DPO@aspentrust.com or at +357 22418888 or at 77 Lemesou Avenue, ELIA HOUSE, 2121, Nicosia, Cyprus.
Access – You have the right to access to your Personal Data including the records of any and all email and/or text message correspondence, between you and the Company, held by the Company.
Specifically, you have the right to enquire as to whether we process any Personal Data of yours as well as which Personal Data is processed and the manner of such processing. You have the right to receive a copy of your Personal Data without any charge. If you would like a copy of your Personal Data held by the Company, please contact us at DPO@aspentrust.com or at +357 22418888 or at 77 Lemesou Avenue, ELIA HOUSE, 2121, Nicosia, Cyprus.
Rectification – You have a right to rectification of inaccurate Personal Data and to update incomplete Personal Data.
In case you believe that any of the Personal Data held by the Company is inaccurate, you are entitled to request to restrict the processing of that Personal Data and rectify the inaccuracies.
Erasure – You have a right to request that your Personal Data be deleted.
You may request to delete your Personal Data in case you believe that:
You may exercise this right by contacting us at DPO@aspentrust.com or at +357 22418888 or at 77 Lemesou Avenue, ELIA HOUSE, 2121, Nicosia, Cyprus.
Restriction – You have a right to request that we restrict the processing of your Personal Data.
You may request us to restrict processing your Personal Data where:
You may exercise this right by contacting us DPO@aspentrust.com or at +357 22418888 or at 77 Lemesou Avenue, ELIA HOUSE, 2121, Nicosia, Cyprus.
Portability – You have a right to data portability.
You have the right to receive your Personal Data or to request that we transmit such Personal Data to another third party (where this is technically feasible) in a structured, commonly used machine-readable format where the processing is based on your consent or pursuant to our contract with you or where processing is carried out by automated means. Where you request that we provide such Data directly to third parties, the Company shall not be responsible for any such third parties’ use of your Personal Data, which will be governed by their agreement with you and any privacy statement they provide to you.
You may exercise this right by contacting us DPO@aspentrust.com or at +357 22418888 or at 77 Lemesou Avenue, ELIA HOUSE, 2121, Nicosia, Cyprus.
Objection – You have a right to object to the processing of your Personal Data.
You have a right to object to us processing your Personal Data for marketing purposes or on the basis of the legitimate interest as described in the Section 6 of this Privacy Notice– unless we can demonstrate compelling and legitimate grounds for the processing, which may override your own interests, or for the establishment, exercise or defence of legal claims.
The Company may need to restrict or cease processing your Personal Data altogether or, where requested, delete your information.
Please note that if you chose to exercise this right, we may have to suspend or terminate the services provided to you.
Withdraw consent – You have a right to withdraw your consent.
In case in which the Company relies on your consent to process your Personal Data (including Personal Data falling under the special categories), you have a right to withdraw your consent at any time by sending a written request at DPO@aspentrust.com or at +357 22418888 or at 77 Lemesou Avenue, ELIA HOUSE, 2121, Nicosia, Cyprus.
Raise a complaint – You have a right to raise a complaint with the Data Protection Commissioner’s Office.
If you wish to make a complaint, you can contact our Data Protection Officer who will investigate the matter.
We expect to be fully able to address any concerns you may have directly in the first instance; however, we would like to inform you of your right to address any complaint to the Data Protection Commissioner’s Office at any time should you so wish. For more information, visit http://www.dataprotection.gov.cy
You also have the right to lodge a complaint with the relevant supervisory authority in your country of residence, or your place of work or the place where the alleged infringement has taken place where this is within the EU.
Not be subject to automated decision-making processing (including profiling) – You have the right not to be subject to automated decision making.
You have the right not to be subject to a decision, based solely on automated processing of Personal Data. At this point, the Company does not have in place any automated-decision making in respect of your Personal Data.
8. Changes to the way we use your Personal Data
The Company reserves the right to change the way and/or the purpose of processing and use of your Personal Data. As a result, where the Company decides to process or use your Personal Data for purpose other than the purpose for which such Personal Data were initially collected, processed and used and stored, it shall provide you with all relevant information of such change including the new purpose under which such Personal Data will be used and/or processed as well as all of your rights as described in the Section 7 of this Privacy Notice.
9. Communications about your Personal Data
9.1 We may directly contact you to provide you with information in regards with the status, operation and maintenance of your Personal Data including updated information about how we collect, use, process and store your Personal Data via DPO@aspentrust.com
9.2 We may also directly contact you to provide you with information including but not limited to any outstanding bills and/or invoices whatsoever.
10. How we use and share Personal Data
10.1 We will only use and share your Personal Data where it is necessary for us to lawfully carry out our business activities and/or provide our services. Your Personal Data may be shared with and used, processed and stored by subsidiaries and/or other group companies.
11. Sharing with third-parties
11.1 We may share your Personal Data, inter alia, with the following recipients and categories of recipients:
- a. Third party organisations that provide applications, data processing or IT services to the Company including cloud-based software, audio and video conference software,identity management, web-hosting, data analysis, security and storage services.
- b. professional advisors including Legal Advisors, Auditors, Tax Advisors;
- c. Banking Institutions, Regulated Financial Institutions;
- d. Law enforcement and other government and regulatory agencies and other third parties as required under applicable law.
11.2 We may share your Personal Data with third parties in the following cases:
- a. Where we have your explicit and written consent;
- b. It is required for your service;
- c. Where it is requested by any competent or any other authority having control or jurisdiction over the Company or you or your associates whatsoever or in whose territory the Company has clients;
- d. With competent authorities including Police to investigate or prevent fraud, money laundering or other illegal activity;
- e. With any of the Company’s professional advisors provided that in each case the relevant professional shall be informed about the confidential nature of such Data and commit to the confidentiality obligations herein as well;
- f. With other service providers who create, maintain or process databases (whether electronic or not), offer record keeping services, email transmission services, messaging services or similar services which aim to assist the Company collect, storage, process and use your Personal Data or get in touch with you;
- g. With successors or assignees or transferees or buyers, with five (5) Business Days prior written notice to you;
- h. With such third parties as we see fit to assist us in enforcing our legal or contractual rights against you including but not limited to debt collection agencies and legal advisors. You acknowledge that any of the persons listed in the previous sentence may be either within or outside the EEA;
- i. It is required by the law and by law enforcement agencies, judicial bodies, the financial ombudsman, government entities, tax authorities or regulatory bodies and/or other competent authorities, governmental or not, whatsoever, established or located within or outside the EEA;
- j. With software, platform support or cloud hosting companies.
11.3 Our third-parties to which we share and/or transfer your Personal Data are not allowed to use or disclose or share whatsoever for any other purpose other than the purpose to provide services, as agreed, to us.
11.4 We will not disclose to any third party your Personal Data for its own marketing purposes without your consent.
11.5 Please note that your Personal Data is shared, transferred, collected, processed and stored electronically on Cloud within the EU.
11.6 If you would like a copy of your Personal Data held by the third parties or if you want to receive more details on how your Personal Data is collected, used, processed or stored by the third parties please contact us DPO@aspentrust.com or at +357 22418888 or at 77 Lemesou Avenue, ELIA HOUSE, 2121, Nicosia, Cyprus.
12. Service Providers
We may employ third party companies and individuals to facilitate our service (“Service Providers”), provide the service on our behalf, perform Service-related services or assist us in analyzing how our Service is used.
These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
12.1 Analytics Providers
We may use third-party Service Providers to monitor and analyze the use of our service.
12.1.1 Google Analytics
Our website uses functions of the web analysis service Google Analytics. The provider of this service is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics uses so-called cookies. Cookies are text files, which are stored on your computer and that enable an analysis of the use of the website by users. The information generated by cookies on your use of this website is usually transferred to a Google server in the United States, where it is stored.
The storage of Google Analytics cookies and the utilization of this analysis tool are based on Art. 6 Sect. 1 lit. f GDPR. The operator of our website has a legitimate interest in the analysis of user patterns to optimize both, the services offered online and the operator’s advertising activities. If a corresponding agreement has been requested (e.g. an agreement to the storage of cookies), the processing takes place exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the agreement can be revoked at any time.
12.2 IP anonymization
On this website, we have activated the IP anonymization function. As a result, your IP address will be abbreviated by Google within the member states of the European Union or in other states that have ratified the Convention on the European Economic Area prior to its transmission to the United States. The full IP address will be transmitted to one of Google’s servers in the United States and abbreviated there only in exceptional cases. On behalf of the operator of this website, Google shall use this information to analyse your use of this website to generate reports on website activities and to render other services to the operator of this website that are related to the use of the website and the Internet. The IP address transmitted in conjunction with Google Analytics from your browser shall not be merged with other data in Google’s possession.
12.3 Browser plug-in
You do have the option to prevent the archiving of cookies by making pertinent changes to the settings of your browser software. However, we have to point out that in this case you may not be able to use all of the functions of this website to their fullest extent. Moreover, you have the option prevent the recording of the data generated by the cookie and affiliated with your use of the website (including your IP address) by Google as well as the processing of this data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
12.4 Objection to the recording of data
You have the option to prevent the recording of your data by Google Analytics by clicking on the following link. This will result in the placement of an opt out cookie, which prevents the recording of your data during future visits to this website: Google Analytics deactivation.
For more information about the handling of user data by Google Analytics, please consult Google’s Data Privacy Declaration at: https://support.google.com/analytics/answer/6004245?hl=en.
12.5 Contract data processing
We have executed a contract data processing agreement with Google and are implementing the stringent provisions of the German data protection agencies to the fullest when using Google Analytics.
12.6 Archiving period
Data on the user or incident level stored by Google linked to cookies, user IDs or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) will be anonymized or deleted after 36 months. For details please click the following link: https://support.google.com/analytics/answer/7667196?hl=en
12.2 Other Services
We use the “CleanTalk” service, which protects the website from spam. The use takes place on the basis of our legitimate interests within the meaning of Art. 6 Para. 1 lit. f) General Data Protection Regulation (GDPR).
For security reasons and to protect against spam, your data will be processed in the CleanTalk Cloud Service and stored in log files for a maximum of 45 days. After expiry of the specified period, this data will be completely deleted. CleanTalk may use information about IP or email address spam activity to provide adequate anti-spam protection for all websites connected to its service.
13. Links to Other Sites
We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.
14. Transferring Information to third countries
14.1 We may share or transfer your Personal Data with recipients in non-EU countries where:
- a. the European Commission has decided that the country or the organisation we are sharing your Personal Data with will protect your Data adequately;
- b. the transfer has been authorised by the relevant data protection authority;
- c. we have entered into a contract with the organisation with which we are sharing your Personal Data (on terms approved by the European Commission or the Data Protection Commissioner of the Republic of Cyprus) to ensure your Personal Data is adequately protected.
5. How long we store your Data
15.1 We retain the Personal Data processed by us for as long as we consider necessary for the purpose for which it was collected, as required and/or as required under any legal provision to which we are subject and/or for such other periods as can be lawfully justified in each case.
15.2 Personal data may be held for longer periods where extended retention periods are required by the Law or regulations and/or in order to establish, exercise or defend our legal rights before a Court or tribunal or Arbitral tribunal whatsoever.
16. Security information
16.1 We are committed to ensuring that your Personal Data is secure. For more information about the steps we are taking to protect your Personal Data please contact us at DPO@aspentrust.com or at +357 22418888 or at 77 Lemesou Avenue, ELIA HOUSE, 2121, Nicosia, Cyprus.
16.2 In the event of any loss or destruction or other form of personal data breach in respect of your Personal Data which is likely to result in a high risk to your rights and freedoms, we will contact you via DPO@aspentrust.com.
17. Tracking, Log files & Cookies Data
Cookies are files with a small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Other tracking technologies are also used such as beacons, tags and scripts to collect and track information and to improve and analyze our Service.
You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.
Examples of Cookies we use:
- Session Cookies: We use Session Cookies to operate our Service;
- Preference Cookies: We use Preference Cookies to remember your preferences and various settings;
- Security Cookies: We use Security Cookies for security purposes.
Server log files
The provider of this website and its pages automatically collects and stores information in so-called server log files, which your browser communicates to us automatically. The information comprises:
- The type and version of browser used
- The used operating system
- Referrer URL
- The hostname of the accessing computer
- The time of the server inquiry
- The IP address
This data is not merged with other data sources.
This data is recorded on the basis of Art. 6 Sect. 1 lit. f GDPR. The operator of the website has a legitimate interest in the technically error free depiction and the optimization of the operator’s website. In order to achieve this, server log files must be recorded.
We use “Cloudways” (Cloudways Ltd. (C 55975) of 52 Springvale Pope Pius XII Street, Mosta, Malta) to store our website files and database and operate our website. The operation of the website takes place on servers within the EU.</span
18. Data Controller and Contact Information
The Company is generally a controller for processing of the Personal Data, however, we may provide some services as processors. If you have any queries about how we collect, use, process or store your Personal Data that are not answered in this Privacy Notice, or if you wish to complain to our Data Protection Officer, please contact us at contact us at DPO@aspentrust.com or at +357 22418888 or at 77 Lemesou Avenue, ELIA HOUSE, 2121, Nicosia, Cyprus.