Privacy Policy

Scope

This privacy notice explains how EisnerAmper Governance Services Ltd. (“EAG”) collects, uses, discloses, retains and secures your personal data as part of its business practices. The policy clearly articulates the legal justifications for the processing of your personal data and also lists your data subject rights under the Cayman Islands’ Data Protection Law, 2017 (“DPL”) as amended.

Overview

EAG respects your privacy, and you are entitled to have your personal data processed in accordance with the DPL. The key principles EAG applies when processing your personal data are as follows:

• Lawfulness: EAG will only collect personal data in a fair, lawful and transparent manner.
• Data minimisation: EAG will limit the collection of personal data to what is directly relevant and necessary for the services provided.
• Purpose limitation: EAG will only collect personal data for specified, explicit and legitimate purposes.
• Accuracy: EAG will keep personal data accurate and up to date while there continues to be a client relationship, and in certain circumstances, after that relationship has ended.
• Data security and protection: EAG will implement technical and organisational measures to ensure an appropriate level of data security and protection considering the sensitivity of the personal data. Such measures provide for the prevention of any unauthorized or unlawful processing of personal data and against accidental loss or destruction of, or damage to that data.
• Access and rectification: EAG will process personal data in line with clients’ legal rights.
• Retention limitation: EAG will retain personal data in a manner consistent with the applicable DPL and DPL Regulations and no longer than is necessary for the purposes for which it has been collected in accordance with its retention policy.
• Protection for international transfers: EAG will ensure that if personal data is transferred outside the Cayman Islands, it is adequately protected.

What personal data does EAG collect?

EAG collects various personal data which may include the following (this list is not exhaustive):

• name and address
• date of birth
• telephone number
• email address
• copy of passport photo/biographical data page
• financial information included your method of payment such as check or wire transfer to EAG
• proof of residence

How does EAG use the personal data it collects?

EAG may use your personal data to (this list is not exhaustive):

• respond to client inquiries
• manage the client relationship
• send invoices and collect payment for goods or services rendered
• conduct promotional activities
• market goods and services
• handle complaints
• prevent fraud or other criminal activity
• record health and safety details if there is an incident at the EAG office

When does EAG disclose your personal data?

EAG may disclose your personal data in the following circumstances (this list is not exhaustive):

• if EAG uses a third-party service provider for marketing, marketing research or client relationship management
• if a data subject requests that personal data be disclosed to a third party
• if there is a legal request or criminal investigation
• if it is required to seek legal advice from EAG legal counsel
• any other circumstance where it may be required by law

International transfer of personal data

Your personal data is stored in the Cayman Islands unless it is transferred to another country for contractual purposes. If at any time EAG transfers personal data outside the Cayman Islands, it will ensure that there are adequate safeguards for the rights and freedoms of data subjects as required by the DPL.

The legal basis for processing your personal data

The DPL protection sets out some different reasons for which a company may process personal data, and EAG does so under the following legal conditions:

• Consent

In specific situations, EAG may collect and process personal data with your consent.

• Contractual obligations

In certain circumstances, EAG will need to process certain personal data to comply with contractual obligations for which we have been engaged.

• Legal compliance

If the law requires, EAG may need to process your personal data.

• Legitimate interest

In specific situations, EAG requires your personal data to pursue its legitimate interests in a way which might reasonably be expected as part of running its businesses and which does not materially impact your rights, freedom or interests.

For example, EAG may use an email address you have provided to send you information on our services.

How long does EAG retain your personal data?

EAG retains your personal data for as long as a client relationship exists, and the personal data is necessary to manage that relationship. When there is no longer a client relationship, EAG will retain certain types of personal data for varying periods depending on legal requirements and business needs. Personal data that is no longer needed will be destroyed. EAG will always hold your personal data for the least amount of time necessary in accordance with its retention policy. For specific retention periods, clients should contact Isatou Smith at ismith@eagovernance.ky.

How does EAG secure your personal data?

EAG employs appropriate technical and organizational measures to protect against unauthorized processing, accidental loss or destruction of, or damage to, your personal data in accordance with its Information Technology policies.

What rights do you have in respect to your personal data?

You have a right to be informed how your personal data is processed and this privacy notice fulfills EAG’s obligation in that respect. If you have further questions or concerns not addressed in this notice, you may contact Isatou Smith at ismith@eagovernance.ky.

You have a right to request access to your personal data, the right to request rectification/correction of your personal data, the right to request that processing of your personal data be stopped or restricted and the right to require EAG to cease processing your personal data for direct marketing purposes. If you wish to exercise any of these rights, you should contact Isatou Smith at ismith@eagovernance.ky.

If you feel that your personal data has not been handled correctly, or you are not satisfied with EAG’s responses to any requests you have made regarding the use of your personal data, you have the right to complain to the Cayman Islands’ Ombudsman. The Ombudsman can be contacted by calling: 1-345-946-6283 or by email at info@ombudsman.ky.