CONSENT FOR THE PROCESSING OF PERSONAL DATA AT BKMS LTD

BKMS LTD Company Limited (referred to as ‘we’, ‘us’, ‘our’, or ‘BKMS’) is committed to protecting your privacy and handling your data in an open and transparent manner. The personal data that we collect and process depends on the product or service requested and agreed in each case.

This privacy statement:
- provides an overview of how the BKMS collects and processes your personal data and tells you about your rights under the local data protection law and the EU General Data Protection Regulation (‘GDPR’),

- is directed to natural persons who are either current or potential customers of the BKMS, or are authorised representatives/agents or beneficial owners of legal entities or of natural persons which/who are current or potential customers of the BKMS,

- is directed to natural persons who had such a business relationship with the BKMS in the past,

- contains information about when we share your personal data with other members of the BKMS Group and other third parties (for example, our service providers).

In this privacy statement, your data is sometimes called “personal data” or “personal information”. We may also sometimes collectively refer to handling, collecting, protecting and storing your personal data or any such action as “processing” such personal data.

For the purposes of this statement, personal data shall mean any information relating to you which identifies or may identify you and which includes, for example, your name, address, identification number.

1. Who we are
BKMS is a Regulated Administrative Service Provider by Cyprus Securities and Exchange Commission Reg. No 96/196 and registered in Cyprus under registration number HE152631 as a limited liability company having its registered office at 201 Strovolos Avenue, The Future Business Centre, 2nd Floor, Off. 201-202, 2049 Nicosia, Cyprus.

If you have any questions, or want more details about how we use your personal information, you can contact our Data Protection Officer at 201 Strovolos Avenue, The Future Business Centre, 2nd Floor, Off. 201-202, 2049 Nicosia, Cyprus email: [email protected].

2. Other entities of the BKMS Group
BKMS is related to other companies ( referred to as ‘BKMS Group’) that are providing administrative services, which fall under the scope of the same licensed by Cyprus Securities and Exchange Commission, therefore the privacy statement of BKMS is applicable to all the related companies that fall under the same regulation.

3. What personal data we process and where we collect it from
We collect and process different types of personal data, which we receive from our customers (potential and current) in person or via their representative or via our alternative channels of communication such as our websites, in the context of our business relationship.

We may also collect and process personal data, which we lawfully obtain not only from you but from other related entities within the BKMS Group, or other third parties e.g. Banks, Credit Institutions, credit reference agencies, Administrative Service Providers, Lawyers, Auditors, public authorities, companies that introduce you to us, companies that process payments etc.

We may also collect and process personal data from publicly available sources (e.g. the Department of Registrar of Companies and Official Receiver, the Land Registry, the Bankruptcy Archive, commercial registers, the press, media and the Internet) which we lawfully obtain and we are permitted to process.

If you are a prospective customer, or a non-customer counterparty in a relationship with a customer, or prospective administrative provider or an authorised representative/agent or beneficial owner of a legal entity or of a natural person which/who is a prospective customer, the relevant personal data, which we collect may include:

Name, address, contact details (telephone, email), identification data, EU basic payment account identification, birth date, place of birth (city and country), marital status, employed/self-employed, if you hold/held a prominent public function (for PEPs), FATCA / CRS info, authentication data [e.g. signature].

When we agree to provide products and services to you or the legal entity you represent or beneficially own, then additional personal data will be collected and processed which may include:

In the context of providing Administrative Services:
Current income and expenses, employment history, property ownership and personal debts, economic and financial background, number of dependent children, personal investments and investment income, Banking details and relationships, Account statements, life insurances (life insurance companies, policy numbers, current surrender values), residence and correspondence address, tax residence and tax ID, credit reference data [e.g. KYC360, Worldcheck], residence or work permit in case of non-EU nationals, own and/or third party securities, employment position [e.g. as per corporate certificates of directors/shareholders].

For accounting services, banking services and/or other financial services:
Personal data related to the financial data [e.g. payments, transfers], personal data arising from the performance of our contractual obligations, tax information (e.g. defence tax, tax residency, tax identification number, tax declarations, proof of tax return submissions), financial info (as expected annual credit/debit turnover, nature of transactions, source of income, source of assets), purpose of financial transaction, collateral information , information on any third-party beneficiaries, Nature and term of the employment relationship, other banking relationships, proof of tax return submissions, statements and transaction history, purpose of financing, property documentation for house financing (e.g. property description, property valuation reports, construction and municipal permits, land registry reports, sale agreements), business records (i.e. cash flows and balance sheets and business management information, financial statements, management accounts), personal investment portfolio, Investment strategy and scope, personal investment objectives.

4. Children’s data
We understand the importance of protecting children's privacy. We may collect personal data in relation to children only provided that we have first obtained their parents’ or legal guardian’s consent or unless otherwise permitted under law. For the purposes of this privacy statement, “children” are individuals who are under the age of eighteen (18).

5. Whether you have an obligation to provide us with your personal data
In order that we may be in a position to proceed with a business relationship with you, you must provide your personal data to us which are necessary for the required commencement and execution of a business relationship and the performance of our contractual obligations. We are furthermore obligated to collect such personal data given the provisions of the money laundering law, which require that we verify your identity before we enter into a contract or a business relationship with you or the legal entity for which you are the authorized representative / agent or beneficial owner. You must, therefore, provide us at least with your identity card/passport, your full name, place of birth (city and country), and your residential address so that we may comply with our statutory obligation as mentioned above.

Kindly note that if you do not provide us with the required data, then we will not be allowed to commence or continue our business relationship either to you as an individual or as the authorized representative/agent or beneficial owner of a legal entity.

6. Why we process your personal data and on what legal basis
As mentioned earlier we are committed to protecting your privacy and handling your data in an open and transparent manner and as such we process your personal data in accordance with the GDPR and the local data protection law for one or more of the following reasons:

For the performance of a contract
We process personal data in order to perform and offer our services based on contracts with our customer but also to be able to complete our acceptance procedure so as to enter into a contract with prospective customers.

The purpose of processing personal data depends on the requirements for each product or service and the contract terms and conditions provide more details of the relevant purposes.

For compliance with a legal obligation
There are a number of legal obligations emanating from the relevant laws to which we are subject as well as statutory requirements, e.g. the Cyprus Securities and Exchange Commission law, the Anti Money Laundering Law, the Cyprus Investment Services Law, Tax laws, Company Registrar Law, Banking Law, Payments Law and other public administration laws. Such obligations and requirements impose on us necessary personal data processing activities for credit checks, identity verification, compliance with court orders, tax law or other reporting obligations and anti-money laundering controls.

For the purposes of safeguarding legitimate interests
We process personal data so as to safeguard the legitimate interests pursued by us or by a third party. A legitimate interest is when we have a business or commercial reason to use your information. But even then, it must not unfairly go against what is right and best for you. Examples of such processing activities include:

- Initiating legal claims and preparing our defense in litigation procedures,

- Means and processes we undertake to provide for the BKMS’s IT and system security, preventing potential crime, asset security, admittance controls and anti-trespassing measures,

- Setting up CCTV systems, e.g. at our offices for the prevention of crime or fraud,

- Measures to manage a business and for further developing products and services.

- Sharing your personal data within the BKMS Group for the purpose of updating/verifying your personal data in accordance with the relevant anti-money laundering compliance framework,

- BKMS risk management,

- The transfer, assignment and/or sale to one or more persons of and/or charge and/or encumbrance over, any or all of the BKMS’s benefits, rights, title or interest under any agreement between the customer and the BKMS.

You have provided your consent
Provided that you have given us your specific consent for processing (other than for the reasons set out hereinabove) then the lawfulness of such processing is based on that consent. You have the right to revoke consent at any time. However, any processing of personal data prior to the receipt of your revocation will not be affected.

7. Who receives your personal data
In the course of the performance of our contractual and statutory obligations your personal data may be provided to various departments within the BKMS but also to other companies of the BKMS Group. Various service providers and service suppliers may also receive your personal data so that we may perform our obligations. Such service providers and service suppliers enter into contractual agreements with the BKMS by which they observe confidentiality and data protection according to the data protection law and GDPR.

It must be noted that we may disclose data about you for any of the reasons set out hereinabove, or if we are legally required to do so, or if we are authorized under our contractual and statutory obligations or if you have given your consent. All data processors appointed by us to process personal data on our behalf are bound by contract to comply with the GDPR provisions.

Under the circumstances referred to above, recipients of personal data may be, for example:

- Supervisory and other regulatory and public authorities, inasmuch as a statutory obligation exists. Some examples are the Cyprus Securities Exchange Commission, the income tax authorities, criminal prosecution authorities, Company Registrar, Social Securities departments etc.

- Credit and financial institutions that BKMS acts as an introducers and/or has a relationship with and/or acts on behalf of the customer,

- Share and stock investment and management companies,

- Valuators and surveyors,

- Non-performing loan management companies,

- Debt collection agencies,

- For our anti-money laundering process, such as credit reference agencies,

- Administrative Service Providers,

- External legal consultants,

- Financial and business advisors,

- Auditors and accountants,

- Marketing operations,

- Companies which help us to provide you with debit, credit, pre-paid or charge cards such as Visa and Mastercard,

- Card payment processing companies, such as JCC Payment Systems Ltd,

- Fraud prevention agencies,

- File storage companies, archiving and/or records management companies, cloud storage companies,

- Companies who assist us with the effective provision of our services to you by offering technological expertise, solutions and support and facilitating payments,

- Purchasing and procurement and website and advertising agencies,

- Potential or actual purchasers and/or transferees and/or assignees and/or chargees of any of the BKMS’s benefits, rights, title or interest under any agreement between the customer and the BKMS, and their professional advisors, service providers, suppliers and financiers.

8. Transfer of your personal data to a third country or to an international organisation
Your personal data may be transferred to third countries (i.e. countries outside of the European Economic Area) in such cases as e.g. to execute your orders (registration of company, purchases, sales, payment or investment orders) or if this data transfer is required by law (e.g. reporting obligation under Tax law) or you have given us your consent to do so. Processors in third countries are obligated to comply with the European data protection standards and to provide appropriate safeguards in relation to the transfer of your data in accordance with GDPR Article 46.

9. To what extent there is automated decision-making and whether profiling takes place
In establishing and carrying out a business relationship, we generally do not use any automated decision-making. We may process some of your data automatically, with the goal of assessing certain personal aspects (profiling), in order to enter into or perform a contract with you, in the following cases:

- Data assessments (including on financial transactions) are carried out in the context of combating money laundering and fraud. An operation may be detected as being used in a way that is unusual for you or your business. These measures may also serve to protect you.

- Credit scoring is used as part of the assessment of your creditworthiness. This calculates whether you or your business will meet your payment obligations pursuant to a contract. This helps us make responsible decisions that are fair and informed.

10. How we treat your personal data for marketing activities and whether profiling is used for such activities
We may process your personal data to tell you about products, services and offers that may be of interest to you or your business.

The personal data that we process for this purpose consists of information you provide to us and data we collect and/or infer when you use our services, such as information on your financial transactions. We study all such information to form a view on what we think you may need or what may interest you. In some cases, profiling is used, i.e. we process your data automatically with the aim of evaluating certain personal aspects in order to provide you with targeted marketing information on products.

We can only use your personal data to promote our products and services to you if we have your explicit consent to do so or, in certain cases, if we consider that it is in our legitimate interest to do so.

You have the right to object at any time to the processing of your personal data for marketing purposes, which includes profiling, by contacting at any time personnel of the BKMS either in person or in writing.

11. How long we keep your personal information for
We will keep your personal data for as long as we have a business relationship with you [as an individual or in respect of our dealings with a legal entity you are authorized to represent or are beneficial owner].

Once our business relationship with you has ended, we may keep your data for up to ten (10) years in accordance with the directive of the Data Protection Commissioner (http://www.dataprotection.gov.cy).

We may keep your data for longer than 10 years if we cannot delete it for legal, regulatory or technical reasons.

For prospective customer [or authorized representatives/agents or beneficial owners of a legal entity prospective customer] we shall keep your personal data for 6 months from the date of notification of the rejection of your application for BKMS services or from the date of withdrawal of such application, as per Data Protection Commissioner directive (http://www.dataprotection.gov.cy).

12. Your data protection rights
You have the following rights in terms of your personal data we hold about you:

- Receive access to your personal data. This enables you to e.g. receive a copy of the personal data we hold about you and to check that we are lawfully processing it. In order to receive such a copy you can complete our web form through the BKMS’s website (https://www.bkmsgroup.com/contact-us.html).

- Request correction [rectification] of the personal data we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected.

- Request erasure of your personal information. This enables you to ask us to erase your personal data [known as the ‘right to be forgotten’] where there is no good reason for us continuing to process it.

- Object to processing of your personal data where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground. If you lodge an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms.

You also have the right to object where we are processing your personal data, for direct marketing purposes. This also includes profiling inasmuch as it is related to direct marketing.

If you object to processing for direct marketing purposes, then we shall stop the processing of your personal data for such purposes.

- Request the restriction of processing of your personal data. This enables you to ask us to restrict the processing of your personal data, i.e. use it only for certain things, if:

- it is not accurate,

- it has been used unlawfully but you do not wish for us to delete it,

- it is not relevant any more, but you want us to keep it for use in possible legal claims,

- you have already asked us to stop using your personal data but you are waiting us to confirm if we have legitimate grounds to use your data.

- Request to receive a copy of the personal data concerning you in a format that is structured and commonly used and transmit such data to other organisations. You also have the right to have your personal data transmitted directly by ourselves to other organisations you will name [known as the right to data portability].

- Withdraw the consent that you gave us with regard to the processing of your personal data at any time. Note that any withdrawal of consent shall not affect the lawfulness of processing based on consent before it was withdrawn or revoked by you.

To exercise any of your rights, or if you have any other questions about our use of your personal data, please contact a BKMS employee, or visit BKMS office, or complete the web form through the BKMS’s website (https://www.bkmsgroup.com/contact/).

You can also contact our Data Protection Officer at [email protected].

We endeavour to address all of your requests promptly.

Right to lodge a complaint
If you have exercised any or all of your data protection rights and still feel that your concerns about how we use your personal data have not been adequately addressed by us, you have the right to complain by completing our on line contact form (https://www.bkmsgroup.com/contact-us.html). You also have the right to complain to the Office of the Commissioner for Personal Data Protection. Find out on their website how to submit a complaint (http://www.dataprotection.gov.cy).

13. Changes to this privacy statement
We may modify or amend this privacy statement from time to time.

We will notify you appropriately when we make changes to this privacy statement and we will amend the revision date at the top of this page. We do however encourage you to review this statement periodically so as to be always informed about how we are processing and protecting your personal information.

14. Frequently asked questions
To help you understand the basic principles of data privacy law and address some of the common questions that arise with regard to the protection of your personal data, please refer to the Frequently Asked Questions stated in our website (https://www.bkmsgroup.com/faq.html)

15. Cookies
Our websites use small files known as cookies to make it work better in order to improve your experience.

Cookies on the Website
A cookie is a small text file that visited websites save on your computer. Cookies are used to provide visitors access to various functions. The information in the cookie can be used to track your internet usage. Under the Electronic Communications Act, all visitors to a website with cookies must have access to information stating that the website contains cookies and the purpose for which cookies are used. Visitors must also approve such cookies being used. The website uses the following cookies:

Cookie Name: _ga _gid _gat
Purpose: Google Analytics. These third-party cookies are used to collect information about how visitors use the website.
Type: Analytical

Cookie Name: ASP.NET_SessionId
Purpose: Session cookie sent to the web browser. Used when you open the browser and then go to a website that implements ASP.NET session state. This cookie is deleted when you close your browser.
Type: Mandatory

Cookie Name: google.com doubleclick.net
Purpose: Google Advertising. These Third-party cookies are used to improve advertising.
Type: Marketing (externally)

Cookie Name: youtube.com
Purpose: Youtube third party cookies. YouTube collects user data through videos embedded in websites, which can then be used to display targeted advertising to web visitors.
Type: Marketing (externally)

Analytics Tools for the Website
On this website the web analytics tool Google Analytics is used to get an overall picture of how visitors use the site. Google Analytics uses cookies to collect information in an anonymous form (aggregated) about how visitors use the website, for example, the number of page views, how visitors have arrived at the website, and the number of visits. The purpose is to help us improve the usability of the website. The information generated through your website usage is redirected to and stored by Google Inc. This site uses IP Anonymization in Analytics. The IP anonymization feature in Analytics sets the last octet of IPv4 user IP addresses and the last 80 bits of IPv6 addresses to zeros in memory shortly after being sent to the Analytics Collection Network. The full IP address is never written to disk in this case.

How to Avoid Cookies
If you would prefer cookies to be rejected, change the settings in your web browser so that you either automatically refuse cookies to be downloaded or are prompted each time a website requests to save a cookie. Cookies that have been previously downloaded can also be deleted through the web browser. For more information, see the documentation for the web browser in question.

Note:
The General Data Protection Regulation (EU) 2016/679 shall apply from 25 May 2018. Until then, the Processing of Personal Data (Protection of Individuals) Laws 2001 till 2012 remain in force.