Purpose of this notice
This privacy notice describes how Willie & Nicholson Associates (“Willie & Nicholson”, “we”, “us” or “our”) may collect, use, disclose or otherwise process personal data in accordance with the Personal Data Protection Act (“PDPA”) and also the General Data Protection Regulation (“GDPR”) if you reside in the UK or Europe. It applies to Personal Data provided to us, both by individuals or by others.
The PDPA defines personal data as “data, whether true or not, about an individual who can be identified:
- From that data; or
- From that data and other information to which we have or are likely to have access.”
The GDPR defines personal data as any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
The above shall collectively be referred to as “personal data”.
Willie & Nicholson, UAE is a member firm of Crypto Valley Association, an independent, government-supported association established to take full advantage of Switzerland’s strengths to build the world’s leading blockchain and cryptographic technologies ecosystem.
Willie & Nicholson, UAE is committed to the protection of personal information supplied by clients and prospective clients. We understand and appreciate the fact that our clients are concerned about the privacy afforded to their information collected via the Internet. We are committed to providing our clients with a high level of privacy in relation to the personal information that is collected by us online.
Types of Personal Data
Depending on the nature of your interaction with us, some examples of personal data which we may collect and process includes:
- contact and personal details (including name, address, date of birth, employer name, copy of CV, contact title, phone, email and other business contact details);
- business activities;
- business contact details if an individual is attending a seminar or event; and
- dietary requirements if an individual is attending a seminar or event.
We may also collect and process the following personal data for our employees:
- contact and personal details (including name, address, date of birth, phone number, email and other family contact details;
- banking and financial details;
- recruitment information (including copies of right to work documentation, references and other information included in a CV or cover letter or as part of the application process);
- employment records;
- CCTV footage, photographs; and
- marital status/dependants.
Collection, Use and Disclosure of Personal Data
We generally do not collect your personal data unless (a) it is provided to us voluntarily by you directly or via a third party who has been duly authorised by you to disclose your personal data to us (your “authorised representative”) after (i) you (or your authorised representative) have been notified of the purposes for which the data is collected, and (ii) you (or your authorised representative) have provided written consent to the collection and usage or your personal data for those purposes, or (b) collection and use of personal data without consent is permitted or required by the PDPA or other laws. We shall seek your consent before collecting any additional personal data and before using your personal data for a purpose which has not been notified to you (except where permitted or authorised by law).
We may collect and use your personal data for any or all of the following purposes:
- Verifying your identify;
- Seminars and events;
- Providing you information regarding enquiries submitted through our online form;
- Managing your relationship with us; and
- Sending you marketing information about our services including notifying you of our marketing events and initiatives
Compliance with a legal obligation
We are subject to legal, regulatory and professional obligations. We will process Personal Data as necessary to comply with those obligations. We are also to keep certain records to demonstrate that our services are provided in compliance with our legal, regulatory and professional obligations.
In certain limited circumstances, such as where a Data Subject has agreed to receive marketing communications from us, we may process personal data by consent. Where consent is the only basis upon which personal data is processed the relevant Data Subject shall always have the right to withdraw their consent to processing for such specific purposes. It is our policy to only process personal data by consent where there is no other lawful basis for processing.
Withdrawal of Consent
Where we process personal data based on consent, individuals have a right to withdraw consent at any time. However, please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclose without consent is permitted or required under applicable laws.
To withdraw consent to our processing of your personal data, please email to our Data Protection Officer at the contact details provided below. To stop receiving an email from a marketing list, please click on the unsubscribe link in the relevant email received from us.
Access to and Correction of Personal Data
If any individual would like to make (a) an access request for access to a copy of the personal data which we hold about the individual or information about the ways in which we use or disclose those individuals personal data, or (b) a correction request to correct or update any of the individual personal data which we hold, please contact us by sending an email to our Data Protection Officer at the contact details provided below. We may charge for a request to access details of personal data, if permitted by law. If a request is clearly unfounded, repetitive or excessive we may refuse to comply with that request.
Please note that it is our policy not to provide copy documents if we are contacted by Data Subject seeking access to their Personal Data. We will comply with this request in another way, usually by providing a newly created document listing the information we are required to provide under data protection law.
We may need to request specific information from those individuals who contact us to help us confirm their identity and ensure their right to access their personal data (or to exercise any of their other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact an individual to ask them for further information in relation to their request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if a request is particularly complex. In this case, we will notify the individual concerned and keep them updated.
Protection of Personal Data
We take the security of all the data we hold very seriously. We have a framework of policies, procedures and training in place covering data protection, confidentiality and security and regularly review the appropriateness of the measures we have in place to keep the data we hold secure.
We have put in place appropriate security measures to prevent personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures.
In addition, we limit access to personal data to those employees, agents, contractors and other third parties who have a business need to know, and our IT systems operate on a ‘least privileged’ basis by default. Third parties will only process personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify any affected Data Subject and any applicable regulator of a suspected breach where we are legally required to do so.
Accuracy of Personal Data
It is important that the personal data we hold about is accurate and current. On an annual basis we will use reasonable endeavours to contact Data Subjects to verify whether the information we hold about them is correct. However, at any time, please notify us of any changes in your personal information of which we need to be made aware by contacting us, either through your usual contact or by informing our Data Protection Officer via email at the contact details provided below.
Retention of Personal Data
We retain the Personal Data processed by us for as long as is considered necessary for the purpose for which it was collected (including as required by applicable law or regulation).
Transfers of Personal Data Outside of UAE
We generally do not transfer your personal data to countries outside of UAE. However, if we do so, we will obtain your consent for the transfer to be made and we will take steps to ensure that your personal data continues to receive a standard of protection that is at least comparable to that provided under PDPA.
If there are any questions regarding this notice or if anyone would like to contact us about the manner in which we process their personal data, please contact our Data Protection Officer at: firstname.lastname@example.org.
Effect of Notice and Changes to Notice
This Notice applies in conjunction with any other notices, contractual clauses and consent clauses that apply in relation to the collection, use and disclosure of your personal data by us.
We recognise that transparency is an ongoing responsibility so we will keep this privacy statement under regular review. This privacy statement was last updated on 1 September 2019.