GDPR (General Data Protection Regulation) and Data Protection matters
In respect of personal data provided to GETS Ltd, unless otherwise required by applicable laws or other regulatory requirements, we shall:
a. process your personal data only in accordance with lawful written instructions, in order to provide you with the services agreed with you in advance and in accordance with applicable data protection legislation;
b. disclose and transfer the client personal data to members of our GETS network only ( eg US, Australia), our regulatory bodies or other third parties (for example, our own professional advisors) as and to the extent necessary in order to provide you with the services requested by you in relation to those services;
c. disclose personal data to courts, government agencies and other third parties as and to the extent required by law;
d. maintain written records of our processing activities performed on your behalf which shall include: (i) the categories of processing activities performed; (ii) details of any on cross border data transfers outside of the European Economic Area (EEA); and (iii) a general description of security measures implemented in respect of the personal data;
e. maintain commercially reasonable and appropriate security measures, including administrative, physical and technical safeguards, to protect against unauthorised or unlawful processing of any client personal data and against accidental loss or destruction of, or damage to, such personal data.
f. ensure that only those personnel who need to have access to the personal data are granted access to it and that all of the personnel authorised to process personal data are bound by a duty of confidentiality;
g. notify you if we appoint a sub-processor (but only if you have given us your prior written consent, such consent not to be reasonably withheld or delayed) and ensure any agreement entered into with the relevant sub-processor includes similar terms as the terms set out in this clause;
h. where we transfer the personal data to a country or territory outside the EEA to do so in accordance with data protection legislation;
i. notify you promptly if:
i) we receive a request, complaint or any adverse correspondence from or on behalf of a relevant data subject, to exercise their data subject rights under the data protection legislation or in respect of the personal data; or
ii) we are served with an information or assessment notice, or receive any other material communication in respect of our processing of the personal data from a supervisory body (for example, the Information Commissioner’s Officer in the UK);
j. notify you, without undue delay, in the event that we reasonably believe that there has been a personal data breach in respect of the personal data;
k. at your cost and upon receipt of you prior written notice, allow you, on an annual basis and/or in the event that we notify you of personal data breach in respect of the personal data, reasonable access to the relevant records, files, computer or other communication systems, for the purposes of reviewing our compliance with the data protection laws.
Without prejudice to the generality of this clause, you will ensure that you have all necessary appropriate consents and notices in place to enable the lawful transfer of the client personal data to us.
Should you require any further details regarding our treatment of personal data, please contact our Data Protection Officer.