PRINCIPLES OF PROCESSING CLIENT DATA
Valid as of 25.05.2018
This document describes the principles for processing Prospera Group customer data.
The principles apply if a Client uses, has used or has expressed an intention to use or is in ohter way related to any of the services provided by Prospera. The same principles apply to the relationship with the Client established before these principles entered into force.
PROSPERA – Customer Data responsible processor, legal entity
- Prospera Europe Ltd, located in Malta
- Prospera Eesti OÜ, located in Estonia
- Prospera Lietuva UAB, located in Lithuania
CLIENT – any natural person or legal entity who uses, has used or has expressed a wish to use or is in other way related to any of the services provided by Prospera.
CLIENT DATA – any information known to Prospera about the Client or its representatives.
PERSONAL DATA – any information directly or indirectly related to the Client as a natural person.
PROCESSING – any operation carried out with Client data (incl. collection, recording, storing, alteration, grant of access to, making enquiries, transfer to third parties, etc.).
- GENERAL PROVISIONS
- This document describes the general principles how Prospera Processes Client data. Specific details on the Processing of Client data might be also described in agreements, other service related documents.
- Prospera ensures, within framework of applicable law, the confidentiality of Client data and has implemented appropriate technical measures to safeguard Client. Prospera also applies organisational measures from unauthorised access, unlawful Processing or disclosure, accidental loss or destruction.
- Prospera may also use other processors for Processing Client data. In such cases, Prospera ensures that such data processors Process Client data under the instructions of Prospera and in compliance with applicable law and apply adequate security measures.
- CATEGORIES OF CLIENT DATA
Prospera may collect data from the Client and from external sources, such as public and private registers or other third parties. Primary categories of Client data, which Prospera collects and processes:
Identification data – name, identification code, date of birth, data regarding the identification document (passport, ID card).
Contact data – address, telephone number, email address, language of communication.
Family data – in case of need, information about Client’s family and other related person’s.
Professional data – data about educational or professional career.
Data about the relationships with legal entities – such as data submitted by the Client or obtained from public registers or through third parties to represent this legal entity.
Data on origin of assets or wealth – such as data regarding business activity and source of personal funds.
Data about trustworthiness – data that enables Prospera to perform its due diligence measures regarding money laundering and terrorist financing prevention and to ensure the compliance with international sanctions, including the purpose of the business relationship and whether the Client is a politically exposed person.
Data obtained and/or created while performing an obligation arising from law – such as data arising from enquiries made by investigative bodies, notaries, courts.
Data about the Client’s tax residency – data about the country of residence, tax identification number, citizenship.
Communication data – such as data which is collected through e-mails, messages and other communication mechanisms (social media). Data collected related to the Client’s visit at Prospera’s website or communication though other channels (such as client portal).
Data related to the services – execution or non-performance of contracts, services purchased, enquiries, complaints, fees, etc.
- PURPOSES AND BASIS OF PROCESSING CLIENT DATA
Prospera processes client data primarily to:
- Manage customer relations and provide access to services provided by Prospera. To conclude and execute an agreement (for example, an accounting agreement, services agreement, etc.) with the Client, keeping data updated and correct by verifying and enriching data through external and internal sources. The activities of Prospera are based on the performance of the contract or in the implementation of pre-contractual measures upon the Client’s request or legal obligation.
- Perform risk assesments. To carry out risk assesments in order to determine whether the Client meets Prospera’s risk assessment criteria.
- Fulfil legal obligations and verify identity. To comply with applicable law and international agreements, for example performance of due diligence “know your client” principle; discover and report potential money laundering and terrorist financing, be aware of whether the Client is a politically exposed person and is subject to financial sanctions imposed on the client.
- Prevent misuse of services and ensure adequate provisions of services.
- Prove, enforce and defend legal claims.
- Send information about services and products (customer newsletter), to make company’s internal statistics
- RECIPIENTS OF CLIENT DATA
Client data may be shared with other recipients, such as:
- Authorities (law enforcement authorities, tax authorities, customs, notary offices, financial intelligence units, etc.).
- Legal entities in Prospera Group (Prospera Europe Ltd, Prospera Eesti OÜ and Prospera Lietuva UAB) can exchange client data.
- Financial institutions, credit institutions, intermediaries of financial services, professional service providers, from which Prospera purchases services.
- Auditors, legal and financial consultants, or any other processor authorized by Prospera.
- Third parties maintaining registers (such as commercial registers, securities registers, population registers or other registers holding or intermediating Client data).
- Other persons related to provision of services of Prospera such as postal services, etc.
- GEOGRAPHICAL AREA OF PROCESSING
- The Client data is processed within European Union/European Economic Area, but in some cases transferred and processed to countries outside the European Union/European Economic Area.
- Transfer and Processing of Client data outside the European Union can take place provided there is a legal ground, such as legal requirement, due diligence or Client’s consent and confirmation that appropriate safeguards are implemented. Upon request the Client can receive further details from Prospera on Client data transfers to countries outside European Union/European Economic Area.
- DATA RETENTION
Client data will be processed no longer than necessary. The retention period may be based on applicable law (for example, laws relating to accounting, auditing, money laundering or foreclosure laws, other private law) or various agreements.
- CLIENTS’ RIGHTS AS A NATURAL PERSON
- Request his/her personal data to be corrected if it is incorrect or incomplete.
- Object to Processing of his/her Personal data, for example, newsletter, offers, participating in surveys.
- Request the deletion of his/her Personal data. Such right does not apply if Personal data is being processed also based on other legal grounds such as legal obligation or agreement.
- Submit complaints about the use of personal data to the relevant Inspectorate if the client finds that the processing of his/her personal data violates his/her rights.
- CONTACT DETAILS
The data of companies belonging to Prospera Group can be seen on the website www.prosperainfo.com:
(a) Prospera Europe Ltd., Reg.No: C-28388; VAT: MT16123532; address: 19/18 Vincenti Buldings, Strait Street, Valletta Malta; phone no: +35621224847; e-mail: firstname.lastname@example.org
(b) Prospera Eesti OÜ, Reg. No 10845402; VAT: EE100744554; address: Metro Plaza, 2 Viru Väljak, 10111 Tallinn, Estonia; phone no: +3726307700; e-mail: email@example.com
(c) Prospera Lietuva UAB. Reg. No: 300543173; VAT: LT100002384811; address: Konstitucijos pr. 7, LT-09308, Vilnius, Lithuania; phone no: +37052758841; e-mail: firstname.lastname@example.org
Prospera has the right to unilaterally amend the principles at any time, in compliance with the applicable law, by notifying the Client of any amendments via email, website, client portal or in another manner, not later than one month prior to the amendments entering into force.