EisnerAmper Cayman | Privacy Policy | EisnerAmper Cayman Cayman

Privacy Policy

Last Revised date: 30 September 2019

Scope

EisnerAmper Cayman Ltd. (hereafter referred to as “EAC”) is committed to protecting your privacy and safeguarding your personal business and financial information. As part of EAC’s continuing commitment to data protection we have adopted this Privacy Policy to inform you about the types of Personal Data, as defined below, that EAC collects, uses, maintains and discloses and the choices you have regarding such collection, use, maintenance and disclosure and how you may correct any inaccuracies that may arise from time to time.

This Privacy Policy applies to all visitors to the EAC website located at www.eisneramper.ky and to all information submitted to EAC for use with or in connection with this website. By providing your personal information to us on our website you consent to the collection and use of that information in accordance with this Privacy Policy.

This Privacy Policy details how EAC collects, uses, discloses, retains and secures your Personal Data (defined below) as part of its business practices. The purpose of this policy is to clearly articulate the legal justifications for the processing of any Personal Data received and to inform you of your data subject rights under the Cayman Islands’ Data Protection Law, 2017 (“DPL”), any associated Regulations (as may be amended from time to time).

This Privacy Policy shall apply in the event that you decide to provide any Personal Data to EAC.

This Privacy Policy is current as of the “Last Revised” date which appears at the top of this page. EAC may make amendments from time to time without giving notice. Please be careful to review this Privacy Policy each time you visit our website to remain informed of any amendments.

Overview

EAC respects your fundamental right to privacy and entitlement to have all Personal Data processed in accordance with the DPL. EAC applies the following eight data protection principles enshrined in the DPL whenever any Personal Data is being processed:

• Fairness and Lawfulness: EAC will clarify the purpose for processing any Personal Data at the time of collection and shall only collect Personal Data in a fair, lawful and transparent manner (for example, when you use our website or engage us to provide services, or speak to one of our representatives about our products or service offerings);
• Purpose limitation: EAC will only collect and disclose Personal Data for specified, explicit and legitimate purposes. Unless explicit consent is received, EAC will not use any Personal Data obtained for any purpose other than that for which it was provided;
• Data minimization: EAC will limit the collection of Personal Data to what is directly adequate, relevant and necessary for the relevant services required to be provided;
• Data Accuracy: EAC will keep Personal Data accurate and up to date and shall take reasonable steps to ensure inaccurate personal information is deleted or corrected without delay while there continues to be a customer relationship, and in certain circumstances after that relationship has ended;
• Retention limitation: EAC will make all reasonable efforts to retain Personal Data in a manner consistent with the DPL and no longer than is necessary for the purposes for which it has been collected, or to comply with an individual’s request(s) and any legal, regulatory or internal or policy requirements;
• Respect for individual’s rights: EAC understands and is committed to processing Personal Data in accordance with the rights of the data subject under the DPL;
• Data security, integrity, confidentiality and protection: EAC implements internal technical and organizational measures to ensure an appropriate level of data security and protection of Personal Data from any unauthorized or malicious attacks, unlawful processing, inadvertent harm through accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to any Personal Data transmitted, stored or otherwise processed; and
• Protection for international transfers: EAC shall ensure that if Personal Data is transferred outside the Cayman Islands, it is adequately protected or the transfer is otherwise permissible under applicable law.

What is Personal Data?

“Personal data” comprises any information relating to an identified or identifiable natural person being any person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, address or other location data, any online identifier or any one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (e.g. age, gender, marital status, health information, mailing address, telephone numbers, email address, financial information, credit or debit card information or credit history. Personal information excludes any business titles, business addresses or business telephone numbers in your capacity as an employee.

What Personal Data does EAC collect?

EAC collects various Personal Data which may include the following (this list is not exhaustive):

• name and address (including proof of same);
• gender;
• nationality;
• date of birth;
• contact details (e.g. home address, telephone number, email address);
• passport photograph or other identity documents;
• financial information;
• bank details;
• tax residency;
• tax identification information;
• information that may be obtained from other sources including for the purposes of “know-your-client” procedures (as applicable), information from government or public bodies, public websites and other public sources.
• Such information may be provided on our webpage, in an application form, face to face, by telephone, by email, by engagement letter or otherwise.

Such information may be provided on our webpage, in an application form, face to face, by telephone, by email, by engagement letter or otherwise.

How do we collect your Personal Data?

We only obtain Personal Data directly from you, or indirectly from third party sources as permitted by applicable laws. At times you may voluntarily choose to provide EAC with unsolicited Personal Data through EAC’s website. Where such information is provided to us for any reason, in so doing you consent to EAC using that information in any manner described in this Privacy Policy or as may be alternatively specifically described at point of such disclosure being made.

In the event of any unsolicited information being provided to EAC we request that no sensitive Personal Data (e.g. personal details revealing racial or ethnic origin, political opinions, religious or other beliefs of a similar nature, philosophical beliefs, genetic data, health information, trade union membership, legal proceedings or health information) be provided unless you provide us with unambiguous consent to collect this information from you.

With respect to our website. EAC may use cookies (i.e. small text files that are stored in your web browser that allows EAC or a third party to recognize you). Cookies can be used to collect store and share certain information about your activities across websites, including on EAC’s website. Please carefully review our Cookies Policy which can be accessed directly at https://eisneramper.ky/index.php/cookies-policy/, or alternatively through our webpage if for any reason this direct link is not successful.

Use of Personal Data

EAC generally uses Personal Data for the following purposes:

• to provide professional information, assurance, tax or advisory services or respond to customer inquiries;
• to register you for, and facilitate your participation in, certain areas of our website, including any online updates, or message forums;
• to research, develop, manage, protect and improve our professional service offerings in the Cayman Islands and through our global network called EisnerAmper Global comprising EisnerAmper LLP, EisnerAmper Singapore and EisnerAmper Ireland to being globally recognized as one of Cayman’s leading corporate professional services firms;
• to develop and maintain our customer relationships and communicate as necessary with you;
• to conduct promotional activities including relevant publication updates on latest news and events of potential interest to customers;
• to market EAC’s goods and services;
• to potentially register you for any EAC related events, seminars or conferences;
• to send invoices and collect payment for goods or services;
• to address and handle any complaints received;
• to prevent fraud or other criminal activity;
• to carry out research about our visitors demographics, interests and behaviour in order to better understand our visitors to assist with improving operational efficiency, marketing campaigns and customer service efforts through the use of appropriate data analytics. Any such research is compiled and analyzed on an aggregate and anonymous basis;
• to occasionally gather your opinion and survey feedback details; and
• to process any applications for employment made via our website.

Whenever and however EAC collects, processes or uses Personal Data it takes all reasonable steps to ensure it is treated securely and in accordance with this Privacy Policy (as may be amended from time to time). We identify the purposes for which we use any Personal Data at the time we seek to collect such information, and obtain your informed, freely granted and unambiguous consent prior to each specific use. Whenever you provide us with your consent to use your Personal Data, such consent shall include all processing activities carried out for the same purpose or purposes. In the event that use of your Personal Data has multiple purposes, EAC will seek your consent for each separate purpose for which such Personal Data will be used.

Legal basis for processing your Personal Data

The DPL sets out certain different reasons for which a company may process Personal Data, and EAC does so under the following legal conditions:

• Consent: In specific situations, EAC may collect and process Personal Data with your consent
• Contractual obligations: In certain circumstances, EAC will need to process certain Personal Data to comply with contractual obligations for which we have been engaged.
• Legal compliance: If the law requires, EAC may need to process your Personal Data.
• Legitimate interest: In specific situations, EAC requires your Personal Data to pursue its legitimate interests in a way which might reasonably be expected as part of running its businesses and which does not materially impact your rights, freedom or interests (e.g. EAC may use an email address you have provided to send you information on our services).

Where does EAC store your Personal Data?

Personal Data received by EAC is primarily stored on servers maintained by EAC or its EisnerAmper network of associated firms. However, except as restricted by contractual or legal requirements applicable to specific clients, EAC may also utilize the services of selected third party service providers from time to time. EAC takes appropriate measures for the protection of any Personal Data handled by any retained service providers.

How does EAC secure your Personal Data?

The only employees who are granted access to your Personal Data are those with a business “need-to-know” or whose duties or employment responsibilities reasonably require such information.

EAC employs appropriate physical, technical, organizational and contractual measures to protect your Personal Data against loss, theft, unauthorized processing, destruction, damage, inappropriate copying, use or modification in accordance with its information technology policies.

When does EAC disclose Personal Data?

EAC identifies to whom, and for what purposes it may disclose any Personal Data at the time of collection. EAC may disclose your Personal Data in the following circumstances (this list is not exhaustive):

• if EAC uses a third-party service provider for marketing, marketing research or client relationship management;
• if you as a data subject requests that Personal Data be disclosed to a third party if there is a legal request or criminal investigation;
• if it is required to seek legal advice from EAC’s legal counsel; or
• if EAC is required to pass your Personal Data internally to any other EisnerAmper Global affiliate member firm or any retained third party data processors.

EAC may also make disclosure of Personal Data to a potential acquirer in connection with a transaction involving the potential sale or acquisition or some or all of EAC or a related EisnerAmper Global affiliate member firm, or as otherwise permitted by law, in which case the use of your Personal Data by the new entity would continue to be limited by applicable laws.

How long does EAC retain your Personal Data?

The retention period for holding of Personal Data will vary and be determined by criteria including the purposes for its use and retention periods prescribed by law and other legal obligations.

Direct Marketing

You may contact us directly at any time to make a request to EAC to stop using your Personal Data for direct marketing purposes.

Inaccuracies and Corrections

EAC endeavors to keep your personal data as accurate and up to date as possible. Should you become aware of any errors or inaccuracies in your Personal Data provided or retained by us please notify us by contacting us directly at our registered office address.

International transfer of Personal Data

 Your personal data is stored in the Cayman Islands unless it is transferred to another country for contractual purposes. Any Personal Data transferred to other countries may be subject to laws, regulations and lawful disclosure requirements of the jurisdiction(s) where such information may ultimately be stored. If at any time EAC transfers Personal Data outside the Cayman Islands, it will take all reasonable measures to ensure that, as a minimum there are adequate safeguards in place regarding the rights and freedoms of each relevant data subjects as provided for under the DPL.

What rights do you have in respect to your Personal Data?

Individuals have a right to be informed how your Personal Data is processed and this privacy notice fulfills EAC’s obligation in that respect.

The DPL also gives individuals statutory rights to:

• request access to Personal Data. If you make a written request to review any Personal Data collected, utilized or disclosed by EAC we will provide you with any such Personal Data as permitted or required by law. Any such Personal Data shall be made available in the form that is generally understandable, and will also clarify any defined terms or abbreviations used.
• request rectification/correction of your personal data at any time should you wish to challenge the accuracy or completeness of your Personal Data contained in our records. Upon receipt of confirmation that your Personal Data in our records is either inaccurate or incomplete we will amend the same as required and where appropriate we shall also transmit the amended Personal Data to third parties having access to your Personal Data;
• request that processing of Personal Data be stopped or restricted; and
• require EAC to cease processing Personal Data for direct marketing purposes.

Any questions or concerns not addressed in this notice, you may contact Ben Leung at bleung@eisneramper.ky or if you are not satisfied with any responses provided to any access requests made you may contact the Ombudsman (see contact details further below).

How quickly shall we respond to your written requests?

Unless we advise to the contrary, we shall respond to written requests not later than 30 days after receipt of any written requests. We shall advise if for any reason we are unable to meet your requests within this timeframe (e.g. where a large amount of Personal Data is requested or required to be searched through and meeting the timelines would unreasonably interfere with EAC’s day-to-day business operations; (b) where more time may be required to consult with any relevant third party prior to EAC being able to decide whether or not to provide access to the requested Personal Data; or (c) you provide consent to an extension of the 30 day timeframe. You have the right to make a complaint to the Ombudsman (see contact details below) in respect of this time limit should you choose to do so.

We may request that you provide sufficient identification to permit access to the existence, use or disclosure of your Personal Data. Any such identifying confirmation shall be used only for that purpose.

Are there costs to you for requesting access to your Personal Data?

We will in many instances be able to provide you with your requested Personal Data information free of charge except where any request made is determined to be manifestly unfounded or excessive because the request is (a) repetitive; (b) fraudulent in nature; or would divert EAC’s resources unreasonably. In the event of (a) (b) or (c) arising EAC may charge such fee as covers the cost of providing the requested data and information or may refuse to act on the request and provide reasons for so doing.

The Ombudsman Contact Details

Should you wish to exercise any of your data protection rights and entitlements above you may contact Ben Leung at bleung@eisneramper.ky.

Should you feel that your personal data has not been handled correctly, or you are not satisfied with any responses received to any requests you have made regarding the use of your Personal Data, you have a statutory entitlement under section 43 of the DPL to complain to the Cayman Islands’ Ombudsman. The Ombudsman can be contacted by calling: 1-345-946-6283 or by email at info@ombudsman.ky.

Changes to this Privacy Notice

 We may occasionally update this Privacy Notice to reflect changes to our practices and service offerings. Whenever we post any changes to this Privacy Notice we will revise the “Last Revised” date at the commencement of this Privacy Notice. Whenever we make any material changes to the manner in which we collect, use, and/or share Personal Data we will notify you by prominently posting notice of any such alterations on the website. We recommend you check this page from time to time to inform yourself of any changes in this Privacy Notice.