EisnerAmper Cayman | Privacy Policy | EisnerAmper Cayman Cayman

Privacy Policy

Scope

This privacy notice explains how EisnerAmper Advisory Cayman Ltd (“EA”) collects, uses, discloses, retains and secures your personal data as part of its business practices. In this privacy notice references to ‘EA’ must be read as including EA’s affiliates and third-party sub-processors (together “Approved Sub-Processors”) to whom it is legally authorised to transfer such personal data for onward processing in accordance with the Cayman Islands’ Data Protection Act (as revised) (“DPA”). The notice articulates the legal justifications for the processing of your personal data and also lists your data subject rights under the DPA.

Overview

“EisnerAmper” is the brand name under which EisnerAmper LLP and Eisner Advisory Group LLC provide professional services. EisnerAmper LLP and Eisner Advisory Group LLC are independently owned firms that practice in an alternative practice structure in accordance with the AICPA Code of Professional Conduct and applicable law, regulations and professional standards. EisnerAmper LLP is a licensed CPA firm that provides attest services, and Eisner Advisory Group LLC and its subsidiary entities provide tax and business consulting services to clients and provide staff and other administrative resources to EisnerAmper LLP. EA is an EisnerAmper entity and is affiliated with the other EisnerAmper entities.

EA respects your privacy, and you are entitled to have your personal data processed in accordance with the DPA. The key principles EA applies when processing your personal data are as follows:

• Lawfulness: EA will only collect personal data in a fair, lawful and transparent manner.
• Data minimisation: EA will limit the collection of personal data to what is directly relevant and necessary for the services provided.
• Purpose limitation: EA will only collect personal data for specified, explicit and legitimate purposes.
• Accuracy: EA will keep personal data accurate and up to date while there continues to be a client relationship, and in certain circumstances, after that relationship has ended.
• Data security and protection: EA will implement technical and organisational measures to ensure an appropriate level of data security and protection considering the sensitivity of the personal data. Such measures provide for the prevention of any unauthorized or unlawful processing of personal data and against accidental loss or destruction of, or damage to that data.
• Access and rectification: EA will process personal data in line with clients’ legal rights.
• Retention limitation: EA will retain personal data in a manner consistent with the applicable DPA and DPA Regulations and no longer than is necessary for the purposes for which it has been collected in accordance with its retention policy.
• Protection for international transfers: EA will ensure that if personal data is transferred outside the Cayman Islands, it is adequately protected.

What personal data does EA collect?

EA collects various personal data which may include the following (this list is not exhaustive):

• name and address
• date of birth
• telephone number
• email address
• copy of passport photo/biographical data page
• financial information included your method of payment such as check or wire transfer to EA
• proof of residence

How does EA use the personal data it collects?

EA may use your personal data to (this list is not exhaustive):

• respond to client inquiries
• manage the client relationship
• send invoices and collect payment for goods or services rendered
• conduct promotional activities
• market goods and services
• handle complaints
• prevent fraud or other criminal activity
• record health and safety details if there is an incident at the EA office

When does EA disclose your personal data?

EA may disclose your personal data in the following circumstances (this list is not exhaustive):

• if EA uses a third-party service provider for marketing, marketing research or client relationship management
• if a data subject requests that personal data be disclosed to a third party
• if there is a legal request or criminal investigation
• if it is required to seek legal advice from EA legal counsel
• any other circumstance where it may be required by law

International transfer of personal data

The primary processing facilities for EisnerAmper are based in the United States of America. EA generally transfers client data to its Approved Sub-Processors that maintain those primary processing facilities, but such that it can access such data at all times in the Cayman Islands. Where EA transfers personal data outside the Cayman Islands, it will ensure that there are adequate safeguards for the rights and freedoms of data subjects as required by the DPA.

The legal basis for processing your personal data

The DPA protection sets out some different reasons for which a company may process personal data, and EA does so under the following legal conditions:

• Consent

In specific situations, EA may collect and process personal data with your consent.

• Contractual obligations

In certain circumstances, EA will need to process certain personal data to comply with contractual obligations for which we have been engaged.

• Legal compliance

If the law requires, EA may need to process your personal data.

• Legitimate interest

In specific situations, EA requires your personal data to pursue its legitimate interests in a way which might reasonably be expected as part of running its businesses and which does not materially impact your rights, freedom or interests.

For example, EA may use an email address you have provided to send you information on our services.

How long does EA retain your personal data?

EA retains your personal data for as long as a client relationship exists, and the personal data is necessary to manage that relationship. When there is no longer a client relationship, EA will retain certain types of personal data for varying periods depending on legal requirements and business needs. Personal data that is no longer needed will be destroyed. EA will always hold your personal data for the least amount of time necessary in accordance with its retention policy. For specific retention periods, clients should contact EAAC@eisneramper.ky.

How does EA secure your personal data?

EA employs appropriate technical and organizational measures to protect against unauthorized processing, accidental loss or destruction of, or damage to, your personal data in accordance with its Information Technology policies.

What rights do you have in respect to your personal data?

You have a right to be informed how your personal data is processed and this privacy notice fulfils EA’s obligation in that respect. If you have further questions or concerns not addressed in this notice, you may contact EAAC@eisneramper.ky.

You have a right to request access to your personal data, the right to request rectification/correction of your personal data, the right to request that processing of your personal data be stopped or restricted and the right to require EA to cease processing your personal data for direct marketing purposes. If you wish to exercise any of these rights, you should contact EAAC@eisneramper.ky.

If you feel that your personal data has not been handled correctly, or you are not satisfied with EA’s responses to any requests you have made regarding the use of your personal data, you have the right to complain to the Cayman Islands’ Ombudsman. The Ombudsman can be contacted by calling: 1-345-946-6283 or by email at  info@ombudsman.ky.