Esteramis Privacy Notice
Your right to privacy
Your right to privacy is important to us. We take the security of your information seriously and have policies and processes in place to ensure it remains safe.
This notice describes the way we collect information, how we use it and how we protect it.
Who we are
We are a group of companies trading under the brand name of G.S.L. Law & Consulting, which includes the following companies and brands:
- G.S.L Law Russia (Controller)
- Winkong Consulting Ltd.
- G.S.L. Law & Consulting (BVI) Ltd.
- Esteramis Professional Services Ltd. (Cyprus)
- Infinity Group Seychelles
- RANK Management Ltd. (UK)
Our address is: Klimentos 41-43, KLIMENTOS TOWER, Office 25, 1061, Nicosia, Cyprus
You can find our website at: https://gsl.org/ru/cyprus/
Because parts of our group are based outside the Cyprus / European Union, we have appointed RANK Management Ltd. (UK) as our local representative.
Our Data Protection Officer is Aniko Sebok and you can contact her by telephone on +442078228591 or email at: email@example.com
How we comply with data protection regulations
We are committed to safeguarding your personal information and we are legally obliged to use your information in line with all laws concerning the protection of personal information.
Information we hold about you
We collect personal information about you when you enquire about or make use of our services. Personal information we collect, and hold may include:
- name, address, and e-mail address;
- telephone number;
- information about services you use, and other related information;
- information we need to be able to process payments for you, for example bank and credit or debit card details;
- records of contact with you, such as system notes, emails, and letters, or;
How we get and use your personal information
Most of the personal information we process is provided to us directly by you. We will only collect, use, hold or disclose personal information where we have a lawful basis to do so. This means information needed to provide you with a product or service, to satisfy legal or regulatory requirements, or where we have your consent.
We may use your information to:
- communicate with you;
- keep our records up to date
- process payments;
- for the investigation of or prevention of crime;
- for research and statistical purposes;
- to disclose to regulatory bodies for the purposes of monitoring and/or enforcing our compliance with their requirements;
- process job applications;
- gain feedback from you;
- prevent crime and meet our legal obligations;
- prudentially manage our business using models and forecasts;
- keep you informed of other relevant products or services that may be of interest to you where you have provided consent for us to do this, or;
The lawful bases that we rely on for processing your information are:
- Your consent, which you can remove at any time;
- We have a contractual obligation;
- We have a legal obligation;
- We have a legitimate interest.
We may also monitor and keep records of email communications which you send to us and other communications with you in accordance with this policy and our other business interests.
We may also receive personal information indirectly, from third parties or other parts of our group.
How long we keep your information
We will keep your personal information only for as long as necessary in line with regulatory and legal requirements and will destroy it securely when it is no longer needed. We have a retention schedule that we use to manage the length of time we keep personal data and if you would like to know any specific timescales listed on it, please contact us using the contact details on this form.
How we protect your information
The security of your information is important to us. We protect your information by maintaining physical, electronic, and procedural safeguards in relation to the collection, storage, and disclosure of personal data to prevent unauthorised access, accidental loss, disclosure, or destruction.
Your information is securely stored.
No data transmission over the internet can be entirely secure, and therefore we cannot guarantee the security of your personal information and/or use of our sites. However, we use our reasonable endeavours to protect the security of your personal information from unauthorised access.
Where we process your information
We may process your information outside the Cyprus or European Union. Where this is the case, we will not transfer your information to other countries outside the EEA unless it is unavoidable to allow us to deliver our products and services. If we do, we take care to ensure the same level of privacy and security as the Cyprus.
How we share your information
From time to time we may send information to, receive information from, or exchange your personal information with:
- partners or agents who support us to deliver our products and services to you, or that we refer you to, or that refer you to us;
- companies who perform essential services for us;
- third-party organisations that conduct research, analysis, and marketing activities on our behalf;
- regulators, courts, or other public authorities;
- the emergency services in the case of accident or emergency.
We will only share or exchange data with third parties with the protection of a written agreement and the ability to oversee their activities, unless information is required for legal or regulatory reasons.
We may share your information with organisations based outside the Cyprus and / or European Union. Where this is the case, we will only do so provided that organisation complies with local data protection regulations and with the protection of a written agreement.
Where we have relationships with other organisations that process your information on our behalf, we take care to ensure they have high data security standards. We will not allow these organisations to use your personal information for unauthorised purposes.
If the business is reorganised or sold to another organisation, we may transfer any personal information we hold to that organisation.
In the event that a third party may deliver all or part of the service requested by you, whilst the information you provide will be disclosed to them, it will only be used for the administration of the service provided and to maintain management information for business analysis.
How you can manage the information we hold and how we use it
Data protection regulations mean you have rights over how we hold and use the information we hold about you:
- Your right to manage consents.
You have the right to give your consent to us using your data for any activities we do not have another lawful basis to carry out, for example sending you marketing communications. You can withdraw consent at any time.
- Your right of Access.
You have the right to request access to the information we hold about you; this is called a Data Subject Access Request
- Your right to know about sharing.
You have the right to know who your data is shared with and why
- Your right to rectification.
You have the right to have your details updated if they are inaccurate and for information not required for lawful reasons to be deleted. You also have the right to ask us to complete information you think is incomplete.
- Your right to erasure.
You have the right to ask us to erase your personal information in certain circumstances.
- Your right to object to processing.
You have the right to object to the processing of your personal data in certain circumstances.
- Your right to restriction of processing.
You have the right to have automated processing and profiling restricted. Profiling may be used to analyse or predict economic situations, health, personal preferences, interests, reliability, behaviour, location, or movements
- Your right to data portability.
You have the right to request that information we process by automated means is sent to you or another nominated data controller in a commonly used electronically readable format
You are not required to pay any charge for exercising your rights. If you make a request, we will respond to you within one month.
If you wish to action any of the above, please contact our data protection officer by:
- e-mailing: firstname.lastname@example.org
- writing to: 8-12 New Bridge Street, London, EC4V 6AL, United Kingdom
telephoning us on +442078228591
Please do not include confidential information in e-mails or letters.
You can also complain to the ICO if you are unhappy with how we have used your data.
You can contact them in writing to: Commissioner for Personal Data Protection Cyprus at Iasonos 1, 1082 Nicosia, Cyprus or call their helpline on +357 22818456
Changes to this policy
We regularly review this policy.
Last updated April 2020