Privacy Notice

Effective Date: from 25 May 2018

This Privacy Notice explains how particular companies GSL Ltd.
collects, uses and discloses your personal data, and your rights in relation to
the personal data it holds. Keeping your data secure and private is part of our
philosophy for delivering high standards of services.

GSL Ltd. (in this Privacy Notice, “us”, “we” and “our”) is the data
controller of your personal data and is subject to the EU General Data
Protection Regulation 2016/679 (the “GDPR”).

The person responsible for our privacy and data protection policy is Aniko Sebok.
Her contact details are:
Email: gsl@gsl.org

Telephone: +44 207 822 8590

This Privacy Notice supersedes any previous Privacy Notice or equivalent which
you may have been provided with or seen prior to the Effective Date stated
above.

Your rights

Under the GDPR you have the following rights:

  • To obtain access to, and copies of, the personal data that we hold about
    you;
  • To require that we cease processing your personal data if the processing is
    causing you damage or distress;
  • To require us not to send you marketing communications;
  • To require us to erase your personal data;
  • To require us to restrict our data processing activities;
  • To receive from us the personal data we hold about you which you have
    provided to
    us, in a reasonable format specified by you, including for the purpose of
    you
    transmitting that personal data to another data controller; and
  • To require us to correct the personal data we hold about you if it is
    incorrect.

Please note that the above rights are not absolute, and we may been titled to
refuse
requests where exceptions apply.

You can find out more about your rights at www.ico.org.uk.

If you have any questions about how we use your personal data, or you wish to
exercise any of the rights set out above, please contact us using the
following:

  • By email: gsl@gsl.org
  • By telephone: +7 (495) 234-38-33

If you are not satisfied with how we are processing your personal data, you can
make
a complaint to www.ico.org.uk.

How we collect your data

We collect your personal data in a number of ways, for example:

  • From the information you provide to us when you meet us;
  • From information about you provided to us by your company or an
    intermediary;
  • When you communicate with us by telephone, fax, email or other forms of
    electronic
    communication. In this respect, we may monitor, record and store any such
    communication;
  • When you complete (or we complete on your behalf) client on-boarding or
    application or other forms;
  • From other companies associated with GSL Ltd.;
  • From your agents, advisers, intermediaries, and custodians of your assets;
  • From publicly available sources or from third parties, most commonly where
    we need
    to conduct background checks about you.

The categories of personal data we collect

We collect the following categories of personal data about you:

  • Your name and contact information such as your home or business address, job
    title, email address and telephone number;
  • Biographical information which may confirm your identity including your date
    of
    birth, tax identification number and your passport number or national
    identity card
    details, country of domicile and/or your nationality;
  • Information relating to your financial situation such as income,
    expenditure,
    assets and liabilities, sources of wealth, as well as your bank account
    details;
  • Reference letters, whether you hold/held a prominent public function (for
    PEPs),
    FATCA / CRS info, authentication data (e.g. signature)
  • An understanding of your goals and objectives in procuring our services;
  • Information about your employment, education, family or personal
    circumstances,
    and interests, where relevant; and
  • Information to assess whether you may represent a politically exposed person
    or
    money laundering risk.

The basis for processing your personal data (other than with your consent), how
we
use that personal data and whom we share it with:

1. Performance of a contract with you

We process your personal data because it is necessary for the performance of a
services provision agreement to which you are a party or in order to take steps
at
your request prior to entering into such agreement.

In this respect, we use your personal data for the following:

  • To prepare a proposal for you regarding the services we offer;
  • To provide you with the services as set out in our Service Agreement with
    you or
    as otherwise agreed with you from time to time;
  • To deal with any complaints or feedback you may have;
  • For any other purpose for which you provide us with your personal data.

In this respect, we may share your personal data with or transfer it to the
following:

  • Your agents, advisers, intermediaries, and custodians of your assets who you
    tell
    us about;
  • Third parties whom we engage to assist in delivering the services to you,
    including companies associated to and cooperating with GSL Ltd.;
  • Our professional advisers where it is necessary for us to obtain their
    advice or
    assistance, including lawyers, accountants, IT professionals;
  • Debt collection agencies where it is necessary to recover money you owe
    us;
  • Other third parties such as intermediaries who we introduce to you. We will
    wherever possible tell you who they are before we introduce you;
  • Our data storage providers.

2. Legitimate interests

We also process your personal data because it is necessary for our legitimate
interests, or sometimes where it is necessary for the legitimate interests of
another person.

In this respect, we use your personal data for the following:

  • For marketing to you. In this respect, see the separate section on Marketing
    below;
  • Training our staff or monitoring their performance;
  • For the administration and management of our business, including recovering
    money
    you owe to us, and archiving or statistical analysis;
  • Seeking advice on our rights and obligations, such as where we require our
    own
    legal advice.

In this respect we will share your personal data with the following:

  • Our advisers or agents where it is necessary for us to obtain their advice
    or
    assistance;
  • With third parties and their advisers where those third parties are
    acquiring, or
    considering acquiring, all or part of our business.

3. Consent

We may rely on your freely given consent at the time you provided your personal
data
to us for a purpose of the process other than for the purposes set out
hereinabove,
then the lawfulness of such processing is based on that consent. You have the
right
to withdraw consent at any time. However, any processing of personal data will
not
be affected prior to the receipt of the withdrawal.

4. Compliance with legal obligations

We also process your personal data for our compliance with a legal obligation
which
we are under.

In this respect, we will use your personal data for the following:

  • To meet our compliance and regulatory obligations, such as compliance with
    anti-money laundering laws;
  • As required by tax authorities or any competent court or legal authority
    under the
    relevant laws.

In this respect, we will share your personal data with the following:

  • Our advisers where it is necessary for us to obtain their advice or
    assistance;
  • Our auditors where it is necessary as part of their auditing functions;
  • With third parties who assist us in conducting background checks;
  • With relevant regulators or law enforcement agencies where we are required
    to do
    so under relevant laws.

Marketing

We will send you marketing about services we provide which may be of interest to
you, as well as other information in the form of alerts, newsletters and
invitations
to events or functions which we believe might be of interest to you or in order
to
update you with information (such as legal or commercial news) which we believe
may
be relevant to you.

Your data will only be used for GSL Ltd.`s own marketing purposes so
we
can communicate with you about events we are hosting or involved with, or to
provide
you with the latest news and analysis about industry and services we provide.
Your
data is not shared outside of GSL Ltd.

We will communicate this to you in a number of ways including by post, telephone,
email or other digital channels.

If you object to receiving marketing from us at any time, please contact us:

By email: gsl@gsl.org

If you have given consent and you wish to withdraw it at any time, please contact
us
on the above e-mail.

Transfer and processing of your personal data outside the European Union

When sharing your personal data with third parties as set out in this Privacy
Notice, it may be transferred outside the European Union. In these
circumstances,
your personal data will only be transferred on one of the following bases:

  • The country that we send the personal data to is approved by the European
    Commission as providing an adequate level of protection for personal data;
  • The transfer is to a recipient in the United States of America who has
    registered
    under the EU/US Privacy Shield;
  • The recipient has entered into European Commission standard contractual
    clauses
    with us; or
  • You have explicitly consented to the same.

To find out more about transfers by us of your personal data outside the European
Union and the countries concerned please contact our Director.

Retention of your data

We will only retain your personal data for as long as we have a lawful reason to
do
so. In particular:

  • Where we have collected your personal data as required by anti-money
    laundering
    legislation, including for identification, screening and reporting, we will
    retain
    that personal data for between five and seven years after the termination of
    our
    relationship, unless we are required to retain this information by another
    law or
    for the purposes of court proceedings; or
  • Otherwise, we will in most cases retain your personal data for a period of
    seven
    years after the termination of our contractual or other relationship with
    you in
    case any claims arise out of the provision of our services to you.

Your contact information and personal data are stored securely, using a mixture
of
encryption, password protection, and servers/back-ups all kept with multiple
lock
protection.

We have put in place appropriate technical and organisational measures including
physical, electronic and procedural measures to protect personal data from loss,
misuse, alteration or destruction. We restrict access to information at our
offices
so that only officers and/or employees who need to know the information have
access
to it. Those individuals who have access to the data are required to maintain
the
confidentiality of such information. Please be aware that the transmission of
data
via the Internet is not completely secure. Users should also take care with how
they
handle and disclose their personal data and should avoid sending personal data
through insecure email.

Processing Data as Controller for Agents and Intermediaries

You, in a capacity of an agent, intermediary, will bring the attention of any
individuals that you make our services available to any privacy notices we make
available for those services.

You confirm that any personal data of any individual provided to us by you or on
your behalf has been collected and disclosed in accordance with Data Protection
Legislation. When using our services you will take reasonable steps to ensure
that
you and your employees, agents and contractors do not input, upload or disclose
to
us any irrelevant or unnecessary information about individuals.

You will maintain appropriate physical, technical and organisational measurers to
protect personal data against accidental, unauthorised or unlawful destruction,
loss, alteration, disclosure or access.

You will without delay, tell us of any actual or suspected data breach relating
to
personal data that may impact us.