DATA PROTECTION POLICY

 The protection of your personal data is important to Alma Europe LTD.

This Data Protection Policy is directed to clients, direct relationships and services providers/vendors of Alma Europe LTD (« the company”), as well as the persons, set out in section 2 (“you”).

This Data Protection Policy provides you with detailed information relating to the protection of your personal data by Alma Europe LTD, Arch. Makariou III 20, Hellenium Court, Office 401, Larnaca 6017, Cyprus (“Alma Europe LTD”).

Alma Europe LTD are responsible, as a controller, for collecting and processing your personal data in relation to our activities. The purpose of this Data Protection Policy is to let you know which personal data Alma Europe LTD collect about you, the reasons why Alma Europe LTD use and share such data, how long Alma Europe LTD keep it, what your rights are and how you can exercise them.

Further information may be provided where necessary when you apply for a specific product or service.

1. WHICH PERSONAL DATA ALMA EUROPE LTD USE ABOUT YOU?

Alma Europe LTD collect and use your personal data to the extent necessary in the framework of our activities and to achieve a high standard of personalised product and services.

The company may collect various types of personal data about you, including:

• Personal identification data (name, postal addresses, phones number)
• Official identification data (ID card, passport no, Tax ID)
• Information on a prominent public function (PEP)
• Personal details (place and date of birth, gender, marital status, nationalities)
• Data concerning household composition (family situation, number of children)
• Electronic identification data,
• Banking and financial data (email address, electronic signature, remote connection data, income, source of wealth / funds and investment objectives, banks account details)
• Data relating to tax characteristics (tax residency, tax identification number)
• Education, training and qualification data (level of education, professional qualification)
• Career and employment data (employment, occupation, employer’s name, remuneration)
• Data relating to your habits and preferences such as data related to your use product and services (banking, financial and transactional data) and/or your interaction with the company, website, meetings, calls, emails, interviews, phone conversations).
• Image recording data (video surveillance, CCTV, digital photos)
• Phone recording data

As a general rule, Alma Europe LTD do not collect personal data related to your racial or ethnic origins, political opinions, religious or philosophical beliefs, trade union membership, genetic data, or data concerning your sex life or sexual orientation.

Only upon obtaining your explicit prior consent, Alma Europe LTD may collect and use biometric data.

Alma Europe LTD only process data relating to criminal convictions and offences if required through a legal obligation.

The data that Alma Europe LTD use about clients may be directly provided by clients or obtained from other sources in order to verify or enrich our databases, such as:

• Publications / databases made available by official
• Service providers/vendors
• Websites social media pages containing information made public by the client
• Databases made publicly available by third parties
• Press, Internet
• Department of Register of Companies and official Receiver

2. SPECIFIC CASE OF PERSONAL DATA COLLECTION, INCLUDING INDIRECT COLLECTION

In certain circumstances, Alma Europe LTD may collect and use personal data of individuals with whom Alma Europe LTD could have (prospects) or used to have a direct relationship (former clients and former service providers/vendors).

Alma Europe LTD may also collect information about you even if you do not have a direct relationship with Alma Europe LTD. This may happen for instance when your employer provides us with information about you, or when your contact details are provided by one of our clients if you are for example:

• A family member
• A successor or a rightsholder
• A policyholder
• A legal representative (power of attorney)
• A beneficiary of payment transactions made by our clients,
• A beneficiary of insurance policies and trusts
• A landlord,
• An ultimate beneficial owner
• A client’ debtor (in case of bankruptcy)
• A company shareholder
• A representative of a legal entity (which may be a client or a service provider/vendor)
• A staff member of one of our service providers/vendors or commercial partners

3.  WHY AND ON WHICH BASIS DO ALMA EUROPE LTD USE YOUR PERSONAL DATA?

1. to comply with our legal and regulatory obligations

Alma Europe LTD use client’s personal data to comply with various legal and regulatory obligations, including:

Banking and financial regulations in compliance with which Alma Europe LTD:

• set up security measures in order to prevent abuse and fraud,
• detect transactions which deviate from normal patterns,
• Define your risk score,
• Monitor and report risks,
• Record, when necessary, phone calls, emails, etc…

Reply to an official request from a duly authorised public or judicial authority, Prevention of money laundering and financing of terrorism,

Compliance with legislation relating to sanctions and embargos,

Fight against tax fraud and fulfilment of tax control and notification obligations,

a. To perform a contract with client or to take steps at client’s request before entering into a contract

Alma Europe LTD use personal data to enter into and perform a contract with clients, including to:

• Manage products and services,
• Manage therelationship with client
• Provide to client with information regarding products or service and under which conditions,
• Provide products or services to corporate clients of whom client are an employee or a client (in the context of cash management)

b. To pursue our legitimate interests

Alma Europe LTD use personal data in order to deploy and develop products and services, to improve the risk management and to defend company’s legal rights, and as well to:

• Keep proof of transactions,
• Perform behavioural and transactional analysis in order to detect fraud,
• Prevent personal injury and damage to goods,
• Ensure the security of persons and property,
• Perform IT management, including infrastructure management and business continuity and IT security,
• Establish aggregated statistics, test and models, for research and development in order to improve the risk management of our company or in order to improve existing products and services or create new ones,
• Perform client satisfaction and opinion surveys,
• Personalise product  and   services   offering   by;   improving   the   quality   of   Alma   Europe Services and or advertising products or services that match client situation and

c. To respect client’s choice if the company request your consent for specific processing In some case, Alma Europe require client’s consent to process the client data, for example:

• • Where the above purposes lead to automated decision making, which produces legal effects or which significantly affects the client. At that point, the company will inform the client separately about logic involved, as well as the significance and the envisaged consequences of such processing,
  • If the company needs to carry out further processing for the purposes other than those outlined in section 3, the company will inform the client and when necessary, obtain client’s consent.

4. WHO DO THE COMPANY SHARE YOUR PERSONAL DATA WTH?

In order to fulfil the aforementioned purposes, The company communicates client’s personal data to:

• Service providers / vendors that perform services on our behalf,
• Independent agents, intermediaries or brokers, banks, financial institutions, banking and commercial partners with which alma Europe LTD have a regular relationship (Banks, banking and commercial partners)
• Supervisory, financial, taxation, administrative or judicial authorities, state agencies or public bodies, upon request and to extent permitted by law,
• Certain regulated professionals such as lawyers, notaries or auditors,

5. DO ALMA EUROPE LTD TRANSFER CLIENT PERSONAL DATA OUTSIDE THE EUROPEAN ECONOMIC AREA

In case of international transfers originating from the European Economic Area (EEA) to a non-EEA country, the transfer of client’s personal data may take place where the European Commission has decided that the non-EEA country ensures an adequate level of data protection.

For transfers to non-EEA countries where the level of protection has not been recognised as adequate by the European Commission, the company will either rely on a derogation applicable to the specific situation (if the transfer is necessary to perform company ‘contract with client such as when making an international payment) or implement standard contractual clauses approved by the European Commission to ensure the protection of client personal data.

To obtain a copy of these standard contractual clauses or details on where they are available, you can send a written request to the company as set out in section 9.

6. FOR HOW LONG DO THE COMPANY KEEPS CLIENTS PERSOANL DATA?

Alma Europe LTD will retain client’s personal data for the required period in order to comply with applicable laws and regulations, or for the period defined by our operational requirements, such as proper account maintenance, facilitating client relationship management, and responding to legal claims or regulatory requests. For instance, most client information is kept for the entire duration of the contractual relationship and for 5 years after the end of the contractual relationship.

7. WHAT ARE CLIENT’S RIGHTS AND HOW CLIENT COULD EXERCISE THEM?

In accordance with applicable regulations, clients have the following rights:

• ACCESS: client can obtain information relating to the processing of his own personal data and copy of such
• RECTIFY: where client consider that his personal data is inaccurate or incomplete, client can require that such personal data be modified
• ERASE: client can require the deletion of his own personal data, to the extent permitted by the
• RESTRICT: client can request the restriction of the processing of his personal
• OBJECT: client can object to the processing of his personal data, on grounds relating to his particular situation. Client has the absolute right to object to the processing of his personal data for direct marketing purposes, which includes profiling related to such direct
• WITHDRAW OF CLIENT CONSENT: where client has given his consent for the processing of his personal data, he has the right to withdraw his consent at any
• DATA PORTABILITY: where legally applicable, client has the right to have the personal data that he provided to the company be returned to himself or, where technically feasible, transferred to a third party.

If client wish to exercise the rights listed above, he needs to send a letter or an email to the address set out in section 9. Please include a scan/copy of your identity card for identification purposes.

In accordance with applicable regulation, in addition to client’s rights above, client is also entitled to lodge a complaint with the competent supervisory authority, CYSEC.

www.cysec.gov.cy/en-GB/complaints/how-to-complain/

8. HOW CAN CLIENT KEEP UP WITH CHANGES TO THIS DATA PROTECTION NOTICE

In a world of constant technological changes, Alma Europe LTD will update this data protection notice regularly.

Alma Europe LTD invites clients to review the latest of this notice online and the company will inform the client of any material changes through the website or through other communication channels.

9. HOW TO CONTACT US?

Regarding any questions relating to company use of personal data under this Data Protection Notice, please contact; [email protected]