POLYN Technology Limited (“POLYN”, we or us) collect and process personal information provided to us from, or that we obtain on behalf of, our clients in the course of providing services to our clients.
This Policy is created in accordance with applicable privacy laws including, but not limited to, laws implementing the General Data Protection Regulation 2016/679 (“GDPR”) (collectively, the “Data Privacy Laws”). It applies only to former, current and prospective clients (clients) of our European offices and clients of our non-European offices who are resident in the European Economic Area, Switzerland, and the United Kingdom (UK), and whose personal data we process on our clients’ behalf.
This Policy only covers data processing carried out by us. The Policy does not address, and we are not responsible for, the privacy practices of any third parties, also in cases where Services include hyperlinks to third parties’ websites or when cookies are set by third parties.
The Policy applies to us, to our affiliates, to our directors, officers and employees, and to all persons who establish relations with us.
The Policy is also applicable to the processing of personal data through the website owned and/or operationally managed by us, namely: www.polyn.ai. The website www.polyn.ai and other websites corresponding to the indicated domain names, as subsequently modified or supplemented, will be hereinafter individually referred to as the “Site”.
The information we collect
POLYN may collect and/or track (a) the home server domain names, e-mail addresses, type of computer, and type of a web browser of users to the Site, (b) the e-mail addresses of users that communicate with POLYN or the Site via e-mail, (c) information knowingly provided by the user in online forms, registration forms, surveys, etc. (including name, address, e-mail and other personal profile data), and (d) aggregate and user-specific information on which pages users access.
The personal data POLYN processes primarily includes contact details of our clients and their employees and their other personnel, along with any other data relating to such individuals in which they are identified or from which they are identifiable. This includes each individual’s name, contact information, occupation, nationality, country of birth, ID images and face images if applicable, and other information only to the extent provided to us by a client or its employees or other personnel.
POLYN collects various types of personal data from different sources, including from:
- our clients;
- public sources, such as the internet and social media sites; and
- any vendors engaged by us or our clients to provide services on our or our client’s behalf.
How we use the information
We gather information to allow us to process your registration and deliver you the service you require. The relevant information is then used by us, our agents, and sub-contractors to provide you with statements of your account and to communicate with you on any matter relating to the provision of your service in general. In this regard, we use your information for contractual reasons (and pre-contractual steps) and also for our legitimate interests in maintaining the Site and our business interests.
The personal data POLYN collects is used in connection with, and to provide Services to, our clients—notably, to facilitate our provision of such services, to respond to queries, and for other professional dealings with our clients. The collection of such personal data may be a statutory requirement for providing Services, e.g. for conflict check purposes or to comply with anti-money laundering laws, and we will not be able to provide Services without the required personal data in such cases. Where and to the extent required by a court order or a request from a governmental or regulatory authority, POLYN may also disclose this personal data to the court or governmental or regulatory authority.
We are also permitted to process this personal data to comply with our legal and regulatory obligations and/or our contractual obligations to our clients to provide the services to them and for our own legitimate interests. Some of this personal data is processed by us outside Europe and is held on servers within the local office of the particular country. POLYN takes steps to safeguard the privacy and security of all categories of personal data as required under the Data Privacy Laws.
Disclosure of information to third parties
We will not, without your consent, disclose to third parties any individually identifying information, such as names, postal and e-mail addresses, telephone numbers, and other personal information which users voluntarily provide to POLYN unless we have a Data Transfer Agreement in place with such third party or otherwise in accordance with the GDPR requirements.
However, we may disclose your personal information to third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation.
The following are instances when we may disclose this personal data to other parties:
- To comply with the law or respond to compulsory legal processes (such as a search warrant or court order), or in response to a request for information from a regulator or governmental authority, or in the course of actual or anticipated litigation or otherwise for legal purposes, e.g. to other law firms, courts, or government authorities to protect our clients’ rights and/or to provide services to our clients; and/or
- To protect the rights, property, or safety of POLYN, or any of our respective affiliates, business partners, or clients, or otherwise in the legitimate business interests of POLYN and/or our affiliates and in accordance with Data Privacy Laws; and/or
- With other law firms, courts, and governmental authorities, to protect the legal rights of our clients, or in accordance with litigation processes, and to provide our services under the agreements with our clients. We may share this personal data with another business entity in connection with the sale, assignment, merger, or other transfer of all or a portion of POLYN’s business to that business entity. We will require that such recipients undertake to protect this personal data as required by the Data Privacy Laws.
We may also, with your prior consent or otherwise in our or your legitimate interests namely where we consider the information to be helpful for your business, wish to provide you with:
- information about special features of our website or any other information or services that we think may be of interest to you; and
- related information with third parties we think may be of interest to you.
If you do not want us to use your data in this way, or to pass your details on to third parties for marketing or other similar purposes, please send us an email (see “How to contact us” section).
How we protect personal data
POLYN understands that storing personal data in a secure manner is an essential requirement of the Data Privacy Laws and, therefore, employs reasonable physical, technical, and administrative safeguards to secure such data against foreseeable risks, including unauthorized use, access, disclosure, destruction, or modification. More specifically, our information security team has developed policies, standards, and procedures to support and enforce preventive and detective operational controls to ensure the confidentiality, integrity, and availability of POLYN’s client data. We utilize preventive and detective controls to safeguard our clients’ data.
Although we make good-faith efforts to store the information we receive from and on behalf of our clients in a secure operating environment that is not available to the public, POLYN cannot guarantee complete security. Further, while we work to ensure the integrity and security of our network and systems, we cannot guarantee that our security measures will prevent third-party “hackers” from illegally obtaining this information.
Retention of information
We will only retain your personal information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements including the statute of limitations periods.
International transfers of your information
POLYN enters into Data Transfer Agreements with its non-EEA offices and also with third party recipients of information which are located outside of the EEA or otherwise makes the transfers in accordance with the GDPR requirements. A copy of the form of European Data Transfer Agreements which are in the form approved by the European Commission is available at:
Unfortunately, the transmission of information via the internet is not completely secure. However we have put in place various security procedures as set out in this policy. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to the Site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access.
How to contact us
Individuals have the right to access their personal information and to ensure that it is accurate, and to request that we delete and/or restrict the processing of their personal information in accordance with, and subject to, the Data Privacy Laws.