Privacy Policy
Last updated: 1 April 2022


OVERVIEW

This Privacy Policy describes how Aretera Public Affairs – including all Aretera Pulic Affairs entities - (altogether - the "Firm") collects, uses, shares, and otherwise processes Personal Data (defined below) about:

Contact persons for our clients and/or prospective clients

Contact persons for suppliers of goods and services to the Firm

Visitors to our websites, mobile applications, and other online properties (each, a "Site")

Any other individuals about whom the Firm obtains Personal Data

In this Privacy Policy, "Personal Data" means information that (either in isolation or in combination with other information held by the Firm) enables you to be identified as an individual or recognized directly or indirectly.

When using "Firm" or "we", "us" and "our", in this Privacy Policy, this refers to Aretera Public Affairs acting as the controller for your Personal Data.

The contact details of the Firm, its entities and affiliates in different jurisdictions can be found here, or please contact our special designated officer:

Name: Chris Dobson
Address: Aretera PA UG (haftungsbeschränkt)
Schlüterstraße 38, Berlin 10629, Germany
Phone: +36 70 733 9470
Email: info@areterapa.com


CHANGES TO OUR PRIVACY POLICY

Any changes we may make to our Privacy Policy in the future will be posted on this page (see the "last updated" date displayed at the top). We will obtain your consent to any material changes if and where this is required by applicable data protection laws.

GENERAL

Unless we specifically state otherwise, the Firm is the data controller of the Personal Data we process, and is therefore responsible for ensuring that the systems and processes we use are compliant with data protection laws, to the extent applicable to us.

The Firm's personnel are required to comply with this Privacy Policy and associated Firm policies when dealing with Personal Data and must also complete data protection training where appropriate to their role.

COLLECTION OF PERSONAL DATA

The Firm collects Personal Data from a number of sources, either directly from the data subjects, or from clients, colleagues and publically available sources.

Where the Firm receives data from its clients about employees, customers or other individuals, the client is responsible for ensuring that any such data is transferred to us in compliance with applicable data protection laws.

The Firm collects the following categories of Personal Data about clients, prospective clients, suppliers, website visitors, and other third parties:

  • Basic data: Name, gender, title, organization, job responsibilities, phone number, mailing address, email address, contact details, social media links and interests.

  • Client service data: Personal Data received from clients in respect of employees, customers or other individuals known to clients, invoicing details and payment history, and client feedback.

  • Marketing data: Data about individual participation in conferences and in-person seminars, credentials, associations, product interests, and preferences.

  • Transaction data: Personal data contained in documents, correspondence or other materials provided by or relating to transactions conducted by our clients.

  • Compliance data: State registration/tax identifiers, beneficial ownership data, and due diligence data. Registration and contact forms: Event/seminar registrations, newsletter requests, subscriptions, downloads, and username/passwords.

  • Job applicant data: Data provided by job applicants or others on our Sites or offline means in connection with employment opportunities, which also may be subject to an additional relevant local recruitment privacy policy.

  • Device data: when applicable, computer internet protocol (IP) address, unique device identifier (UDID), cookies and other data linked to a device, and data about usage of our website (Usage Data).


USE OF PERSONAL DATA

The purposes for which we use Personal Data, and the legal bases for such processing, are as follows:

  • to perform our obligations under our contracts with our clients, in particular to provide advice and respond to inquiries;

  • to identify (potential) clients, their economic beneficiary, the persons acting for them and their authorisation before or upon establishing the client relationship and carry out a comparison with sanctions lists;

  • to conflict check to avoid conflicts of interests before establishing the client relationship;

  • to prepare for the client relationship in particular for pre-contractual correspondence to prepare offers and cost estimates;

  • for proper internal administration, including maintaining reference files and the operation of IT systems for administrative purposes;

  • for proper retention of documents in order to meet statutory, professional, commercial and tax law retention obligations and for evidence purposes for any establishment, exercise or defence of legal claims;

  • to comply with other compliance and to prevent money laundering and/or fraud

  • to provide relevant marketing such as providing clients with information about events or services that may be of interest to clients and prospective clients;

  • to make our websites easy to use;

  • to protect the security and effective functioning of our website and information technology systems, in particular to detect and prevent fraud, other crimes and the misuse of our websites;

  • to consider individuals and suppliers for employment and contractor opportunities and manage on-boarding procedures.

SHARING OF PERSONAL DATA

The Firm may share Personal Data with the following categories of recipients:

  • our entities and affiliates, whereas each entity and affiliate may share Personal Data with other affiliates in order to provide you services and in order to administer our relationship with you (e.g. invoicing, marketing) or otherwise as necessary for the purposes described above;

  • suppliers and service providers to enable such parties to perform functions on our behalf and under our instructions in order to carry out the purposes identified above. These include but not limited to infrastructure and IT services providers, third party consultants, and the providers of external venues where we host conferences and events;

  • financial institutions in connection with invoicing and payments;

  • corporate purchasers to the extent permitted by law as part of any merger, acquisition, sale of Firm assets, or transition of service to another provider, as well as in the event of insolvency, bankruptcy etc.;

  • for purposes of mandatory disclosures and legal claims in order to comply with the Firm's tax reporting obligations, comply with any subpoena, court order or other legal process, to comply with a request from our regulators, governmental request or any other legally enforceable demand, to establish or protect our legal rights, property, or safety, or the rights, property, or safety of others, or to defend against legal claims.

Our service providers are bound by written contract to process Personal Data provided to them only for the purpose of providing the specific service to us and to maintain appropriate security measures to protect your Personal Data.

REGISTRATION AND CONTACT FORMS

To register for our events, to receive newsletters and to deal with your request, we process your personal data provided by you in our registration, subscription and contact forms. These forms are only meant for people aged 18 and over.

The legal basis for such processing is your consent is, when applicable, Art. 6 (1) (a) GDPR and/or other relevant regulation in other jurisdictions where we present. We are supported in the management of our contact form by our IT service providers who may, under circumstances, have access to this data. The duration of storage depends on the contents of your request, which basically means that the data can only be deleted once the respective purpose for which you contacted us has been fulfilled. To the extent that the data is subject to statutory retention requirements, it will be stored for the duration of the prescribed statutory retention period.

Please note that without providing the data that is necessary to allow us to get in touch with you and to understand and deal with your request, it will not be possible to deal with your request. The provision of further data is optional.

You can revoke your consent for the processing of the data provided at any time, with effect for the future.

PROCESSING OF PERSONAL DATA WHEN VISITING THE WEBSITE

When you visit our website, we collect the data that is technically necessary to display that website to you. This involves personal data which is transmitted automatically by your browser to our server, including: the type and version of your browser, the operating system used, the referrer URL, the hostname of the accessing computer, the time of the server inquiry and the IP address (Art. 6 (1) (b) GDPR, if applicable).

In this process we receive support from our technical service providers who may, under circumstances, have access to this data.

The aforementioned data is recorded and used for the purpose of defending against illegal use or attempts to attack our web server (Art. 6 (1) (f) GDPR, if applicable). This data is not used by us to create user profiles. You can object, at any time, to the use of your personal data for this purpose, with effect for the future.

RETENTION PERIOD

We retain personal data only for as long as there is a legitimate reason or other legal grounds to do so, and will keep these legal bases under review. If there is no longer а legitimate reason or a legal ground for the data to be retained, we will erase personal data securely, or in some cases anonymise it.

CROSS-BORDER DATA TRANSFERS

While sharing information we transfer Personal Data to other jurisdictions as necessary for the purposes described above, including to jurisdictions that may not provide the same level of data protection as your home country.

With respect to transfers originating from the European Economic Area ("EEA") we implement standard contractual clauses approved by the European Commission, and other appropriate solutions to address cross-border transfers as required or permitted by Articles 46 and 49 of the GDPR. Where required by such laws, you may request a copy of the suitable mechanisms we have in place by contacting us as detailed below.

YOUR RIGHTS

Subject to the applicable statutory requirements, the fulfilment of which must be assessed on a case-by-case basis, you have the right to receive information about your personal data, to require rectification or erasure of your personal data or the restriction of the processing and to receive your personal data in a structured, commonly used and machine-readable format (data portability).

You also have the right to object to the processing of your personal data.

To the extent that we process your personal data in order to inform you about our advisory services and current developments to the extent this is relevant for your business activity, you can object to a processing of your personal data at any given time and without stating any reasons.

Please, note, that the various rights are not absolute and each is subject to certain exceptions or qualifications.

We will grant your request only to the extent that it follows from our assessment of your request that we are allowed and required to do so under data protection laws. Nothing in this Privacy Policy is intended to provide you with rights beyond or in addition to your rights as a data subject under data protection laws.

You have also the right to submit complaints with a data protection supervisory authority.

CONTACT INFORMATION, REQUEST AND COMPLAINTS

If you wish to request further information or exercise any of the above rights, or if you are unhappy with how we have handled your Personal Data, contact us here:

Name: Chris Dobson
Address: Aretera PA UG (haftungsbeschränkt)
Schlüterstraße 38, Berlin 10629, Germany

Phone: +36 70 733 9470

Email: info@areterapa.com

Before assessing your request, we may request additional information in order to identify you. If you do not provide the requested information and, as a result we are not in a position to identify you, we may refuse to action your request.

We will generally respond to your request within two weeks of receipt of your request. We can extend this period by an additional two weeks if this is necessary taking into account the complexity and number of requests that you have submitted.

We will not charge you for such communications or actions we take, unless:

you request additional copies of your Personal Data undergoing processing, in which case we may charge for our reasonable administrative costs, or

you submit unfounded or excessive requests, in particular because of their repetitive character, in which case we may either: charge for our reasonable administrative costs or refuse to act on the request.

If you are not satisfied with our response to your complaint or believe our processing of your Personal Information does not comply with data protection law, you can make a complaint to the relevant data protection authority where you are located.

The contact details for selected data protection authority can be found here:

EU: http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm
Ukraine: https://ombudsman.gov.ua/ua/page/zpd/info/
Kazakhstan: https://www.gov.kz/memleket/entities/infsecurity?lang=en