Privacy statement
-
Purpose and scope
This Privacy Statement (“Statement”) explains what personal data Polar Debt Capital AB (“POLAR”) collects from you, through our interactions with you and through our solutions and services, and how we use that data. POLAR is responsible for your personal data as Data Controller according to applicable data protection legislation (including but not limited to the General Data Protection Regulation (Regulation (EU) 2016/679) (the “GDPR”). The Statement applies to the personal data of our current, former and prospective clients, users of our web site, suppliers, collaborating partners and other people with whom we may interact. This Statement sets out the policy statement for POLAR and applies to POLAR.
-
Privacy statement
At POLAR, personal data shall be processed in accordance with applicable legislation and the reasonable expectations of the natural persons the personal data is related to (“Data Subjects”). POLAR is committed to maintaining the confidentiality, integrity and security of personal information. We understand our obligation to keep information about you both confidential and secure. We maintain procedures for the collecting, using, securing, and sharing of personal and/or non-public information. All POLAR staff are bound by statutory duty of confidentiality, and you can be assured that we are committed to protecting your privacy at all times.
Specifically:
We will not sell or disclose any non-public personal information about you to anyone except as is required by law under any investigation by the relevant jurisdictions.
We will not provide your information to third parties for their marketing purposes without obtaining your express consent in writing.
We will never use your Information to your unfair advantage.
Our commitment to privacy will remain in place for former clients (with whom the relationship with POLAR has been terminated) and applies to prospective clients.
-
How, why and what kind of personal information we collect.
To provide the best services to you, we need to gather certain information about you. We only ask for details that will genuinely help us to help you, such as your name, job title, email address, and contact details. Our calls with you may be recorded and retained in accordance with statutory requirements. Below is a detailed overview of the information we may collect. Please note that the below list of categories of personal data we may collect is not exhaustive, and that the information described below is in addition to any personal data we are required by law to process in any given situation.
Prospect data.
Depending on the relevant circumstances and applicable local laws and requirements, we may collect some or all the information listed below to enable us to offer our services to you:
– Full Name;
– Job title;
– Email address;
– Company Name;
– Phone number;
– Contact details;
– Extra information that you choose to tell us;
– The dates, times and frequency with which we interact with you.
-
Client data
In the normal course of our business, we may collect and use various types of information which we consider essential for operating our business and providing you with the best possible client service. Such information may include:
Your Personal Data received from you such as name, date of birth, address and other contact details, settlement information and instructions, and information we receive from you to perform our KYC-process.
Information we receive from you – in either written or verbal format – regarding your relationship, client agreement and/or transactions with us or others.
Information regarding your interactions with POLAR and your usage of our services (including information gathered via online data gathering tools).
Extra information that you choose to tell us;
To the extent you access our web page we may also collect certain data from you. We may use cookies to support the operation of our web page. Cookies are small amounts of data that a website exchanges with a web browser or application on a visitor's computer or mobile device.
Supplier data
To make sure that our relationship with our suppliers runs smoothly, we will collect the details for our contacts within your organisation, such as names, telephone numbers and email addresses. We’ll also collect bank details, so that we can pay you. We may also hold extra information that someone in your organisation has chosen to tell us. Our calls with you may be recorded and retained, depending on the applicable local laws and requirements.
People whose data we receive from staff and prospective members of staff, such as referees and emergency contacts
To ask for a reference for a prospective member of staff, we’ll need the referee’s contact details (such as name, email address and telephone number). We’ll also need these details if our candidate or a member of our staff has put you down as their emergency contact so that we can contact you in the event of an accident or an emergency.
-
How we use your personal data
Having obtained data about you, we may use it in several ways. We generally use data in the following ways:
– To offer services to you or to obtain support and services from you;
– Marketing activities;
– Business relationship maintenance;
– Recordkeeping;
and
– In more unusual circumstances, to help us to establish, exercise or defend legal claims.
We generally do not use personal data for purposes incompatible with the purpose it was originally collected for.
-
How we store and safeguard your personal data (Information security)
POLAR will have access to your non-public personal information. We agree to hold such information in confidence and to comply with this Privacy Statement.
We are committed to taking all reasonable an appropriate step to protect your data from misuse, loss or unauthorised access, and we maintain procedures and technology designed for this purpose. We restrict access to information about you to those partners and employees who need to know that information in order to provide you with the best possible products and services. These include measures to deal with any suspected data breach.
-
How long we keep your personal data for
We will delete your data from our systems when we no longer have a legitimate purpose to keep it or upon the expiry of the statutory retention time.
-
How we share information about you
When you do business with POLAR, you may rely on us to keep your information confidential. We will not provide your information to third parties outside POLAR for their marketing purposes without obtaining your express consent in writing.
Your information is expected to be shared amongst our affiliates solely in the normal course of business.
Where appropriate and in accordance with local laws and requirements, we may share your personal data, in various ways and for various reasons, with the following categories of people:
– Third party service providers who perform functions on our behalf (including external consultants, business associates and professional advisers such as lawyers, auditors and accountants);
– Third party outsourced IT and document storage providers where we have an appropriate processing agreement (or similar protections) in place;
– Individuals and organisations who hold information related to your reference or application to work with us, such as current, past or prospective employers, educators and examining bodies and employment and recruitment agencies;
– Financial regulators, tax, audit, or other authorities, when we believe in good faith that the law or other regulation requires us to share this data (for example, because of a request by a tax authority or in connection with any anticipated litigation);
– In the case of prospective members of Staff’s referees: third parties who we have retained to provide services such as reference, qualification and criminal convictions checks, to the extent that these checks are appropriate and in accordance with local laws;
– If we merge with or are acquired by another business or company in the future, (or are in meaningful discussions about such a possibility) we may share your personal data with the (prospective) new owners of the business or company.
In certain circumstances we may transfer your personal data to companies or organisations outside the European Economic Area (EEA). We will only transfer data outside of EEA if compliant with data protection legislation and the means of transfer provides adequate safeguards in relation to your data, for example:
– transferring your data to a country where there has been a finding of adequacy by the European Commission in respect of that country’s levels of data protection via its legislation;
– by way of data transfer agreement, incorporating the current standard contractual clauses adopted by the European Commission; or
– where it is necessary for the conclusion or performance of a contract between ourselves and a third party and the transfer is in your interests for the purposes of that contract; or
– where you have consented to the data transfer.
-
How you can exercise your rights related to your personal data
Your rights related to your personal data is protected and clarified by the General Data Protection Regulation (GDPR) and are described in more detail below.
-
Right of access
You may ask us to confirm what information we hold about you at any time, and request us to modify, update or delete such information. We may ask you to verify your identity and request more information before we meet such a request. If we provide you with access to the information we hold about you, we will not charge you unless your request is manifestly unfounded or excessive. If you request further copies of this information from us, we may charge you a reasonable administrative cost where legally permissible. Where we are legally permitted to do so, we may refuse your request. If we refuse your request, we will always tell you the reasons for doing so.
Right to restrict processing:
You have the right to request that we restrict our processing of your personal data in the following circumstances:
– where you dispute the accuracy of the personal data that we are processing about you. In this case, our processing of your personal data will be restricted for the period during which the accuracy of the data is verified;
– where you object to our processing of your personal data for our legitimate interests. You can request that the data be restricted while we verify our grounds for processing your personal data;
– where our processing of your data is unlawful, but you would prefer us to restrict our processing of it rather than erasing it; and
– where we have no further need to process your personal data, but you require the data to establish, exercise, or defend legal claims. This means that we can only continue to store your data and will not be able to carry out any further processing activities until either: one of the circumstances listed above is resolved, you consent, or further processing is necessary for either the establishment, exercise or defence of legal claims, the protection of the rights of another individual, or reasons of important EU or Member State public interest. If we have shared your personal data with third parties, we will notify them about the restricted processing unless this is impossible or involves disproportionate effort. We will, of course, notify you before lifting any restriction on processing your personal data.
Right to rectification:
You also have the right to request that we rectify any inaccurate or incomplete personal data that we hold about you. If we have shared this personal data with third parties, we will notify them about the rectification unless this is impossible or involves disproportionate effort. Where appropriate, we will also tell you which third parties we have disclosed the inaccurate or incomplete personal data to. Where we think that it is reasonable for us not to comply with your request, we will explain our reasons for this decision.
Right to data portability
You have the right to transfer your personal data between data controllers. This means that you are able to transfer your POLAR account details to another data controller. To allow you to do so, we will, subject to technical feasibility, provide you with your data in a commonly used machine-readable format that is password-protected so that you can transfer the data to another data controller. Alternatively, we may directly transfer the data for you.
Right to erasure (“Right to be forgotten”):
You have the right to request that we erase your personal data in certain circumstances. Normally, the information must meet one of the following criteria:
– the data are no longer necessary for the purpose for which we originally collected and/or processed them;
– where previously given, you have withdrawn your consent to us processing your data, and there is no other valid reason for us to continue processing;
– the data has been processed unlawfully (i.e. in a manner which does not comply with the GDPR);
– it is necessary for the data to be erased in order for us to comply with our legal obligations as a data controller; or
– if we process the data because we believe it necessary to do so for our legitimate interests, you object to the processing, and we are unable to demonstrate overriding legitimate grounds for our continued processing.
When complying with a valid request for the erasure of data we will take all reasonably practicable steps to delete the relevant data, however we are entitled to refuse to comply with your request for one of the following reasons:
– to exercise the right of freedom of expression and information;
– to comply with legal obligations or for the performance of a public interest task or exercise of official authority;
– for archival, research or statistical purposes; or
– to exercise or defend a legal claim.
Right to object
You have the right to object to our processing your personal data where we do so for one of the following four reasons: (i) our legitimate interests; (ii) to enable us to perform a task in the public interest or exercise official authority; (iii) to send you direct marketing materials; and (iv) for scientific, historical, research, or statistical purposes.
The “legitimate interests” and “direct marketing” categories above are the ones most likely to apply. If your objection relates to us processing your personal data because we deem it necessary for your legitimate interests, we must act on your objection by ceasing the activity in question unless:
– we can show that we have compelling legitimate grounds for processing which overrides your interests; or
– we are processing your data for the establishment, exercise or defence of a legal claim.
If your objection relates to direct marketing, we must act on your objection by ceasing this activity.
Right to complaint to a supervisory authority:
You also have the right to file a complaint with the competent Data Protection Authority. The relevant authority for POLAR is the Swedish Data Protection Authority https://www.imy.se
-
Our legal bases for processing your data
Legitimate interests
Pursuant to Article 6(1)(f) of GDPR we may process your data where it is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights or freedoms of you which require protection of personal data.
Prospect data
We believe it is reasonable to expect that if you have submitted your contact details, you are happy for us to collect and otherwise use your personal data to offer our services to you.
Client data
To ensure that we provide you with the best service possible, we store your personal data and/or the personal data of individual contacts at your organisation as well as keeping records of our conversations, meetings and marketing activities. From time to time, we may also ask you to undertake a customer satisfaction survey. We think this is reasonable and we deem these uses of your data to be necessary for our legitimate interests when providing our services to you.
Supplier data
We use and store the personal data of individuals within your organisation in order to facilitate the receipt of services from you as one of our suppliers. We also hold your financial details, so that we can pay you for your services. We deem all such activities to be necessary within the range of our legitimate interests as a recipient of your services.
People whose data we receive from staff and prospective member of staff, such as referees and emergency contacts
If you have been put down by a prospective member of staff as one of their referees, we use your personal data to contact you for a reference. This is a part of our quality assurance procedure and so we deem this to be necessary for our legitimate interests.
If as a (prospective) member of staff has given us your details as an emergency contact, we will use these details to contact you in the case of an accident or emergency. We are sure you agree that this is necessary for our legitimate interests.
Consent
In certain circumstances, we are required to obtain your consent to the processing of your personal data in relation to certain activities. Article 4(11) of the GDPR states that consent is “any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.”
In plain
language, this means that:
– you have to give us your consent freely, without us putting you under any type of pressure;
– you have to know what you are consenting to – so we’ll make sure we give you enough information;
– you should have control over which processing activities you consent to and which you don’t. We provide these finer controls within our marketing preference centre; and
– you need to take positive and affirmative action in giving us your consent – we’re likely to provide a tick box for you to check so that this requirement is met in a clear and unambiguous fashion.
Where we have obtained your consent to process your personal data for certain activities, you may withdraw this consent at any time. We will cease to carry out the activity that you previously consented to, unless we consider that there is an alternative reason to justify our continued processing of your data for this purpose. In that case we will inform you of this condition.
Establishing, exercising or defending legal claims
It sometimes may be necessary for us to process personal data in connection with exercising or defending legal claims. Article 9(2)(f) of the GDPR allows this where the processing “is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity”. This may arise for example where we need to take legal advice in relation to legal proceedings or are required by law to preserve or disclose certain information as part of the legal process.
-
Other Information
Past expiry date of a service contract, we will continue to adhere to the Privacy Statement and practices as described herein. The examples contained within this Statement are illustrations, and they are not intended to be exclusive. We are continually improving our methods of communication and adding new functionality and features to our website and to our services. Due to these ongoing changes, changes in applicable law and the changing nature of technology, our data practices will change from time to time. We therefore reserve the right to change this Statement.
-
Contact
To get in touch about your rights in respect of our data, please contact us at info@polardebtcapital.com . We will seek to deal with your request without undue delay, and in any event within one month (subject to any extensions to which we are lawfully entitled). Please note that we may keep a record of your communications to help us resolve any issues which you raise.
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during the period for which we hold your data.