stockmen

Privacy Policy

Introduction

Cethra is committed to processing personal information, including sensitive personal information, in line with all applicable privacy and data protection laws.

References to “you” or “your” refers to individuals whose personal information is processed by Cethra, including clients with direct or indirect relationships (such as those who invest through an intermediary); employees, friends, officers, agents (together “Representatives”); and beneficial owners of an organization or entity in connection with:

The provision of services to potential and actual clients;

Transactions to which we are party (including those which we effect on

behalf of clients); or Services provided to us by a third-party vendor.

This Privacy Notice sets out the purposes for which we collect, use and disclose (collectively “processing”) personal information and how it is protected. It also sets outs individuals’ rights in relation to the processing of their information.
There may be additional terms, conditions and commitments that also govern how we collect, use and disclose your personal information, which should be read in conjunction with this Privacy Notice.

Personal Information we collect about you.

Personal Information (PI) is information relating to an individual, which can be used either alone or with other sources of information to identify that individual. PI does not include data where the identity of the individual or the specific detail of the information has been removed and is therefore anonymous. SPI is a sub-category of PI that includes PI relating to race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, information about health and genetic and biometric data.

The nature of the information that we collect will depend on the services we provide and our relationship with you. We categorize PI we process as follows (the PI listed for each category are non-exhaustive examples):
Identification Data: Full name, title, gender, marital status, date of birth, passport number, driving licence number, national identification number, signature.

Contact Data: personal address, telephone number, email address.

Electronic Monitoring Data: To the extent permitted by law, we may record your electronic communications with us.

Marketing and Communications Data: Marketing and communication preferences; tracking data relating to whether you have read marketing communications from us.

Profile Data: Username and password for our online services that you have access to; investments made by you; services requested; marketing communications responded to; survey responses.

Services Data: Payment details to and from you; details of services you have provided to us or we have provided to you.


We collect PI in relation to you in a number of ways, including:

When you provide it to us in connection with a Cethra product or service, such as a purchased contract.

If you are Representative of an organization that is a client or vendor of Cethra and that organization provides us with your PI.

Throughout the course of our relationship with you, including where you change your details, provide additional PI, or where the services we are providing to you change.

From public sources where you have manifestly chosen to make your PI public, including via public profiles on social media.

From visits to our websites or through logging into any of our online services.

To whom we disclose your PI

We may disclose PI in any jurisdiction to:

Other members of Cethra inc;

Professional advisors, third parties, agents or independent contractors that provide services to any member of Cethra (such as IT systems providers, platform providers, financial advisors, brokers, consultants (including lawyers and accountants);

Goods and services providers (such as providers of marketing services where we are permitted to disclose your personal information to them); intermediaries, brokers, and other individuals and entities that partner with us;

Competent authorities (including any national and/or international regulatory or enforcement body, agency, court or other form of tribunal or tax authority) or their agents where Cethra is required or allowed to do so under applicable law or regulation;

Credit reference agencies or other organizations that help us to conduct anti-money laundering and anti-terrorist financing checks and to detect fraud and other potential criminal activity; or

Any person to whom disclosure is allowed or required by local or foreign law, regulation or any other applicable instrument.

International transfers and transfers to service providers

To provide global services and in the course of running our business, we may transfer PI to a location outside of the country where you reside or where services are provided to you or the organization you work for, including Cethra processing centers in the USA, Hungary and Singapore. Although the country to which PI may be transferred may not have the same level of privacy and data protection laws, we apply the same level of security and organizational controls to the processing of PI wherever it is processed. We require by contract that our third party service providers processing PI on our behalf to comply with Cethra’s criteria for PI processing.

Third-party Marketing/Sale of PI

We do not share or sell your PI to third parties for the third party to use for their own marketing or other purposes.

PI Retention

We will process your PI for as long as is necessary to fulfil the purpose for which it was collected or to comply with legal, regulatory, accounting, reporting, internal policy requirements or for the establishment or defense of legal claims.

PI Security

We use a range of physical, electronic and managerial measures to ensure a level of security appropriate to the risk of PI processing. These measures include:

Education and training of relevant staff to ensure they are aware of our privacy obligations when processing PI as well as training around social engineering, phishing, spear phishing, and password risks;

The ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;

The ability to restore the availability and access to PI in a timely manner in the event of a physical or technical incident;

Administrative and technical controls to restrict access to PI;

Technological security measures, including fire walls, encryption (industry standard SSL encryption with 128-bit key lengths), and anti-virus software;

External technical assessments, security audits and vendor due diligence;

Perimeter security;

Segregation of networks;

Application security;

Endpoint security;

Real-time monitoring of data leakage controls;

Layered and comprehensive cybersecurity defences;

and Security incident reporting and management.

The security of data transmitted over the internet (including by e-mail) cannot be guaranteed and carries the risk of access and interception. You should not send us any PI by open/unsecure channels over the internet. We endeavour to protect personal information but cannot guarantee the security of data transmitted to us or by us.

Your Rights

In certain circumstances you may have the following rights in relation to the processing of your PI:

Access: To request a copy of the PI we process in relation to you and to be informed about how we use and share your PI.

Object: To object to the processing of your PI if (i) we are processing your PI on the grounds of legitimate interests or for the performance of a task in the public interest (including profiling); or (ii) if we are processing your PI for direct marketing purposes

Correction: To request that we update the PI we process in relation to you, or to correct PI that you think is incorrect or incomplete. Erasure: To ask that we delete PI that we process in relation to you where we do not have a legal or regulatory obligation or other valid reason to continue to process it.

Restriction: To request that we restrict the way in which we process your PI, for example, if you dispute the accuracy of your PI or have raised an objection which is under consideration.

Portability: To request a copy of your PI that you have provided to us in a commonly used electronic format such as through the completion of an application form.

Automated decision making: To request manual intervention if you are subject to automated decisions where the decision results in a legal or similar effect to you.

You may exercise your rights at any time by using the details set out in the Contacting us section. To the extent permitted by applicable law or regulation we reserve the right to charge an appropriate fee in connection with you exercising your rights.
We may need to request specific information from you to help us confirm your identity and ensure your right to access to the PI requested, or to exercise any of your other rights. This is to ensure that PI is not disclosed to any person who does not have authority to receive it. We may also request further information in relation to your request to help us to locate the PI processed in relation to you, including, for example, the nature and location of your relationship with us.
We will respond to all legitimate requests in line with the timescales set out in applicable law.
You will not be disadvantaged in any way by exercising your rights in relation to the processing of your PI.

Changes to this Privacy Notice

We may modify or amend this Privacy Notice from time to time and you are advised to visit our website regularly to check for any amendments. Any material changes will be communicated to you through an appropriate channel, depending on how we normally communicate with you. Last Modified: January 17, 2021