Personal data is any information that relates to a living individual and makes it possible to identify that particular individual from the information alone or from a combination of that information and any other information which we may obtain.
This Privacy Notice explains how we, Dolya Limited (trading as Dolya Consulting)(‘Dolya’), may collect and process your personal data, when we interact with you in a business context and as part of providing you with our services.
TYPES OF PERSONAL DATA THAT WE COLLECT
We may collect, receive, use, store and transfer the following kinds of personal data about you:
Information about your identity, for example name, address, date of birth or gender
Information used to contact you, such as address, email address, telephone numbers and communication preferences
Information we use for our due diligence, such as your ID card, passport, utility bill or driving license.
Information you make public on social media, including your social media handles
Information about your financial activities, including your bank account number and financial transactions
Information about your preferences when receiving marketing communications form us or our partners
HOW WE COLLECT YOUR PERSONAL DATA
We may collect your personal data in the following ways:
Information you give to us (Direct Interaction)
- during our communications - including in face to face meetings, phone calls, video calls, emails, letters or other correspondence;
- when you complete our on-boarding due diligence;
- when you pay for our services;
- when you request marketing to be sent to you by us or selected third parties; and
- when you give us feedback on our services.
Information we obtain through providing our services (Business Interaction)
- when obtaining information from your business/employer during the course of our engagement and;
- during our time on-site at your business premises.
Information we receive from third parties or publicly available sources. During the course of our business we may receive your personal data from entities such as:
- companies that introduce you to us;
- a partner organisation of yours;
- a public authority or law enforcement agency;
- your agents;
- companies providing due diligence and other screening activities
- public websites; and
- media outlets (including social media outlets) both subscription and publicly available.
WHEN AND WHY WE PROCESS YOUR PERSONAL DATA
We will only collect and process your personal data where we are legally allowed to do so and namely (but not exclusively) in situations where you give us consent or where the processing of your personal data is necessary for:
- us to provide you or your business/employer with our services;
- us to satisfy our or a third party’s legitimate interest; and
- us to comply with a legal obligation.
We will only use your personal data to satisfy our or a third party’s legitimate interest if we asses that your rights do not override the legitimate interest in question.
We have to have a lawful basis for collecting, storing and processing your personal data. The below table shows the purpose for which we will process your personal data and our lawful basis for doing so.
- Identity
- Contact
- Social Media
- Marketing
- Identity
- Contact
- Compliance
We have a legitimate interest in growing our business by engaging third party business partners.
We have a legitimate interest in building business relationships with potential clients or service providers.
We have a legitimate interest to protect our confidential information.
- Identity
- Contact
- Compliance
- Social Media
- Marketing
- Financial
We may be required under a specific legal obligation to retain, process and record your personal data for legal, accounting, reporting or regulatory purposes. We will always provide you with details of the regulatory obligations specifically related to the processing of your personal data, upon request.
We have a legitimate interest to ascertain and monitor the reputability and good standing of our clients.
- Identity
- Contact
- Compliance
- Social Media
- Financial
We have a legitimate interest in recovering any monies owed to us for services rendered.
- Identity
- Contact
- Social Media
- Marketing
We may be required under a specific legal obligation to communicate with you (for example when we make changes to our standard terms).
We have a legitimate interest in assessing the quality of our services, the use of our services by clients and maintain up to date service records.
- Identity
- Contact
- Social Media
- Marketing
We have a legitimate interest in growing our business by keeping our prospective, current and past clients and business partners informed about Dolya services, news and future plans.
We will always inform you of how to object to receiving marketing communications and will honour any such objections by ensuring that you do not receive marketing communications from us in the future.
We will only ever provide your personal data to third parties for the purposes of marketing non-Dolya services with your express consent.
We will only ever directly provide you with information on a third party’s services with your express consent.
- Identity
- Contact
- Compliance
- Financial
We have a legitimate interest in retaining and processing your personal data in order to help ensure a high ethical and moral business standard and integrity as well as legally complaint processes.
- Identity
- Contact
- Compliance
- Financial
We may be required under a specific legal obligation to retain, process and record your personal data for legal, accounting, reporting or regulatory purposes. We will always provide you with details of the regulatory obligations specifically related to the processing of your personal data, upon request.
We have a legitimate interest to ascertain and monitor the reputability and good standing of our service providers.
CHANGE OF PURPOSE
We will only ever process your personal data for a purpose which is either listed in the table above or compatible with those already listed. Should we have a legal basis to process your personal data for any other reason, we will always inform you directly of the processing and explain why we are allowed to do so.
KEEPING YOUR PERSONAL DATA CURRENT
To keep the personal data we hold about you accurate and current, please keep us informed of any changes to the personal data you have provided during your relationship with us.
WHO MAY RECEIVE YOUR PERSONAL DATA
In order to provide you with our services and to allow us to effectively run and manage our business, we may share your personal data with the following entities:
- Third party service providers (ours): such as providers that assist us in our due diligence processes, marketing and website hosting and development.
- Third party service providers (yours): such as providers that we may, with your consent, introduce you to.
- Agents, advisors and business partners: such as providers that assist us with legal and financial aspects of our business and other companies or individuals that we may partner up with to enable us to provide you with our services and to improve our service offering.
- Contractors: such as individuals or corporates who we may engage from time to time to assist us in providing you with our services.
- Public agencies: such as law enforcement agencies, government entities, regulators, courts and other third parties who may request your personal data under a legal requirement or court order. We will always take your interests into account when responding to such requests.
- Clients: such as clients for whom you are directly or indirectly providing services through Dolya, for example if we have engaged (or are looking to engage) you or your business as a contractor for a specific project.
We do not allow our third-party service providers, agents, advisors, business partners or contractors to use your personal data for their own purposes and only permit them to process your personal data in accordance with our instructions.
Should we ever choose to sell, transfer or merge parts (or the entirety) of the Dolya business to or with another company, the new entity may also use your personal data in accordance with this Privacy Policy.
TRANSFERS OUTSIDE OF THE EEA
Should we need to transfer your personal data outside of the European Economic Area (EEA), we will comply with at least one of the following requirements:
- When dealing with international service providers, we will ensure that your personal data is covered by contractual clauses, approved by the European Commission, which will extend EU data protection standards to your personal data.
- When dealing with service providers from the US, we will ensure that they are part of the Privacy Shield, which providers comparable protection to personal data shared between Europe and the US.
- We will ensure that the country to which your personal data is being transferred has been evaluated by the European Commission and is regarded as a jurisdiction offering adequate protection to personal data.
PERSONAL DATA SECURITY
At Dolya we take data security very seriously. That is why we have in place adequate measures to prevent accidental loss or unauthorised access to your personal data. As part of these measures, we limit access to your data to only those employees, partners or contractors who require it to fulfil a business need. All of those who have access to your data are obliged to use it only in accordance with our instructions and are subject to a duty of confidentiality.
In the unlikely event that Dolya experiences a data breach, we have procedures in place to uncover, contain and mitigate the situation and notify the relevant authorities or data subjects, as legally required.
HOW LONG WE KEEP YOU PERSONAL DATA
We will only retain your personal data for as long as it is necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, reporting or regulatory requirements. In the event of a complaint or a reasonable prospect of litigation, we may retain your personal data beyond our usual retention periods.
We may retain anonymised and/or aggregate data indefinitely as long as it is no longer considered personal data.
YOUR RIGHTS IN RELATION TO YOUR PERSONAL DATA
Under the General Data Protection Regulation 2016 you have the right to:
- Request access to your personal data. We will provide you with a copy of the personal data we hold about you.
- Request correction of any personal data that we hold about you. We will correct any incomplete or inaccurate data we hold about you.
- Request erasure of your personal data. We will delete or remove personal data provided that (i) we do not have a lawful basis to retain the data; or (ii) you have successfully objected to our processing of your data; or (iii) we have processed your information unlawfully; or (iv) we are required to erase your personal data to comply with an applicable local law.
- Object to processing of your personal data. We will stop processing your data if we have been unfairly relying on a legitimate interest (our or of a third party) for processing causing an undue impact on your fundamental rights and freedoms.
- Request restriction of processing of your personal data. We will suspend the processing of your personal data if (i) you ask us to check the data’s accuracy; or (ii) our use of the data is unlawful but you do not want us to erase it; or (iii) you need us to retain the data past our retention period in order to establish, exercise or defend a legal claim; or (iv) you have objected to our processing and your objection is being investigated.
- Request the transfer of your personal data. We will provide to you, or a third party you have chosen, with your personal data in a structured, commonly used, machine-readable format. This right only applies to automated data which we process under your consent or where we such personal data is used to perform our contract with you or your business/employer.
- Withdraw consent. We will stop processing any personal data which we are using under your consent. Remember that any processing done before consent is withdrawn remains lawful.
If you wish to exercise any of these rights please contact us on privacy@dolya.consulting.
Fees and confirming your identity
You will not have to pay a fee to exercise any of your rights in relation to your personal data, but we may charge a reasonable fee or refuse to comply with your request if it is clearly unfounded, repetitive or excessive.
We will ask you for information and documents to confirm your identity prior to you exercising your rights in relation to your personal data.
THIRD-PARTIES
This Privacy Notice relates to the activities of Dolya only. If we refer you or help you engage a third party service provider, that service provider will have their own policy which we encourage you to read.
COMPLAINTS
We are committed to robust standards of privacy protection, but if you become concerned about our management of your personal data, please contact us at privacy@dolya.consulting.
You also have the right to make a complaint at any time to your local EU supervisory authority, although we would appreciate an opportunity to resolve your concerns in the first instance.
CHANGES TO OUR PRIVACY NOTICE
We may make changes to this Privacy Notice from time to time, to mirror changes to our activities, practices and procedures or where necessary due to a change in regulation. A current version of our Privacy Notice will always be available on our website and any material changes may also be notified to clients by email.