Perygl Limited's Privacy Statement with effect from 12 May 2020

 

1. Perygl Ltd ("the company') is a UK consulting business chiefly engaged in conducting political risk advisory, deal and market research, and due diligence and related investigations, including in the context of combating fraud, money-laundering and bribery, in support of our clients’ obligations under UK law, EU regulations and directives, international conventions, UK, EU and US sanctions' regimes, and other prevailing regimes such as the US Foreign Corrupt Practices Act and FinCen Rules. For example, the Fourth AML Directive explicitly authorised financial institutions to use third party service providers in meeting its obligations in these areas.

2. Perygl Ltd seeks to operate within industry best practice at all times and is committed to complying with all applicable legislation, including the UK’s Data Protection Act 2018 (DPA) and, in so much as it applies beyond the scope of the DPA, the EU General Data Protection Regulation (GDPR).

3. In the course of its work, Perygl Ltd may need to process certain personal information (personal data) related to individuals. We are committed to fair and lawful processing, transparency, and protecting the rights and privacy of individuals, while at the same time providing appropriate, prudent and professional services to our clients to enable them to fulfil their societal, regulatory and legal obligations. 

4. Perygl Ltd understands personal data to be any combination of information which identifies a specific natural person (data subject).  This may include: biographical information or current circumstances, dates of birth, social security numbers, phone numbers and email addresses, IP addresses, behaviour, character traits, associations, workplace and career data, educational information, memberships, religion, political opinions, geo-tracking data, health and genetics, including medical history.

5. In processing a data subject’s personal data, Perygl Ltd seeks to adhere to the eight principles enshrined in the UK Data Protection Act (2018) and the GDPR, name

i) Personal data shall be processed fairly, lawfully and transparently in relation to the data subject. In particular, data shall not be processed unless at least one of the conditions in Paragraph 3 above are met.

ii) Personal data shall be obtained only for a lawful purpose as specified in Paragraph 3, and shall not be further processed in any manner not compatible with that process.

iii) Any personal data processing shall be adequate, relevant and limited to what is necessary in relation to the purpose for which it is processed (“data minimisation”).

iv) Personal data shall be accurate and, where necessary, kept up to date (“accuracy”). Every reasonable step must be taken to ensure that personal data that is inaccurate is either erased or rectified without delay.

v) Personal data will not be retained longer than is necessary for the purpose ('storage limitation'), using a default maximum of three years. Perygl Ltd's Data Controller will regularly review the length of time personal data is retained and, if the purpose or purposes for which the information is held is no longer necessary, the data will be destroyed earlier than three years and securely.

vii) Personal data shall be processed in accordance with the established rights of data subjects.

viii) Appropriate technical and organisational measures against unauthorised or unlawful processing, loss, damage or destruction ("integrity and confidentiality").

 ix) Personal data shall not be transferred to a country or territory outside the EU unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

6.  Perygl Ltd will only process personal data under a lawful basis.  The UK Data Protection Act (2018) and the GDPR set out the following lawful bases for processing, and at least one of the following shall apply whenever Perygl Ltd processes personal data:

i) Consent: the data subject has given clear consent for the processing of their personal data for a specific purpose. 

ii) Contractual Necessity: the processing is necessary for a contract entered into with the individual, or because the individual has asked for specific steps to be taken before entering into a contract.

 iii) Legal obligation: the processing of personal data is necessary to comply with the law (not including contractual obligations).

iv) Vital interests: the processing is necessary to protect interests that are essential for someone’s life.

v) Public task: the processing is necessary to perform a task in the public interest or for an official function, and the task or function has a clear basis in law.

vi) Legitimate interests: the processing is necessary under legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data that overrides those legitimate interests.

7. There are a number of circumstances under which Perygl Ltd may process personal information. The most common circumstances are likely to be:

i) With the consent of the data subject, for example where we are conducting due diligence or pre-appointment scrutiny and the data subject has provided informed consent to the processing of their data.

ii) In preparation for entering into or entering into a contract with the data subject, or in the performance of a contract with the data subject, for example with our clients and their partners, our business partners, employees or other service providers and agents.

iii) In pursuit of our legitimate interests or those of the clients we act for.  

Usually this will be for the purposes of fulfilling our obligations or those obligations of our clients to conduct adequate due diligence and background checks to comply with the obligations of relevant legislation and regulation, including but not limited to the UK Bribery Act, the US Foreign Corrupt Practices Act, EU Anti-money-laundering and terrorist financing regulations and directives, sanctions and denied-persons regimes and other prevailing regimes and standards.

Legitimate interest processing will frequently be the most relevant ground for our processing.  Where this is the case, Perygl Ltd will seek to ensure organisational accountability and responsible use of personal data, while effectively protecting data privacy rights of data subjects. Perygl Ltd will always seek to balance its legitimate interest with the rights of individuals and will apply safeguards and compliance steps to ensure that individual rights are not unfairly or unlawfully prejudiced in any given case.

8. Perygl Ltd obtains personal information only through lawful means. The overwhelming majority of the personal information which it may process will be derived from data that is already in the public domain, such as published corporate and legal records, online, archived and historic media articles, biographies and business profiles. Where Pergyl Ltd uses this information, it will endeavour to render it faithfully, to ensure that it is as accurate as possible and to provide a link or citation for the original source of the data.  This information will be used in the spirit and for the same overriding purpose for which it was originally provided, e.g. biographical data provided for the purposes of establishing an individual’s bona fides and experience or to obtain employment or career advancement, data on corporate involvements provided for the purposes of complying with statute and agreed principles of corporate transparency, beneficial ownership and combating fraud.  Where Perygl Ltd obtains personal information from third parties, for example a confidential reference on a data subject, it will endeavour to verify the information provided, the lawful basis on which that information can be passed to us and processed and the authenticity of the party that has provided it. Perygl Ltd will identify such information as having been derived from a third party.

9. In accordance with Paragraph 5(vi) above, data subjects have the following rights regarding data processing and the data recorded about them:

i) To make subject access requests to learn the nature of information held and to whom it has been disclosed;

ii) To prevent processing likely to cause damage or distress;

iii) To prevent processing for the purposes of direct marketing;

iv) To be informed about mechanics of automated decision taking processes that will significantly affect them;

v) Not to have significant decisions that will affect them taken solely by automated process;

vi) To sue for compensation if they suffer damage by any contravention of the DPA;

vii) To take action to rectify, block, erase or destroy inaccurate data;

viii) To request the UK Information Commissioner's Office (ICO) to assess whether any provision of the regulation has been contravened;

In the event of a complaint by a data subject concerning Perygl Ltd's processing of personal data, Perygl Ltd will invite the complainant to approach the company to resolve the complaint. If Pergyl Ltd is not able to resolve the complaint, it will advise the data subject to direct the complaint to the ICO.

10. Data subjects wishing to determine if Perygl Ltd is processing their personal information should send a subject access request to the Data Controller/Data Protection Officer at info@perygl.co.uk  Data subjects should note that there may be certain situations where the company may be unable to disclose all personal information, for example where it may prejudice the interests and rights of others, including in relation to prejudicing legal proceedings, negotiations, management information and other market-sensitive information.

11. Perygl Ltd does not maintain formal archives, lists or otherwise hold or store personal information in databases in any managed sense. The company may retain some information that contains personal data where it believes the purpose for doing so is in the public interest, in which case such information may be exempted from the above conditions on a case-by-case basis. For the duration that personal data is held, Perygl Ltd seeks to ensure that personal data is safeguarded through the use of technical means and safe data handling.  


PERYGL

© 2021 All Rights Reserved.
Pergyl Ltd is registered as private limited company under the laws of England and Wales, with the company registration number 12597667 and VAT number GB347 7804 38
Privacy Policy