Javelin will retain personal information for the duration of the relationship. Once that relationship ends, Javelin will retain personal information in accordance with its rights and legal obligations and your rights and legal obligations. Often, this may result in certain types of personal information being retained by us for differing lengths of time; however, Javelin will only retain personal information for a limited period of time, which will depend on a certain factors, including: the applicable laws or regulations; whether we are in a dispute; the type of personal information that we hold; and whether a regulatory authority has requested that we keep your personal information.
- transferred to, and stored in, a destination outside the European Economic Area (“EEA”), and / or
- processed by employees, staff or authorised representatives operating outside the EEA who are employed by or work for us or for a third party entity (each a “processor”).
As a result of our processing of personal information, if we are required to transfer personal information outside of the EEA, a transfer is subject to the following safeguards:
- The transfer of personal information must be necessary for a reason specified in applicable data protection laws and regulations.
- There must be appropriate levels of protection for personal information in the country to which the personal information is to be transferred.
- Safeguards have been established to protect personal information, including contractual arrangements with the recipient incorporating suitable protective terms relating to the protection of personal information.
- You have given your consent to the transfer of such personal information.
Disclosure of Personal Information
Javelin is one legal entity within a wider group of companies, partnerships and joint-venturers domiciled and with operations in various jurisdictions worldwide (“Javelin Group”). As a result, there may be occasions where Javelin may need to share personal information within the Javelin Group, including the following instances:
- To meet customer needs/demand where we provide commercial services through various offices and locations.
- To meet our obligations with respect to reporting.
- Where our support functions are provided by other companies within the Javelin Group or where systems and services are shared within the Javelin Group.
- For the purpose of obtaining an approval from, and authorisation by, a key position holder.
Where personal information is shared within the Javelin Group, it is permitted on a limited basis and on a “need to know” basis. If a company within the Javelin Group processes personal information on behalf of Javelin, we will ensure prior to such processing that they have appropriate safeguards in place to protect personal information.
On occasion, we may instruct a third party to conduct specific commercial functions on our behalf. These third parties will process your personal data on our behalf (as our processor). We will disclose your personal data to such third parties so that they can perform those functions. We will ensure that prior to such processing that they have appropriate safeguards in place to protect personal information. Examples of these third parties include service providers and sub-contractors such as IT support, back up and server hosting providers.
We may also disclose personal information to third parties (who will receive it as controllers of your personal data in their own right) for the purposes set out above, in particular:
- Services provided to you or us by a third party acting independently to Javelin, but which has a relationship with Javelin, such as fraud checking services and our professional advisors.
- If we are compelled to disclose your personal information in order to comply with a legal obligation or to enforce or protect the rights, property or safety of Javelin, our employees, customers or others.
The categories of recipients with whom we are likely to share personal information include the following:
- Consultants and professional advisors such as legal advisors and accountants.
- IT support, website and data hosting providers and administrators.
- Banks, finance houses and other payment processors.
- Insurance companies and brokers.
- Regulatory authorities or bodies.
- Business and joint venture partners.
- Courts, arbitrators, receivers, administrators and/or liquidators.
In relation to any personal information that Javelin holds about you, you have certain legal rights:
- Access. You can have access to your personal data by making a “data subject access request”, subject to conditions. Ideally, you should specify the type of information you wish to access to enable us to properly respond to the request. We must be able to verify your identity. Your request must not impact the rights and freedoms of other people, such as privacy and confidentiality related rights of others. Depending on the information requested and the context, there may be other exemptions that may apply.
- Objections to or restrictions on data processing. You can object to or ask us to restrict the processing of your personal information, subject to conditions. This right applies where our processing of your personal information is necessary for our legitimate interests. You can also object to our processing of your personal data for direct marketing purposes.
- Inaccurate personal or incomplete information. You can challenge the accuracy or completeness of your personal information. You can have it corrected or completed. You are responsible for helping us to keep your personal information accurate and up to date. This right only applies to your own personal information.
- Right to “be forgotten”. You can have your personal data erased and to “be forgotten”, subject to conditions. So, if your personal information is no longer required for the purpose it was collected, or where processing is unlawful. We may not, however, be able to erase your personal information if we need it to comply with a legal obligation or defend or enforce a legal claim.
- Withdraw consent. If we have processed your personal information subject to your consent, you can withdraw that consent. By withdrawing your consent, it will apply with respect to the processing of your personal information in the future.
- Portable Data. You can receive the personal information that you previously provided to us and which is processed by us by automated means, in a machine readable format, subject to conditions. Ideally, you should specify the type of information you wish to receive and where it should be sent. This right only applies if the processing is based on your consent or on our contract with you and when the processing is carried out by automated means and does not apply to any paper records. The scope of this right is limited to cover only the personal information that has been provided to us by you.
The rights described above are limited because our use of personal information is incidental and for limited business-related personal information in business records and business communications which we are required to retain as discussed above.
Where we process your personal information for reasons that it is necessary for a business reason, you can object to this processing at any time. In the event that you do, Javelin is required to provide a compelling reason overriding your interests and rights as to why our processing should continue or that the processing is necessary for to establish, make or defend a legal claim.
If any of the personal information you have provided to us should change, is no longer accurate or if something is incorrect, please inform us as soon as possible.
You can exercise the rights above at any time by contacting us firstname.lastname@example.org..
If you are based in the European Union, you have the right to lodge a complaint with your local data protection regulator. If based in the UK, you can complain to the Information Commissioner’s Office (ICO) https://ico.org.uk/. If you have a complaint, Javelin would welcome the opportunity to address your concerns prior to a complaint reaching a regulator, so please free to contact us first at email@example.com.
If you would like more information about any of the subjects covered in this Privacy Statement or would like to discuss any issues or concerns with us, please contact us firstname.lastname@example.org.