Effective: March 15, 2018
As a resident of an EU Member Country, a data subject’s rights to privacy and the protection of such data subject’s personal information is derived from the General Data Protection Regulation (“GDPR”). The GDPR governs the conduct of all companies processing the personal data of data subjects residing in countries that are members of the European Union,. The GPDR applies to the processing of personal data by controllers and processors in the EU, regardless of whether the processing takes place in the EU or not. The GDPR will also apply to the processing of personal data of data subjects in the EU by a controller or processor not established in the EU, where the activities relate to: the offering of goods or services to EU citizens (irrespective of whether payment is required) and the monitoring of behavior that takes place within the EU. Non-EU businesses processing the data of EU citizens may, in some circumstances, have to appoint a representative to supervisory authorities in the EU.
Cyndx has adopted the following definitions used in the GDPR for this EU Data Privacy Supplement:
Personal Data: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person
Consent: any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her
Data Controller: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
Data Processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
Processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Personal Data Breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.
Under the GDPR, Data Controllers and Data Processors need the affirmative consent of the data subject to access and process such data subject’s Personal Data. Consent must be solicited in an intelligible and easily accessible form. Cyndx does not process the personal data of a data subject without first receiving the affirmative consent of that data subject. A data subject may provide and / or revoke consent to process Personal Data by at any time by sending the applicable instruction to email@example.com.
The GDPR requires that Cyndx notify a data subject in the event of a data breach that is likely to “result in a risk for the rights and freedoms of individuals”. This notification must be effected within 72 hours of the data controller first having become aware of the breach.
In the event of a data breach that subjects a data subjects rights and freedoms to risk, Cyndx shall provide an electronic notification of such breach to the data subject at the data subject’s e-mail address of record.
When Cyndx is acting in the capacity of a data processor, it will also be required to notify its customers, the data controllers, “without undue delay” after Cyndx first becomes aware of a data breach.
Right to Access Personal Data
Data subjects have the right to obtain from the Data Controller confirmation as to whether or not personal data concerning the data subject is being processed, where it is being processed, and for what purpose. Further, the Data Controller is required to provide a copy of the personal data, free of charge, in an electronic, readily accessibleformat.
In the event that a Data Subject that wish to review the Personal Data that Cyndx has collected and processes abut them should send a written request to access and review Personal Data, to firstname.lastname@example.org
Right to be Forgotten
The GDPR provides data subjects, under certain conditions, with the right to data erasure, or the “right to be forgotten”. Data subjects may exercise the right to data erasure if their personal data is no longer necessary in relation to the purposes for which it was initially collected or otherwise processed, or the data subject withdraws his / her consent. Under the GDPR, in those instances in which the data subject requests that personal data be removed or “erased”, the Data Controller may no longer process the personal data unless the Data Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
Cyndx deletes Personal Data upon the receipt of an instruction by the data subject that he / she has revoked his / her consent to have his / her Personal Data processed.
Cyndx does not collect Personal Data that reveals a person’s racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
Where Personal Data is processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Cyndx does not share Personal Data with third parties for marketing purposes. In the event that a data subject wishes Cyndx to delete his / her Personal Data, the data subject should provide that instruction to Cyndx at email@example.com.
The GDPR provides data subjects with the right to data portability. Data subjects have the right to obtain an electronic readily accessible copy of the personal data that Cyndx has collected or which the data subject has previously provided to Cyndx in a ‘commonly used and machine readable format’ and may direct Cyndx to transmit that Personal Data to another Data Controller. Such requests should be directed to firstname.lastname@example.org.
Privacy by Design
Under the GDPR, Data Controllers must address data protection issues when designing its data controlling and processing systems and implement appropriate technical and organizational measures in an effective way in order to meet the requirements of the GDPR and protect the rights of data subjects.
Cyndx has designed its technological infrastructure, systems and administrative procedures to ensure compliance with the GPDR requirements.
Consent for Cyndx to Process Personal Data
I am a resident of a country that is a member of the European Union and I am over 18 years of age.
I understand that Cyndx is a technology company that provides technology solutions to companies, financial intermediaries, fund managers and alternative investment fund managers (“Subscribers”) seeking capital and / or strategic opportunities.
I understand that Cyndx wishes to collect and process certain personal data about me, including my name, e-mail address, current address and information about my financial net worth, investment patterns and history. I understand that Cyndx may act as a Data Controller and in some instances a Data Processor.
I understand that Cyndx may, in the ordinary course of conducting it business, make my Personal Data available to its Subscribers and as a result, such Subscribers may contact me in an effort to solicit my interest and / or participation in certain financial transactions.
I have carefully reviewed this section of the Cyndx website and am aware of my data protection and privacy rights provided by the GDPR. By clicking this link, I am hereby providing my knowing and voluntary consent to have Cyndx collect, process and share my Personal Data as it deems appropriate.
I understand that Cyndx shall continue to process my Personal Data until I revoke my consent by notifying Cyndx at email@example.com. I understand that I am free to revoke my consent to have Cyndx process my Personal Data at any time.