Istari

Privacy Policy

SUMMARY OF HOW WE USE YOUR DATA

What do we do with your information and what is the legal basis for this use? Istari Global Limited as well as its affiliates, subsidiaries and related entities (also referred to as "Istari", "we" or "us"), use your personal data to provide you with the services you request from us, to inform you of our services and for other purposes as set out in this notice.

INFORMATION WHICH WE MAY OBTAIN ABOUT YOU

We collect and process personal data about you when you interact with us and our websites (e.g. submitting an online form to us via our website). This includes:

WHAT INFORMATION ABOUT YOU DO WE RECEIVE FROM THIRD PARTIES?

Sometimes, we receive information about you from third parties; in particular, we may receive information about you from business partners and third parties where you have been referred by them. The information we collect from such third parties includes:

 

WHAT WE DO WITH YOUR INFORMATION AND WHAT IS THE LEGAL BASIS FOR THIS?

We may use your personal data for the following purposes:

- as required by Istari to conduct our business and pursue our legitimate interests, in particular:

- where you give us consent (if required):

 

- for purposes which are required by applicable law, such as:

 

WITHDRAWING CONSENT OR OTHERWISE OBJECTING TO DIRECT MARKETING

Wherever we rely on your consent, you will always be able to withdraw that consent, although we may have other legal grounds for processing your data for other purposes, such as those set out above. In some cases, we are able to send you direct marketing without your consent, where we rely on our legitimate interests. You have an absolute right to opt-out of direct marketing, or profiling we carry out for direct marketing, at any time. You can do this by following the instructions in the communication where this is an electronic message, or by contacting us using the details set out below.

WHO WILL WE SHARE THIS DATA WITH, WHERE AND WHEN?

Istari may disclose your personal data to the following categories of recipients (in all cases, only when necessary to fulfil their functions):

We have offices in UK, Singapore, Germany and US. Therefore, where required to perform our contract with you or for our wider business purposes, the information that we hold about you will be transferred to, and stored at, a destination in UK, Singapore, Germany and US.

In situations where we transfer your personal data to countries outside of UK or the EEA to an organisation in a country which is not subject to an adequacy decision by the EU Commission or considered adequate as determined by applicable data protection laws, we will take steps to ensure that your personal data continues to receive a standard of protection that is at least comparable to that provided under the applicable laws by using the European Commission approved Standard Contractual Clauses, an appropriate Privacy Shield certification, a vendor's Processor Binding Corporate Rules or by relying on such other data transfer mechanisms as available under applicable data protection laws.

Where we transfer Personal data to another Istari entity outside of UK or the EEA, we use the European Commission approved Standard Contractual Clauses. A copy of the relevant mechanism can be obtained for your review on request by using the contact details below.

USE OF COOKIES AND RELATED TRACKING TECHNOLOGIES

Our site uses cookies or similar technologies. Please check our Cookie Notice for further details.

WHAT RIGHTS DO I HAVE?

Subject to applicable laws, you may have rights in relation to your personal data. Such rights include:

You have the right to ask us for a copy of your personal data; to correct, delete or restrict (stop any active) processing of your personal data; and to obtain the personal data you provide to us for a contract or with your consent in a structured, machine readable format, and to ask us to share (port) this data to another controller.

In addition, you can object to the processing of your personal data in some circumstances (in particular, where we don’t have to process the data to meet a contractual or other legal requirement, or where we are using the data for direct marketing).

These rights may be limited, for example if fulfilling your request would reveal personal data about another person, where they would infringe the rights of a third party (including our rights) or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping. We will inform you of relevant exemptions we rely upon when responding to any request you make.

Wherever we rely on your consent, you will always be able to withdraw that consent, although we may have other legal grounds for processing your data for other purposes, such as those set out above. You have an absolute right to opt-out of direct marketing, or profiling we carry out for direct marketing, at any time.

To exercise any of these rights, or to obtain other information, such as a copy of a legitimate interests balancing test, you can get in touch with us using the details set out below. If you are in the EEA/UK and you have unresolved concerns, you have the right to complain to an EEA/UK data protection authority where you live, work or where you believe a breach may have occurred.

We will aim to respond to all legitimate requests as soon as we reasonably can and in any event within one month. If we think that it will take us longer than one month, we’ll let you know why and keep you updated. Where you make any requests, we might ask for specific information to confirm your identity as a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. This might include asking for further information in relation to your request to be able to speed up our response.

 

HOW TO GET IN TOUCH WITH US

We hope that we can satisfy queries you may have about the way we process your data. If you have any concerns about how we process your data, or would like to opt out of direct marketing, you can get in touch at [email protected] with “privacy” in the subject line, or by writing to ISTARI GLOBAL LIMITED, 8 Cavendish Square, Marylebone, London, W1G 0PD.

HOW LONG WILL YOU RETAIN MY DATA?

Where we process personal data for marketing purposes or with your consent, we process the data until you ask us to stop and for a short period after this (to allow us to implement your requests). We also keep a record of the fact that you have asked us not to send you direct marketing or to process your data so that we can respect your request in future. For personal data we collected for recruitment purposes, we will retain your personal data only for as long as we need it for Istari's legitimate interest in accordance with applicable law, for the purposes of the recruitment process and, once this process is finished, for an appropriate period so as to be able to deal with any legal claims linked to the application process.

 

WHICH ISTARI ENTITY IS MY DATA CONTROLLER, AND WHICH AFFILIATES MIGHT MY DATA BE SHARED WITH?

The data controller for your information is Istari Global Limited. Depending on where you are, we may share your personal data with our affiliates so that we can response to your request or for our wider business purposes. You can obtain the identity and contact details on our affiliates with who we share your personal data by contacting us using the details set out above in this notice.

AMENDMENTS

Any changes we make to our privacy notice in the future will be posted on this page and, where appropriate, notified to you by e-mail or otherwise. Regularly reviewing this page ensures that you are always aware of what information we collect, how we use it and under what circumstances, if any, we will share it with other parties.