Harneys is committed to protecting and respecting your privacy. We are aware of the concerns which exists over the security of information which you provide to us (both over the internet and otherwise). We may obtain, use, process and disclose personal data about you in order to carry out our instructions and for other related purposes including updating and enhancing our client records, analysis for management purposes and statutory returns, crime prevention and legal and regulatory compliance. We will only use contact details provided to us for marketing our services only if you have expressly consented to receiving such communication. If you have not consented to marketing, contact details will only be used for the purposes of providing our services to you.
Personal information that we hold will include:
- Personal data that you submit to us via the Harneys mobile application include: email address, forename(s), surname(s), former names, aliases, date of birth, device ID, primary residential address, occupation, nationality, country of birth, service address for documents, ID images and face images.
- Personal information that we collect automatically via the app. When registering your account with us, we may collect data that identifies the type of mobile device you have, IP address, app crashes and other system activity.
We collect this information for the purposes of ID verification and conducting politically exposed person (PEP) and international sanctions checks against third party systems. We also use the information to check for potential identity theft and online fraud. Our service providers that process your personal data on our behalf for the purposes of these checks are bound by confidentiality and are not permitted to use your personal data for any other purposes. They also do not store any of your personal data long-term.
We will comply with all relevant laws including the UK Data Protection Act 1988, the Cyprus Personal Data (Protection of Individual) Law 2001 and the Hong Kong Personal Data (Privacy) Ordinance (Cap 486). For the purposes of the UK Data Protection Act 1988, the data controller is Harney Westwood & Riegels LLP. For the purposes of the Cypriot Personal Data (Protection of Individual) Law 2001, the controller is Aristodemou Loizides Yiolitis LLC. During the course of our instructions, it is likely that it will be necessary to transmit elements of your data to jurisdictions which do not offer such protection as is afforded within the European Union.
We disclose personal data to law enforcement insofar as it is required by law or is strictly necessary for the prevention, detection or prosecution of criminal acts and fraud. We may need to further disclose personal data to competent authorities to protect and defend our rights or properties, or the rights and properties of our business partners.
The services offered by Harneys are not directed at children under 18 years old. If we receive information from a child under 18 years old, we reserve the right to delete it. In limited cases as part of a service provided by Harneys, Harneys may collect and use information of children only with the consent of their parent or guardian.
You have the right to review the personal information that we keep about you. You can send a request to receive an overview of your personal data by emailing us at email@example.com. To expedite handling please use the subject line "Requesting personal information". If your data is inaccurate or if you believe we are no longer entitled to use your personal data or have questions on how your data is used, please contact us at firstname.lastname@example.org. You have the right to request that your personal information be removed from our systems by contacting us at email@example.com the subject line “Requesting account deletion” or by sending a message via the Help screen of the app. We will be in touch with you to discuss any data retention for compliance with legal regulations and set a date for removal of your data.
The processing of your personal data is controlled by Harneys. Harneys determines what data will be shared with third parties. If you have any suggestions or comments about this privacy notice, please send an email to firstname.lastname@example.org.
Data and IT security
Harneys follows industry best practices for security in all areas. This includes formal onboarding and exit procedures for staff, robust logical access controls, strong password policies and tight physical and environmental security. Only authorised personnel are permitted to access personal data in the course of their work. Data leak prevention is augmented by careful asset management and encryption of all remote access sessions and corporate mobile devices. The network perimeter is secured by a multi-tiered firewall structure; internal systems are comprehensively covered by anti-virus software; and an intrusion detection system and other vulnerability monitoring tools are also in place.
Only best-of-breed hardware and software systems are installed, including for email security, document management, network security and mobile device management. Data is backed up frequently and backups rotated in accordance with a strict schedule. All backups are encrypted, and off-site copies are transported and stored by specialist service providers.