Privacy Policy

Last updated: July 31, 2021

1 — Who is responsible for your Personal Data

This Privacy Notice explains how Oristan (being “Oristan Ireland DAC” and any other Oristan entity, its subsidiaries and branches, “we”, “us” or “our”) collects, uses, shares and otherwise processes your Personal Data in connection with your relationship with us as a Oristan Ireland DAC client, acting for a client or being generally interested in our services and our publications in accordance with applicable data privacy laws and the General Data Protection Regulation 2016/679 (“GDPR”) which will become applicable as of 25 May 2018. We control the ways your Personal Data are collected and the purposes for which we use your Personal Data acting as “data controller” for the purposes of the GDPR.

2 — Personal Data we collect about you

When using the term “Personal Data” in this Privacy Notice, we mean information that relates to you and allows us to identify you, either directly or in combination with other information that we may hold. Your Personal Data may include for example your name, your contact details, bank details or information on how you interact with us.

We will process your Personal Data if and to the extent applicable law provides a lawful basis for us to do so. We will therefore process your Personal Data only:

  • a) if you have consented to us doing so
  • b) if we need it to perform the contract we have entered into with you, or
  • c) if we need it to comply with a legal obligation, or
  • d) if we (or a third party) have a legitimate interest which is not overridden by your interests or fundamental rights and freedoms. Such legitimate interests will be the provision of services by us, administrative or operational processes and direct marketing.

2.1 — Categories of data we collect

  • We only collect your name, email address, full IP address and browser information when you use our contact forms.
  • We collect your anonymised IP address for our analysis of website visitors.
  • We do not currently use third party services.

You can manage the features you enable using the cookie management dashboard:

2.2 — Sensitive Personal Data

In the course of providing services to you, we may collect information that could reveal your racial or ethnic origin or conviction of criminal offences. Such information is considered “sensitive personal data” under the GDPR. We only collect this information in the case you have given your explicit consent, it is necessary according to legal obligations, or you have deliberately made it public.
For example, we may collect this information during the onboarding phase at the beginning of our business relationship when you provide us with an extract of your criminal record. Also, when you provide us with your personal documentation such as CV, copy of passport or ID card, your nationality and/or photo may imply your racial or ethnic origin.
By providing any sensitive personal data you explicitly agree that we may collect and use it in order to provide our services and in accordance with this Privacy Notice.
If you do not allow us to process any sensitive personal data, this may lead to us being unable to provide all or parts of the services that you have requested from us.

3 — How and why we use your Personal Data

We use your Personal Data for the following purposes:

  • To provide our services to you
  • To communicate with you and manage our relationship with you
  • To improve your customer experience
  • To improve our services, fulfil our administrative purposes and protect our business interests
  • To comply with our legal obligations

We will only use your Personal Data for the purposes for which we collected it and which we informed you about, unless we reasonably consider that we need to use it for another reason which is compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

4 — Your rights in relation to your Personal Data

Under the GDPR you have rights as an individual which you can exercise under certain circumstances in relation to your Personal Data that we hold. These rights are to:

  • request access to your Personal Data (commonly known as a “data subject access request”) and request certain information in relation to its processing;
  • request rectification of your Personal Data;
  • request the erasure of your Personal Data;
  • request the restriction of processing of your Personal Data;
  • object to the processing of your Personal Data.

If you want to exercise one of these rights please contact us at contact@crystalfund.com.

5 — Security of your Personal Data

We are committed to taking appropriate technical and organisational measures to protect your Personal Data against unauthorised or unlawful processing and against accidental loss, destruction or damage.
Your Personal Data is stored in the EU in electronic and physical form. Any physical documentation is kept under lock and key in a secure location at our premises. Electronic files that contain Personal Data are stored within a secured IT infrastructure.

6 — Retention period

We will only retain your Personal Data for as long as we need it in order to fulfil the purposes for which it was collected and processed, including for the purposes of satisfying any legal, regulatory, accounting or reporting requirements.
In some circumstances we may anonymise your Personal Data so that it can no longer be associated with you, in which case it is no longer considered as Personal Data. Upon expiry of the applicable retention period we will securely destroy your Personal Data in accordance with applicable laws and regulations.

7 — Sharing your Personal Data

Please note that we may use or disclose Personal Data if we are required by law to do so or if we reasonably believe that use or disclosure is necessary to protect our rights and/or to comply with judicial or regulatory proceedings, a court order or other legal process.

8 — Fees

You will in general not have to pay a fee to exercise any of your individual rights mentioned in this Privacy Notice. However, we may charge a reasonable fee if your request to exercise your individual rights is manifestly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

9 — Updates to our Privacy Notice

We reserve the right to update this Privacy Notice at any time, and we will make an updated copy of such privacy notice publicly available.

10 — Contact information

If you have any concerns or require any further information, please do not hesitate to contact us at contact@crystalfund.com or send your request to the following address:

Oristan Ireland DAC
Block 4 Harcourt Road
Harcourt Centre – Suite 502
Dublin D02 HW77 Ireland