Solestic Advisory (“we,” “our,” or “us”) is obliged to maintain your privacy on the Internet. Our privacy policy is based on the General Data Protection Regulation (GDPR) of the European Union. The purposes for which we collect your personal data are:
By accessing or using our Service, you signify that you have read, understood, and agree to our collection, storage, use, and disclosure of your personal information as described in this Privacy Policy and our Terms of Service.
To help explain things as clearly as possible in this Privacy Policy, every time any of these terms are referenced, are strictly defined as:
The Solestic Advisory website pages will set out details of the Personal Data that will be processed by Solestic Advisory on behalf of the Client, including the duration, purpose, types, and categories of Personal Data and Subprocessors, if any. Details of Processing and Subprocessors, respectively.
Where additional authorizations or consents are required from the Client Data Subjects under applicable Data Protection Laws to process Personal Data on behalf of the Client, the Client shall collect such authorization or consent for the respective processing activity of the Personal Data, as required under Data Protection Laws.
Solestic Advisory shall not process, transfer, modify, amend, or alter Personal Data or disclose or permit disclosure of Personal Data to any third party other than:
In addition, Solestic Advisory is allowed to use aggregated data—to the extent that it can no longer be considered Personal Data and is, therefore, not subject to Data Protection Laws—for analysing purposes, for a website, and for internal operations, including troubleshooting, data analysis, testing, research, statistical purposes, for developing and improving Solestic Advisory’s Services and products, and benchmarking.
Solestic Advisory may be required to appoint certain third parties, including Solestic Advisory Affiliates, to provide part of the Services to the Client or assist with technical support, such as IT service providers or other suppliers.
By signing the Service Agreement, Client authorises Solestic Subprocessors, which are, in each case, subject to the terms between Solestic Advisory and Subprocessor, which are no less protective than those set out in the Policy and the Service Agreement.
Solestic Advisory shall keep Personal Data confidential and ensure its staff and Subprocessors are bound by the same confidentiality obligation. Solestic Advisory shall implement appropriate technical and organisational measures to provide personal data security appropriate to the risk required according to applicable data protection laws. It shall take all necessary measures according to Article 32 GDPR (security of processing) and any other more protective corresponding requirement under Data Protection Laws.
In assessing the appropriate level of security, Solestic Advisory shall consider the risks presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data transmitted, stored, or otherwise processed.
Solestic Advisory shall, upon request and to the extent required under Data Protection Laws, cooperate with Client requests that relate to the processing of Personal Data. In particular, Solestic Advisory shall cooperate with requests that relate to Client Data Subject rights, data protection impact assessments, and Data Protection Audit rights as described below.
The Client shall avoid causing any damage, injury, or disruption to Solestic Advisory’s equipment, personnel, and business during such Data Protection Audit or inspection.
A maximum of one Data Protection Audit may be activated under this section in any twelve (12) month period at no additional cost to the Client, unless (i) the audit is following up on a Personal Data Breach caused by Solestic Advisory in the same period, (ii) the Data Protection Audit request made by the Client in the same period would exceed commercially reasonable market audit standard costs and/or (iii) Data Protection Audit request made by the Client in the same period would require allocation of Solestic Advisory internal resources for more than one (1) business day to fulfil the request.
In the previous events, Solestic Advisory promptly notified the Client of such additional expected costs in advance. The Client and Solestic Advisory agreed to such costs before initiating the referred Data Protection Audit request. Any further Data Protection Audit within the referred twelve (12) month period shall be at the Client’s expense.
Solestic Advisory will, at the choice of Client, delete or return Personal Data at the end of the provision of the Services involving processing, unless:
Solestic Advisory shall notify Client immediately after becoming aware of a Personal Data Breach, providing the Client with sufficient information that allows the Client to meet any obligations to report a Personal Data Breach under Data Protection Laws.
Upon request by the Client, Solestic Advisory shall fully cooperate with the Client and take such reasonable steps as are directed by the Client to assist in the investigation, mitigation, and remediation of each Personal Data Breach to enable the Client to (i) perform a thorough investigation into the Personal Data Breach and provide incident details as required under Data Protection Laws such as Article 33(3) GDPR or other corresponding obligations determined by Data Protection Laws, (ii) formulate a correct response and (iii) take suitable further steps in respect of the Personal Data breach to meet any requirement under the Data Protection Laws (“Remediation Measures”).
If Solestic Advisory causes a personal data breach, Solestic Advisory shall bear the reasonable costs of remediation measures taken by Solestic Advisory.
If and to the extent costs incurred by Solestic Advisory related to Remediation Measures as directed by the Client are related to the Personal Data Breach caused by the Client, the Client shall compensate reasonable costs of the Remediation Measures taken by Solestic Advisory. Any costs borne by Solestic Advisory that exceed those reasonable costs for Remediation Measures shall be mutually agreed upon by parties to the Service Agreement in advance.
Remediation Measures shall:
Client warrants that Personal Data processed by Solestic Advisory on behalf of the Client has been and shall be processed by the Client under Data Protection Laws, including without limitation:
Solestic Advisory shall be liable for the damage caused by processing only where it has not complied with obligations of Data Protection Laws directed explicitly to the Processor or acted outside or contrary to the Client’s lawful instructions as indicated in the Service Agreement. Client shall be liable for the damage caused by Client’s processing, which infringes Data Protection Laws. Solestic Advisory shall be exempt from liability under section 10 of the Policy if it proves that it is not in any way responsible for the event giving rise to the damage.
Where more than one Controller or Processor, or both Controller and Processor, are involved in the same processing and where they are, under the Service Agreement, responsible for any damage caused to Client Data Subject by processing, each Controller or Processor shall be held liable for the entire damage to ensure adequate compensation of Client Data Subject(s). Where Controller or Processor has paid total compensation for the damage suffered, that Controller or Processor shall be entitled to claim back from the other Controller(s) or Processor(s) involved in the same processing that part of the compensation corresponding to their part of the responsibility for the damage, following the conditions set out in the previous paragraph.
If you have any queries about Solestic Advisory’s Privacy Policy, please send an email to support@solesticadvisory.com and be sure to indicate the nature of your query.