Lapithus Privacy Notice (Service Providers, Contractors and Counterparties)
Personal information we collect, purpose and lawful basis
In connection with the Lapithus Group’s (“our”) consideration, due diligence, entering into, perfoming, paying for, overseeing, administering or exercising rights under contracts and business and professional relationships between us, our affiliates and/or clients and their actual and prospective contractors, professional advisors, customers, obligors, agents, service providers and other professional payees, such as notaries (collectively, “Counterparties”), the Lapithus group collects and processes the names, positions, telephone numbers, emails and other contact details of the Counterparties and of their officers, responsible or contact employees and shareholders/owners. Where needed for qualification or compliance checks, other professional and identifying information such as professional qualifications, date and place of birth, and place of residence, may be collected. Where needed in connection with making or receiving payments, Counterparty bank account number, name and details are collected. Special category data is not collected. If the above information is not provided to us, we may not be able to assess contracting suitability, enter into, administer or perform the appropriate contract or payment.
This information is provided to us by or on behalf of the actual or prospective Counterparty and/or collected by us from public sources, in each case in connection with selecting, assessing, due diligencing, or engaging the Counterparty, receiving, supervising, monitoring and auditing receipt of services, complying with legal obligations in connection with the engagement of the Counterparty and its services, discharging duties and exercising, establishing and/or enforcing rights in connection with the engagement, or making payments. Further, third-party screening and information providers, including LSEG Worldcheck, Moody’s, Creditreform, Dun & Bradstreet, Relx (UK) Limited, trading as LexisNexis, and other LexisNexis and LexisNexis Risk group companies and affiliates (“LexisNexis”), may provide us with additional personal information to enable us to conduct background checks and screening activities, comply with our legal obligations and for the other purposes listed above. (LexisNexis are themselves responsible for any personal information which they may collect and hold about you until it is received by us. To learn more about how LexisNexis collects and uses your personal information, please refer to their own separate privacy policy at https://www.lexisnexis.com/global/privacy/en/article-14-bis.page)
We use the information collected as stated above for the purposes listed above. To the extent compliance with legal duties is involved, the lawful basis of our processing is our legal obligation. Where needed to evaluate suitability, enter into, perform, or exercise our rights under, a conract directly with the data subject, or make payment for services to a data subject, our basis for processing is contract. In all other cases described above, we have a legitimate interest in maintinaing and furthering the business relationship in question, due diligencing counterparties, fraud prevention, compliance and the safeguarding of assets and operations which is the lawful basis of our processing.
We do not use the above information for making decisions relating to data subjects solely by automated means (including profiling).
How we store your personal information
Your information is securely stored in accordance with applicable data protection rules. We keep the information for the duration of the selection and diligence process, the duration of the contract or business relationship with the Counterparty, and for time periods required for establishing and protecting our and our clients’ legal rights, compliance and maintaining corporate records. We will then delete this information.
How we share and transfer personal information
We may share this information with our affiliates and with client entities involved in the contractual, business or professional relationship with the Counterparty or in the receipt and oversight of the respective services, and with our and our clients’ affiliates and advisors assisting in this. We may share Counterparties’ invoice, payment and account-related information with our payment anti-fraud solution providers, such as Sis ID or Trustpair.
In doing the above, we primarily store and transfer information in and between the EEA, the UK and countries subject to a European Commission adequacy decision.
In limited circumstances, we may transfer data to other countries where our service providers or affiliates operate, and where this occurs, we ensure appropriate safeguards required by applicable data protection laws and regulations are in place, including adequacy decisions, standard contractual clauses approved by the UK and EU data regulators, and/or other appropriate safeguards as required by EU and UK GDPR – these may be obtained by contacting us at the details below.
Your rights, contacts and complaints
Under data protection law, you have rights including right of access, rectification, erasure, and restriction of processing, subject to limits in data protection law. You have the right to object to the processing of your personal information in certain circumstances.
Controller and contact details
The controller of your data is Lapithus Management Sarl or, for Counterparties whose relationship is with a Lapithus group entity located outside Luxembourg – the Lapithus group entity shown at the “Contact” link below for the appropriate country.
You can contact us, make a data request or complaint to us at dataprotection@lapithus.com or at the contact details shown at the “Contact” link below. The EU representative of Lapithus UK entities is Lapithus Management Sarl shown at that link, and the UK representative of Lapithus EU entities is Lapithus Management LLP shown at that link.
You have the right to complain to the data protection supervisory authority in your country, or in the country of the entity you complain about.
Changes
We reserve the right to change our privacy practices. In this case, we will amend this notice.
___________________________