Site Content

---

At Vestin Wolf, we are committed to ensuring compliance with the European Union General Data Protection Regulation (GDPR) and protecting the rights and privacy of individuals. This GDPR Policy outlines how we collect, process, store, and protect personal data in accordance with the requirements of the GDPR.

• Data Controller and Contact Information:

Vestin Wolf Group is the data controller responsible for the collection and processing of personal data. If you have any questions or concerns regarding the processing of your personal data or would like to exercise your rights under the GDPR, please contact us at:

legalcompliance@vestinwolf.com

Lawful Basis for Processing Personal Data:

We collect and process personal data based on one or more of the following lawful bases:

• Consent: We obtain explicit consent from individuals for the specific purposes of data processing.
• Contractual Necessity: Processing is necessary for the performance of a contract or to take steps at the request of the individual prior to entering into a contract.
• Legal Obligation: Processing is necessary to comply with our legal obligations.
• Legitimate Interests: Processing is necessary for our legitimate interests, provided that such interests are not overridden by the rights and freedoms of individuals.

Types of Personal Data Collected:

We may collect and process the following types of personal data, depending on the nature of our relationship with you:

• Contact Information (e.g., name, email address, phone number)
• Employment Information (e.g., job title, employer name)
• Financial Information (e.g., payment details, transaction history)
• Communication Records (e.g., emails, correspondence)
• Website Usage Information (e.g., IP address, browser type, cookies)

Purpose and Legal Basis for Processing Personal Data:

We collect and process personal data for the following purposes and legal bases:

• Providing Services: To perform our contractual obligations or take steps at the request of individuals prior to entering into a contract.
• Communication and Marketing: With the consent of individuals or for our legitimate interests in promoting our products and services.
• Compliance with Legal Obligations: To fulfill our legal obligations, such as record-keeping, accounting, and reporting requirements.
• Security and Fraud Prevention: For our legitimate interests in ensuring the security and integrity of our systems and preventing fraudulent activities.

Data Retention:

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable laws and regulations. We have implemented retention policies to ensure that personal data is securely deleted or anonymized when no longer needed.

Data Subject Rights:

Individuals have certain rights regarding their personal data under the GDPR, including the right to:

• Access their personal data and obtain information about its processing.
• Rectify inaccurate or incomplete personal data.
• Erase personal data in certain circumstances.
• Restrict the processing of personal data.
• Object to the processing of personal data based on legitimate interests.
• Withdraw consent at any time, if processing is based on consent.
• Receive personal data in a structured, commonly used, and machine-readable format (data portability).
• Lodge a complaint with a supervisory authority.

Data Security:

We implement appropriate technical and organizational measures to protect personal data from unauthorized access, disclosure, alteration, or destruction. We regularly assess the security of our systems and ensure that personal data is handled securely by our employees and third-party service providers.

Data Transfers:

In certain cases, we may transfer personal data to countries outside the European Economic Area (EEA). When transferring personal data to such countries, we ensure that appropriate safeguards are in place to protect the data in accordance with the requirements of the GDPR.

Third-Party Processors:

We may engage third-party processors to process personal data on our behalf. These processors are carefully selected and required to adhere to data protection obligations and provide sufficient guarantees regarding the implementation of appropriate technical and organizational measures.

Updates to the GDPR Policy:

We may update this GDPR Policy as necessary to reflect changes in our data processing practices or to comply with legal obligations. We will provide notice of any material changes on our website or through other communication channels.

Date of Last Update: 01 July 2023

By using our services or providing personal data to us, you acknowledge that you have read and understood this GDPR Policy and agree to the processing of your personal data as described herein.