1. Overview
This Privacy and Cookie Policy outlines how LEI System OU (referred to as “we” or “LEI System”) collects, uses, and protects personal data, in line with the General Data Protection Regulation (GDPR) and other relevant legal requirements. It explains the types of data we collect, the purposes for which we process it, data retention periods, and the rights individuals have concerning their data.
The controller for your personal data is LEI System, which acts as a registration agent for LEIs (Legal Entity Identifiers). If you have any questions, please contact info@leisystem.com.
2. Purposes and Legal Bases for Data Processing
2.1. Providing LEI Services
To facilitate LEI registrations, renewals, and transfers, we process personal data of legal entity representatives, including names, contact details, and any necessary identification. This data processing is necessary to fulfill our contractual obligations (GDPR Article 6 (1) (b)).
2.2. Marketing and Information Sharing
LEI System and trusted partners may occasionally send newsletters or notifications to keep customers informed of our services. Customers may opt-out at any time by following the unsubscribe link in our communications or by contacting us. Processing for marketing purposes is based on either consent (GDPR Article 6 (1) (a)) or legitimate interests (GDPR Article 6 (1) (f)).
2.3. Business Development and Partner Collaboration
To ensure a high-quality customer experience and to share relevant information, we may share contact details of our customers with select partners. This includes names, business names, and contact information, with processing based on LEI System’s legitimate interests (GDPR Article 6 (1) (f)).
2.4. Compliance with Legal Obligations
In some cases, LEI System is required to process personal data to meet regulatory obligations, such as accounting, responding to legal inquiries, and adhering to anti-money laundering regulations. This processing is based on legal compliance (GDPR Article 6 (1) (c)).
3. Data Retention
We retain personal data only as long as needed for its original purpose or as required by law.
- Service-Related Data: Personal data associated with LEI applications is stored for the duration of the customer relationship and may be retained up to 10 years where legally required.
- Marketing Data: Personal data used for marketing is retained until consent is withdrawn or until no longer necessary for business purposes.
- Legal Obligations: Certain records, such as those for accounting, are kept for up to 7 years in compliance with financial regulations.
4. Cookies and Tracking Technologies
LEI System uses cookies on its website to enhance user experience, provide essential site functionality, and analyze site usage. Cookies are small text files stored on your device. You can control cookies through your browser settings, and by continuing to use our site, you agree to our use of essential cookies. For optional cookies, consent is requested via the website.
Cookie Types We Use:
- Necessary Cookies (always on): These cookies are essential for the operation of our website, enabling functions like security and user session management.
- Analytics and Performance Cookies: These cookies allow us to understand how visitors interact with our site and to improve our services.
- Marketing Cookies: Marketing cookies help display relevant advertisements based on your preferences.
5. Third-Party Data Sharing
In providing LEI services, we may collaborate with reputable third-party providers, such as payment processors, communication platforms, and hosting providers. These providers are granted access only to the data necessary for the performance of their specific services and are contractually obligated to comply with applicable data protection regulations.
For the issuance and renewal of LEI numbers, we also share relevant legal entity data with the Global Legal Entity Identifier Foundation (GLEIF) and our partner Local Operating Unit (LOU), Ubisecure Oy (RapidLEI). This typically includes the entity’s legal name, registration number, address, country of incorporation, and information about its parent or ultimate parent entities, where applicable.
6. International Data Transfers
While we primarily store and process data within the European Economic Area (EEA), there may be instances where data is transferred outside the EEA. In such cases, we ensure that appropriate safeguards, such as standard contractual clauses, are in place.
7. Your Rights
Under GDPR, you have the following rights regarding your personal data:
- Access: You may request information on the personal data we hold about you.
- Correction: You may request corrections to any inaccurate or outdated data.
- Deletion: You may request data deletion under certain conditions, such as when the data is no longer necessary for its original purpose.
- Restriction: You may request restricted processing under specific circumstances.
- Objection: You may object to the processing of your data for direct marketing.
- Data Portability: You may request to receive your data in a machine-readable format.
To exercise your rights, contact us at info@leisystem.com. We respond to requests within one month; extensions may apply in complex cases.
8. Updates to this Policy
We regularly review and update this Privacy and Cookie Policy to reflect changes in our practices, legal requirements, or industry standards. The latest version will always be available on our website.
9. Contact and Complaints
If you have questions about this Privacy Policy or data processing practices, please reach out to info@leisystem.com. You may also lodge a complaint with your national data protection authority.
Last updated: 06/11/2024
