PRIVACY NOTICE

1. INTRODUCTION
This document, herein referred to as the "Privacy Notice" or “Notice”, is issued by Neosaul Limited, a legal entity registered under registry number 15676625, with its principal office located at 167-169 Great Portland Street, 5th Floor, London, W1W ("the Company," "we," "us," or "our"), with its website neosauldigital.com (“the Website”). This Privacy Notice outlines our commitment to protecting your privacy and managing your personal data in accordance with the General Data Protection Regulation (GDPR) and the UK GDPR. We take the responsibility of handling your personal information seriously and aim to be transparent about our data practices. This document will guide you through the ways in which we collect, use, store, and protect your personal data. Please review this notice carefully to understand our practices regarding your personal data and how we will treat it. Continued usage of the Website or our services constitutes your consent to our practices as described. Should you have any inquiries regarding this Notice, please contact us as described in this document.
2. DATA CONTROLLER
The Company (as defined in the previous section of the document) is the entity responsible for the collection, use, and protection of your personal data under this Privacy Notice. As the data controller, the Company holds the primary responsibility for ensuring that your personal data is collected, stored, and processed in compliance with the GDPR, the UK GDPR, and other applicable data protection laws. Our duties as the data controller include overseeing the lawful handling of your data, implementing appropriate data protection measures, responding to data subject requests, and ensuring the security and confidentiality of the personal data we manage.
3. PERSONAL DATA COLLECTION AND USAGE
The Company processes several distinct categories of personal data. Here are the main types of such data:
(a) Contact Information: Such as email addresses, phone numbers, and mailing addresses.
(b) Compliance-Related Data: This includes information for conducting anti-money laundering (AML) screenings, checking against politically exposed persons (PEP) lists, and other information that helps ensuring adherence to international sanctions and regulatory frameworks.
(c) Identity Data: This encompasses full names, identification numbers, other similar details typically found on government-issued documents, as well as other data which help us verify user identities.
(d) Technical Information: Data gathered from the devices and technology you use when accessing our services, including IP addresses, browser specifications, and operating system details.
(e) Professional Details: Job-related information like your current position, employer details, and professional achievements.
(f) Risk Assessment Data: Information concerning your business relationships and affiliations that might affect risk evaluations, plus data utilized in our fraud prevention efforts.
(g) Employment and Referral Information: Data from job applicants and referrals, including CVs, work history, educational background, and professional references, as well as other data which supports our recruitment and staffing strategies.
(h) Surveillance and Communication Logs: Video and audio recordings from our premises and during communications, as well as other data that is used for security purposes and dispute resolution.
4. PURPOSES OF DATA PROCESSING
Our processing of personal data serves various specific purposes, each guided by legal bases detailed in the subsequent section of this notice. Here are the primary purposes for which we process personal data:
(a) Service Provision: We process data to enter into agreements, fulfil contractual obligations, and deliver requested services to our clients.
(b) Recruitment and Employment: Personal data, such as information from job applicants and referrals, is processed for employment decision-making and contract management.
(c) Legal Compliance: Personal data is utilized to ensure compliance with applicable legal and regulatory requirements, encompassing anti-money laundering (AML) regulations, sanctions checks, risk management, and tax or financial compliance.
(d) Contractual Compliance: Data processing is carried out to meet contractual obligations, execute agreed-upon actions, and prevent breaches of contract terms.
(e) Communication and User Support: Personal data is used to engage with users, address inquiries, and provide service updates.
(f) Marketing: Data processing is employed to create and distribute marketing materials and service updates to existing and potential clients.
(g) Service Improvement and Development: Data processing aims to enhance service quality and operational efficiencies, improving the overall user experience.
(h) Dispute Resolution: Personal data may be processed to establish, manage, or defend against legal claims involving data subjects. Each purpose aligns with one or more legal bases, ensuring compliance with legal standards. For details on the specific legal grounds supporting these processing activities, please refer to the subsequent section of this Privacy Notice.
5. LEGAL BASES FOR DATA PROCESSING
The Company processes personal data based on several legal grounds, ensuring compliance with the GDPR and the UK GDPR. The choice of legal basis depends on the specific purposes for which we use your data. Below are the legal bases we rely on for processing personal data:
(a) Performance of a Contract: We process personal data necessary to enter into or perform a contract with you. This includes taking steps at your request before entering into a contract, such as providing quotes or service details.
(b) Legal Obligation: We process personal data to comply with our legal responsibilities. This includes maintaining records for tax purposes, providing information to a public body or law enforcement agency, or ensuring we meet other regulatory and statutory requirements.
(c) Legitimate Interests: We process personal data on the basis of legitimate interests, except where such interests are overridden by your rights and interests. This basis is used for activities like marketing, business development, and internal administration to improve service quality and business processes.
(d) Consent: In some instances, we rely on your explicit consent to process personal data. This includes certain types of marketing and promotional activities. You have the right to withdraw your consent at any time.
(e) Performance of a Public Task: In rare cases, we may process personal data to perform a task carried out in the public interest or in the exercise of official authority vested in us. This involves activities that support legal mandates or public duties.
Depending on the specific interaction and the nature of the services provided, personal data may be processed based on one or more of these legal bases. Each basis is carefully determined according to the specific circumstances surrounding the processing activity to ensure that your data is handled lawfully and fairly.
6. DATA SHARING AND DISCLOSURE
We are committed to not selling, leasing, or exchanging your personal data with third parties for their marketing purposes. However, your personal data may be shared under the following circumstances:
(a) Service Providers: Companies that perform services on our behalf, including without limitations hosting, data analysis, IT services, customer service, email delivery, and auditing services.
(b) Legal and Regulatory Authorities: We may disclose your personal data when required by law or as necessary to protect our rights, comply with judicial proceedings or court orders.
7. DATA COLLECTION PRACTICES
We gather personal data through the following methods:
(a) Direct Collection: Data is collected directly from you when you use our services, contact support, apply for jobs, or participate in our activities.
(b) Indirect Collection:
(b)(1) Digital Tools: We use cookies and similar technologies to track your activity on our website to improve user experience.
(b)(2) External Sources: We also receive data from partners, public records, and occasionally government authorities.
8. DATA RETENTION
Your personal data is retained only as long as necessary to fulfil the specific purposes for which it was collected, or to comply with our legal obligations, resolve disputes, and enforce our agreements. The criteria used to determine our retention periods include the duration of our ongoing relationship with you, statutory obligations, and whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation, or regulatory investigations).

Once the retention period expires and there is no longer a legal or business need to retain the data, your personal data will be securely deleted or destroyed. Alternatively, where feasible and appropriate, we will anonymize the data so that it can no longer be associated with you or any individual, thereby preventing its further use. This process is performed in accordance with best practices for data deletion and is designed to protect your privacy and security.
9. YOUR RIGHTS
Under the GDPR and UK GDPR, data subjects are afforded the following rights concerning their personal data:
(a) Right of Access: Data subjects have the right to confirm whether their personal data is being processed and, if so, to access the data along with detailed information about its processing.
(b) Right of Rectification: Data subjects can have inaccurate personal data corrected or incomplete data completed, based on the purposes of the processing.
(c) Right to Erasure ("Right to be Forgotten"): Data subjects may request the deletion of their personal data under specific circumstances, such as when it is no longer necessary for the purposes for which it was collected, or the data subject withdraws consent and no other legal grounds for processing exist.
(d) Right to Restriction of Processing: Data subjects can request that the processing of their personal data be restricted under certain conditions, such as if its accuracy is contested, or the processing is unlawful but the data subject opposes its erasure.
(e) Right to Object: Data subjects have the right to object to the processing of their personal data, particularly in cases where it is done for direct marketing purposes.
(f) Right to Data Portability: This right allows data subjects to receive their personal data in a structured, commonly used, and machine-readable format, and to have it transferred to another controller, provided the processing is based on consent or a contract and performed using automated means.
(g) Right to Withdraw Consent: Data subjects can withdraw their consent at any time where consent is the basis for processing. This withdrawal does not affect the lawfulness of processing based on consent prior to its withdrawal.
These rights may be exercised under certain conditions and limitations to ensure the secure and lawful processing of personal data. Identity verification may be required to process these requests. For further information or to exercise any of these rights, please contact us directly as described in this document.
10. DATA PROVISION REQUIREMENTS
For effective delivery of our services and to handle inquiries or applications, the provision of certain personal data is mandatory. This essential data, clearly marked as such, is required to fulfil contractual obligations and respond to inquiries. Failure to provide this data may restrict your ability to fully utilize our services or receive comprehensive responses. Optional data, while beneficial for enhancing our services, is not critical and can be provided at your discretion. Not providing optional data will not affect your access to the primary functionalities of our services.
11. DISPUTE RESOLUTION AND RIGHTS TO LODGE A COMPLAINT
We aim to promptly and fairly address any issues or concerns regarding your personal data. If you have a complaint about how we handle your personal data, we encourage you to first contact us using the provided contact information so that we can address your concerns directly. If you find it impractical to resolve the issue by contacting us directly, you have the right to lodge a complaint with the relevant data protection authority. In the United Kingdom (UK), this authority is the Information Commissioner’s Office.
12. INTERNATIONAL TRANSFERS OF PERSONAL DATA
The Company may transfer personal data outside the European Union (EU), European Economic Area (EEA) and the UK as part of our global operations. We ensure that these transfers comply with the GDPR and UK GDPR by using mechanisms like Standard Contractual Clauses (SCC), adequacy decisions from the European Commission, or other GDPR-approved safeguards. These measures guarantee that data transferred internationally is protected to standards that align with those required within the EU, EEA and UK. For further details on the specific protections for your data or inquiries about where your data may be transferred, please contact us using the provided contact details.
13. INFORMATION SECURITY
We prioritize the security of your personal data and implement comprehensive measures to protect it from unauthorized access, alteration, or destruction. Our security framework includes advanced encryption technologies, stringent access controls, and secure data storage solutions. These practices are designed to ensure the confidentiality, integrity, and availability of your personal data across all our operations.

In addition to our internal security measures, we advocate for responsible data management by our users. We encourage you to enhance your personal data security by adopting strong, unique passwords, keeping software up to date, and being vigilant about the confidentiality of your credentials and personal information.
14. CHILDREN'S DATA AND AGE RESTRICTIONS
The Company recognizes the importance of protecting the privacy of children. Our services are not directed towards children under the age of 18, and we do not knowingly collect or solicit personal data from individuals in this age group.
15. UPDATES TO THIS NOTICE
The Company reserves the right to amend this Privacy Notice at its discretion and in response to evolving regulatory requirements or business practices. Any such amendments will be promptly reflected on the Website. We recommend regular review of this Notice to remain informed of any changes. Should significant modifications occur, the Company may also contact you directly using the information you have provided.
16. CONTACT US
If you have any questions or concerns about this Privacy Notice or our practices regarding your personal data, please contact us at info@neosauldigital.com

Effective Date: 10 May 2024