craliholke.com

Client Privacy Policy

The purpose of this client privacy notice is to give you information about what personal data we process about you, how, why and what your rights are.

As a valued client we are committed to ensuring that your privacy is protected. Should we ask you to provide certain data by which you can be identified when using the services, then you can be assured that it will only be used in accordance with this privacy notice.

Crali Holke Ltd is a registered Data Controller with the Information Commissioner’s Office (ICO) under registration number ZB547049.

1. Data We Collect About You?

We collect, process and retain personal data about you when we:

● respond to your request – e.g. a query

● carry out Anti-Money Laundering (AML) checks

● provide you with ‘Sourcing’ services

● keep you informed of any services, which will be of benefit to
you

This data can include:

● client name

● phone number

● email address

● home address

● registered business

● financial statements

● reason to buy/sell

● investment criteria

Unless you voluntarily submit your personal data to us (for
example, by sending us an e-mail, or contractual agreement), we
cannot personally identify an individual.

2. Legal Grounds for Processing

By executing any contractual agreement with Crali Holke Ltd, hereinafter referred to as the “Company”.

The Company shall have the right to process your personal data, including for example, your bank details and NI number, provided to the Company by you or some other party, to enable the Company to fulfil its legal and contractual obligations in its capacity as a Land and/or Property Sourcing Agent, or in order to take steps at the request of you prior to entering into a contractual agreement.

The Company may rely on one or more of the following legal grounds to process your personal data:

● Contract: Article 6(1)(b) of the UK GDPR, which relates to the processing necessary for the performance of a contract or to take steps from a successful quote or tender, before entering a contract. The Company will use it when entering into a contract or agreement with you.

● Consent: Article 6(1)(a) of the UK GDPR, which relies on your freely-given consent at the time you provide your personal
data to the Company. The Company will always make it clear what your personal data will be used for and provide you
with the facility to withdraw your consent – refer to section 8. Your Rights (below).

● Legal Obligation: Article 6(1)(c) of the UK GDPR, where the processing is necessary in order for the Company to comply
with a legal obligation. For example, carrying out the AML checks to ensure that we can legally contract with you.

● Legitimate Interests: Article 6(1)(f) of the UK GDPR, which relates to our legitimate interests pursued by us the Company or by a third party (such as Company partners), except where such interests are overridden by the interests or your fundamental rights and freedoms which require protection of your personal data. Examples of our legitimate interests are as follows:

a) running our business (e.g. to keep our records updated)
b) communicating with our clients to introduce them to
services, or market similar services that may be of
interest and benefit to them

3. Purposes of Processing

Purposes of processing personal data include:

● Using your data to carry out administrative and management of our contractual agreement.

● Using your personal data so that we can provide the ‘Sourcing’ services, as set out in the agreement.

4. Transfers to Third Parties

While processing your personal data for the purposes indicated above, the Company may use the services of third parties such as Zoho Corporation for electronic mail, and Dropbox Inc for cloud data storage.

The Company uses data processors who are third parties who provide elements of services on behalf of the business. The
Company will have contracts in place with the data processors.

This means that the data processors cannot do anything with your personal data unless the Company has instructed them to do so. They will not share your personal data with any organisation apart from the Company. The data processor will hold it securely and retain it for the period the Company instruct.

However, the Company may share data (including personal data) if the Company has a legal obligation to do so, or if the Company must enforce or apply the Company’s terms of use and other agreements. This may include submitting data for legal reasons.

5. Cross-Border Data Transfers

The Company’s business processes increasingly go beyond the borders of one country. This globalisation demands not only the availability of communications and information systems across the Company but also the worldwide processing and use of data within the Company. Consequently, your data may be subject to cross-border data transfers.

The Company stores your personal data in digital format on secure local and cloud servers and systems hosted in the European Union (EU) and the United States (US). Where data is stored on servers located in the US, we rely on the Privacy Shield Framework and/or the EU model clauses (called the Data Transfer Agreements) to transfer this data.

You may request a copy of the Data Transfer Agreements or data on the other applicable safeguards I use to protect your personal data.

6. Retention

Your personal data will be stored for no longer than necessary considering the purposes of the processing activities.

The retention will not exceed 7 years from the end of the contract/agreement after which your personal data will be
destroyed securely. However, the Company reserves the right to keep personal data for longer if we feel that this is in the
legitimate interests of the Company.

7. Keeping Your Personal Data Secure

The Company has policies, procedures and security in place to keep your personal data secure once it is in our systems. All personal data is stored securely in accordance with the principles of the UK GDPR.

Any personal data collected in paper form (e.g. contractual agreements, etc.) are securely filed at our site located in the UK. All-access to your personal data is highly restricted for approved
business purposes only.

8. Your Rights

You can exercise your data subject rights and utilise our Data Subject Access Request (DSAR) procedure by contacting our Data Compliance Lead in writing at the address Crali Holke Ltd, 71-75 Shelton Street, London, WC2H 9JQ or by emailing office@craliholke.com. Your rights are as follows:

● You have the right to ask for a copy of your personal data.

● You have the right to have your personal data rectified. If you find your personal data held is inaccurate or incomplete, you can request to see this data, rectified.

● You have the right to have your personal data deleted. Though it should be noted this is not an absolute right.

● You have the right to demand the restriction of the data processing of your personal data. This may include, but is not
limited to the use of data for direct marketing purposes.

● You have the right to receive your personal data in a structured, commonly used and machine-readable format
(e.g. PDF or CSV) and to request the transmittance of your data to another controller;

● You have the right to object to the data processing. This is not an absolute right and only applies under certain
circumstances;

● You have the right to withdraw a given consent at any time to stop a data processing that is based on your consent.

You may make any of the requests outlined above by contacting us by email at office@craliholke.com or in writing marked for the attention of our Data Compliance Lead at the following address Crali Holke Ltd, 71-75 Shelton Street, London, WC2H 9JQ.

If you wish to complain about how we have handled your personal data, please contact our Client Service Manager in first instance by email at office@craliholke.com.

Our Client Service Manager will then investigate your complaint and work with you to resolve the matter.

If you still feel that your personal data has not been handled appropriately according to the law, you can contact the
Information Commissioner’s Office in the UK here: https://ico.org.uk/concerns/ and file a complaint with them.

9. Changes to our privacy notice

We keep our privacy notice under regular review. This privacy notice was last updated on 25 th September 2023..