Your No. 1 SHELF COMPANY PROVIDER WORLDWIDE
PRIVACY POLICY
Personal Data Protection and Privacy Policy
​
1. Introduction
Many thanks for choosing the services of INCO Business Netherlands B.V. (hereinafter the “INCO”)!
At INCO, we want to provide you with the best possible experience to ensure that you enjoy our service today, tomorrow and in the future. We take personal data, privacy and confidentiality matters very seriously, we have developed this Personal Data Protection and Privacy Policy (hereinafter the “Policy”) to clearly define our ongoing commitment to protecting privacy rights and to transparently explain how and why we collect, store, use, disclose and share the personal information as required by applicable laws or as we require in the course of fulfilling our professional responsibilities and operating our business. We also outline the controls and choices you have around when and how you choose to share your personal data. This Policy forms part of any Service Agreement in place between INCO and the (prospective) Client.
​
2. Definitions
The terms and expressions in capital letters used in the Policy have the meanings set forth below. Words in singular include the plural and vice versa. These terms and expressions shall always be interpreted according to applicable data protection rules including, but not limited to, the General Data Protection Regulation (European Union Regulation 2016/679) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and together with all implementing laws and any other applicable data protection, privacy laws or privacy regulations (the “Data Protection Legislation”).
-
“Client”: means the counterparty to the Service Agreement with INCO;
-
“Client Affiliate”: means any legal entity affiliated to the Client;
-
“Data Controller”: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data. The Data Controller in this Policy is INCO Business Netherlands B.V., a private limited ability company (Besloten Vennootschap, BV), formed under the laws of the Netherlands with registered office address at Laanzichtweg 60, 4847SJ Teteringen, the Netherlands, registered within the Chamber of Commerce of the Netherlands under the number 64494667. The terms "we", “our” or "us" in this Policy refer to INCO;
-
“Data Processor”: means the party, which Processes Personal Data on behalf of the Controller;
-
“Data Subjects”: means natural persons whose personal data is being processed by INCO, as further described below under Article 3(a);
-
“Personal Data”: means any information allowing the direct or indirect identification of an natural person/individual;
-
“Processing” means any operation or set of operations which is performed upon Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
-
“Service Agreement” means any written contract, any written statement of work, or any other written binding agreement, including any annexes thereto, between INCO and the Client; including but not limited to Order Form, Confirmation Sheet, Service Agreement, and General Terms and Conditions;
-
“Services” means services INCO provides to the Client under the Service Agreement;
-
“Technical and Organizational Security Measures”: means measures aimed at protecting Personal Data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, in particular where the processing involves the transmission of Personal Data over a network, and against all other unlawful forms of processing.
​
3.Collection of Personal Data
a) When does INCO collect your Personal Data?
INCO collects and stores Personal Data relating to Data Subjects having interactions with INCO in accordance with Data Protection Legislation. This Policy shall apply between INCO and the Data Subjects.
Data Subjects may include, but are not limited to, the following categories of individuals:
-
representatives, employees, contact persons and any other related individuals of INCO suppliers, third party providers and subcontractors; and
-
Former and current employees, shareholders, investors, officers, directors, board members, signatories, contact persons, representatives, direct and ultimate beneficial owners and any other related individuals of prospective or current Clients and Client Affiliates.
b) Types of Personal Data.
Personal Data collected and stored by INCO may include, but are not limited to, the following types of data:
-
Identification data, such as name, family name, date and place of birth, gender;
-
Government identification numbers, such as social security numbers, tax number, ID card number and passport number, taxpayer identification number.
-
Copies of identity documents, such as passport, national ID card, driver’s license, employee certificate;;
-
Contact information, such as phone and fax numbers, home and professional address, email address, country of (tax) residence, and any other contact details you provide to us;
-
Other relevant personal details, such as nationality and citizenship, employment details, education, marital status, family or personal circumstances, utility bills, tax residency and interests, where relevant;
-
Types of services received/provided or of products bought/sold and your objectives in INCO procuring such services;
-
Financial and banking information, such as bank account number, source of wealth, bank statements, details of shareholdings and other assets which are legally or beneficially owned by the Data Subject.
-
Communication data: any requests and complaints the Data Subjects disclose to INCO during the course of the contractual relationship with INCO, either voluntarily or upon request;
-
Any other Personal Data reasonably related to the conduct of INCO’s business and in particular whether you may represent a politically exposed person or money laundering risk; details of people and organisations which may be connected to the Data Subject (by family or otherwise)
-
To comply with our legal obligations on Know-Your-Client (KYC), we also collect the following information from the Ultimate Beneficial Owners(UBOs) of our Clients: first and family name, copy of ID and passport, nationalities, tax residence, private/residential address, phone number, email address, date of birth, marital status, profession and actual function, range of annual income, range of estimated wealth, the source of wealth and (where applicable) an U.S. or other Taxpayer Identification Number.
Please note that the list is not exhaustive and that INCO may collect and process Personal Data to the extent that is useful or necessary for the provision of our Services or for in compliance with legal or regulatory obligations. Most of the Personal Data we process is information that is knowingly provided to us by Data Subjects in a sales process, via telephone calls, via submitted forms, emails or business events. However, please note that in some instances, we may process Personal Data received from publicly accessible sources such as internet, social networks, World-Check or commercial registers. Furthermore, we may receive Personal Data from third parties as part of the Service we provide to the (prospective) Client or to people which are connected to the (prospective) Client (including but not limited to organisations in which the Client having a shareholding or by which the Client are employed) or in connection with legal requirements that are applicable to us.
This Policy does not apply to corporate company information if no personal data from individuals can be derived from such corporate information.
​
c) Purpose of the processing of Personal Data.
INCO collects and uses the Data Subjects’ Personal Data for the purposes below and on a lawful basis. Insofar we already hold information about you, we may use that information for the same purposes.
-
For the performance of any contractual obligations towards the Data Subjects, including but not limited to, relationship management, managing accounts and providing or receiving products and services from INCO. In this respect, we use your personal data for the following:
-
-
To prepare a proposal for you regarding the services we offer;
-
To provide you with the services as set out in our service agreement with you or as otherwise agreed with you from time to time;
-
To handle any request and any complaints or feedback you may have;
-
For any other purpose for which you provide us with your personal data;
-
In this respect, we may share your personal data with or transfer it to your agents, advisers, banks, intermediaries, and custodians of your assets who you tell us about; third parties whom we engage to assist in delivering the services to you, including other companies in the INCO Business Group, our partners in providing domilication service, our professional advisers where it is necessary for us to obtain their advice or assistance, including lawyers, accountants, auditors, IT or public relations advisers; and our data storage providers. We will keep you clearly informed of the data sharing and ask for your consent, if requested by the Netherlands.
-
For compliance with legal obligations, including but not limited to, compliance with applicable commercial law, laws applicable to regulated companies of the financial and accounting sectors and laws on anti-money laundering (AML) and counter terrorist financing (CTF), tax identification and reporting (where appropriate), as well as compliance with requests from or requirements of regulatory and enforcement authorities. This implies that we will use your personal data to meet our compliance and regulatory obligations, such as maintaining appropriate business records, in compliance with anti-money laundering and counter terrorism financing laws, and as required by law to conduct “Know-Your-Client” (KYC) identification procedures. Also as required by tax authorities or any competent court or legal authority, and we may share your personal data with our advisers where it is necessary for us to obtain their advice or assistance, or our auditors where it is necessary as part of their auditing functions, as well as third parties who assist us in conducting background checks, and with any relevant regulators or law enforcement agencies where we are required to do so.
-
For the purposes of the legitimate interests pursued by us or by a third party that are necessary, for instance, for INCO to carry out its daily activities, for fraud and other criminal activity prevention, identification, payment verification, to implement changes in our corporate structure or ownership, to create statistics and tests, to manage risk, litigation (including disputes and collections), accounting, audits, tax returns, for training our staff or monitoring their performance, as well as for direct marketing purposes relating to INCO products and services, including the development of commercial offers by INCO aimed at the Data Subject and in accordance with applicable law applicable to the sending of commercial communications for prospective Data Subjects.
-
Use of information based on explicit consent: INCO may use provided Personal Data to send prospective and current Clients marketing communications (such as newsletters, promotions, news or service updates) via email or other electronic means or via telephone, but we will only do so after we have received the explicit consent to do so. Data Subjects can withdraw the consent at any time.
-
For INCO’s legitimate commercial interests:
-
We may use Clients’ Personal Data for client administration purposes, such as client Services agreements administration, internal administration of work done under client Services agreements;
-
We may use Clients’ Personal Data for analyzing and improving the quality of our Services and to understand the Client as a customer (customer optimization). This enables us to assess what may interest the Clients, to measure or understand the effectiveness of advertising we serve to the Clients and others and to deliver relevant advertising. In addition, based on Clients’ historical use of our Services we may target Clients with advertisement or other marketing materials that are customized to Clients’ personal preferences and experiences; We may use the existing clients’ Personal Data (both on aggregated and on individual basis), such as contact details and electronic identification data for the purpose of advertising our Services that may be of the Clients’ interests (based on the previously used Services), making contact with the Clients for marketing or other commercial purposes; the Data Subjects can inform us the unwilling to receive advertisement or other marketing materials from INCO at any time;
-
We may use Clients’ Personal Data for our other legitimate commercial interests such as, to operate and expand our business activities, to develop and improve or modify our Services, to generate aggregated statistics about the users of our Services; to assist in security and fraud prevention; to administer our website and for internal operations, including troubleshooting, data analysis, testing, research, and statistical purposes;
-
We may also use your Personal Data for system integrity purposes (for example the prevention of hacking, spamming etc.); to facilitate our business operations, to operate company policies and procedures; to enable us to make corporate transactions, such as any merger, sale, reorganization, transfer of INCO’s assets or businesses, acquisition, bankruptcy, or similar event; or for other legitimate business purposes permitted by applicable law.
-
INCO makes sure that only the Personal Data that are necessary to achieve the above-listed purposes are processed.
​
d) Update of Personal Data.
INCO will endeavor to keep the Personal Data in our possession or control accurate. Individuals providing Personal Data are therefore responsible for promptly informing INCO of any change to their Personal Data.
​
​
4. Disclosure or share of Personal Data
Personal Data will not be shared with third parties, except as provided below.
a) Disclosure of Personal Data.
We may disclose Personal Data to the following categories of recipients:
-
Services providers or processor, such as IT service providers, internal or external data processors, and professional providing INCO with Technical and Organizational Security Measures;
-
Affiliated companies of INCO (including the offices within and outside or Europe);
-
Business partners and professional advisors, such as business centers; law, tax and audit firms, including subcontractors which are engaged to perform (part of) the Services under client Service Agreement;
-
Public authorities and administrations;
-
Marketing and advertising companies that carry out marketing activities on our behalf;
-
Analytics and search engine providers that assist us in the improvement and optimisation of our website, such as Google Analytics
INCO may disclose Personal Data in the following circumstances:
-
in the event of a legal request and/or investigation when, in our opinion, such disclosure is necessary to prevent crime or fraud, or to comply with any statute, law, rule or regulation of any governmental authority or any order of any court of competent jurisdiction;
-
if we outsource some or all of the operations of our business to third party service providers, as we do from time to time. In such cases, it may be necessary for us to disclose Personal Data to those service providers. Sometimes the service providers may process some Personal Data on behalf of and under the instructions of INCO. We restrict how such service providers may access, use, disclose, and protect that data; In providing their services, they will access, receive, maintain or otherwise process Personal Data on our behalf. Our agreements with these service providers do not permit use of your Personal Data for their own (marketing) purposes. Consistent with applicable legal requirements, we take commercially reasonable steps to require third parties to adequately safeguard your Personal Data and only process it in accordance with our instructions;
-
in case of business transfers or corporate transactions, in the event of the sale or acquisition of companies, subsidiaries, or business units. In such transactions, Personal Data may be part of the transferred business assets but remain subject to the protections in any pre-existing privacy statement;
-
when we believe release is appropriate or necessary to conduct INCO’s business, comply with the law, enforce or apply our policies and other agreements, or protect the rights, property or safety of INCO, our employees if any, or others;
-
On Data Subject’s instruction, where the Data Subject has explicitly consented or requested INCO to disclose Personal Data to any third party.
In such circumstances, INCO ensures that Personal Data is kept secure from unauthorized access and disclosure.
b) International Transfer of Personal Data.
Due to the global presence of our business operations, INCO may transfer Clients’ Personal Data to other countries. Data Subjects are informed that certain data recipients may be located outside the territory of the European Union in countries that do not offer a level of protection equivalent to the one granted in the European Union (“Third Countries”). Data transfers to third parties located in Third Countries will be, depending on the nature of the transfer:
-
covered by appropriate safeguards such as standard contractual clauses approved by the European Commission, in which case the Data Subject may obtain a copy of such safeguards by contacting us. In this respect, you are informed that some Personal Data may be transferred to entities of the INCO Business Group located in a Third Country such as (but not limited to) in Mauritius, Singapore, Hong Kong with such appropriate safeguards; or
-
otherwise authorised under the Data Protection Legislation, as the case may be, as such transfer is consented to by the Data Subject or is necessary for the performance or execution of a contract concluded in the Data Subject’s interest or for the establishment, exercise or defense of legal claims or for the performance of a contract between the Data Subject and INCO.
For data that is transferred to third parties in Third Countries, INCO will enter into legally required agreements with these third parties, including standard contractual clauses as approved by the European Commission or other supervisory authority where required.
​
5. Data Subjects’ rights in relation to the processing of their Personal Data
a) Rights granted to Data Subjects.
In accordance with applicable law, Data Subjects are granted the following rights with regards to the processing of their Personal Data:
-
the right to request access to their Personal Data stored by INCO;
-
the right to update, review or correct any of their Personal Data, if the Personal Data is incorrect or incomplete;
-
the right to oppose to the processing of their Personal Data, on grounds related to their particular situation;
-
the right to request INCO to delete or erase their Personal Data, to the extent such Personal Data (i) are no longer necessary in relation to the initial purpose(s) for which they were collected, (ii) consent, where applicable, has been withdrawn and there is no other means of legitimating the processing of Personal Data, (iii) the Data Subject objects to the processing of the Personal Data, (iv) the Personal Data is unlawfully processed;
-
the right to request the restriction of the processing of Personal Data, if such Personal Data is found to be inaccurate or unlawful, is no longer needed for the purposes of the processing, or should a court decision on a complaint lodged by a Data Subject be pending;
-
the right to data portability; the right to request receive an electronic copy of such personal data for purposes of transmitting it to another company;
-
the right to withdraw any consent given in the context of this Policy;
-
in the event of a dispute between the Data Subject and INCO regarding the processing of Personal Data which failed to be resolved by the parties in an amicable manner, the right to lodge a complaint with the Netherlands Data Protection Authority (Autoriteit Persoonsgegevens, AP). Data Subjects not residing in the Netherlands can contact their local Data Protection Authority.
INCO will respond to individual complaints and questions relating to privacy and will investigate and attempt to resolve all complaints. INCO will only be able to answer favorably to any of the above requests related to the right to oppose, right of erasure and right of restriction provided that it does not interfere with or contradict a legal obligations of INCO (e.g. a legal obligation to keep the related Personal Data for a certain period) or due to any other impediment that would justify that INCO would not be able to grant such requests.
INCO undertakes to handle each request by a Data Subject free of charge and within a reasonable timeframe.
b) How to exercise such rights.
Data Subjects can exercise the rights mentioned above or challenge compliance with this Policy, by contacting INCO by email at the following address: cs@incobusinessgroup.com.
​
6. Data retention
INCO undertakes not to use the Personal Data for purposes other than those for which it has been collected.
INCO will process the Personal Data for as long as it provides services to the Client and will not store the Personal Data for a period longer than necessary for the realization of legitimate business purposes or for bona fide complying with legal obligations.
Retention periods shall, in any case, be compliant with any applicable law and proportionate to the purposes of the processing.
Clients may instruct INCO to delete or return Personal Data at the end of period during which INCO will hold and process such Personal Data under Article 5 (a) of this Policy. INCO shall be authorized to keep a copy to the extent required for legal, regulatory or bona fide compliance purposes, as well as the exercise or defense of legal claims for as long as is legally required for such purposes. INCO will delete such Personal Data at the end of such compliance period.
​
7. Technical and Organizational Security Measures
Ensuring that Personal Data is appropriately protected from data breaches is a high priority for INCO.
INCO implements adequate Technical and Organizational Security Measures, such as, depending on the equipment, password protection, encryption, physical locks, etc., to ensure a level of security appropriate to the risks represented by the processing and the nature of the Personal Data to be protected against unauthorised or unlawful use, alteration, unauthorised access or disclosure, accidental or wrongful destruction, and loss.
We take steps to limit access to your Personal Data to those persons who need to have access to it for one of the purposes listed in this Policy. Furthermore, we contractually ensure that any third party processing your Personal Data equally provide for confidentiality and integrity of your data in a secure way.
​
8. Data Breach Incident
INCO will without undue delay notify the Client whenever INCO becomes aware that there has been a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data held or processed by INCO in the context of this Policy that is likely to result in high risk to the rights and freedoms of a Data Subject (Data Breach Incident). INCO will investigate the Data Breach Incident, and take necessary steps to eliminate or contain the impact of the Data Breach Incident.
INCO shall maintain written procedures which enable it to provide an immediate response to the Client about a Data Breach Incident.
​
9. Internal training program
All INCO employees having access to Personal Data are provided with specific training programs in order to improve their practical skills and knowledge that relate to data protection issues. Privacy training programs are an integral part of professional development within INCO.
​
10. Amendment
INCO reserves the right to change, supplement and/or amend this Policy at any time. In such case, notification will be given by email, or any other methods allowed by the Data Protection Legislation. If a fundamental change to the nature of the use of your personal data is involved or if the change is in any other manner relevant to you, we will ensure that information is provided to you well in advance of the change actually taking effect.
​
11. Applicable Law and Jurisdiction
This Policy is governed by the applicable law of the Service Agreement and any dispute in respect of this Policy or execution thereof shall be submitted to the competent court as defined in the Service Agreement.
​
​
12. Contact us
INCO has appointed a Data Protection Officer in order to manage and monitor our compliance with data protection obligations. You may contact INCO Data Protection Officer for any question or queries you may have regarding this Policy, or if have any questions about how we use your personal data, or you wish to exercise any of the rights set out above, please contact us by email at cs@incobusinessgroup.com or by post to
Data Protection Officer
INCO Business Netherlands B.V.
Laanzichtweg 60-B
4847SJ Teteringen
The Netherlands