Privacy Policy.

Who we are

BOSCRAE LIMITED is a business company incorporated under the laws of the British Virgin Islands. For the purposes of the DPA, BOSCRAE acts as a data controller in respect of the personal data described in this policy. Our contact details and registered office are set out at the end of this document.

Scope of this policy

This policy applies to personal data we process in connection with commercial transactions, including data provided by visitors to this website, prospective clients, clients, suppliers, service providers and other counterparties.

“Personal data” means any information relating to an identified or identifiable natural person, as defined in the DPA. “Sensitive personal data” has the meaning given to it in the DPA.

Personal data we collect

We may collect and process the following categories of personal data:

• Contact details — name, email address, business affiliation and any other information you voluntarily provide when contacting us.
• Correspondence content — the content of emails and other communications you send to us.
• Engagement information — information relating to professional engagements, including the identities of authorised representatives, billing contacts and project information.
• Compliance information — where required, information collected for the purposes of identity verification, anti-money laundering and other regulatory checks.

We do not knowingly collect sensitive personal data as defined in the DPA. If you provide sensitive personal data to us, you do so at your own initiative and expressly consent to our processing of that data for the purposes for which you have submitted it.

This website does not use third-party analytics, advertising trackers or persistent cookies for the purpose of profiling visitors. Where the site is hosted by a third party (such as our hosting provider), that provider may automatically log standard technical information such as IP address, browser type and access time for the purposes of operating and securing the service.

Purposes for which we use personal data

We process personal data for the following purposes:

• To respond to enquiries and communications you initiate with us.
• To negotiate, enter into and perform contracts for the provision of our services.
• To manage and administer ongoing engagements with clients and counterparties.
• To comply with applicable legal, regulatory and accounting obligations.
• To establish, exercise or defend legal claims.
• To maintain the security and integrity of our website, communications and records.

Under the General Principle of the DPA, we will not process your personal data without your express consent or another lawful basis permitted under the DPA, such as performance of a contract to which you are a party, compliance with a legal obligation, or protection of our legitimate interests.

Our commitment to the seven DPA principles

We process personal data in accordance with the seven data protection principles set out in the DPA:

Disclosure of personal data

We may disclose personal data to the following categories of third parties, where necessary for the purposes set out in this policy:

• Our professional advisers, including legal, accounting and tax advisers.
• Our registered agent and other service providers acting on our behalf, in their capacity as data processors.
• Technology service providers, including providers of email, file storage, software development and hosting infrastructure.
• Regulators, governmental authorities, law enforcement agencies and courts where required by law or in accordance with the Disclosure Principle of the DPA.

Where we engage a data processor to process personal data on our behalf, we take reasonable steps to ensure that the processor maintains appropriate technical and organisational safeguards as required under the DPA.

International transfers of personal data

BOSCRAE is incorporated in the British Virgin Islands but operates internationally. Personal data we process may, in the course of our business, be transferred to or stored in jurisdictions outside the British Virgin Islands, including jurisdictions where our service providers (such as hosting, email and storage providers) are located.

In accordance with the General Principle of the DPA, we will not transfer personal data outside the British Virgin Islands unless either (i) there are adequate safeguards in place in respect of that personal data in the recipient jurisdiction, or (ii) the data subject has given express consent to the transfer.

Retention

We retain personal data only for as long as is necessary to fulfil the purposes for which it was collected, or as required by applicable law, regulation or professional standards. When personal data is no longer required, we will take reasonable steps to delete or anonymise it.

Security

We apply appropriate technical and organisational measures designed to protect personal data against loss, misuse, modification, unauthorised or accidental access or disclosure, alteration or destruction. No method of transmission over the internet or method of electronic storage is fully secure, however, and we cannot guarantee absolute security.

Your rights as a data subject

Subject to the conditions and exceptions set out in the DPA, you have the right to:

• Request access to personal data we hold about you.
• Request the correction of personal data that is inaccurate, incomplete, misleading or not up to date.
• Withdraw any consent you have previously given to the processing of your personal data.
• Request the deletion of your personal data where it is no longer necessary for the purposes for which it was collected.
• Request that we cease processing your personal data for the purposes of direct marketing.
• Make a complaint to the British Virgin Islands Information Commissioner regarding the processing of your personal data.

To exercise any of these rights, please contact us using the details below. We may need to verify your identity before responding to your request and will respond within a reasonable period.

Direct marketing

We do not conduct mass direct marketing. Where we send commercial communications (such as updates to existing clients or contacts), you may at any time request that we cease sending such communications by contacting us at the address below. We will comply with such a request without undue delay.

Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements or other factors. The “Effective” and “Last updated” dates at the top of this policy indicate when the current version came into effect. We encourage you to review this policy periodically.

How to contact us

For any questions about this Privacy Policy, or to exercise any of your rights under the DPA, please contact us at: