Eqvilent Investments Ltd (“Eqvilent”) respects the privacy of Personal Data and is committed to protecting Personal Data for which Eqvilent is a Controller.

This Policy describes how the Personal Data must be collected, handled, disclosed, shared and stored to meet the Eqvilent’s data protection standards — and to comply with the Data Protection Laws.
Why this Policy exists
The Policy ensures Eqvilent:
Data protection risks
This Policy helps to protect Eqvilent from some very real data security risks, including:
"Controller" means a natural or legal person, public authority, agency, or other body that, independently or jointly with others, determines the purpose and means of Processing Personal Data, as defined in Data Protection Laws. Controller shall refer to Eqvilent, and with regard to certain Processes, Eqvilent may act as joint Controller with a third-party.
"Compliance Manager'' means Eqvilent`s employees Ilya Poluyakhtov and Vitalii Kulikov accountable for data protection compliance under this Policy. The Compliance Manager is not considered as a data protection officer position for the purpose of Data Protections Laws.
"Cookies" means a small text file that a website stores on a User`s computer or mobile device when he or she visits the Eqvilent`s website and which includes unique identifiers that web servers send to browsers. Cookies help Eqvilent to determine the path the visitor took on our Website. Eqvilent uses Cookies in order to anonymously identify repeated users of the Website and most popular pages. It allows Eqvilent to keep our Website user-friendly and efficient by identifying the information most valued by users.
"Data Protection Laws" means The Data Protection Law DIFC Law No. 5 of 2020, the DIFC Data Protection Regulations 2020.
"User" means a natural person who can be identified, directly or indirectly, by reference to their Personal Data.
"Personal Data" or "Personal Information" means any information attributable to an identified or identifiable natural person (a User), as defined in Data Protection Laws. Personal Data does not include data where the identity has been removed (anonymous data). Personal Data shall encompass Special Category Data.
"Process" or "Processing" means, as applicable, any operation or set of operations performed upon Personal Data, whether or not by automatic means, such as collecting, recording, using, organizing, structuring, storing, adapting or altering, retrieving, disclosing by transmission, disseminating or otherwise making available, aligning or combining, restricting, erasing, or purging.
"Processor" means a natural or legal person, public authority, agency, or other body that Processes Personal Data on behalf of a Controller, as defined in Data Protection Laws. Processors may include third-party service providers, applications, or agencies utilized by Eqvilent in the course of business.
"Special Category Data" means Personal Data revealing racial or ethnic origin, criminal history, political opinions, religious or philosophical beliefs, sexual orientation, trade union membership, or health, genetic, or biometric data, financial data or data pertaining to a child or minor or other categories of Personal Data pursuant to the applicable Data Protection Laws
The Compliance Manager`s responsibilities include:
Users` device automatically transmits to Eqvilent its technical characteristics when User uses Eqvilent`s Website. Eqvilent uses the information about location (a set of parameters that determine regional settings of interface, namely, residence country, time zone and the interface language), IP address, cookie files, browser and operating system, date and time of access to the website and the pages requested in order to provide the efficiency, usability and security of Eqvilent`s Website.
The Cookies are used exclusively for the purposes stated hereof. The Users may provide a consent for the use of their Cookies in accordance with the principles provided hereof or refuse in the use of their Cookies.
Grounds for Processing Personal Data
Eqvilent will only use Personal Data when Data Protection Laws allow Eqvilent to do so. Eqvilent’s basis for Processing Personal Data may include:
Personal Data Eqvilent collects
Examples of Personal Data Eqvilent may collect include:
How Personal Data are collected
The Personal Data Eqvilent collects and Processes is directly provided by User or obtained from other third party sources. Eqvilent may use Personal Data collected from third party sources, such as:
Consent provided by Users shall be freely given by a clear affirmative act that shows an unambiguous indication of consent. The consent cannot be conditional.
If the Processing is intended to cover multiple purposes, described above, consent must be obtained for each purpose in a manner that is clearly distinguishable, in an intelligible and easily accessible form, using clear and plain language.
Prior to providing consent, a User shall be notified by Eqvilent that consent may be withdrawn at any time. Consent may not be permanently binding on Users.
User may possess the right to:
Eqvilent Data Protection obligations:
Eqvilent only discloses Personal Data when necessary to conduct Eqvilent`s business operations as described below. When Eqvilent discloses Personal Data, it will do so in accordance with applicable data protection and security requirements. Access to Eqvilent`s database is limited to explicit human resources professionals, managers/heads, certain persons from the legal, financial and/or compliance department(s) and will only be shared with other personnel or agents on a “need to know basis” for the purposes as set out above.
Third-party suppliers. Eqvilent partners with and is supported by suppliers around the world. Personal Data will be made available to these parties only when necessary to fulfill the services they provide to Eqvilent, such as software, system, and platform support, communication services, recruitment services, clearing services, cloud hosting services, advertising, data analytics, and order fulfillment and delivery third parties for legal reasons. Eqvilent will share Personal Data when Eqvilent believes it is required, such as:
Counter party management. When User is a (prospect) business contact of Eqvilent or is related to or acting on behalf of one Eqvilent`s counter parties, the Personal Data will be shared with a (cloud) software engaged by Eqvilent to manage its counter party administration.
Recruitment. When Users apply to a job, its personal data will be shared with Greenhouse Software, Inc., a cloud services provider located in the United States of America, other third party (cloud) software tools, compliance check agencies or other persons (entities) and services engaged by Eqvilent to help manage its recruitment and hiring process or legal purposes on Eqvilent’s behalf.
Eqvilent has implemented appropriate elements of privacy by design in conjunction with technical and physical safeguards to protect the security of Personal Data from unauthorized or unlawful Processing. Eqvilent uses a number of systems and applications to protect Personal Data at all times, which also allow for the following capabilities: (i) the anonymization and encryption of Personal Data;(ii) the ability to ensure the ongoing confidentiality, integrity, availability, and resilience of Processing Personal Data; (iii) the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident; and (iv) a process for regularly testing, assessing, and evaluating, at least annually, the effectiveness of such security measures.
In assessing the appropriate level of security as well as the risks of varying likelihood and severity for the rights and freedoms of Users, Eqvilent assesses the risks presented by the Processing of Personal Data. Such risks may include, but are not limited to, any accidental, unlawful, or unauthorized destruction, loss, disclosure, alteration, or access to Personal Data Processed by or on behalf of Eqvilent, or other factors that may impact User rights and freedoms. Eqvilent shall make reasonable attempts to ensure that any risks presented by the Processing of Personal Data are sufficiently mitigated by technological and/or organizational controls, including limited access of Personal Data utilizing access controls and password protections.
Personal Data will continue to exist in Eqvilent databases for the period in which Eqvilent must use it (for example, to prepare government tax statements), and then be archived or deleted, with specific timeframes determined by local law sand good business practice.
The Eqvilent would store Personal Data for the period of one (1) year since the moment of collecting Personal Data or terminating contractual or employment relations between the User and Eqvilent.
Eqvilent shall immediately erase all Personal Data of User upon its request or request of the relevant regulatory authority.
Eqvilent shall accept, when applicable, any written requests through the appropriate channels from a User to exercise his or her rights and freedoms pursuant to Data Protection Laws. Eqvilent shall use reasonable means to verify the identity of the requester.
A User will not generally have to pay a fee to access his or her Personal Data or to exercise any of the above rights. However, Eqvilent may charge a reasonable fee if the request is clearly unfounded or excessive. Eqvilent will try to respond to all legitimate requests within one (1) month. Occasionally, it may take longer if the request is particularly complex. Alternatively, Eqvilent may refuse to comply with the request in certain circumstances.
If User wishes to request access to his or her Personal Data or exercise data protection rights that he or she may have under applicable data protection laws, or has any other questions in regards to his or her Personal Data Users shall contact Eqvilent`s Compliance Manager: