Your local law may require us to set out in this privacy statement
the legal grounds on which we rely in order to process your personal
information. In such cases, we rely on one or more of the following processing
conditions:

• our legitimate interests in the effective delivery of information and services to
  you
  and
  in the effective and lawful operation of our businesses and the legitimate interests
  of
  
  our clients in receiving professional services from us as part of running their
  organisation
  (provided these do not interfere with your rights);
• our legitimate interests in developing and improving our businesses,
  services and offerings and in developing new MOJUFISC & CLAIR technologies and
  offerings (provided these do not interfere with your rights);
• to satisfy any requirement of law, regulation or professional body of
  which we are a member (for example, for some of our services, we
  have a legal obligation to provide the service in a certain way);
• to perform our obligations under a contractual arrangement with you;
  or where no other processing condition is available, if you have agreed
  to us processing your personal information for the relevant purpose.

If we process your personal information, your personal information may be transferred to and stored outside the country where you are located.
This includes countries outside the European Economic Area (EEA) and countries that do not have laws that provide specific protection for personal
information.

Where we collect your personal information within the EEA, transfer outside the EEA will be only:

• to a recipient located in a country which provides an adequate level
  of protection for your personal information;
• under an agreement which satisfies EU requirements for the transfer
  of personal data to data processors or data controllers outside the
  EEA, such as standard contractual clauses approved by the
  European Commission.

We may transfer or disclose the personal data we collect to third party contractors, subcontractors, and/or their subsidiaries and affiliates.
Third parties support the MOJUFISC & CLAIR Network in providing its services and help provide, run and manage IT systems. Examples of
third party contractors we use are providers of identity management, website hosting and management, data analysis, data backup, security and
cloud storage services. The servers powering and facilitating our IT infrastructure are located in secure data centres around the world,
and personal data may be stored in any one of them.

The third party providers may use their own third party subcontractors that have access to personal data (sub-processors).
It is our policy to use only third party providers that are bound to maintain appropriate levels of security and confidentiality,
to process personal information only as instructed by MOJUFISC & CLAIR, and to flow those same obligations down to their sub-processors.

We may also disclose personal information under the following circumstances:

• with professional advisers, for example, law firms, as necessary to
  establish, exercise or defend our legal rights and obtain advice in
  connection with the running of our business. Personal data may be
  shared with these advisers as necessary in connection with the
  services they have been engaged to provide;
• when explicitly requested by you;
• when required to deliver publications or reference materials requested by you;
• when required to facilitate conferences or events hosted by a third party;
• To law enforcement, regulatory and other government agencies and
  to professional bodies, as required by and/or in accordance with
  applicable law or regulation. MOJUFISC & CLAIR may also review and use your
  personal information to determine whether disclosure is required or
  permitted.

We have implemented generally accepted standards of technology and operational security in order to protect personal
information from loss, misuse, alteration or destruction. Only authorised persons are provided access to personal information;
such individuals have agreed to maintain the confidentiality of this information.

Although we use appropriate security measures once we have received your personal data, the transmission of data over the internet (including by e-mail)
is never completely secure. We endeavor to protect personal data, but we cannot guarantee the security of data transmitted to or by us.

You may have certain rights under your local law in relation to the personal information we hold about you. In particular, you may have a legal right
to:

• obtain confirmation as to whether we process personal data about
  you, receive a copy of your personal data and obtain certain other
  information about how and why we process your personal data
• the right to request for your personal data to be amended or rectified
• where it is inaccurate (for example, if you change your address) and
• to have incomplete personal data completed

• The right to delete your personal data in the following cases:

  • the personal data is no longer necessary in relation to the
    purposes for which they were collected and processed;
  • our legal ground for processing is consent, you withdraw consent
    and we have no other lawful basis for the processing;
  • our legal ground for processing is that the processing is
    necessary for legitimate interests pursued by us or a third party,
    you object to the processing and we do not have overriding
    legitimate grounds;
  • you object to processing for direct marketing purposes;
  • your personal data has been unlawfully processed; or
  • your personal data must be erased to comply with a legal
    obligation to which we are subject.

• The right to restrict personal data processing in the following cases:

  • for a period enabling us to verify the accuracy of personal data
    where you contested the accuracy of the personal data;
  • your personal data have been unlawfully processed and you
    request restriction of processing instead of deletion;
  • your personal data are no longer necessary in relation to the
    purposes for which they were collected and processed but the
    personal data is required by you to establish, exercise or defend
    legal claims;
  • for a period enabling us to verify whether the legitimate grounds
    relied on by us override your interests where you have objected to
    processing based on it being necessary for the pursuit of a
    legitimate interest identified by us.

• The right to object to the processing of your personal data in the following
  cases:

  • The right to receive your personal data provided by you to us and
    the right to send the data to another organisation (or ask us to do
    so if technically feasible) where our lawful basis for processing the
    personal data is consent or necessity for the performance of our
    contract with you and the processing is carried out by automated means.

• The right to withdraw consent

  • Where we process personal data based on consent, individuals
    have a right to withdraw consent at any time. We do not generally
    process personal data based on consent (as we can usually rely
    on another legal basis).

• If you consider that the processing of your personal data infringes the
  law, you may have the right to lodge a complaint with the data
  protection regulatory authority responsible for enforcement of data
  protection law in the country where you normally reside or work, or in
  the place where the alleged infringement occurred.