Privacy Notice
OctoHorizon (the “Company”, “we”, “our” or “us”) may collect information about you (the “Data Subject”, “you”, “your”) from various sources and for various purposes, as detailed in this Privacy Notice.
This Privacy Notice (“Privacy Notice”) covers our treatment of the personally identifiable information that we gather.
From time to time, we may revise or amend this Privacy Notice to reflect changes in law, our Personal Data collection and use practices, or advances in technology. This Privacy Notice does not cover the practices of entities we do not own or control, or people we do not manage.
For the purposes of data protection laws of the Cayman Islands, and the European Union, and other relevant jurisdictions where Data Subjects are located (“Data Protection Laws”), the Company is a data controller (i.e., the company who is responsible for, and controls the processing of, your Personal Data).
Your provision of Personal Data to the Company implies acceptance of this Privacy Notice.
What data we collect
To the fullest extent permitted under applicable Data Protection Laws, we collect the following data and information relating to a living individual who can be identified and includes, without limitation, data such as the following (collectively, “Personal Data”):
Identity information: name, surname, date of birth, nationality, country of residence, passport or ID details, signature.
Contact information: residential address, email address, telephone number, emergency contact information.
Professional information: CVs, employment history, qualifications, references.
Technical and Website usage data: IP address, device identifiers, geolocation, browser data, access logs, cookies and tracking technologies.
Corporate affiliation information: position within a company, work email, work telephone number, and other business-related identifiers.
Compliance information: due diligence documents, KYC/KYB information, source of funds/wealth information (if applicable), sanctions/AML screening results.
Financial information: bank account details, payment confirmations (only when applicable).
Communications data: emails sent to us, contact forms, corporate correspondence.
Security data: access logs to office premises, visitor logs.
Other information: Any personal data voluntarily provided to us.
How we collect Personal Data
To the fullest extent permitted under applicable Data Protection Laws, we collect Personal Data about you and any other party whose details you provide to us when you:
When you access or use https://www.octo-horizon.com/ (“Website”):
When you browse the Website (IP address, device data, cookies).
When you fill in any contact or inquiry form.
When you request information or otherwise communicate with us.
When you contact us through any communication channel:
Contact forms
Phone
Social media
Messaging applications
When you apply for a job or internship:
Submission of CVs and job applications
Background checks, screening, and interviews
Reference checks provided by third parties
When you work with us as an employee, officer, advisor, consultant, contractor, or service provider:
Payroll and HR data
Compliance and due diligence checks
Contractual correspondence
Access logs to systems and premises
Monitoring of company-owned devices
When you enter our physical premises:
Visitor logs
ID verification
CCTV footage
When you provide services or enter into a commercial relationship with us:
Information required for invoicing and payments
Contact details of personnel involved in the business relationship
Compliance and due diligence checks
Information provided through contracts and corporate documents
When we comply with legal, regulatory, or audit obligations, we may collect and retain personal data for purposes including:
AML/CTF compliance
Tax reporting
Regulatory filings
Court orders and legal processes
Maintaining statutory records
When you voluntarily provide personal data.
If you intend to give us Personal Data about someone else, you are responsible for ensuring that you comply with any obligation and consent obligations under applicable Data Protections Laws. Insofar as required by applicable Data Protection Laws, you must ensure that beforehand you have their explicit consent to do so and that you explain to them how we collect, use, disclose and retain their Personal Data, or direct them to read our Privacy Notice.
How we use your Personal Data
To the fullest extent permitted under applicable under Data Protection Laws, we use your information to:
Operating and securing our website and IT systems
Responding to inquiries and communications
Human resources and hiring
Managing employees, directors, consultants, and contractors
Compliance with AML/CTF, sanctions screening, and due diligence obligations
Fulfilling contractual obligations
Maintaining statutory corporate records
Protecting our rights, property, and operations
Meeting legal, regulatory, or audit requirements
Internal record-keeping, risk management, and business administration
Ensuring physical and cybersecurity
If you become a follower in the Company’s social networks, the processing of Personal Data will be governed by the policies of the Social Network, as well as by their terms of use, privacy policies and regulations that belong to the social network that corresponds in each case and that you have previously accepted.
The Company will treat your Personal Data in order to correctly manage your presence in the social network, inform you of the Company activities, as well as for any other purpose that the rules of the social networks allow.
In no case will the Company use the profiles of followers in social networks to send advertising individually.
Legal basis for processing
We may collect your Personal Data for the following purposes:
Based on your consent, to contact you, which can be revoked at any time;
Where necessary to perform any contract we enter into, or have entered into;
Where necessary for our legitimate business interests (or those of a third party) when your interests and fundamental rights do not override those interests; and
Where necessary, for the protection of vital interests;
Where necessary, for the establishment, exercise, or defence of legal claims; and
Where we need to comply with a legal or regulatory obligation.
Depending on the applicable Data Protection Laws, you have the following rights:
The right to access your own Personal Data;
The right to have your Personal Data rectified if it is inaccurate or incomplete;
The right to request deletion or removal of your Personal Data where there is no good reason for processing to continue or where the Personal Data was processed on the basis of Consent, withdrawing such Consent;
The right to restrict processing of your Personal Data where there is no good reason for processing to continue;
The right to data portability to enable moving, copying or transferring of Personal Data from one platform to another;
The right to object to the processing of your Personal Data in certain circumstances;
The right to lodge a complaint with a supervisory authority; and
Rights relating to profiling and automated decision making resulting from the processing of your Personal Data.
The exercise of these rights is personal and therefore must be exercised directly by the interested party, requesting it directly to the Company, which means that any Data Subject, who has provided their Personal Data at any time can contact the Company and request information about the Personal Data that it has stored and how it has been obtained, request the rectification of the same, request the portability of the Personal Data, oppose the processing, limit its use or request the cancellation of that data in the Company’s files.
To exercise the rights of access, rectification, cancellation, portability and opposition, you must send an email to the Data Protection Officer of the Company info@octo-horizon.com together with a valid proof of identity such as a Government-issued ID document.
Parties with whom we may share your Personal Data
We may share your Personal Data with:
Our employees, directors, contractors, and advisors;
External service providers (IT, hosting, accounting, audit, legal, compliance);
Banks and financial institutions;
Any party necessary for the fulfilment of a legal obligation or for the protection of our rights;
Government and State Authorities to respond to subpoenas, court orders, legal process, law-enforcement requests, legal claims, or government inquiries and to protect and defend the rights, interests, safety, and security of the Company, our affiliates, Data Subjects, or the public;
The Company and its affiliates;
Third-Parties in connection to corporate transactions such as the sale of the Company, a merger, consolidation, reorganization, financing, change or control or acquisition of all or a portion of our business by another company or third party, asset sale, initial public offering, or in the unlikely event of bankruptcy or similar proceeding.
We may engage from time to time to third-party service providers to assist the Company with the implementation of the KYC/AML & CTF Policy as well as the compliance with applicable Know Your Customer, Anti-Money Laundering, Counter-Terrorism Financing, and Anti-Corruption laws and regulations. Where applicable, we will enter into a data processing agreement with these third-parties to ensure data security and protection of your Personal Data against Data Beaches. Such Data Processors will only process your Personal Data to the extent required.
We may provide your Personal Data to competent authorities upon their request to the extent legally required or to the extent necessary to defend our rights in legal proceedings or investigations.
We do not sell, rent, lease, trade, or otherwise make available any Personal Data to third parties for monetary or other valuable consideration. We also do not share personal data with third parties for cross-context behavioural advertising or similar purposes. Any transfer of personal data is strictly limited to the purposes described in this Privacy Notice and only to service providers or parties acting on our behalf under appropriate data-processing agreements.
Data Retention
We retain your Personal Data for as long as it is necessary to fulfil the purposes for which it was collected, and/or as required for performing a contract, comply with our legal and regulatory obligations, and protect our legitimate interests.
Data Security
To protect your Personal Data, the Company takes all reasonable precautions and follows the best practices of the industry to prevent the loss, misuse, improper access, disclosure, alteration or destruction of the same.
Accuracy and veracity of Personal Data
You agree that the Personal Data provided to the Company is correct, complete, accurate and current. You are solely responsible for the veracity and correctness of the Personal Data you submit exonerating the Company from any responsibility in this regard.
Acceptance and consent
You declare to have been informed of the conditions on protection of Personal Data, you accept and consent to the treatment of the same by the Company in the manner and for the purposes indicated in this Privacy Notice.
Revocability
To exercise the rights of access, rectification, cancellation, portability and opposition, you must send an email to [EMAIL] along with your valid proof of ID such as a Government-issued identification document. The exercise of your rights do not include any Personal Data that the Company is obliged to keep for administrative, performance of contracts, legal or security purposes.
Change of Operatorship
In case of incorporation, acquisition, merger or any other causes that cause the change of operatorship, you expressly consent that your Personal Dataare transferred by the Company to the new Operator. When and if this occurs, the Company will comply, in any case, with the duty of information to you.
Changes to the Privacy Notice
The Company reserves the right to modify this Privacy Notice to adapt it to legislative developments, as well as to industry practices. The Company may notify you of changes to this Privacy Notice by email or by public posting.
Operator
OctoHorizon, a Cayman Islands exempted company with limited liability with its office address at 71 Fort Street, 3rd Floor, Georgetown, Grand Cayman, Cayman Islands.
Contact
In case you have any questions or complaints about the Privacy Notice, you can contact our data protection officer via email to