Executive Statement

NSTR respects and protects the privacy of its clients and during the course of its operations NSTR will collect, store, transfer, erase and otherwise process several types of personal data. The processing of such information is governed by the data protection laws and regulations, such as the EU general Protection Regulation(GDPR), and other applicable laws and regulations in the countries in which NSTR operates now and in the future.

All NSTR staff who are responsible for processing any personal data shall comply with NSTR Privacy policy and any related guidelines and applicable local laws and regulations. NSTR is responsible for the personal data also when personal data is processed by external parties(data processors) on behalf of NSTR.

General data protection principles form the foundation of personal data processing within NSTR. According to these principles personal data shall be processed only for the pre- defined, fair and lawful purposes. All processing of personal data shall be necessary to NSTR business operations. In addition, personal data shall only be processed when NSTR has a legitimate ground for the processing, including international transfers of personal data. Processing of personal data shall be transparent to the data subjects and all personal data must be accurate and the amount of personal data processed shall correspond to the defined purposes. Personal data shall be retained only as long as necessary and justifiable for NSTR operations or as required by laws and regulations. Appropriate technical and organizational measures shall be implemented in order to protect confidentiality and integrity of personal data. Data privacy shall be taken into account during design phases of all projects with possible data privacy implications. Finally, NSTR is responsible for demonstrating compliance with these data protection principles and it shall be aware of and document all processing activities under its responsibility.

Article 13 EU GDPR “Information to be provided where personal data are collected from the data subject”. Data subjects have various rights regarding their own personal data such as a right to access their personal data and right to correct and ask for deletion of their data. NSTR respects such rights and has appropriate processes in place to enforce these rights.

If a personal data breach is likely to result a high risk to the rights and freedoms of individuals, NSTR shall act promptly and document and communicate personal data breaches to the authorities and to the individuals (where feasible).

Should you have a data question or require to know what information we store and why, please contact our Data Protection Officer (DPO), Kiera Jazwinski at [email protected].

Looking for a role in accounting practice & corporate finance? Get in touch