Who we are

Our website address is https://palema.com.

The purpose of this Policy is to define the basic principles by which the Company processes the personal data of customers, suppliers, business partners, employees, and other individuals and indicates the responsibilities of its business departments and employees while processing personal data.

What personal data we collect and why we collect it

The categories of Personal Data we collect or obtain may include without limitation:

No. Personal Data Description
1 Personal Details Given name(s); Preferred Name(s); Nickname(s), Gender; Date of Birth; Age; Marital Status; Social Security Number; Passport Number(s); Other Government Issued Number(s) (tax Identification  Number(s),  Green  Card  Number(s);  Driving  Licence  Number(s);  Nationality;  Lifestyle  and Social   Circumstances;   Images   of  Passports, Driving   Licences,   and  Signatures;   Authentication   Data (passwords, mother’s maiden name, challenge/response questions and answers, PINs, facial and voice recognition data);  Photographs; Visual Images;  and Personal Appearance and Behaviour
2 Contact Details Address; Telephone Number; Email Address and Social Media Profile Details
3 Employment Details Industry; Role; Business Activities; Names of current and former employers; Work Address; Work Telephone Number; Work Email Address; and Work-related Social Media Profile Details
4 Education History Details of your Education and Qualification
5 Financial Details Billing Address; Bank Account Numbers; Credit Card Numbers; Cardholder or Accountholder Name and Details; Instruction Records; Transaction Details; and Counterparties Details
6 Electronic Identifying Data IP Addresses; Cookies; Activity Logs; Online Identifiers; Unique Device Identifiers; and Geological Data

The personal data that we may collect may also include ‘sensitive’ or ‘special categories’ of personal data, such as details about your health (for example, in relation to life and medical insurance), ethnic or racial origin. Please note that, when the processing of sensitive personal data is not allowed by law, explicit consent from you will be required whenever we may have to obtain sensitive personal data about you so as to provide our services.

The types of personal data and special categories of personal data that we collect may vary depending on the nature of the services that we provide to you, or how you use our Website. In some rare circumstances, we might also gather other special categories of personal data about you, for example as a result of legal requirements imposed on us.


If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms

The users of this Document are all employees, permanent or temporary, and all contractors working on behalf of the Company.

The Company may be a data processor or data controller; this will depend on the circumstances in which personal information is collected, held or used.


A cookie is a small file that is placed on your device when you visit a website (including our websites). It records information about your device, your browser and, in some cases, your preferences and browsing habits. We may Process your Personal Data through cookie technology.

If you leave a comment on our site you may opt-in to save your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one month.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for one month. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.


If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

In the course of providing services to you as a client and particularly when performing due diligence checks in connection with our services (or discussing possible services we might provide to you as a prospective client), we may collect or obtain personal data about you.

We collect Personal Data about you from a variety of sources as follows:

  • Directly from you in the ordinary course of our relationship with you (for example in a form on our Website or through our “know-your-client” procedures)
  • You manifestly choose to make public, including via social media, from third parties who provide it to us (e.g. your employer or adviser, or third-party service providers that we use to help operate our business, your intermediaries; and law enforcement authorities).
  • We collect or obtain Personal Data when you visit any of our websites or use any features or resources available on or through our website. When you visit our website, your device and browser may automatically disclose certain information (such as device type, operating system, browser type, browser settings, IP address, language settings, dates and times of connecting to a Site and other technical communications information), some of which may constitute Personal Data.
  • In some cases, we may process your personal data to pursue business interests of our own or of third parties, provided your interests and fundamental rights do not override such interests. More specifically, we process your personal data:
    • maintaining and updating your contact information where appropriate
    • providing you with information or assistance that you request from us;
    • conducting verifications, monitoring and reporting in accordance with anti-money laundering and counterterrorist financing laws;
    • providing our Clients with the services requested, including administration, corporate and trust, banking, custody, middle office services, financial products, reporting and tax services amongst others;
    • notifying you or our Clients about changes to our services;
    • monitoring and improving the quality of our services;
    • quality assurance and training purposes;
    • Marketing and promotional activities (only where you have given us your consent)

Where we send your data

Visitor comments may be checked through an automated spam detection service.

We will only process your personal data when the law allows us to. Most commonly, we may collect and use your personal data, for the following legal basis:

  • the Processing is necessary for compliance with a legal obligation under a contract with you;
  • the Processing is necessary for the detection or prevention of crime (including the prevention of fraud) to the extent permitted by applicable law;
  • the Processing is necessary for the establishment, exercise or defense of legal rights;
  • we have, in accordance with applicable law, obtained your explicit consent prior to Processing your Personal Data (as above, this legal basis is only used in relation to Processing that is entirely voluntary – it is not used for Processing that is necessary or obligatory in any way);  or
  • Processing is necessary for reasons of substantial public interest and occurs on the basis of an applicable law that is proportionate to the aim pursued and provides for suitable and specific measures to safeguard your fundamental rights and interests.

The purposes for which we may collect, and process Personal Data are:

On-boarding new clients; and compliance with our internal compliance requirements, policies, and procedures

Because we provide a wide range of services to our clients, the way we use personal data in relation to our services also varies.

For example, we might use personal data:

  • about a client’s employees to help those employees manage their tax affairs when working overseas,
  • when we provide risk advisory services to corporate clients,
  • when we provide investment services to clients (such as investment advice)
  • when we offer human capital services (such as payroll services),
  • about a client’s employees and customers in the course of conducting an audit (or similar activity) for a client,
  • about a client to help him/her complete and submit a tax return, or
  • when we consider applicants for employment purposes.

If you do not provide the personal data we request from you, we may not be able to offer or continue offering our services to you.

How we protect your data

Data Controller: The natural or legal person, public authority, agency or any other body, which alone or jointly with others, determines the purposes and means of the processing of personal data.

Data Processor: A natural or legal person, public authority, agency or any other body which processes personal data on behalf of a Data Controller.

Processing: An operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of the data.

Additional information

Industry regulatory disclosure requirements

The data protection principles outline the basic responsibilities for organizations handling personal data. Article 5(2) of the GDPR stipulates that “the controller shall be responsible for, and be able to demonstrate, compliance with the principles.”

No. Principles Description
1 Lawfulness, Fairness, and Transparency Personal data must be processed lawfully, fairly and in a transparent manner in relation to the data subject.
2 Purpose Limitation Personal data must be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
3 Data Minimization Personal data must be adequate, relevant, and limited to what is necessary for relation to the purposes for which they are processed. The Company must apply anonymization or pseudonymization to personal data if possible to reduce the risks to the data subjects concerned.
4 Accuracy Personal data must be accurate and, where necessary, kept up to date; reasonable steps must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified in a timely manner.
5 Storage Period Limitation Personal data must be kept for no longer than is necessary for the purposes for which the personal data are processed.
6 Integrity and Confidentiality Taking into account the state of technology and other available security measures, the implementation cost, and likelihood and severity of personal data risks, the Company must use appropriate technical or organizational measures to process Personal Data in a manner that ensures appropriate security of personal data, including protection against accidental or unlawful destruction, loss, alteration, unauthorized access to, or disclosure.
7 Accountability Data controllers must be responsible for and be able to demonstrate compliance with the principles outlined above.


If you have any comments, questions or concerns about any of the information in this Policy, or any other issues relating to the Processing of Personal Data by the Company, please contact our “Data Protection Officer” through email gdpr@palema.com.