Cora Gold Limited (“Cora” or the “Company”) is the “data controller” of the personal information we hold for the purposes of the General Data Protection Regulation (the GDPR) (which applies across the EU including the UK) and the Data Protection Act 2018 (the Data Protection Act) which supplements GDPR and extends its application in the UK.
We collect, use and share data primarily in providing marketing materials to shareholders and potential investors.
Cora takes privacy seriously and we are committed to protecting it.
This policy explains when and why we collect personal information about you, how this information is used, the conditions under which it may be disclosed to others and how it is kept secure.
This policy may change from time to time so please check this page occasionally to ensure that you’re happy with any changes.
Cora is the data controller in relation to the processing activities described below. This means we decide why and how your personal information is processed. Our registered office is available on the website under “Contact”.
Our Chief Financial Officer is responsible for our data protection function. You can find our contact details on the website under “Contact”.
When you use our website, and voluntarily provide your details online.
This includes information provided at the time of registering to use our website; subscribing for services and information from the Company; and by posting material.
We automatically collect the following information when you interact with us: e.g. details of transactions you carry out through the site, and your visits to our site, including, but not limited to, traffic data, location data, weblogs and other communication data, and the resources you access.
We also automatically collect technical information, including anonymous data collected by the hosting server for statistical purposes, the Internet protocol (IP) address used to connect your computer or device to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform.
The purpose for which we use your information and the legal basis under data protection laws on which we rely to do this are explained below.
We may use and process your personal information where you have consented for us to do so for the following purposes:
You may withdraw your consent for us to use your information in any of these ways at any time. Please see below for further details.
We may disclose your information to our third party service providers, agents, subcontractors and other organisations for the purposes of providing services to us or directly to you on our behalf.
Such third parties may include cloud service providers; hosting, email and content providers; marketing agencies and administrative services providers; and research companies.
When we use third party service providers, we only disclose to them any personal information that is necessary for them to provide their service and we have a contract in place that requires them to keep your information secure and not to use it other than in accordance with our specific instructions.
Except as set out in this policy, we do not share your information with third parties. We may transfer your personal information to a third party if we’re under a duty to disclose or share it in order to comply with any legal obligation, to detect or report a crime, to enforce or apply the terms of our contracts or our legal rights or to protect the rights, property or safety of our visitors and customers. We will always take steps with the aim of ensuring that your privacy rights continue to be protected.
On occasion, the information you provide to us may be transferred to countries outside the European Economic Area (EEA). By way of example, this may happen where any of our servers or those of our third party service providers are from time to time located in a country outside of the EEA. We may also provide information to service companies who reside in the Company’s jurisdiction, being the British Virgin Islands. These countries may not have similar data protection laws to the UK. Where possible, we will seek to work with service providers whose servers are located within the EEA.
If we transfer your information outside of the EEA in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this policy. These steps include imposing contractual obligations on the recipient of your personal information or ensuring that the recipients are subscribed to ‘international frameworks’ that aim to ensure adequate protection. Please contact us using the details at the end of this policy for more information about the protections that we put in place.
We keep personal information for as long as necessary to ensure we can deliver our services. We will not keep information if this were to breach legal requirements, our regulatory and compliance functions and we will use this to determine the appropriate retention period.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your information transmitted to our website and any transmission is at your own risk. Once we have received your personal information, we put in place reasonable and appropriate controls to ensure that it remains secure against accidental or unlawful destruction, loss, alteration, or unauthorised access.
Our website may contain links to other websites run by other organisations. This policy does not apply to those other websites and so we encourage you to read their privacy statements. We cannot be responsible for the privacy policies and practices of other websites even if you access them using links that we provide. In addition, if you linked to our website from a third party website, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party website and recommend that you check the policy of that third party website.
We may contact you with marketing information by email, post and telephone by using your personal information or with targeted advertising delivered online through social media and platforms operated by other companies using their profiling tools, or use your personal information to tailor marketing to improve its relevance to you, unless you object.
You have a number of rights in relation to your personal information under data protection law. In relation to certain rights, we may ask you for information to confirm your identity and, where applicable, to help us to search for your personal information.
Except in rare cases where additional time may be required, we will respond to you within one month from either (i) the date that we have confirmed your identity, or (ii) where we do not need to do this because we already have this information, from the date we received your request.
Under data protection laws you have a legal right to ask to see a copy of the personal information that we hold about you. Such requests are called subject access requests.
If you would like to make a subject access request, please contact the Chief Financial Officer using the “Contact” information on our website. You will also need to provide one form of identification and proof of your address, for example, staff pass, driving licence, utility bill, and if appropriate, any particulars about the source or location of the information you are requesting.
Where we rely on your consent as the legal basis for processing your personal information, as set out under section 4 on how we use your personal information, you may withdraw your consent at any time by contacting us using the details at the end of this policy.
If you would like to withdraw your consent or object to receiving any direct marketing to which you previously opted-in, you can do so using the unsubscribe tool in that communication (if it is an email), or by writing to us or calling us using the contact details at the end of this policy. If you withdraw your consent, our use of your personal information before you withdraw is still lawful.
In certain circumstances, you may ask for your personal information (i) to be removed from our systems or (ii) to be rectified if it is not correct, by emailing or writing to us at the “Contact” address on our website. Unless there is a reason that the law allows us to use your personal information for longer, we will make reasonable efforts to comply with your request.
We’d like to be able to resolve all your concerns, and we hope that we can do so. Where we haven’t been able to do this, you have the right to complain to the Information Commissioner’s Office (ICO) if you are concerned about the way we have processed your personal information. Please visit the ICO’s website for further details: https://ico.org.uk.
We may review this policy from time to time and any changes will be notified to you by posting an updated version on our website. We recommend you regularly check for changes and review this policy whenever you visit our website. If you do not agree with any aspect of the updated policy you must immediately notify us and cease using our services.