Client Privacy Notice
INTRODUCTION
The purpose of this notice is to provide you with information on our use of your personal data in accordance with the Data Protection Act (As Revised) (the “DPA”) of the Cayman Islands.
In this document, “we”, “us” and “ours” refers to the Company, and its or their affiliates and/or delegates.
It is noted that the Company provides administrative support to a group of non-executive directors that provide their services independently of the Company to alternative investment funds and their associated vehicles (the “Corporate Directors”).
WHO DOES THIS APPLY TO?
This Privacy Notice will apply to you only if you are at least one of the following types of persons:
(a) Client Business Contacts. Individuals who are employed or otherwise engaged by legal entities which receive services from the Corporate Directors (“Corporate Clients”) and interact with us in the course of our business. For this purpose, Corporate Clients are considered entities that have a direct contractual relationship with Corporate Directors or the Investment Manager/Advisor of that entity.
(b) Business Owners. Individuals who are in control of the Corporate Clients and their affiliates/subsidiaries by virtue of being the beneficial owners (regardless of the form of ownership), as well as individuals who exercise control over our Corporate Clients and their affiliates/subsidiaries through executive powers vested in them (regardless of whether or not they hold any ownership interest in the Corporate Clients or their affiliates/subsidiaries).
(c) Other Relevant Individuals. Individuals who do not belong to any of the foregoing categories but interact with us in connection with (or are otherwise affected by) the services we provide or the business we conduct. Depending on the circumstances, such individuals can include, without limitation:
(i) Individuals who work for other entities that interact with us in connection with the services provided by the Corporate Directors to the Corporate Clients, such as other non-executive directors;
(ii) Individuals who work for entities that provide goods and services to us.
Nothing in this Privacy Notice creates any new relationship between you and the Corporate Director or alters any existing relationship between you and the Corporate Directors. Nothing in this Privacy
Notice affects any right you have under any applicable law, including the DPA and any other data protection law that applies to you.
WHAT TYPE OF PERSONAL INFORAMTION ABOUT ME DOES THE COMPANY COLLECT?
The types of personal information about you which we collect on behalf of the Corporate Directors will vary depending on such factors as your personal circumstances, that nature of your relationship with us, and the nature of the services we are engaged to perform.
The personal information we obtain can be grouped into the following categories:
(a) Contact Details. Your contact details such as title, name postal address, email address, and phone number.
(b) KYC Records. Information about you which the Corporate Directors (or the Corporate Clients who receive services) are obliged to check for legal or regulatory reasons, such as your date of birth, country of residence, nationality, any ownership interest in any entity and other like information concerning your identity and background (which may include, where applicable, sensitive information such as any criminal record you have and any sanction or embargo enacted against you).
We will collect your personal information only where we are legally permitted to do so, and only to the extent it is appropriate and necessary for one or more of the purposes described below.
WHY DOES THE COMPANY COLLECT MY PERSONAL INFORMATION AND WHAT ARE THE LEGAL JUSTIFICATIONS?
Service Delivery – To facilitate the provision of services to the Corporate Clients through the contractual arrangements with the Corporate Directors.
Client Relationship Management – To manage, maintain, and develop our relationship with our clients.
Business Administration – To facilitate the effective management and administration of our business, including in relation to matters such as business planning, budgeting, and forecasting, as well as enforcement of our terms and conditions of service and collection of our fees.
Legal and Regulatory Compliance – To ensure that the Corporate Directors and the Corporate Clients comply with all relevant legal and regulatory requirements, including, without limitation, legal requirements relating to money laundering, bribery and corruption, tax evasion, sanctions/embargoes, and export control.
If you are an owner or employee of a Corporate Client or a fellow non-executive director to one of the Corporate Clients, we will use your personal information to conduct various checks to ensure that we comply with all applicable legal and regulatory requirements, before we formally accept you (or your business) as a client and from time to time after you (or your business) is accepted as our client. For example, we might check if you are included in an official list published by the authorities which lists persons with whom we are by law not allowed to do business, or we might check if you are a politically exposed person in respect of whom we are required to undertake enhanced due diligence.
When we use personal information for the purposes noted above, we rely on the following legal justifications:
Contractual Necessity – This justification comes from paragraph 2, Schedule 2 of the DPA and we rely on it where we handle your personal information in order to discharge the contractual obligations we owe to you. This is typically the case where you are an owner or employee of a Corporate Client or a fellow non-executive director to one of the Corporate Clients and we handle your personal information for the purpose of Service Delivery.
Legitimate Business Interest – This justification comes from paragraph 6, Schedule 2 of the DPA and we rely on it where we need to handle your personal information in order to meet our own requirements to operate, manage, and develop our business (provided that we can strike the right balance between our interests and your interests). This is typically the case where we handle your personal information for the purposes of Service Delivery with respect to services we provide to the Corporate Directors and their Corporate Clients, and also for the purposes of Service Development, Client Relationship Management, and Business Administration.
Legitimate and Regulatory Requirement – This justification comes from paragraph 3, Schedule 2 of the DPA and we rely on it where we handle your personal information for the purpose of Legal and Regulatory Compliance.
Consent – This justification comes from paragraph 1, Schedule 2 of the DPA and we can rely on it where we handle your personal information based exclusively on your consent. We would not ordinarily rely on consent, but occasionally, where none of the other legal justifications are available to us, we may choose to rely on Consent. For example, if we wanted to use you as a reference to market our services to a third party, we would ask you for consent. We would explain the reason for using your personal information when obtaining consent and you can withdraw your consent at any time should you subsequently change your mind.
HOW DOES THE COMPANY OBTAIN MY PERSONAL INFORMATION?
We endeavor to collect your personal information directly from you wherever possible. However, the nature of the services we perform and the context in which we handle your personal information can often result in us collecting your personal information indirectly from third party sources.
Additionally, there may be circumstances where we are required to seek your personal information from independent sources (for example, where we need to use your personal information to comply with legal requirements to validate your identity and background).
Sources from which we may obtain your personal information can be described as follows:
(a) Publicly accessible websites, registers, and databases, including official registers of companies and businesses, databases of journals and news articles, and social media such as Linkedin.
(b) Providers of background check and business risk screening services, such as credit reference agencies, operators of fraud and financial crime databases, and operators of sanctions/embargoes databases (in some cases they can include authorities such as government departments and the police).
(c) The relevant Corporate Client to whom we provide the service and who entrusts us with your personal information. Depending on the context, this could be, for example, the business which is owned or controlled by you or the business for which you work.
(d) Lawyers, accountants, actuaries, tax advisors, investment managers, risk managers, and other like professional advisors retained by the relevant Corporate Client.
DOES THE COMPANY SHARE MY PERSONAL INFORMATION?
We will share your information with others only if and to the extent it is appropriate and necessary to do so for one or more of the purposes outlined in “WHY DOES THE COMPANY COLLECT MY
PERSONAL INFORMATION AND WHAT ARE THE LEGAL JUSTIFICATIONS?” above. Whenever we share your personal information, whether internally or externally, we will ensure that such sharing is kept to the minimum necessary.
The extent to which we share your personal information will vary depending on your circumstances and relationship with us, but your personal information will be shared with one or more of the following categories of recipients:
(a) The Corporate Clients (if you are a Client Business Contact this could be your employer).
(b) Those who support our business operations, for example data center operators, IT service providers, administrative support service providers, insurers, accountants, consultants, auditors, and so on.
(c) Providers of background check and business risk screening services, such as, operators of fraud and financial crime databases, and operators of sanctions/embargoes databases.
(d) Government departments and agencies, police, regulators, courts, tribunals, and other like authorities (including the Cayman Islands Monetary Authority) with whom we (or the Corporate Clients) are legally obliged to share your personal information, or with whom we decide to cooperate voluntarily (but only to the extent we are legally permitted to do so).
Where we share your personal information with the authorities, we may, depending on the circumstances, be forbidden from advising you of the fact that your personal information was disclosed to or requested by the authorities (e.g. when doing do is illegal or might prejudice an on-going investigation).
DOES THE COMPANY TRANSFER MY PERSONAL INFORMATION OUTSIDE THE CAYMAN ISLANDS?
Due to the international nature of the Company’s and Corporate Directors business operations and the markets in which they operate, your personal information may be transferred outside of the Cayman Islands to any of the different categories of recipients described in “DOES THE COMPANY SHARE MY PERSONAL INFORMTION?” above, who could be located anywhere in the world, including, without limitation, Canada, Europe, Hong Kong and the USA.
These overseas destinations, in particular those outside of Europe, may not have laws that protect your personal information in the same way as the DPA does. This does not mean that your personal information is inevitably put at risk, but it can mean that there is less formal legal protection for your personal information.
Where we share your personal information with recipients who are located outside of the Cayman Islands, we will, whenever possible, take all appropriate steps that are within our control to take to ensure that adequate legal safeguards are in place for your personal information which are shared with such recipients (for example, by obtaining contractual assurances from the recipients). Additionally, if we agree to restrict the cross-border transfer of your personal information in any particular way with the relevant Corporate Client or fellow non-executive director, we will comply with such restriction.
WHAT WOULD THE COMPANY DO IF A DATA BREACH HAPPENS?
In the unlikely event your personal information under our control becomes compromised due to a breach of our security, we will act promptly to identify the cause and take the necessary steps to contain and mitigate the consequences of the breach. Where appropriate, we will also notify you of the breach in accordance with the DPA and any other applicable law which requires us to notify you of the breach.
CONTROLS AND RIGHTS WITH RESPECT TO YOUR PERSONAL DATA
For information concerning the controls, retention of personal data and your rights with respect to your personal information, please refer to our Privacy Policy upon request.
If you would like to exercise any of your rights you have in respect of your personal information, or if you have any questions or concerns regarding the way in which we handle your personal information, then please reach out to your usual contact person with the Company.
If you have a complaint regarding the way in which we handle your personal information, please contact Brian Burkholder at brian@globusgovernance.com.
We will endeavor to respond to your request or complaint with respect to your personal information as soon as possible. However, if you are not satisfied with our response and wish to make a formal compliant or find out more about your rights under the DPA, please contact the Cayman Islands Ombudsman:
Ombudsman – P.O. Box 2252, Grand Cayman, KY1-1107, Cayman Islands.