This Privacy Notice sets out how and why Altum Group collects and processes personal data.
In this Privacy Notice, “we”, “our” or “us” may refer to any or all of the entities comprising the Altum Group and its subsidiaries and affiliates (and their respective successors in title), including but not limited to:
- Altum Fiduciary Limited
- Altum Holdings Limited
- Altum Secretaries Limited
- Altum Trustees Limited
- Altum Holdings (UK) Limited
- Altum Management (UK) Limited
The entity classified as a data controller will vary depending on the jurisdiction in which the services are provided.
References to “you” include all individuals whose personal data we collect and process in the course of operating our business.
2). HOW TO CONTACT US
If you have any questions about the contents of this notice or the use of your personal data, please
a). via email in:
- Jersey using email@example.com;
- United Kingdom at firstname.lastname@example.org.
b). or via letter addressed to “the Data Protection Officer” in:
- Jersey at: 1st Floor, Liberation House, Castle Street St Helier Jersey, JE1 1GL
- United Kingdom at: Landsdowne House, 57 Berkeley Square, London, W1J 6ER
3). WHAT PERSONAL DATA DO WE COLLECT?
3.1 We may collect various types of personal data about you, including:
- identification information (place and date of birth, nationality, ID card, passport number, gender, photograph, country of residency, IP address);
- tax information (tax status, tax residency, tax ID);
- contact information (postal address (home and/or business), email address, phone number);
- family situation (marital status, number of children, identity of spouse);
- employment and education information (level of education, professional qualifications, employer’s name, level of remuneration);
- financial information (source of wealth, information regarding your assets, bank details, credit history);
- details of your visits to our offices and premises;
- details of your visits to our website;
- marketing and other preferences; and
- information you provide in the course of corresponding with us, which may include personal data regarding people connected with you.
3.2 We may also collect and process special category data in certain circumstances where we are required to for the purposes of our legal and/or regulatory obligations including, but not limited to, legislation and regulatory obligations relating to Anti-Money Laundering and the countering of terrorist financing and all other related legislation. This may include information regarding your racial or ethnic origins, political opinion, medical history and affiliations or information relating to criminal records.
4). SOURCES OF PERSONAL DATA
4.1 We ordinarily collect personal data directly from you (or your authorised representatives) by way of:
- forms and documents we require to be completed in order to provide services;
- agreements entered into with us;
- information gathered for the purposes of due diligence in order for us to meet and comply with our regulatory and legal obligations; and
- phone, e-mail, correspondence or otherwise.
4.2 We may also collect personal data from you or any third parties which may include:
- entities in which you (or a party connected to you) have an interest;
- your advisors;
- current or previous employers; and
- banks and other financial services providers;
- credit reference agencies and financial crime databases for the purposes of complying with our regulatory requirements; and
- information collected via website (including cookies and IP addresses), emails (e.g. traffic headers for analysing patterns of network traffic and managing client relationships).
Some of the grounds for processing described above will overlap and there may be several grounds which justify our use of your personal data.
5). LAWFUL BASIS FOR PROCESSING
We are allowed to process and hold your personal data on the following lawful grounds:
- The processing is necessary to perform a contract with you or take steps before entering into a contract with you.
- The processing is necessary to comply with our legal and regulatory obligations.
You have given us your consent for us to process your personal data for a specific purpose.
- The processing is necessary for our legitimate interests provided your interests and fundamental rights do not override those interests.
- The processing is necessary to protect your vital interests (or someone else’s interest).
- The processing is needed in the public interest.
6). PURPOSE OF PROCESSING
Your personal data may be processed for the purposes set out below:
- providing the services;
- conducting financial screening;
- communicating with you in the provision of the services or to answer your requests;
- monitoring and recording telephone and electronic communications and transactions (i) in order to improve service delivery and (ii) for investigation and fraud prevention purposes, for crime detection, prevention, investigation and prosecution of any unlawful act (or omission to act);
- releasing personal data to banks or other financial institutions;
- enforcing or defending our legal and contractual rights or those of third party service providers;
- complying with regulatory and/or legal obligations;
- collecting, processing, transferring and storing of customer due diligence data, source of funds information and verification data and conducting checks and sanctions screening; and
- liaising with or reporting to financial services regulators or other public authorities or governmental bodies we are required to cooperate with, report to and or with whom we decide or deem appropriate to cooperate.
7). SHARING OF PERSONAL DATA
7.1 We may share your personal data with our group companies and third parties (including lawyers, auditors, other service providers who perform services on our behalf, and financial, taxation, regulatory or judicial authorities upon request and to the extent permitted by law).
7.2 Where we share your personal data, we require those third parties to put in place adequate measures to protect it.
7.3 In sharing your personal data, we may transfer it to other countries.
7.4 We may transfer your personal data outside of the European Economic Area (the EEA) to countries that provide an adequate level of protection or to non-EEA countries that have not been recognised as adequate by the European Commission. If on the latter basis, we will ensure it is protected and transferred in a manner consistent with legal requirements (such as by using model contractual clauses, binding corporate rules or other data transfer mechanisms).
For our core activities we are using the following technology service providers:
- Microsoft – Microsoft collaborative services, including email server hosting;
- Mimecast – email services and mail filtering gateway;
- Tessian – email services security and mail filtering gateway;
- Allvue – accounting and administration services platform; and
- SignEasy – document management and electronic signing
Please note that, depending on the service provided, we might use additional service providers. For further info, please contact your Altum Group identified relationship owner.
8). RETENTION OF PERSONAL DATA
Your personal data will be retained for or as long as required:
- by applicable law or regulatory requirement;
- for the purposes for which the personal data was obtained; and/or
- for us to establish or defend legal rights or obligations or meet reporting or accounting obligations.
We endeavour to store your personal data securely in accordance with accepted market standards.
9). YOUR RIGHTS
You have the following rights, which may be exercisable depending on the circumstances:
- right of access
- right to rectification
- right to erasure
- right to restriction of processing
- right to data portability
- right to object to processing
- right to withdraw consent (see 9.2 below)
9.2 Where you have provided your consent for the processing of personal data, you have the right to withdraw your consent at any time.
9.3 In addition, if we have processed your personal data based on our legitimate interests, you have a specific right to object to that processing. However, if you choose to do so, we may no longer be able to provide services.
9.4 You also have the right to lodge a complaint with the relevant data protection authority:
- Office of the Information Commissioner in Jersey (https://oicjersey.org)
- Information Commissioner’s Office in the United Kingdom (https://ico.org.uk)
9.5 If you wish to exercise any of your rights, please either send a letter to the relevant entity providing the services or by e-mail to the address detailed in section 2 above.
10). INACCURATE INFORMATION AND/OR NEED FOR AMENDMENT
Please let us know as soon as possible if any of the personal data you have provided to us changes. If you do not provide us with accurate information or fail to update us with updated information when it changes, this may affect us being able to provide services. Failure to provide information to us if required for due diligence or other legal requirements may result in us not being able to provide services on a timely basis (or at all).
11). IT SYSTEM AND COMMUNICATIONS
Whilst we have taken every reasonable care to implement appropriate safeguards including technical and security measures to protect your personal data, we cannot guarantee the security of your personal data over the internet, e-mail or our website, nor do we accept any liability for loss to the fullest extent permitted by law.
12). CHANGES TO THIS NOTICE
This Privacy Notice is dated 5 July 2022. We reserve the right to amend this Privacy Notice from time to time without notice.