This Data Protection Privacy Statement may be amended from time to time and should be read in
conjunction with your New Street Management Limited Terms and Conditions of Business.
In this Data Protection Privacy Statement, references to you and your means the Customer. References
to we, us or our include references to New Street Management Limited (NSML) or any Group Companyand our or their representatives.
This NSML Customer Data Protection Privacy Statement takes effect on 25 May 2018. It applies to Personal Data (as defined below) which is processed by us:
(a) in a Member State of the European Union, the European Economic Area or Guernsey; or
(b) which relates to a data subject who is resident in, or located in, any of the above locations.
This Privacy Statement describes how we may collect, use and share Personal Data.
Our goal is to maintain your trust and confidence when handling Personal Data. We will not disclose or provide Personal Data to any third party for any purpose without written consent, except as set forthherein.
For the purposes of this Privacy Statement:
"Applicable Law" means, in each case, all laws and regulations (including requirements imposed by anycompetent regulatory body, whether domestic or foreign, or imposed by or arising under the constitution,rules, regulations, bylaws, customs, usages and interpretations of any market), whether domestic or foreign, or any agreement entered into with or between any competent regulatory, prosecuting, tax orgovernmental authority in any jurisdiction, domestic or foreign.
"Customer" means the person or persons, whether incorporated or unincorporated, requiring services in respect of one or more Customer Entity;
"Customer Entity" means the company, trust, foundation, association or partnership (whether or not having a separate legal personality) or any other form of legal entity or legal arrangement receiving services rendered by NSML or a Group Company;
"Group Company" means, in relation to NSML, any company wherever registered or incorporated which is for the time being a subsidiary or a holding company of NSML or an associated company (and associated company and subsidiary and holding company shall have the meanings ascribed to them in sections 529 and 531 respectively of the Companies (Guernsey) Law, 2008).
“Personal Data” means any information relating to you, any Customer Entity or another person whoseinformation you or a Customer Entity (or another person on your or a Customer Entity's behalf) provide tous, and from which that individual can be identified, directly or indirectly, including by reference to anidentification number or to one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity, and
“Processing” of Personal Data means any operation or set of operations which is performed upon PersonalData, whether or not by automatic means, such as collection, recording, organisation, structuring, storage,adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
PERSONAL DATA WE MAY COLLECT
We may collect, receive, store and process the following Personal Data:
If you or a Customer Entity elects not to provide us with this information, we may be unable to provideservices to you or them. You should inform us where there are any changes or amendments to such details.
USES OF PERSONAL DATA
We may access, process and retain Personal Data for any of the following purposes (“Permitted Purposes”):
GROUNDS ON WHICH WE LAWFULLY PROCESS PERSONAL DATA
Fulfilment of contractual obligations
We enter into contracts and agreements with our clients in order to provide services to them. We need to process Personal Data in relation to our clients in order to facilitate entering into such contracts and to allow us to fulfil obligations created by those contracts. For example, we may need to assess the needs of our clients in relation to specific products or services, we may need to determine the level of advice, asset management or support that a client needs or carry out transactions in compliance with contractual obligations. Our various contracts and terms and conditions will contain further details of the obligations we may need to comply with.
Compliance with legal obligations and public interest considerations
NSML is subject to a lot of legal obligations because of the services we provide. We may need to process Personal Data in order to comply with these legal obligations which sometimes also relate to public interest considerations. Examples include carrying out identity and other checks to ensure we properly know our clients, fraud and money laundering prevention, assessing and managing risk, complying with various reporting obligations and other legal requirements
We also process Personal Data when it is in our legitimate interests to do this and when these interests are not overridden by a data subject's data protection rights. For example, we have a legitimate interest in using Personal Data:
Where we process Personal Data for contacting you or Customer Entities, we will request you to select a preferred channel of communications with us. You may request not to be contacted for marketing activities in certain (or all) channels and for a certain period. You may change your preferences anytime.
Consent to Our Processing
We may also process Personal Data based on consent granted to us. Where data Processing isperformed subject to consent, this may be withdrawn at any time by informing us in writing of such withdrawal. However, if consent is withdrawn it may not be possible for us to provide certain services to you or any Customer Entity.
WHEN WE MAY DISCLOSE PERSONAL DATA
We may disclose or transfer Personal Data to others as follows:
HOW LONG WE KEEP PERSONAL DATA
We keep Personal Data for as long as is required in order to fulfil our contractual obligations and as long as we are required to under Applicable Law, including any applicable limitation periods.
USE OF PROFILING AND AUTOMATED DECISION MAKING
We may process some Personal Data automatically in order to make certain assessments about you and/or any Customer Entities. This is known as profiling. We may do this for instance to assess investment performance, objectives and risk tolerance, and to assess your or a Customer Entity's ability to meet regulatory or legal requirements (such as combatting money laundering); and to tailor our service to your or a Customer Entity's needs.
Where we rely on profiling, we will seek consent for this. A data subject has the right to request a person to re-assess any profiling. However, certain investments (including robotic investments) may necessitate profiling.
We generally do not use any automated decision-making in providing services to you or a Customer Entity. If we do use this process, you will be entitled to opt-out.
USE OF "COOKIES"
A "cookie" is a small piece of information that a site stores on a web browser and can later retrieve.
NSML uses operational cookies to allow our services to operate in a secure and reliable manner, prevent false impersonation, prevent electronic attacks and provide service functionalities within our sites. Such cookies are essential for usage and an internet browser is likely to accept them by default. However, a browser can be set to reject these cookies and to delete them from the system at any time. Site experience cookies that facilitate site navigation and store preferences and certain kinds of information (such as about new products and services and some enhancements that may be of interest) can be subject to opt-in. Non-essential cookies can be rejected or their use limited to an online session with NSML or any Group Company or anytime thereafter.
Joint marketing cookies and data analytics can also be subject to opt-in. However, no cookie set by our websites on a web browser will contain information that could enable any third party to contact you or a Customer Entity via telephone, email or postal mail.
We protect Personal Data by maintaining physical, electronic, and procedural safeguards and train our staff in the proper handling of information. When we use third parties to provide services we require them, under stringent contractual and administrative provisions to protect the confidentiality of any Personal Data to at least the same standard we have in our own systems. We use encryption technology to protect the transmission of data to or from you or a Customer Entity. However, data transmissions 6 over public networks cannot be guaranteed to be error free or entirely secure. Any registration information and passcodes must be kept confidential. If you have reason to believe that your interaction with us is no longer secure or feel that the security of any communications you have with us has been compromised, please immediately notify us of the problem by contacting our Data Protection Officer using the contact details in the Data Controller and Data Protection Officer section below
Data subjects may ask us to access, amend or correct their Personal Data. We may also rectify any mistakes in data we hold on our own initiative, where appropriate. In limited circumstances such as marketing, data subjects also have the right to object to certain communications, delete their data and transfer their Personal Data to other organisations. However, as we offer trust company and other services, we operate within a highly regulated environment, are under a legal obligation to retain certain data and to hold it for our legitimate interests.
Where we have asked for consent to process Personal Data or where Processing is made in connection with sensitive Personal Data consent may be withdrawn at any time by informing us in writing of the withdrawal.
Where we process Personal Data on the basis of a legitimate interest in doing so (as described above), the data subject also has a right to object to this and the right to restrict Processing in certain circumstances. These rights may be limited in some situations – for example, where we can demonstrate that we have legitimate grounds to process the data. To exercise these rights, please contact the Data Protection Officer using the contact details in the Data Controller and Data Protection Officer section below. We may ask to verify the data subject's identity and to provide other details to help us to respond to the request. We hope that we can satisfy all queries about the way we process data.
DATA CONTROLLER AND DATA PROTECTION OFFICER
The Data Controller is NSML or the Group Company providing services to you or a Customer Entity and may change as notified by us from time to time, always subject to prior notice and Applicable Law.
Any questions or requests in relation to data protection rights or how we deal with Personal Data should be addressed to:
The Compliance Officer
New Street Management Limited
Les Echelons Court
St Peter Port
Or alternatively by using our dedicated data privacy e-mail address: Dataprivacy@nsmtrust.com
A complaint may also be lodged directly with the Data Protection Officer or the Guernsey Data Protection Authority.
Guernsey Data Protection Authority
Tel +44 (0)1481 742074
CROSS BORDER DATA TRANSFERS
Personal Data is subject to supervision by the regulatory authorities in the juridiction of NSML or the Group Company providing services to you or where the services are performed and, in certain cases, by the jurisdiction of the data subject's residence or citizenship.
Where it is necessary for providing services to you, any Customer Entity or our clients, where required by Applicable Law or where we have received the necessary consent, Personal Data may be transferred to a country outside Guernsey, a Member State of the European Union, or the European Economic Area, including countries that do not offer adequate protection for the purposes of the General Data Protection Regulation (EU) 2016/679 (‘GDPR’) or the Data Protection (Bailiwick of Guernsey) Law 2017.