Data privacy notice
We respectfully request that you read this privacy notice and any further guidance which we may provide to you from time to time, so that you are kept fully appraised of how and why we are using your Personal Data.
This notice applies to the activities of processc19.org and Process C-19 Limited (166 Picadilly, London W1J 9EF, United Kingdom) (together Process C-19) in its capacity as “data controller” and “data processor” as defined by the General Data Protection Regulation 2016/679 (the “GDPR”).
We are providing you this notice to inform you that under GDPR we are required to ensure that any Personal Data which we possess is appropriately “controlled” and where necessary “processed” in a manner which is compliant with the relevant laws and regulations.
This notice explains the following:
- What is your Personal Data?
- Who are we?
- How we control and/ or process your Personal Data?
- What is the legal basis for processing your Personal Data?
- Sharing of your Personal Data
- How long do we keep your Personal Data for and how secure is it?
- What are your rights in relation to your Personal Data?
- Access to your Personal Data and correction of it?
- Contact Details
Your personal data – what is it?
Personal Data relates to data concerning a living individual who can be identified from that data. Identification can be via the information alone or in conjunction with any other information already in the data controllers’ possession or which is likely to come into their possession.
From 25th May 2018, the processing of Personal Data is governed by the GDPR.
Who are we?
Much the same as other organisations within the financial services industry, Process C-19 collects and uses certain types of personal information concerning individuals with whom it comes into contact and interacts. The personal information being referred to here is defined as “Personal Data”.
When Process C-19 collects and uses the Personal Data, it is responsible in the capacity of a “Data Controller” and is governed by applicable rules provided by the appropriate regulatory authority, domestic primary legislation and also directly applicable European Regulations (“GDPR”). In other cases, Process C-19 will use another firm to “process” the Personal Data. In such instances, such firms act as “Data Processors” in relation to that Personal Data and are also regulated by equivalent rules and regulations.
As a result of the way in which we do business, we have ascertained that the following Process C-19 entities are impacted by the GDPR:
Process C-19 Limited, (Company Number: 12528463), Foxglove House, 166 Piccadilly, London, W1J 9EF, United Kingdom;
Other global group entities are required to comply with similar applicable laws governing personal information.
How we control or process your Personal Data?
Personal Data may either be collected from the data subject directly or gathered from professional and publicly available sources. We may monitor, record, store and use any telephone, email or other communication information we have with you. Any new information you provide may also be used to update an existing record we hold for you.
Process C-19 complies with its obligations under the GDPR by keeping Personal Data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting Personal Data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect such Personal Data.
Below is a non-exhaustive list of the types of Personal Data which Process C-19 may collect and use in the course of its business activities:
- Name, address, contact details, background; and
- Banking/ Financial details and KYC details so that we can appropriately meet our legal/ regulatory responsibilities.
Below is a non-exhaustive list of the various ways in which Process C-19 may use your Personal Data:
- In the course of carrying out our duties as an investment manager and/ or investment adviser;
- To contact you and keep you informed on matters related to our business;
- For the purpose of meeting our legal and regulatory responsibilities and providing statutory returns and to co-operate with the court service, our regulators and law enforcement agencies and to prevent and detect crime;
- To check instructions you have provided or resolve disputes and complaints;
- To generate, manage and administer any contract you may have with Process C-19;
- To obtain your feedback on a service and to update our records;
- To respond to third party KYC due diligence requests;
- For the purpose of aggregating data for analysis and research;
- To transfer information to the Official Receiver; and
- To obtain any relevant appraisals and quotations where appropriate.
What is the legal basis for processing your Personal Data?
Under Article 6 of the GDPR, the legal basis that Process C-19 employs for processing your Personal Data may include one of the following:
Where due to a contractual relationship being in existence, it is required in order to provide you with our services;
Where it is in our legitimate interests to do so (in the context of our business, a “legitimate interest” would be demonstrated by a situation where we have a business/ commercial reason to use your Personal Data);
In order to comply with our legal/ regulatory obligations;
Where we have your consent to do so.
In the context of our business, the usual legal basis will normally be contractual, in the sense that the processing of your Personal Data is necessary for the performance of a contract to which you, the ‘data subject’ are a party, or in order to take preparatory steps at your request prior to entering into such a contract.
However, the legal basis could also be the legitimate interest of enabling Process C-19 to carry out its activity of acting as an investment manager/ investment adviser.
Sharing your Personal Data
Process C-19 takes its legal and regulatory responsibilities seriously and therefore the sharing of your Personal Data will only be performed to the extent required to meet our lawful purpose. We may also share such Personal Data with such responsible third parties as are necessary to perform our business activity. Where such third parties are outside of the European Economic Area, Process C-19 ensures that there are sufficient controls and contractual safeguards in place in order to ensure that such Personal Data is securely processed and maintained to equivalent standards as required by GDPR.
How long do we keep your Personal Data for and how secure is it?
Process C-19 will only hold your Personal Data for as long as is legitimately required by our business activity and in any case no longer than is permitted under applicable laws and regulations.
Process C-19 will ensure that your Personal Data is maintained securely. Hence, once it is no longer required for the lawful purpose for which it was obtained, it will be destroyed in a secure manner as is required under our regulatory obligations.
In some limited cases, it may be necessary to retain your Personal Data for a longer period, for example, if any complaints were to be made the Financial Ombudsman Service then we would need to hold such related Personal Data for a longer period.
We restrict access of your Personal Data to individuals/ entities on a “need to know” basis. Also, as mentioned, those individuals/ entities who process your Personal Data on our behalf will only do so in a manner which is authorised by applicable laws and regulation and such services will be further governed by appropriate contractual safeguards to protect your Personal Data.
What are your rights in relation to your Personal Data?
Unless subject to an exemption under the GDPR relating to a particular lawful basis relied upon, you may have the following rights with respect to your Personal Data:
- To request a copy of your Personal Data which Process C-19 holds about you;
- To request that Process C-19 corrects any of your Personal Data if it is found to be inaccurate or out of date*;
- To request your Personal Data to be erased where it is no longer necessary for Process C-19 to retain such data;
- To withdraw your consent to the processing of your Personal Data at any time;
- To request that Process C-19 provides you with your Personal Data, and where possible, to transmit the data directly to another data controller (known as the right to data portability);
- Where there is a dispute in relation to the accuracy or processing of your Personal Data, to request a restriction is placed on further processing;
- To object to the processing of your Personal Data with regards to Direct Marketing; and
- To lodge a complaint with the Information Commissioner’s Office (ICO).
*Access to your Personal Data and correction of it
You have the right to request a copy of the information that Process C-19 holds about you. This is called a Subject Access Request. If you would like a copy of all or some of your personal information, please email or write to us at the address provided in the “Contact Details” section of this Data Privacy Notice. In some exceptional cases, we may make a small charge for this service (for example, where multiple claims are made for the same information), but normally this data will be provided free of any charge.
Process C-19 wishes to ensure that the information which we hold concerning you is accurate and up to date. To assist us in this endeavor, where needed kindly request us to correct or remove any information which you think is inaccurate.
We hope that we have provided you with sufficient information to resolve any query or concern which you may have. If nonetheless you still have an outstanding query and/or concern which you would like Process C-19 to resolve, then we would be happy to hear from you.
To bring such matters to our attention or to exercise any relevant rights to which you are entitled or to file a complaint, in the first instance kindly contact the Legal and Compliance Officer at Process C-19 on the details below and he shall endeavor to assist you:
By email: firstname.lastname@example.org
Jonathan Marc Maxwell
Process C-19 Limited
The GDPR also gives you the right to file a complaint with the appropriate supervisory authority where you live or work or where the alleged data protection infringement occurred.
In the United Kingdom, you have the right can contact the Information Commissioner’s Office on the details provided below:
The Information Commissioner’s Office
Telephone: 0303 123 1113