Investor Privacy & Cookie Notice
Castelnau Group Limited (“CGL”) recognises the importance of protecting your personal information. This Privacy and Cookie Notice is designed to help you understand what data CGL collects and what CGL does with that data.
This Privacy and Cookie Notice covers our privacy and cookie standards and processes and where relevant, should be read in conjunction with our website terms and conditions or other legal documents.
For the purposes of the Data Protection (Bailiwick of Guernsey) Law, 2017 (as amended) (the "Guernsey DP Law"), the General Data Protection Regulation ((EU) 2016/679) (“GDPR”) and the Privacy and Electronic Communications Directive (2002/58/EC) (collectively, the “Data Protection Legislation”), CGL is the controller and is responsible for your personal data.
Personal data is any information related to a person that can be used to directly or indirectly identify the person. It can include, but is not limited to, a name, an email address, posts on social media, date of birth, an IP address, residential address, contact details, corporate contact information, signature, nationality, tax identification, credit history, correspondence records, passport number, bank account details, source of funds details and details relating to an investor's investment activity.
CGL has appointed certain third party processors, namely (i) Northern Trust International Fund Administration Services (Guernsey) Limited (the "Administrator") to provide administration services, (ii) Link Market Services (Guernsey) Limited (the "Registrar") to provide registrar services, (iii) Link Market Services Limited (the "Receiving Agent") to provide receiving agent services, and (iv) Phoenix Asset Management Partners Limited (the "Investment Manager") to provide investment management services. When providing their respective services to CGL, each of the Administrator, the Registrar, the Receiving Agent and the Investment Manager will primarily be acting as a data processor for the purposes of the Data Protection Legislation.
However, to the extent that any of the Administrator, the Registrar, the Receiving Agent and the Investment Manager is required, by law and/or regulation, to collect your personal data (for example, in order to comply with its own anti-money laundering and counter-finance terrorism legislation) then it will be a data controller in respect of that processing activity (as appropriate).
If you have questions regarding how your personal data is processed by the Administrator, the Registrar, the Receiving Agent and the Investment Manager, please contact us at the contact details indicated below.
This Privacy and Cookie Notice is issued by CGL and references to "CGL", “we”, “us” or “our” in this Privacy and Cookie Notice refers solely to CGL as controller. References to "you" include all individuals whose personal data we collect, hold and process in the course of operating the business of CGL.
CGL's Data Collection Processes - Investors
CGL’s core data processing activities involve the processing of:
1) Personal data of investors
2) Personal data of potential investors
The type of personal data we will collect will vary depending on what category you fall into above.
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform the contract, we are about to enter into or have entered into with you.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal or regulatory obligation. For instance, we may need to process and store more detailed information on our existing investors for legal reasons, such as having to obtain appropriate documentation to prove their identity i.e. through provision of a notarised passport or utility bill. For potential investors we will not require such a detailed level of data.
- (On exceptional occasions) where we have obtained your consent.
- (On rare occasions) where it is needed in the public interest.
We may also collect and process data about any criminal convictions or offences. We may only use information relating to criminal convictions where the law allows us to do so. This will usually be where such processing is necessary in relation to legal claims or where it is necessary to protect your interests (or someone else's interests).
We do not make decisions about you based on automated processing of your personal data.
The table below sets out the type of processing activity we carry out, the type of personal data that we collect, the categories of persons in respect of whom we collect such personal data, any third parties to whom such data is transferred and where they are based and the lawful basis on which we are seeking to rely in order to process such personal data.
In the table below, we consider ‘basic details’ to include personal data such as name, address, date of birth, telephone number and email address.
Category of processing
|
Category or person
|
Personal data
|
Third party to whom such data is transferred
|
Country where the data is stored
|
Lawful basis on which we are seeking to rely
|
Assessment / Purposes
|
Investor processing, registry maintenance and reporting for the Castelnau Group
|
Investor
|
Basic details
|
Northern Trust
Link Market Services
Phoenix Asset Management Partners Limited
|
Various
|
Legal obligation
|
The fund is legally required to collect, maintain and report on certain client information. It may also be required to report information to clients.
|
Potential investor enquiries
|
Potential investor
|
Basic details, relevant employment information and/or, investment experience which demonstrates an understanding of complex investment products
|
Northern Trust
Link Market Services
Phoenix Asset Management Partners Limited
|
Various
|
Legitimate interest
|
We will need to process personal data to contact potential investors with information about CGL
|
We may also receive personal information from third party sources, such as:
- entities in which you or someone connected to you has an interest;
- your legal and/or financial advisors;
- other financial institutions who hold and process your personal information; and
- credit reference agencies and financial crime databases for the purposes of complying with our regulatory requirements.
Sharing Your Information With Other Companies
We may be required to share your personal data with third parties for the purposes set out in the table above.
We may also need to share your personal data with the following third parties for such purposes:
- Professional advisers including lawyers, bankers, auditors and insurers.
- Regulators and other authorities who require reporting of processing activities in certain circumstances.
- Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy and Cookie Notice.
- Fraud prevention agencies.
- Event organisation companies and venues for events.
We may use sub-processors of data to processes your personal data on our behalf. We require all and any third parties to respect the security of your personal data and to treat it in accordance with the applicable law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Those third parties have no right to sell your personal data and CGL will not sell your personal data.
International Transfers
Many of our external third parties are based outside the Bailiwick of Guernsey and the UK.
Whenever we transfer your personal data out of the Bailiwick of Guernsey and the UK, we will only transfer your personal data to countries that have been deemed to provide an adequate level of protection.
Please contact us at the contact details indicated below if you want further information.
Retention
We will only retain your personal information for as long as is necessary to carry out the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Your Rights
The Data Protection Legislation provides the following rights for individuals:
1) The right to be informed
Individuals have the right to be informed about the collection and use of their personal data.
2) The right of access
Under the Data Protection Legislation, individuals have the right to obtain confirmation that their data is being processed and to access their personal data. This enables you to receive a copy of the personal data that we hold about you and to check that we are lawfully processing it.
3) The right to rectification
The Data Protection Legislation includes a right for individuals to have inaccurate personal data rectified, or completed if it is incomplete, though we may need to verify the accuracy of the new data you provide to us.
4) The right to erasure
The right to erasure is also known as ‘the right to be forgotten’. Individuals can make a request for erasure verbally or in writing. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
5) The right to restrict processing
Individuals have the right to request the restriction or suppression of their personal data (a) if they want us to establish the data's accuracy; (b) where our use of the data is unlawful but they do not want us to erase it; (c) where they need us to hold the data even if we no longer require it as they need it to establish, exercise or defend legal claims; or (d) they have objected to our use of their data but we need to verify whether we have overriding legitimate grounds to use it.
6) The right to data portability
The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services.
7) The right to object
Individuals have the right in certain circumstances to object to processing based on legitimate interests, the performance of a task in the public interest or the exercise of official authority. Individuals also have the absolute right to object to processing for direct marketing purposes (including profiling). Individuals also have a limited right to object to processing for purposes of scientific/historical research and statistical purposes.
8) Rights in relation to automated decision making and profiling
Individuals have the right no to be subject to automated decision-making, including profiling, which has legal or other significant effects on the individual. Not all the rights provided under the Data Protection Legislation are absolute, for example, if we are legally required to process your data we may not be able to immediately delete it. If you have any questions or concerns about how CGL processes your data please contact us on the details provided above.
9) Right to withdraw consent, if provided
If applicable, individuals have the right to withdraw their consent.
Cookies
Cookies are small files which are stored on a user's computer. When you visit a site for the first time, a cookie is downloaded onto your PC. When you subsequently visit the same site, the cookie will then ’remember’ that you have visited the site before and may customise your experience appropriately.
If you are using a password-protected site, then cookies may be used as part of the authentication process.
CGL's Use Of Cookies
We may use cookies for the following purposes:
- Usage preferences - some cookies ‘remember’ the settings preferences of the user concerned or whether they have already seen a ‘pop up’ message in a previous session.
Where our use of cookies involves the processing of personal data, such personal data will be processed by us in accordance with this Privacy and Cookie Notice.
In most cases we will need your consent in order to use cookies on this website. The exception is where the cookies are essential in order for us to provide you with a service you have requested or to enable you to access and use our website.
You can restrict, block or delete the cookies which are set by any websites by changing your internet browser settings.
However, if you choose to disable cookies, some of CGL’s website functionality may be impaired.
If you delete cookies relating to this website, we will not remember things about you, including your cookie preferences, and you will be treated as a first-time visitor next time you visit the site.
Please note that third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies
Compliance With Laws
Your personal data will be held and processed by us in accordance with the applicable Data Protection Legislation.
Other than already noted, we will not provide any personal data to any other persons, except if we are required to make disclosures by any law, any government or private parties in connection with a legal or regulatory request or similar proceeding.
Your Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
However, the transmission of information via the internet is never completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk.
We recommend that you do not send us any personal data via non-secure methods of correspondence.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Changes To This Privacy Policy And Your Duty To Inform Us Of Changes
Any changes we make to this Privacy and Cookie Notice in the future will be posted on this page. Please check back frequently to see any updates or changes to this Privacy and Cookie Notice.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Third-party Links
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the Privacy and Cookie Notice of every website you visit.
Contact
Questions, comments and requests regarding this Privacy and Cookie Notice are welcomed and should be addressed to Castelnau Group Limited, registered office: PO Box 255, Trafalgar Court, Les Banques, St Peter Port, Guernsey GY1 3QL
If you have any complaints relating to this Privacy and Cookie Notice or our use of your personal data, please contact Castelnau Group Limited, registered office: PO Box 255, Trafalgar Court, Les Banques, St Peter Port, Guernsey GY1 3QL
You also have the right to make a complaint to us or your local supervisory authority, as detailed below.
In the Bailiwick of Guernsey, the Office of the Data Protection Authority in Guernsey is the supervisory authority for data protection issues. Further information can be found at www.odpa.gg.
In the UK, the Information Commissioner’s Office (ICO), is the supervisory authority for data protection issues. Further information can be found at www.ico.org.uk.
If you are an EU data subject, you may lodge the complaint with the supervisory authority in the EU member state of your residence.