Your privacy is important to Core Fund Services (Guernsey) Limited (“Core”) and we are committed to safeguarding your personal information.
Core is licenced and regulated in Guernsey by the Guernsey Financial Services Commission (“GFSC”).
As such, Core must fully comply with all applicable laws and regulations created in Guernsey and beyond. In complying with said laws and regulations, Core is required to ask for and to receive personal information (hereinafter referred to as “personal data”) about you.
Core, in asking for personal data, will process this data in accordance with The Data Protection (Bailiwick of Guernsey) Law, 2017 (“the DP Law”). The DP Law imposes a duty on Core, as both the controller and processor, to comply fully with the data protection principles as contained in the DP Law.
As already referred to above, Core complies fully with all laws and regulations that are in force with regards to matters concerning Customer Due Diligence (“CDD”) and Anti-Money Laundering (“AML”) amongst others.
There may be instances whereby Core will receive personal data from a source other than you (“indirectly collected personal data”). In such situations, Core will take the necessary steps (and use its best endeavours) to inform you of the personal data that we may request and receive. This will include the source of said personal data and whether the personal data was obtained from a publicly available source.
Failure to provide personal data, as requested by Core, will result in Core being in breach of its legal obligations and thus Core will be unable to continue a business relationship and provide its services to you.
WHAT PERSONAL DATA WILL CORE COLLECT ABOUT ME?
The personal data asked for is solely for the purposes of Core meeting its regulatory and operational obligations and will include details of an individual’s identity and residential address for verification purposes.
Under no circumstances will Core request personal data deemed to be special category data as interpreted under Section 111 (1) of the DP Law.
HOW WILL CORE USE THE INFORMATION THEY COLLECT ABOUT ME?
As already stated, Core will process your personal data as required by law and regulation for the following reasons:
To act for you in respect of any matters in which you have instructed Core;
Core will itself (or through a 3rd party e.g. a provider of compliance services) process certain information about you or your directors, officers and employees and your beneficial owners (if applicable) in order to carry out anti-money laundering (“AML”) checks and related actions which Core considers appropriate to meet any legal obligations imposed on Core relating to, or the processing in the public interest, or to pursue Core’s legitimate interests in relation to, the prevention of fraud, money laundering, terrorist financing, bribery, tax evasion and to prevent the provision of financial and other services to persons who may be subject to economic or trade sanctions, on an on-going basis, in accordance with Core’s AML procedures;
To report tax related information to tax authorities in order to comply with a legal obligation;
To monitor and record calls and electronic communications for investigation and fraud prevention purposes, for crime detection, prevention, investigation and prosecution, and to enforce or defend Core, itself or through third parties to whom it delegates such responsibilities or rights in order to comply with a legal obligation imposed on Core to pursue Core’s legitimate interests in relation to such matters or the processing in the public interest;
To monitor and record calls for quality, business analysis, training and related purposes in order to pursue the legitimate interests of Core to improve its service delivery;
To update and maintain records and for fee billing; to carry out statistical analysis and market research, and which processing is necessary to perform a relevant contract with you, comply with legal obligations and/or which is necessary for Core’s legitimate interests indicated above.
Personal data will be kept confidential (and stored in a secure location) except where disclosure is required or permitted by law (for example to government bodies and law enforcement agencies). Core will not, under any circumstances, sell or otherwise transfer any personal data to commercial companies or other organisations.
Additionally, in order to ensure the smooth administration of your financial affairs, Core may be required to disclose personal data to other parties such as banks and investment houses.
Other than transfers of personal data to a Member State of the European Union, Core may have instances whereby personal data will be transferred to:
an authorised jurisdiction that has either an adequacy decision in force or the jurisdiction in question is a designated jurisdiction.
an unauthorised jurisdiction that has appropriate or suitable safeguards that apply to the receipt of personal data.
In such cases Core will advise you of the circumstance of transferring personal data to either the authorised or unauthorised jurisdiction.
YOUR RIGHTS UNDER THE DP LAW
Sections 14 to 24 of the DP Law confer upon you, as the data subject, certain rights. These rights are:
Right to data portability – you have the right to have the data Core holds about you transferred to another organisation.
Right of access – you have the right to request a copy of the information Core holds about you.
Right to object to processing for direct marketing purposes (in this case the right is superfluous as Core will not process personal data for marketing purposes under any circumstance(s))
Right to object to processing on grounds of public interest
Right to object to processing for historical or scientific purposes
Right to rectification – you have a right to correct data Core holds about you that is inaccurate or incomplete.
Right to erasure – in certain circumstances you can request that the data Core holds about you can be erased from Core’s records.
Right to restriction of processing – where certain conditions apply, you have the right to restrict the processing.
Right to be notified of rectification, erasure and restrictions
Right not to be subject to decisions based on automated processing
The DP Law imposes a duty on Core to comply with any request from you to exercise your rights and facilitate the exercise of said rights.
Should you have any queries relating to your rights please contact the Data Protection Officer of Core by writing to the address stated at the end of this Privacy Notice.
Alternatively, you are at liberty to directly contact the Guernsey Data Protection Office (contact details at end of this Privacy Notice) to discuss matters.
COOKIES, WEB STATISTICS AND THIRD-PARTY MONITORING
Core maintains continuous logs of its website activity. These log files include the details of website users’ IP address, browser type and page last visited etc. The log files are used to analyse how the website is being used by visitors and may be kept in an anonymised form for historical records.
Core’s website uses hosted web analytics software. This hosted service is provided and managed by a third party company (Google, Inc). The service ‘Google Analytics’ uses ‘cookies’ (a text file sent to users’ computers as they browse our website) to help analyse how users navigate our website.
The information generated by the cookie regarding our website (including IP addresses) will be anonymised and transmitted to and stored by Google, Inc. on servers that may be hosted in the United States. Google, Inc. will use this information for the purpose of evaluating use of our website, compiling reports on website activity for website operators and providing other related services to Core.
HOW LONG WILL CORE KEEP MY PERSONAL DATA?
We will hold your personal information on our systems for as long as is necessary for the relevant service we provide to you. Core is required to maintain accurate and up-to-date records in order to comply with its obligations whilst a service is provided.
In general, Core policy is, once a business relationship ceases, that personal data will be retained, in a secure location, for a period of 6 years after the end of said business relationship. After 6 years all personal data will be destroyed unless there are compelling reasons (taxation, statutory or otherwise) to not do so.
CAN I FIND OUT WHAT PERSONAL INFORMATION CORE HOLD ABOUT ME?
Yes – as already stated you have the right of access to your personal data the Core has processed.
Should you require this personal data, and upon receipt of your written request, Core, as stipulated under the DP Law, will notify you of any action taken in compliance with your request-
as soon as practicable, and
in any event within a period of one (1) calendar month following receipt of your request
Core takes your privacy extremely seriously. Our policies and procedures relating specifically to your personal data and generally to our compliance with the DP Law as a whole are treated with the utmost care and consideration.
Section 67 of the DP Law confers upon you the right to make a complaint to the Data Protection Office (“the Authority”) if you consider that:
Core has breached or is likely to breach any operative provision, and
the breach involves or affects or is likely to involve or affect –
any personal data relating to you, or
any data subject rights you have
Under the DP Law, the Authority will make contact with you to progress your complaint to investigation and resolution. As with your right to make a complaint you also have rights of appeal under Sections 82 & 83 of the DP Law.
Should you wish to not contact the Authority directly you may contact Core outlining the full facts of your complaint.
Core Fund Services (Guernsey) Limited
Data Protection Officer
Core Fund Services (Guernsey) Limited
Les Vardes House
St Peter Port
Data Protection Office
Data Protection Office
Guernsey Information Centre
St Peter Port