Appendix B Privacy Notice
We are committed to protecting and respecting your privacy. We wish to be transparent on how we process your data and show you that we are accountable with the GDPR in relation to not only processing your data but ensuring you understand your rights as a client.
It is the intention of this privacy statement to explain to you our information practices in relation to the information we collect about you.
Fermat Point Limited t/a Global Wealth (‘the Company’, ‘We’, ‘Us’ or ‘Our’) is a Data Controller within the meaning of the General Data Protection Regulations (697/2016/EU) (‘GDPR’) and applicable Irish data protection legislation (currently the Irish Data Protection Acts 1988 to 2003 as may be amended). As a Data Controller the Company is obliged to provide you with information on how we collect, use, store and share your personal data. This document has been made available for that purpose.
Information We Collect
We collect information: (i) you give us; (ii) information generated during the provision of our services and; (iii) information provided to us by third parties.
Sometimes we may use your information even though you are not our customer. For example, you may be a beneficiary, guarantor, director or representative of a customer of ours or be a potential customer contacting us about our services.
Types of information we may collect or hold about you include but is not limited to:
- identity details, including your contact information;
- financial information, including account and transactional history;
- information about your financial circumstances including personal wealth, assets and liabilities, income and expenditure;
- information about your family, lifestyle and social circumstances, including your goals and objectives and health information where relevant;
- information about you provided by others e.g. by your spouse or parent where relevant to financial circumstances or services requested;
- information which you have consented to us using; and
- other personal information such as information provided when exercising your rights set out below.
Purposes of Processing and the Legal Basis for processing
We use, and share, your data where:
- you have agreed or positively consented to the using of your data in a specific way (e.g. to receive information on new investment opportunities). If you have provided your consent you may withdraw your consent at any time by making contact with us;
- use is necessary to provide a service or fulfill a contract that you have entered into (e.g. to provide you with ongoing intermediation and advisory services) or because you have asked for something to be done so you can enter into a contract with us;
- use is necessary because we have to comply with a legal obligation (e.g. complying with our Anti-Money Laundering obligations, reporting to regulatory authorities and law enforcement, etc.);
- use is necessary to protect your “vital interests” in exceptional circumstances;
- use for our legitimate interests such as managing our business and fraud or crime prevention. This may include things like training and quality assurance, strategic planning, statistical analysis of our service provision. You may object to your personal information being used for these purposes.
Recipients of Your Personal Data – Third Parties
In the course of providing our services to you, complying with legal obligations or pursuing our legitimate interests, we may share your personal data with the following categories of recipients:
- third parties with whom: (i) we need to share your information to facilitate transactions you have
requested (e.g. custodians, insurance companies, investment managers), (ii) you ask us to share your information with or (ii) we are legally obligated to provide information to (e.g. The Revenue Commissioners, The Central Bank of Ireland);
- your authorised representatives such as Tax Advisors, Solicitors, etc.;
- service providers who provide us with support services to enable delivery of our services;
- statutory and regulatory bodies and law enforcement authorities;
- pension fund administrators, pension trustees, etc.;
- business or joint venture partners.
Transfers of Data Outside of the EU
Sometimes we transfer personal data outside of the EU. In those cases, we will seek to ensure adequate security measures are in place to protect the data and that a lawful basis for the transfer exists.
In order to provide our services we use a number of service providers some of whom are based outside of the EEA and therefore use of their services will involve the transmission of your data outside of the EEA. At present, destination countries include South Africa, the United States, The Isle of Man and Jersey. The Company will ensure adequate legal protection is in place for such transfers including using Model Contract Clauses, Binding Corporate Rules and Adequacy Decisions.
How long we will hold your Data
How long we hold your data for is subject to a number of pieces of legislation and regulations - as a general rule, we will keep your data for 6 years after the end of our relationship with you or the last service provided, in line with the Statute of Limitations for contracts. We will however endeavor not to keep any of your personal data longer than is necessary to fulfil the relevant purpose and/or comply with a specific legal retention period.
Your Rights with Respect to Our Use of Your Data
From 25 May 2018, you have several enhanced rights in relation to how we use your information, including the right, without undue delay, to:
- find out if we use, access or receive your information;
- have inaccurate/incomplete information corrected and updated;
- object to particular use of your personal data for our legitimate business interests or direct marketing purposes;
- to withdraw consent at any time where processing is based on consent.
- in certain circumstances, to have your information deleted or our use of your data restricted;
- in certain circumstances, a right not to be subject to solely automated decisions and where we make such automated decisions, a right to have a person review the decision;
- exercise the right to data portability (i.e. obtain a transferable copy of your information we hold to transfer to another provider);
If you wish to exercise any of your data rights, you can contact us by writing to:
Head of Data Protection
66 Fitzwilliam Square
Or emailing firstname.lastname@example.org
We will endeavor to deal with your request within 1 calendar month. If we are unable to deal with your request fully within a calendar month (due to the complexity or number of requests) we may extend this period by a further two calendar months and shall explain the reason why. If you make your request electronically, we will try to provide you with the relevant information electronically.
If you are not happy with any aspect of how your data is used, you also have the right to complain to the Data Protection Commission in Ireland. You can contact the Office of the Data Protection Commission at:
Telephone: +353 (0)761 104 800 or Lo Call Number 1890 252 231
Fax: +353 57 868 4757
Data Protection Commission,
Canal House, Station Road,
Portarlington, R32 AP23,
Information We Need
If you do not provide certain information we may not be able to:
- provide the requested services to you;
- to continue to provide existing services.
We will tell you when we ask for information which is not a contractual requirement or is not needed to comply with our legal obligations.
We may analyse your information using automated means to:
- help us understand your needs and develop our relationship with you;
- to assist in compliance with our legal obligations in connection with prevention of money laundering, fraud and terrorist financing.