Steadfast Trustees Limited t/a Steadfast Corporate Services (“Steadfast” / “we” / “us”, “our”) is registered with the Gibraltar Regulatory Authority both as Data Controller and Data Processor and controls and processes personal information,
The term “personal data” refers to information that relates to you and allows us to identify you, either directly or in a combination with other information that we may hold. The below sets out the way Steadfast collects, stores and otherwise uses your personal data and the reasons for doing that.
Steadfast collects personal data from you at various points during the period in which we supply services either to you as an individual, a corporate entity and/or trust vehicle in which you have an interest. We may collect and process the following categories of information about you (please note this list is not exhaustive):
Category of Personal Information |
Description
|
Personal Identifiers
|
Title, Name, Surname, Gender, Data of Birth |
Contact
|
Permanent Residential Address, Correspondence address, Home/Mobile/Work phone number and E-mail address
|
Social Demographic |
Employment, Earnings, Nationality, Country of Birth, City of Birth, Country of issue of Identity card/ Passport, Politically Exposed Person (“PEP”) classification and Tax residency
|
Documentary Data |
Details about you that is stored on documents in different formats, or copies of them. This may include documents such as Passport, Drivers licence, Birth certificate or Bank Statements
|
Social relationships |
Marital status
|
Financial Data |
Bank accounts, payment card details
|
National Identifier |
A number or code given to you by a government to identify who you are, such as a national insurance number, passport number or tax identification Number
|
Behavioural |
Risk profile, nominated beneficiaries linked to death benefits |
You may also provide further information (either on request or voluntarily) by email, post, in face-to-face meetings or by phone. Finally, your appointed tax advisor, lawyer, bankers, financial adviser/intermediary may also pass on information to us which you have provided to them and which relates to the administration of our services.
We collect information from our applicants and clients predominantly through our application form but also through any subsequent interactions with you.
We use different methods to collect data from and about you including through:
The above lists under each method are not exhaustive.
Steadfast uses your personal data for the following purposes:
Steadfast does not use systems to make automated decisions based on personal data collected.
Steadfast will keep your personal data during the period in which we supply services to your company or trust, and potentially up to 12 years once our services have ceased, for the following reasons:
Steadfast may be required to keep your personal data for longer than 12 years if it cannot be deleted for legal, regulatory or technical reasons. Steadfast may also keep your personal data for research or statistical purposes. In these circumstances, appropriate measures will be established to ensure your privacy is protected, and the personal data is only used for the purposes intended.
Steadfast might share your personal data with others, in limited circumstances. Predominantly that sharing is carried out in order to ensure that our services are provided and administered successfully and in compliance with our regulatory and professional obligations. Your personal data may be shared by Steadfast as follows:
As set out above, we will share your information with third parties (including investment providers and your financial adviser/intermediary). As such, this will involve transferring your personal data internationally, including transfers outside the EU or EEA.
Steadfast will take steps to ensure that the transfers outside EEA are legitimate and, in these circumstances, agreements which include the EU standard model clauses will be put in place between Steadfast which is transferring the data and those entities operating outside the EEA who are receiving the data. The receiving entities will be mainly your bankers, lawyers, accountants, tax advisors or other nominated professionals, investment providers and financial advisers/intermediaries.
Steadfast will only share your personal data outside of the EU or EEA where the European Commission has decided that the third country where your data will be shared provides an adequate level of protection However, in instances where the third country is not considered to have adequate levels of protection, Steadfast will transfer your personal data only after taking the appropriate safeguards and ensuring that you are able to resort to legal remedies if necessary.
Steadfast have in place appropriate security measures to prevent your personal data from being accidently lost, used or accessed in an unauthorized way, altered or disclosed.
There are inherent risks involved when transmitting personal data by post, email, and phone, however Steadfast takes reasonable steps to limit these risks by adopting the appropriate technical and organisational measures in order to protect and secure your personal data against unauthorised or unlawful processing and against accidental losses, destruction and/or damage.
Employees of Steadfast will be sufficiently trained to ensure that your personal data is always processed with due care. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
Steadfast will ensure that when your personal data is shared, it is done is a secure manner, using and adopting appropriate organisation measures such as encryption.
As described above, where we disclose your personal data to third parties, we will require that the third party has appropriate technical and organisational measures in place. However, in some instances where we are compelled by law to disclose your personal data, we may have limited control over how it is being protected by that party.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Lawful processing
In addition to our Data Protection and Privacy Notification statement, your privacy is protected by law.
Steadfast are legally only allowed to collect and process personal data where there exists a proper reason to do so. The law says Steadfast must have one or more of these reasons:
Below is a list of ways in which we may use your personal data, which of the reasons we rely on to do so, and what our legitimate interests are (this is not an exhaustive list):
Why we use your information |
Our Reasons |
Our Legitimate Interest |
|
|
|
|
|
|
|
|
|
|
|
|
Steadfast does not intentionally collect personal data that could reveal your racial or ethnic origin, physical or mental health, religious beliefs or alleged commission or conviction of criminal offences. Such information is considered “sensitive personal data”. Steadfast will only collect this information where one of the above reasons is satisfied. We cannot prevent you or your bankers, lawyers, accountants, tax advisors, financial advisers/intermediaries from disclosing the same to Steadfast as part of your correspondence with us but you should ensure that such information is only provided where it is absolutely necessary and in circumstances where you would be content for us to use it in the manner described above.
You also have the right to request access to the personal data that we hold about you. Should you wish to request a copy of your personal data, or have any questions in relation to your personal data, please contact Steadfast.
Requests for access to your personal data will be processed free of charge. However, if we deem that requests for access are being made in a frequent, excessive and repetitive manner or on an unfounded basis, Steadfast reserves the right to charge a reasonable fee to meet our administrative costs.
You have the right to object to Steadfast using your personal data, or ask Steadfast to delete, remove or stop using your personal data.
There may be legal or other official reasons why Steadfast needs to keep or use your data.
You also have the right to restrict Steadfast from using your data. This means that your personal data can only be used for certain things such as legal claims or in order to exercise legal rights. During such instances, Steadfast will not use or share your personal data in other ways.
You may ask Steadfast to restrict processing your personal data if it is not accurate, it has been unlawfully used but you don’t want Steadfast to delete it, it is not relevant anymore but you want Steadfast to keep it for use in legal claims, or you have already asked Steadfast to stop using your data but you’re waiting for confirmation as to whether Steadfast are allowed to use it.
You have the right to withdraw your consent. Please contact Steadfast if you wish to do so.
Where consent is the only lawful basis upon which your personal data can be processed, withdrawing your consent may mean Steadfast cannot provide you with a full service. If this is the case, Steadfast will clarify this to you.
You have the right to question any personal data we have about you that you think is wrong or incomplete. Should you do so, Steadfast will take reasonable steps to check the accuracy of all information held, and correct it where necessary.
Please let us know if you are unhappy with how we have used your personal data. Our contact details for all complaints can be found on our website (www.steadfast.gi ).
You also have the right to complain to the Gibraltar Regulatory Authority who are the nominated Data Protection Commissioner for Gibraltar. Please refer to their website for details of how to report a concern. (http://www.gra.gi/data-protection)
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within [1] one month. Occasionally it may take us longer than this if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
We will occasionally update this Policy to reflect changes in the applicable Regulation, and/or relevant legislation as well as both company and customer feedback. We will contact you to inform you of the same whilst the revised Policy can be found on our website. (www.steadfast.gi)