GDPR Privacy Notice
Who are we?
Your privacy is very important to us. This privacy notice (“Privacy Notice”) is provided by Polunin Capital Partners Limited (“Polunin”). Polunin is a controller of your personal data under applicable data protection laws, including from 25 May 2018, the General Data Protection Regulation (“GDPR”). As a data controller we determine why and how we collect and use your personal data.
What is the purpose of this Privacy Notice?
When you invest or otherwise interact with us, we collect information about you which constitutes personal data under the GDPR. This Privacy Notice explains how we collect, use, share and protect your personal data. Please read this Privacy Notice carefully to understand what we do with your personal data. We may amend this Privacy Notice from time to time and if we make any material changes, we will make the updated Privacy Notice available to you. The date at the top of this Privacy Notice indicates from when this Policy Notice applies.
Whose personal data do we collect?
We collect personal data about individuals who may be current, prospective, and former (i) marketing agents, (ii) representatives, directors, officers, authorised signatories, employees, agents and ultimate beneficial owners of entity intermediaries, and institutional investors, and (iii) directors and employees of Polunin entities (collectively “you”)
What kind of personal data do we collect about you?
We collect from you personal data such as your name, data of birth, residential address, passport number, bank account details, details of your investments, transaction information, country of residence for tax purposes, as well as any other information we ask you to provide as part of our (i) service provider on-boarding process, (ii) client on-boarding process, or (iii) human resources and compliance requirements.
How do we collect your personal data?
We may collect your personal data when you (i) provide it to us as part of establishing a business or employment relationship; (ii) provide it to us in correspondence and conversations with our representatives and intermediaries; (iii) transact with Polunin, such as when you place assets with us to manage; or (iv) provide your personal data to us in response to our anti-money laundering (“AML”), counter-terrorist financing (“CTF”) and know-your-customer (“KYC”) requests.
Do we collect personal data about you from third parties?
We may also collect your personal data such as your name, residential address, and other contact or authentication information from third party sources e.g. from the third party marketing agents, from the organisation you represent, authorities, or other legal entities and individuals and publically accessible sources e.g. to establish and verify your identify to carry out AML, CTF and KYC checks or to find out your contact details if we are unable to contact you
How will we use your personal data?
This section of the Privacy Notice explains for what purposes we use your personal data and on what legal basis we rely, to ensure that we process your personal data lawfully. Our legal bases for collecting and using your personal data will include:
a) To perform our contract with you when you act as a marketing agent or invest with us e.g. to verify your identity, open your account, manage and administer your holdings with us, including processing your subscription and redemption requests, and providing financial and other information to you;
b) To comply with our legal and regulatory obligations, including those laid down in tax and company laws (including for the purposes of complying with FATCA/CRS as well as AML/CTF laws and regulations, and screening against sanctions lists);
c) To pursue our or a third party’s (such as our affiliates, service providers, agents or delegates) legitimate interests which do not override your interests or fundamental rights and freedoms, such as (i) recovering debts owed by you to us; (ii) mitigating business and operational risks; (iii) complying with internal policies; (iv) sharing your personal data with Polunin group companies for internal administrative purposes; (v) investigating, detecting and preventing fraud and other crime; (vi) ensuring network and information security; (vii) purchasing services from third parties which support us in providing our services to you and complying with our legal obligations; (viii) recording and monitoring calls and electronic communications for record keeping, security, quality, staff training and other business purposes; (ix) developing, improving, and informing you about Polunin’s products and services, and other business purposes; (x) maintaining the relationship and otherwise interacting with you; (xi) undertaking business analysis and market research relevant to our business; (xii) protecting Polunin’s interests, including establishing, exercising and defending legal rights and claims; and (xiii) ensuring that our affiliates, service providers, agents or delegates can also comply with their domestic and foreign legal and regulatory obligations. When evaluating whether legitimate interests can be relied on as a legal basis for the processing activities described above, a balancing test is carried out to ensure that the use of your personal data will not be overridden by your interests or fundamental rights and freedoms, in particular by ensuring that your personal data is only used to the extent necessary to achieve the relevant legitimate interests;
d) In certain circumstances and subject to applicable laws, consent, however we will make this clear to you at the time of collection of your personal data, and you will have the right to withdraw your consent at any time.
What are the consequences if you refuse to provide us with requested personal data?
If we ask you to provide us with your personal data to comply with a legal requirement or to allow us to enter into or perform a contract with you, we will advise you (e.g. in our investment management agreement or otherwise) whether you are obliged to provide the personal data as well as of the possible consequences if you fail to do so. For example, if you do not provide us with the necessary information for AML, CTF, KYC or tax purposes or about the source of your funds, we may reject, delay or suspend your arrangement with us until the relevant information is received to our satisfaction
Who do we share your personal data with?
We may use your personal data for the purposes described in the Privacy Notice with our affiliates, intermediaries, service providers, agents and delegates, such as auditors and other professional advisors (and their affiliates, service providers, agents and delegates). Where we use third parties who process your personal data on our behalf as a data processor, we ensure they do so in accordance with our instructions and that they put appropriate technical and organisational security measures in place to adequately protect your personal data. We do not allow our service providers to market to you (for their own purposes) unless they obtain your consent. In certain circumstances, we or they may inform you about how you can access their privacy notices, which will give you further information as to how they use your personal data and how you can exercise your rights in relation to your personal data. We may disclose your personal data for the purposes set out in this Privacy Notice to other third parties e.g. courts, governmental agencies, tax and other regulatory authorities, where we are legally obliged to do so or in our reasonable opinion such disclosure is required to comply with applicable laws and legal processes, support an investigation or to protect our rights and interests. We may also share your personal data with a potential buyer in connection with any proposed purchase, merger or acquisition of any part of our business. As we operate globally, your personal data may be transferred to countries outside the European Economic Area, including the United States, Bermuda, and Singapore. Where the level of protection of personal data in those countries has not been deemed adequate by the European Commission, we put standard data protection clauses in place (as approved by the European Commission) to provide adequate safeguards to ensure that your personal data will remain adequately protected in accordance with applicable data protection laws. Please contact us using the contact details below to obtain a copy of our standard data protection clauses.
How do we protect your personal data?
To protect the security of your personal data, we implement appropriate technical and organisational security measures which include physical and technical security safeguards and a governance model that ensures that adequate policies, procedures, and controls are in place within our organisation.
How long do we hold your personal data for?
We may retain your personal data for as long as it remains necessary in relation to the purposes we collected the information for. When determining the appropriate retention period, we consider the risks of processing, our contractual, legal and regulatory obligations, internal data retention policies and our legitimate business interests as described in this Privacy Notice.
What are your rights in relation to the personal data we hold about you?
Subject to the conditions prescribed in applicable laws and regulations, you have the right: (i) to access, rectify or request erasure of your personal data; (ii) to ask us to restrict processing of it; (iii) to request portability of it; (iv) to object, on grounds relating to a particular situation, to processing of your personal data which is based on legitimate interests; and (v) to object to processing of your personal data for direct marketing purposes. You can exercise these rights by contacting us using the contact details provided below. If you habitual residence is in an EU Member State, then you also have the right to lodge a complaint with a supervisory authority about our use of your personal data in the EU Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes the GDPR.
How can you contact us?
If you have any questions or concerns about our use of your personal data, please contact via e-mail at [email protected] or contact us in writing at Polunin Capital Partners Limited, 10 Cavalry Square, London, SW3 4RB, United Kingdom.