Privacy Notice of Aurum Private Limited
This Privacy Notice explains how Aurum Private Limited (“Aurum”) processes personal data and sets out the rights of the individuals to whom that data relates (data subjects). Any questions about personal data processed by us should be directed to our Data Protection Officer [email protected]
Aurum Private Limited
Aurum Private Limited is a fiduciary business in Guernsey that is licenced by the Guernsey Financial Services Commission (“GFSC”). As part of our legal and regulatory duties we are registered with the Office of Data Protection as a. controller and processor of personal data and are required to meet the requirements of the Data Protection (Bailiwick of Guernsey) Law, 2017 (the “Data Protection Law”) that is compliant and equivalent to the EU Data Protection regulations.
Business functions in respect of Personal data
Aurum Private Limited provides fiduciary services to residents and international clients to assist them with their business and personal objectives and planning with assistance with their advisors.
In order to perform its functions effectively Aurum needs to process personal data. The processing activities that Aurum may by law carry out in relation to personal data include requesting it, collecting it, storing it, analysing it, sharing it, disclosing it.
Clients, their advisors, and managers of their assets will be required to provide personal information and data to Aurum at the start, during and cessation of the business relationship and this is required for Aurum to provide services under, and comply with the Bailiwicks legal and regulatory framework, and duties imposed on us.
Consent
Aurum will not ordinarily use the legal basis of consent due to the regulatory requirements requiring clients, their advisors, and managers to provide personal data and to also keep this up to date. We are also required to keep you updated to your business relationship and matters that may affect it and you, locally and internationally.
Where we do provide marketing material you will have the option to decline from receiving such material.
Confidentiality
Aurum is bound by strict provisions, set out in the Bailiwicks’ legal and regulatory framework, as to the confidentiality and safeguarding of the personal information that it acquires during the course of carrying out a business relationship. There may be occasions where this information may be disclosed, without the consent of those who may be identified from it, only in exceptionally limited circumstances such as:
where necessary to enable Aurum to perform its functions or discharge its obligations (both in the Bailiwick
and internationally);
for the purposes of the investigation, prevention or detection of crime; or
in order to comply with directions given by a court, law enforcement or regulatory agency.
These confidentiality provisions bind Aurum and its employees and third-parties contravention of them is an offence which carries liability to punishment.
In cases where Aurum discloses information it will do so on the basis of conditions designed to ensure that the confidentiality of the information is protected by imposing undertakings in relation to the use, disclosure, safe-keeping and return of the information concerned.
Data processed by Aurum
The personal data that Aurum may collect and process includes information within the following categories:
• name;
• date of birth;
• contact information (address, telephone, email and fax details etc.);
• financial information (returns data, invoicing information, and notifications data etc.);
• identity (passports and identity cards etc.);
• family members (next of kin and beneficiaries etc.);
• employment (employment history, qualifications, training etc.);
• due diligence documentation (identification information, PEP status information, source of wealth data);
• special category data (health, origin, political opinion etc.);
• criminal convictions and offences (fraud, money laundering, market abuse, taxation offences etc.); and fitness and propriety (disciplinary issues, professional memberships, qualifications, investigations, legal actions, police checks etc.)
Sources of data
In addition to gathering information from data subjects directly, Aurum may use other sources of data in order to gather information, some of which may include personal data. Examples of such sources of information include:
• subscribed service sources of risk intelligence;
• membership registers;
• open-source or publicly available sources;
• References from other third parties
Reasons for processing data
Aurum processes personal data for a number of legal reasons or grounds which may include:
• the exercise of rights or powers conferred or imposed on Aurum by law;
• the performance of or compliance with duties imposed on Aurum by law;
• the performance of a duty or contract owed to the client;
• processing in connection with any legal proceedings, or for the discharge of any court functions, for the purpose of obtaining legal advice or otherwise in connection with legal rights.
Sharing data
In exercising its regulatory and contractual obligations Aurum may share information, which may include personal data, with other entities. These other entities may include, for example:
• external providers of professional services (such as lawyers, accountants, auditors or other experts);
• external service providers (for services such as IT, document storage, office maintenance);
• entities with a legal right to the information (such as law enforcement agencies, regulators or supervisory bodies and controllers of public registers); and
• courts and tribunals.
This will be locally or to jurisdictions that have assessed as having data protection frameworks that meet EU privacy adequacy equivalence or where you consent for the data to be provided outside of this. Where Aurum transfers data outside of these jurisdictions it will be in the performance of a contract for you. Aurum retains information, which may include personal data, for as long as necessary for the purpose(s) for which that information was collected and to meet the regulatory and legal requirements of the Bailiwick.
Data Subject rights
Aurum collects personal data to meet its legal and regulatory obligations and requirements in compliance with the Data Protection Law and this provides provides data subjects with a number of rights and these can also be found on the Office of Data Protection Authority website.
Data subjects have the following rights:
• Right to information for personal data collected from data subject
• Right of access
• Right to object to processing for direct marketing purposes
• Right to object to processing on grounds of public interest
• Right to object to processing for historical or scientific purposes
• Right to rectification
• Right to erasure
• Right to restriction of processing
• Right not to be subject to decisions based on automated processing
• Right to data portability
Exercising data subject rights
Any data subject who wishes to exercise rights under the Data Protection Law in relation to the GFSC, should send their request to our Data Protection Officer [email protected]
Where a data subject has reason to make a complaint in relation to the GFSC’s processing of his personal data or protection of his data subject rights, he may make a written complaint to the Data Protection Commissioner.
The Data Protection Law provides for a data subject who has reason to complain about the handling of his complaint by the Data Protection Commissioner to appeal to court where specified grounds exist.
Contact us
The Data Protection Officer
Aurum Private Limited
Third Floor, The Albany, South Esplanade, St Peter Port, Guernsey, GY1 1AQ
Tel: +44 (0) 1481 817830
[email protected] or [email protected]