This Privacy Notice sets out how personal data is collected, processed and disclosed in connection with Summit Properties Limited (the "Company
"). This Privacy Notice is issued by the Company in its capacity as data controller.
We take privacy and security of your information seriously and will only use such personal information as set out in this Privacy Notice.
As a result of your investment (or an investment made by a person firm or entity with which you have a connection) in the Company, your personal information may be provided to the Company, Carey Commercial Limited (the "Administrator"), the nominated adviser and joint broker, Liberum Capital Limited (the "Adviser"), the joint broker, Cenkos Securities plc (the “Joint Broker”) and the registrar, Link Market Services (Guernsey) Limited (the “Registrar”). The Administrator, the Adviser, the Joint Broker and the Registrar are jointly referred to in this notice as "Processors". The Processors may also be data controllers and, if so, are independent data controllers. The Company and its Processors may process your personal information or such data in respect of your directors, officers, employees or beneficial owners.
As each of the Company and the Administrator are entities incorporated in Guernsey, they are obliged to comply with the provisions of the Guernsey data protection laws, including the Data Protection (Bailiwick of Guernsey) Law, 2017 (the "DPL").
- Where we obtain your personal data
- Your personal data comprises information that personally identifies you and includes the following categories:
- information obtained from identification documentation (including name, contact details, social security number, nationality and national identity numbers (where applicable));
- your professional title and occupation;
- your age, date of birth and marital status;
- employment history, income, financial information, evidence of ownership of financial assets and personal wealth;
- tax status and tax identification numbers; and
- bank account details.
- We primarily collect your personal data from the following sources:
- from information which you or your authorised representative gives to us, including but not limited to:
- information set out in any subscription agreement with the Company;
- such other forms and documents as we may request that are completed in relation to the administration/management of any investment in the Company;
- client due diligence documentation as part of our regulatory requirements;
- any personal data provided by you by way of correspondence with us by phone, email or otherwise; and
- recording and monitoring tools that we use for compliance or security purposes (e.g. recording of telephone calls, monitoring emails, etc.)
- personal data we receive from you or any third party sources which may include:
- entities in which you or someone connected to you has an interest;
- your legal and/or financial advisors;
- other financial institutions who hold and process your personal data to satisfy their own regulatory requirements; and
- credit reference agencies and financial crime or other public databases for the purposes of complying with our regulatory requirements.
- We may also collect and process your personal data in the course of dealing with advisers, regulators, official authorities and service providers by whom you are employed or engaged or for whom you act.
- In certain circumstances we also collect and process what are known as "special categories" of personal data (as defined by the DPL). Money laundering, sanctions, financial crime and fraud prevention checks sometimes result in the Company obtaining information about actual or alleged criminal convictions and offences.
- Why we collect your Personal data:
Lawful grounds for processing:
- The Company and its Processors are entitled to hold and process your personal data on the following lawful grounds:
Some of the grounds for processing described above will overlap and there may be several grounds which justify our use of your personal data.
- the processing is necessary for the legitimate interests of the Company provided your interests and fundamental rights do not override those interests. Our legitimate interests are to run and administer the Company, to discharge our legal obligations, to store and disclose information where required or otherwise necessary and to evaluate, develop and improve our services;
- the processing is necessary to comply with our respective contractual duties to you under the terms of our subscription agreement with you and all supplemental agreements thereto;
- to comply with the legal and regulatory obligations of each of the Company and its Processors;
- (on exceptional occasions) where we have obtained your consent; and
- (on rare occasions) where it is needed in the public interest.
Inaccurate or Amended Information
- Please let us know if any of your personal data (including correspondence details) changes as soon as possible. Failure to provide accurate information or to update changed information may have a detrimental impact upon your investment, including the processing of any subscription or redemption instructions or the suspension of your account. Failure to provide information where the same is required for anti-money laundering, pursuant to automatic exchange of information agreements, or other legal requirements means that the Company may not, or may no longer, be able to accept you as an investor in the Company.
Purposes of processing
- Our primary purpose in collecting your personal information is to facilitate and record your holding of shares in the Company, the management and administration of your holdings in the Company and any related administration on an on-going basis. Pursuant to paragraph 2.1, the Company and its Processors may process your personal data, for the purposes set out below (“Purposes”) and the Purposes based wholly or partly on our legitimate interests are set out in paragraphs 2.1.1 to 2.3.17 inclusive:
We will only use your personal information for the purposes for which we collected it unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where these are required or permitted by law.
- to process transactions and to improve the quality of the service we provide to you;
- to disclose information to other third parties such as service providers of the Company, auditors and regulatory authorities and technology providers for the purposes described in this Privacy Notice;
- to update and maintain records, including to permit, administer and record your investment in the Company, and to carry out fee calculations;
- conducting credit reference checks;
- communicating with you as necessary in connection with your affairs and generally in connection with your investment in the Company and in relation to the running of the Company;
- operating the Company's IT systems, software and business applications and those of its Processors;
- supporting our IT and business applications support teams, accounting, legal, reporting, internal audit and risk management, administrative, transfer, document storage, record keeping and other related functions, including but not limited to processing personal data in connection with the Company;
- monitoring and recording telephone and electronic communications and transactions:
- for quality, business analysis, training and related purposes in order to improve service delivery;
- for investigation and fraud prevention purposes, for crime detection, prevention, investigation and prosecution of any unlawful act (or omission to act); and
- to enforce or defend the Company's and its Processors' respective rights, or through third parties to whom we each may delegate such responsibilities or rights in order to comply with a legal or regulatory obligations imposed on each of us;
- disclosing your personal data (including identity and interest in the Company to any bank, financial institution or other third party lender providing any form of facility, loan, finance or other form of credit or guarantee to the Company;
- verifying the identity of a prospective investor to comply with statutory and regulatory requirements in relation to anti-money laundering procedures;
- to conduct checks and other actions in order to comply with legal obligations relating to the detection and prevention of crime such as fraud, money laundering, terrorist financing, bribery, corruption, tax evasion and to prevent the provision of financial and other services to persons who may be subject to economic or trade sanction on an ongoing basis ("Regulatory Assessments");
- for prudential and risk management purposes;
- facilitating the internal administration of each of the Company and its Processors and retaining your personal data as part of our Regulatory Assessments or future services entered into by you;
- liaising with or reporting to any regulatory authority (including tax authorities) with whom the Company is either required to cooperate or report to, or with whom it decides or deems appropriate to cooperate, in relation to an investment, and which has jurisdiction over the Company or its investments in a third country without the same or similar data protection laws as Guernsey or any EU member state (a "Third Country without Adequacy");
- communicating with our professional advisers for the purposes of obtaining professional advice;
- conducting business analytics and diagnostics; and
- other reasons compatible with the primary purpose of processing.
- To the extent that such personal data contains special category data such as, for example: data relating to racial or ethnic origin, political opinion, religious or philosophical belief, trade union membership or criminal data then the processing of such data shall solely be for the purpose of complying with any duty imposed on the Company and/or its Processors by an enactment including, but not limited to, legislation and regulatory obligations relating to Anti-Money Laundering and Combatting the Financing of Terrorism and all other related legislation.
- Neither the Company nor its Processors make decisions about you based on automated processing of your personal data.
- Sharing personal data
- The Company and/or its Processors may share your personal data with:
Those authorised third parties may, in turn, process your personal data abroad and may have to disclose it to foreign authorities to help them in their fight against crime and terrorism.
- banks, custodians, financial institutions or other third party lenders, IT service providers, auditors and legal professionals under the terms of any appropriate delegation or contractual arrangement;
- any depositary, stock exchange, clearing or settlement system, counterparties, dealings and others, where disclosure of your personal information is reasonably required for the purpose of effecting, managing or reporting transactions on your behalf or establishing a relationship with a view to such transactions;
- any regulatory, supervisory or governmental authorities to the extent that we are required by law or regulation to do so, or in other limited circumstances (for example if required by a court order or regulatory authority, or if we believe that such action is necessary to prevent fraud) or to establish, exercise or defend our legal rights; and
- tax authorities.
- Data processing (as described above) may be undertaken by any entity in the Bailiwick of Guernsey, the European Economic Area, or an entity who is located outside the European Economic Area in a third country in respect of which the EU Commission has issued a decision in respect of the adequacy of that jurisdiction's data protection laws.
- Data processing (as described above) may also be undertaken by any entity in a jurisdiction outside the European Economic Area and in respect of which the EU Commission has not issued a decision as to the adequacy of that jurisdiction's data protection laws. This means that the country or countries to which we transfer your data are not deemed to provide an adequate level of protection for your personal information. However, to ensure that your personal data receives an adequate level of protection we put in place measures such as EU model contract clauses to ensure that your personal information is treated by those third parties in a way that is consistent with and which respects the EU laws and the laws of the Bailiwick of Guernsey on data protection. If you require further information about these protective measures, you can request it by using the contact details in paragraph 7 below.
- Retention of personal data
- Your personal data will be retained for the longest of the following periods:
- for the Company, its Processors and/or any authorised third parties to carry out the Purposes for which the data was collected or as long as is set out in any relevant agreement you enter into with us);
- in order to establish or defend legal rights or obligations or to satisfy any reporting or accounting obligations; and/or
- any retention period that is required by data protection laws and any applicable laws or regulatory requirements.
- We endeavour to store your personal data securely in accordance with accepted market standards.
- Whilst we have taken every reasonable care to ensure the implementation of appropriate technical and security measures, we cannot guarantee the security of your personal data over the internet, via email or via our websites nor do we accept, to the fullest extent permitted by law, any liability for any errors in data transmission, machine, software or operating error or any other cause.
- Your rights
- You have, under certain circumstances, the following rights in respect of personal data which we hold about you:
- the right to access and port (move) your personal data;
- the right to rectify personal data if you consider that it is inaccurate or incomplete;
- the right to restrict the use of your personal data;
- the right to request that personal data is erased if you consider that we do not have the right to hold it;
- the right to object to processing of personal data; and
- where solely consent has been relied on to process the personal data, the right to withdraw consent at any time by contacting us via the contact details below.
- You also have the right to lodge a complaint with the Guernsey Data Protection Authority or a supervisory authority in the EU member state of your usual residence or place of work or of the place of the alleged breach if you consider that the processing of your personal data carried out by or on behalf of the Company, has breached data protection laws.
- In limited circumstances we may approach you for your written consent to allow us to process certain particularly sensitive data or to use data for another purpose. Where you may have provided your consent to the collection, processing and transfer of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact the Company using the contact details in the "How to Contact Us" section below. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
- How to contact us
If you have any questions about our use of your personal data, our retention procedures or our security processes, please contact is at: firstname.lastname@example.org
This Privacy Notice is dated 25th September 2018.
We may amend this Privacy Notice at any time without notice, in which case the date of the policy will be revised.