We at Stonewood take data privacy seriously. This Privacy Notice explains what personal data we collect from you, the purposes for which it is used, the third parties to whom it is disclosed and your rights as an individual.
Stonewood is obliged to comply with data protection laws (“DPL”) in the jurisdiction(s) in which it is established. It may also be subject to the DPL of other jurisdictions in some circumstances.
What data does Stonewood collect?
- Your personal data comprises information that identifies you and includes (but is not limited to) the following:
- Contact details, such as name, address, email and telephone numbers;
- Information required to meet legal and regulatory requirements such as gender, age, date of birth, social security number, nationality, national identity number or passport number, images of passports, driving licences and similar documents, signatures, source of funds and/or wealth, criminal records;
- Your professional job title or occupation;
- Marital status and details of dependents;
- Employment history, income, wider financial information (including evidence of ownership of assets and/or personal wealth);
- Tax status and/or residency and tax identification numbers; and
- Bank account details.
- Stonewood collects this information from the following sources:
- Identification documentation, including due diligence documentation that you or your authorised representatives or advisers provide;
- Correspondence with us or with any third parties (such as fund administrators) acting on our behalf, including emails, written correspondence, instant messaging and telephone calls;
- Recording and monitoring tools that we use for compliance or security purposes (for example, recordings of calls, monitoring of emails between you and us, etc.);
- Our website;
- Third party sources, such as:
i. Entities with which or in which you (or someone connected to you) have an interest;
ii. Your legal, financial or other advisers or representatives;
iii. Other financial institutions who hold and process your personal data to satisfy their own regulatory obligations;
iv. Credit reference agencies; and
v. Subscription-only databases and publicly available sources, such as directories and websites.
- In certain circumstances, Stonewood collects and processes sensitive information known as “Special Category” data (as defined in the DPL) and which is limited to information relating to actual or suspected criminal convictions or offences. This is required to carry out a range of regulatory checks (for example, money laundering, sanctions, financial crime and fraud prevention).
What is the data used for?
- Stonewood needs to process your personal data for various reasons relating to the management, administration and general good governance of your investment including but not limited to:
- Performing identity, financial and credit checks and screening;
- Complying with instructions, orders and requests from law enforcement agencies, regulatory bodies or any court, or as otherwise required by law;
- Reporting tax related information to tax authorities;
- Communicating with and disclosing information to third parties such as auditors and technology providers;
- Communicating with and disclosing information to third parties such as financial institutions, asset management entities and asset holding entities in connection with your investment(s);
- Updating and maintaining our records;
- Providing information on our services;
- Operation of our IT systems and infrastructure, including software and relevant business applications;
- Administrative functions, including accounting, legal, risk management, IT and business support, storage, record keeping and related functions;
- Maintaining the integrity of our software, systems, platforms, premises and communications;
- Conducting checks and related actions to comply with our legal obligations relating to the detection, investigation and prevention of crime and to prevent the provision of services to persons subject to economic or other sanctions;
- Communicating with our advisers for the purposes of obtaining advice;
- Conducting business analytics and diagnostics; and
- Managing, planning and delivery of our business strategy and marketing objectives, including reporting outcomes.
- Stonewood relies on the following lawful bases for processing your data:
- You have given your consent to the processing;
- It is necessary in order to perform a contract with you or you have asked us to, prior to entering into a contract;
- It is necessary for us to comply with a legal obligation; and/or
- It is necessary for our legitimate interests or those of third parties.
- To the extent that any processing is based on your consent, you can withdraw that consent at any time.
- Where we rely on legitimate interests (or those of third parties), we can only process your personal data if your fundamental rights and interests do not override our own. Our legitimate interests include:
- the good management and administration of your investment(s) and/or the fund(s),
- discharging our legal obligations effectively,
- complying with regulatory requirements, and
- evaluating, developing and improving our services, including marketing such services.
- Where the processing is based on our legitimate interests, you can object to that processing at any time. If you object, we will stop processing your data, unless we can show you a compelling reason why the processing overrides your privacy rights, or where the processing is for the establishment, exercise or defence of legal claims.
- We will only process your personal data for the purposes for which it has been collected, unless we reasonably consider that we require its use in another fashion, which is compatible with the original purpose. If we wish to use the data for a new purpose, you will be notified in advance and the legal basis for processing explained to you.
- Please note that we may process your personal data without your knowledge or consent where required to do so by law.
- We do not make decisions about you based on automated processing of your personal data.
Who is the data shared with?
- We may share your personal data in connection with the services we provide. The recipients will depend on the nature of the service being provided and my include disclosures to:
- Banks, custodians, financial institutions or other third-party lenders, asset managers, investment advisers, or similar;
- IT or other service providers, auditors, accounting and legal professionals;
- Regulatory, supervisory, law enforcement or other governmental authorities, including courts, court-appointed persons/entities and administrators or liquidators;
- Professional bodies; and
- Tax authorities.
- These third parties may, in turn, process your personal data overseas, including outside the EEA and may have to disclose it to relevant authorities for regulatory or legal reasons.
- We enter into data processing agreements with all of our third-party service providers to ensure that they process your personal data with the equivalent level of security and confidentiality as applied by us.
- In certain circumstances we may also disclose your personal data to third parties who will receive it as controllers in their own right for the purposes set out above, in particular:
- If Stonewood transfers, merges, reorganises, purchases or sells any part of its business or that of a third party and it discloses your data to a prospective seller, buyer or third party involved in a business transfer, merger or reorganisation arrangement (including advisors); and
- If Stonewood needs to disclose your data in order to comply with a legal obligation, enforce a contract or to protect the rights, property and safety of its employees, clients or others.
- Except as set out above, we will not disclose, transfer or sell your personal data to any third party without your express written consent.
Transferring the data overseas
- From time to time, the processing of your data may be undertaken outside of the Bailiwick of Guernsey, but within the European Economic Area (“EEA”) or a third country in respect of which the European Commission has issued a decision in respect of the adequacy of that country’s data protection laws (an “Adequate Jurisdiction”).
- Insofar as processing may take place in a jurisdiction outside the Bailiwick, the EEA and in a jurisdiction which is not an Adequate Jurisdiction, then Stonewood will ensure that no transfers of your data will take place to that jurisdiction without first ensuring that adequate safeguards to ensure your data is protected.
- Stonewood will ensure that it either has a contract in place with the transferee (such as the EU’s Model Clauses), has your consent to the transfer, or has confirmed that the transfer is necessary for one of the reasons set out in the DPL (such as the performance of a contract with you).
- Should you have any questions in relation to international transfers of data, or would like a copy of the relevant transfer mechanism (such as the relevant model clauses applying to a transfer), please contact our data protection representative the contact details for whom are provided below.
How long is the data kept?
- Your personal data will be retained for the longest of the following periods (providing always that the data is required to be retained by law, contract or similar provision and its processing remains compatible with the purpose(s) for which it was collected):
- The duration of your investment, together with any statutory retention period applicable;
- The duration of your relationship with Stonewood and/or its Data Processors and/or third-party service providers, together with any statutory retention period applicable;
- The relevant prescription period applicable in order for Stonewood to establish or defend its legal rights or obligations, or to satisfy reporting or accounting obligations;
- Any applicable retention periods required by DPL or similar laws or regulation.
- Stonewood’s default policy is for data to be deleted after six and a half years, subject to any requirements above.
- Salesforce Pardot: Pardot tracks visitor and prospect activities on your website and landing pages by setting cookies on their browsers. Cookies are set to remember preferences (like form field values) when a visitor returns to your site. Pardot also sets a cookie for logged-in users to maintain the session and remember table filters.
Pardot sets first-party cookies for tracking purposes and sets third-party cookies for redundancy. Using first-party and third-party cookies together is standard in the marketing automation industry. Pardot cookies don’t store personally identifying information, only a unique identifier. Pardot sets first-party cookies on your tracker subdomains and Pardot domains. Pardot uses third-party cookies on https pages and when your account doesn’t have a tracker subdomain set up.
Pardot sets three kinds of cookies:
i. The visitor cookie is composed of a unique visitor ID and the unique identifier for your account. For example, the cookie name “visitor_id12345” stores the visitor value “1010101010”, and “12345” is the account identifier. This cookie is set for visitors by the Pardot tracking code;
ii. If your account tracks opt-in preferences, the pi_opt_in cookie is set with a true or false value when the visitor opts in or out of tracking; and
iii. A session cookie named “pardot” is set when you’re logged in as a Pardot user. This cookie isn’t set on a visitor’s browser.
You can learn more about Pardot here: https://www.pardot.com/
- Google Analytics: further details of Google Analytics can be found here: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage; and
- Stonewood is required by law to ensure that adequate technical and organisational security measures are in place to protect your data from unauthorised or unlawful processing, including accidental loss, damage or destruction.
- Stonewood cannot guarantee the security of your personal data over the internet or via email and does not accept, to the fullest extent permitted by law, liability for any errors in data transmission, machine, software or operating error or other equivalent cause of loss.
What are my rights and how can I exercise them?
- Whilst not applicable in all circumstances, you generally have the following rights in respect of the personal data which Stonewood holds about you and processes:
- Right to port (move) your personal data
i. Subject to certain conditions, you are entitled to receive personal data processed by Stonewood by automated means, in a structured, commonly-used machine readable format.
- Right of access
i. Subject to certain conditions, you are entitled to have access to a copy of your personal data.
- Right to correct
i. You may challenge the accuracy or completeness of your data and have it corrected or completed. You have a responsibility to assist us in keeping your data up to date, so please notify us as soon as any changes occur (such as moving house, changing contact details, etc.).
- Right to object
i. Subject to conditions, you have the right to object to us processing your personal data, or to restrict its processing.
- Right to erasure
i. Subject to conditions, you have the right to ask that your data be erased (i.e. where it is no longer needed, the purpose for which it was collected no longer applies, or the processing is unlawful).
- Right to withdraw consent
i. If the processing is based on your consent, then you may withdraw that consent at any time. Please note that this only has effect in respect of future processing.
- Please note that should you have any concerns over the processing of your data, you should contact our data protection representative the contact details for whom are provided below. We will endeavour to resolve the issue as soon as possible. In the event you remain dissatisfied, and in any case, you have the right to complain to the Office of the Data Protection Commissioner, whose contact details are set out below:
Office of the Data Protection Commissioner
St. Martin’s House, Le Bordage, St. Peter Port, Guernsey GY1 1BR
Tel: +44 1481 742074
- You may also have the right to complain to the relevant data protection authority in the jurisdiction in which you reside.
Updates to this Privacy Notice
- Stonewood may amend this Privacy Notice at any time without notice, in which case this date will be revised and any changes made available to view on request. Updated copies will in any case be provided via a circular and via the website.
Who should I contact?
- If you have any questions about Stonewood’s use of your personal data, its retention procedures, transfers or security procedures, please contact:
Heidi Westwell, Chief Operating Officer
Stonewood Wealth Management International Limited, Suite 3, 2 Grange Place, St. Peter Port, Guernsey GY1 2QA
Tel: +44 1481 722589