EERF Privacy Notice
Euro Equity Release Funding Co. Ltd (EERF) is a company, incorporated in England and Wales with company number 14707133 and with its registered address situate at 8th Floor 20 Farringdon Street, London, United Kingdom, EC4A 4AB (the expressions we, our or us refer to EERF).
- The purpose of this Privacy Notice
The purpose of this Privacy Notice is to give a clear explanation about how we collect, use, share and retain any Personal Data (as defined below) of individuals or in the case of body corporates, their individual representatives, including Individual investors and individuals connected to institutional investors that provide EERF with Personal Data (for example directors, trustees, employees, representatives, shareholders, investors, clients, beneficial owners or agents), directors and visitors to EERF’s website (you and your, as the context permits), as needed to conduct our business activities in accordance with the United Kingdom General Data Protection Regulation (GDPR) and Data Protection Act 2018 (together, the UK DP Laws) and any other similar or related legislation relating to the Processing of Personal Data applicable in any jurisdiction to which we have been, are or will be subject as in force at the date of this Privacy Notice (or as re-enacted, applied, amended, superseded, repealed or consolidated) and in each case including any legally binding regulations, direction, and orders issued from time to time under or in connection with any such law (the Data Protection Legislation).
For the purposes of this Privacy Notice:
- Data Controller means any natural or legal person, which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data;
- Data Processor means a natural or legal person who processes Personal Data on behalf of the Data Controller and/or other delegates that receive Personal Data;
- Personal Data shall mean any information that is capable of identifying, can be attributed to or that relates to you personally. It does not include data where the identity has been removed (anonymous data). There are “special categories” of more sensitive Personal Data that require a higher level of protection (Special Category Data, as that term is defined in the UK DP Laws); and
- Processing shall mean performing any operation or set of operations on Personal Data, whether or not by automatic means, including collecting, recording, organising, storing, amending, using, retrieving, disclosing erasing or destroying it. The rules around the Processing of Personal Data apply whether the activity takes place in the UK or not, where the Processing activities are related to (i) the offering of goods and services to individuals that are in the UK; or (ii) the monitoring of their behaviour which takes place within the UK.
Part of our obligations under the Data Protection Legislation is providing information to individuals whose Personal Data is Processed about the kind of information we collect, what we do with it, and what rights individuals whose Personal Data we Process have with respect to its accuracy and use.
It is important that you read this notice, together with any changes published on our website and any other privacy notice we may provide on specific occasions when we are Processing your Personal Data, so that you are aware of how and why we are using such information.
- Data Controllers
For the purposes of the UK DP Laws, EERF shall be the Data Controller in relation to any Personal Data collected by them directly regarding their business activities. This means that EERF shall be responsible for deciding how it will hold and use your Personal Data.
There may be instances where associated entities, representatives or agents of EERF collect Personal Data from you and to the extent that they determine the purpose and the means of the Processing, they may also be characterised as Data Controllers under the UK DP Laws. In these instances and where EERF instructs third parties to Process Personal Data as Data Processors, EERF will take all steps reasonably necessary to ensure that your Personal Data is treated securely and in accordance with this Privacy Notice and the Data Protection Legislation when it is Processed by any such third parties.
- Personal Data we Process
We may Process the following Personal Data about you:
- personal contact details (including names, postal and email addresses, telephone numbers and website URLs);
- information required in order for us to meet any applicable legal and regulatory requirements, in particular in respect of anti-money laundering legislation, including identification data (date and place of birth, nationality, identity number, copies of passports or other identification document) and information regarding source of funds and source of wealth;
- information required in order for us to meet any reporting obligations, for example, tax reporting including tax status, tax number, tax residency and financial information;
- information required in order for us to provide the services including financial information to Process payments, background information including employment details and details of dependents;
- any other information that may be provided.
We may also Process the following Special Category Data including information about your health, including any medical condition, health and sickness records.
Special Category Data requires a higher level of protection under the UK DP Laws and will only be Processed where we have received explicit consent or if the Processing is necessary for compliance with a legal obligation.
- Uses of your Personal Data
We will only Process Personal Data for purposes that are specific, explicit and for legitimate purposes. Your Personal Data may be Processed by us for the following purposes, in the following manners and with regards to the following legal bases:
WHY |
HOW |
Contract |
It is necessary to perform a contract with you to: · Process an application to become a shareholder of EERF or otherwise supply the investment services requested by and correspond with such persons; · provide support in respect of our services to you; · facilitate the continuation or termination of the contractual relationship between you and EERF; · facilitate the transfer of funds, and administering and facilitating any other transactions, between you and EERF; · consult with legal counsel for the purposes of obtaining legal advice; · consult with tax advisors for the purposes of obtaining tax advice; · submit tax reporting information as legally required; and · improve our services and our website. |
Compliance with law |
It is necessary for compliance with an applicable legal or regulatory obligation to which we are subject to: · undertake client and investor due diligence and on-boarding checks; · carry out verification, know your client (KYC), terrorist financing and anti-money laundering checks; · verify the identity and addresses of investors (and, if applicable their beneficial owners); · comply with requests from regulatory, governmental, tax and law enforcement authorities; · maintain statutory registers; · exercise any right or power, or perform or comply with any duty, conferred or imposed on us by law, or to comply with an order or a judgment of a relevant court or tribunal; · prevent and detect fraud; and · sanctions. |
Legitimate interests |
For our legitimate interests or those of a third party to: · manage and administer any shareholding and any related accounts on an ongoing basis; · assess and Process any applications or requests made by you; · open, maintain or close accounts in connection with your investment in, or withdrawal; · send updates, information and notices or otherwise correspond with you in connection with your investment; · address or investigate any complaints, claims, proceedings or disputes; · comply with applicable regulatory obligations; · manage risk and operations; · comply with accounting and tax reporting requirements; · comply with audit requirements; · assist with internal compliance, policies and Process; · keep internal records; · protect the business against fraud, breach of confidence, theft of proprietary materials, and other financial or business crimes (to the extent that this is not required by law); · seek professional advice, including legal advice; · facilitate business asset transactions involving EERF or related vehicles; · monitor communications using our systems; and · protect the security and integrity of our IT systems.
We only rely on these interests where we have considered that, on balance, our legitimate interests are not overridden by your interests, fundamental rights or freedoms. |
- Sources of your Personal Data
We may collect Personal Data about you from a number of sources, including:
- from you directly or from any of our mandatory forms you complete as part of our client take-on process;
- correspondence and conversations we may have had with you;
- any transactions you may enter into with respect to EERF;
- publicly available and accessible directories and sources;
- bankruptcy registers;
- third party advisors (such as your legal or financial advisors);
- tax authorities, including those that are based outside the UK if you are subject to tax in another jurisdiction;
- governmental and competent regulatory authorities to whom we have regulatory obligations;
- credit agencies; and
- fraud prevention and detection agencies and organisations.
- Disclosure of your Personal Data to third parties
We may from time to time, in accordance with the purposes described above, disclose your Personal Data to other parties, including (a) EERF’s Administrator and its affiliates, (b) professional advisers such as law firms and accountancy firms, (c) other service providers of EERF, including technology service providers, (d) counterparties and (e) courts and regulatory, tax and governmental authorities.
Where possible, we will enter into data Processing agreements with such third parties to ensure that they are obliged to take appropriate security measures to protect your Personal Data in line with our policies. We do not allow any such persons to use Personal Data for their own purposes. We only permit them to Process Personal Data which we share with them for specified purposes (being one or more of the purposes specified in this Privacy Notice) and in accordance with our instructions.
Other third parties with whom we are unable to enter into data Processing agreements will themselves be responsible for their use of your Personal Data as Data Controllers. These persons may be permitted to further disclose the Personal Data to other parties pursuant to the Data Protection Legislation.
- Transfers of your Personal Data outside the United Kingdom
Your Personal Data may be transferred to and stored by third parties outside of the UK. It may also be accessed by staff operating outside the UK who work for us or one of our affiliates or third-party service providers. This includes staff engaged in, among other things, the provision of support services.
We will take all steps reasonably necessary to ensure that Personal Information is treated securely and in accordance with this Privacy Notice and the Data Protection Legislation when it is Processed in, or otherwise accessed from, a location outside of the UK. This means that we will only transfer Personal Information to third parties outside of the UK if (a) that third party is situated in a country that has been confirmed by the UK Financial Conduct Authority or by law to provide adequate protection to Personal Information, (b) that third party has agreed (by way of written contract) to provide all protections to such Personal Information as required by the Data Protection Legislation, or (c) we have your explicit consent to do so (such as where you have consented to the provision of Personal Information in connection with your account to your introducing agent or where you have requested a specific transfer). Where any transfer takes place under a written contract, you have the right to request a copy of that contract and may do so by contacting us on the details below.
- Data Security
We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only Process your Personal Data on our instructions and they are subject to a duty of confidentiality. Details of these measures may be obtained from us upon request.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
- Retention of Personal Data
We will retain your Personal Data for as long as necessary to fulfil the purposes for which it was collected. The retention period will be determined by various criteria, including the amount, nature and sensitivity of the personal data in question, the purposes for which Personal Data is Processed, any legal or regulatory requirements we may have to comply with (as laws or regulations may set a minimum period for which we have to keep your Personal Data), the potential risk of harm from unauthorised use or disclosure of that personal data and whether we can achieve those purposes by other means.
In some circumstances, we may anonymise Personal Data so that it can no longer be associated with the relevant natural person, in which case we may use such information without further notice to you. Once your business relationship with us has ended we will retain and securely destroy Personal Data related to your account in accordance with our data retention policy and applicable laws and regulations.
- Cookies
Also known as browser cookies or tracking cookies, cookies are small, often encrypted text files, located in browser directories on your computer or mobile phone when you browse websites. We use cookies on our website to make our website work sufficiently, improve the speed/security of the site, measure how the website is used so that we can continuously improve it, make our services more efficient, store information about your preferences, login status, browsing activity, and other data. Cookies are created by the website’s server and stored on your device’s browser.
You can choose to refuse cookies or tell your browser to let you know each time that a website tries to set a cookie. However, refusing cookies may mean some sections of the site will not work properly.
For more information about cookies (including how to turn them off) please visit: www.allaboutcookies.org
- Your rights
You have certain statutory rights in relation to the Personal Data that we Process about you. These rights include the right to:
Your right |
What does it mean? |
Limitations and conditions of your right |
Right of access |
Subject to certain conditions, you are entitled to have access to your personal data (this is more commonly known as submitting a “data subject access request”). |
If possible, you should specify the type of information you would like to see to ensure that our disclosure is meeting your expectations. We must be able to verify your identity. Your request may not impact the rights and freedoms of other people, eg privacy and confidentiality rights of other staff. |
Right to data portability |
Subject to certain conditions, you are entitled to receive the personal data which you have provided to us and which is processed by us by automated means, in a structured, commonly-used machine readable format.
|
If you exercise this right, you should specify the type of information you would like to receive (and where we should send it) where possible to ensure that our disclosure is meeting your expectations. This right only applies if the processing is based on your consent or on our contract with you and when the processing is carried out by automated means (ie not for paper records). It covers only the personal data that has been provided to us by you. |
Rights in relation to inaccurate personal or incomplete data |
You may challenge the accuracy or completeness of your personal data and have it corrected or completed, as applicable. You have a responsibility to help us to keep your personal information accurate and up to date. We encourage you to notify us of any changes regarding your personal data as soon as they occur, including changes to your contact details, telephone number, immigration status. |
Please always check first whether there are any available self-help tools to correct the personal data we process about you. This right only applies to your own personal data. When exercising this right, please be as specific as possible. |
Right to object to or restrict our data processing |
Subject to certain conditions, you have the right to object to or ask us to restrict the processing of your personal data. |
As stated above, this right applies where our processing of your personal data is necessary for our legitimate interests. You can also object to our processing of your personal data for direct marketing purposes. |
Right to erasure |
Subject to certain conditions, you are entitled to have your personal data erased (also known as the “right to be forgotten”), eg where your personal data is no longer needed for the purposes it was collected for, or where the relevant processing is unlawful. |
We may not be in a position to erase your personal data, if for example, we need it to (i) comply with a legal obligation, or (ii) exercise or defend legal claims. |
Right to withdrawal of consent |
As stated above, where our processing of your personal data is based on your consent you have the right to withdraw your consent at any time. |
If you withdraw your consent, this will only take effect for future processing. |
- Consequences of failure to provide information
If you fail to provide certain Personal Data when requested, we may not be able to provide the services you have requested, as this may prevent us from complying with our legal obligations such as our anti-money laundering and combating the financing of terrorism obligations.
- Contacting EERF
If you would like further information on the collection, use, disclosure, transfer or Processing of your Personal Data or the exercise of any of the rights listed above, please address questions and requests to:
Euro Equity Release Funding Co. Ltd Address: 8th Floor, 20 Farringdon Street, London, EC4A 4AB, UK |
Telephone: +44 (0) 207 832 4900 Email: rkhaitan@777part.com , rmulder@777part.com |
- Complaints
Should you wish to take any complaints or queries further, individuals have the right in certain circumstances to make a complaint in writing to the Information Commissioner’s Office in the UK in respect of the Processing of their Personal Data by us, and have certain rights to appeal pursuant to the UK DP Laws.
Contact details of the Information Commissioner’s Office:
Information Commissioner’s Office Wycliffe House Water Ln Wilmslow Cheshire SK9 5AF |
Telephone: +44 303 123 1113 Email: icocasework@ico.org.uk |
- Changes to this Privacy Notice
We reserve the right to update this privacy notice at any time, provided notice of such change is provided to you.