1.1. Our contact details for the purposes of this Policy are:
Clermont Consultants (CH) SA
61 rue du Rhône
Any questions, comments or requests regarding this Policy should be sent to firstname.lastname@example.org.
1.2. For the purposes of this Policy, “European Data Protection Legislation” is defined as, for the periods in which they are in force, the European Data Protection Directive 95/46/EC, all laws giving effect or purporting to give effect to the European Data Protection Directive 95/46/EC (such as the Data Protection Act 1998) or otherwise relating to data protection (to the extent the same apply), the General Data Protection Regulation (Regulation (EU) 2016/670) (“GDPR”) or any equivalent legislation amending, supplementing or replacing the GDPR, and the Swiss Federal Act on Data Protection (as revised from time to time).
1.3. Please take the time to read this Policy, which contains important information about the way in which we process personal data.
2 Information we may collect
2.1. We may collect and process information about you and associated beneficiaries of our services through various means, including:
- in the course of establishing a business relationship with you or any other associated person who may benefit from the proposed services
- in the course of providing those services
- by email or other electronic correspondence
- by telephone
- in person (i.e. by hand delivery of information or documentation)
- otherwise through providing our services or operating our business
2.2. The personal data you give to us may include:
- your name, title and date of birth
- contact information, including telephone number, residential address(es), postal address and email address
- information relating to your residence, citizenship and/or tax status
- your investment preferences
- employment details, e.g. employment history, qualifications, etc.
- business activities, e.g. industry sector, jurisdictions of operation, etc.
- photographic identification and proof of residential address
- information relating to your income and sources of wealth, together (at our discretion) with supporting figures and documentation
- in certain circumstances, your and others’ signature(s), tax identification number(s), financial details such as bank account details and details of any relevant sanctions or similar restrictions
- in certain circumstances, information or data relating to criminal convictions or investigations, health (including disabilities), ethnicity, race, religious beliefs, trade union membership and other ‘special category personal data’
- any other personal data we collect in the context of our work for the families we serve or in the course of operating our business
2.3. We may also collect and process the same or similar personal data with respect to:
- our clients or Principals
- persons entitled to benefit from our services (for example, beneficiaries of trusts)
- persons to or from whom transfers of funds or assets are made or received
- our employees, prospective employees, work experience students or other job applicants
- those emergency contacts whose details have been provided to us by our employees
- third parties with whom we have contact by virtue of providing our services
- professional advisors or others with whom we work in the context of our services
- our prospective target clients
- our contractors and suppliers
2.4. If you or the persons described in paragraph 2.3 contact us, we may keep a record of that correspondence.
3 How we will use the information
3.1. We may use the above-described information for the following purposes:
- to respond to any appropriate query submitted to us
- to manage our relationship with you (and/or your business) or any other person entitled to benefit from the associated services, including by maintaining our database of Principals, settlors, beneficial owners and third parties for administration, accounting and relationship management purposes
- to complete our contractual and/or fiduciary obligations to you or any other person entitled to benefit from our services pursuant to our application forms, standard terms and conditions of business and/or the governing documentation of associated trusts and/or companies (including any associated administration)
- to carry out any relevant conflict checks, anti-money laundering and sanctions checks and fulfilling our obligations under any relevant anti-money laundering law or regulation
- to send you any relevant information on applicable legislative developments that may be of interest to you using the email and/or postal address which you have actively provided at the time of engaging our services or thereafter
- for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey responses
- to comply with any other professional, legal and regulatory obligations which apply to us – including applicable automatic exchange of information, tax transparency or disclosure of beneficial ownership laws – or policies that we have in place across the Clermont Group
- as we feel is necessary to prevent illegal activity or to protect our interests
4 Legal grounds for processing information
4.1. We will rely on the following legal bases under European Data Protection Legislation for processing your personal data:
- Where we have obtained your express consent to do so (which consent may be withdrawn at any time – see below).
- Performance of, or entry into, a contract.The personal data that we are required to collect in order to comply with the professional, legal and regulatory obligations which apply to us must be provided to us in order for us to perform our fiduciary and/or contractual obligation – we would not be able to act for you or any associated beneficiary of our services without this personal data.
- Compliance with a legal obligation to which we are subject.
- Processing is necessary in order to protect your vital interests or those of another natural person for whom we are acting in a fiduciary capacity.
- We have a legitimate interest in doing so as a fiduciary services provider(and where our legitimate interests are not overridden by your or the relevant individual’s own interests or fundamental rights or freedoms). These legitimate interests will include our interests in managing our relationship with our Principals, beneficiaries and other counterparties, and ascertaining achievement of proper standards/ compliance with policies, practices or procedures.
- Where processing of ‘special category personal data’ is necessary in the context of the establishment or diligent provision of our services (or the subsequent withdrawal thereof).
5 Sharing information
5.1. We may share information with carefully selected third parties. These may include service providers, support services, institutions, organisations and third parties instructed to enable us to fulfil our contractual or fiduciary obligations to you and/or entities under our administration in the course of business.
5.2. If we share information with third parties they will process the information as either a data controller or as our data processor and this will depend on the purposes of our sharing the personal data. We will only share personal data in compliance with the European Data Protection Legislation.
5.3. We may disclose your information to third parties when:
- you specifically request this or it is necessary to provide our services (e.g. when we need to engage a bank, asset manager or lawyer in the same or another jurisdiction)
- it is in the vital interests of an entity under our administration (e.g. to properly administer or protect an asset belonging to that entity)
- in the event that we sell or buy any business or assets, in which case we may disclose personal data to the prospective seller or buyer of such business or assets (and/or any associated administrator of the same)
- if the Clermont Group or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets
- if we are under a duty to disclose or share personal data in order to comply with any legal obligation or to protect the rights, property or safety of our Principals, beneficiaries or others. This includes exchanging information with governmental authorities pursuant to exchange of information and similar tax compliance legislation (e.g. FATCA, the Common Reporting Standard, etc.)
5.4. The third parties include:
- members of the Clermont Group, including those outside of the European Economic Area
- banks, which, for the purposes of preventing money laundering or terrorist financing, may require us to disclose personal data where they hold monies or assets for an entity under our administration
- our insurers
- our auditors, including external accreditation bodies
- other professional advisors or third parties (including counsel, overseas lawyers or accountants) with whom we engage as part of our services or who beneficiaries thereof separately engage in the same context
- any anti-money laundering or financial services regulator of any member of the Clermont Group
- any third party we are expressly asked to share data with by an appropriately authorised person (e.g. the data subject or his or her parent/guardian).
5.5. Other than members of the Clermont Group, the third parties mentioned in paragraph 5.4 may have their own privacy policies and we do not accept any responsibility or liability for these policies.
5.6. We will not rent or sell any personal data to any other organisation or individual.
6 Storage and retention of personal data
6.1. We follow strict security procedures as to how personal information is stored and used, and who sees it, to help stop any unauthorised person getting hold of it. All personal information registered on our electronic systems will be located behind a firewall. Once we have received information, we will use strict procedures and security features to try to prevent unauthorised access. Unfortunately, the transmission of information via email or the internet is not completely secure and although we do our best to protect personal data, we cannot absolutely guarantee the security of such data.
6.2. We will keep information stored on our systems for as long as it takes to provide the services to you and/or the associated beneficiaries of such services and in accordance with our standard terms and conditions of business and/or the governing documentation of the relevant trust(s) and/or company/ies. We may keep your data for longer than our stated retention period if we cannot delete it for legal, regulatory or technical reasons. We may also keep it for research, preventing conflicts of interests or statistical purposes. If we do, we will ensure that appropriate safeguards are in place to protect your privacy and only used for those purposes.
6.3. We will, subject to paragraph 6.2, not store your information for longer than is reasonably necessary or required by law or local regulation.
7 Sending your information outside of the EEA
7.1. If we need to share your personal data with a recipient outside the European Economic Area (“EEA”), which notably includes certain members of the Clermont Group, we will ensure we do so in compliance with European Data Protection Legislation, including where applicable by ensuring that the transfer is necessary to perform our services or serve the relevant data subject’s interests.
7.2. Our people may access our systems remotely when working abroad (including from jurisdictions outside the European Economic Area). Where they do so, they are required to use our systems and access any personal data in accordance with all the usual policies and procedures.
8 Withdrawal of consent
8.1. Where we process your personal data we do so on the basis that consent for us to do so for the purposes set out in this Policy has been given. You may withdraw your consent to this processing at any time by contacting us at email@example.com.
8.2. If you do withdraw your consent, we may still be able to process some of the data that you have provided to us on other grounds (see paragraph 4 above) and will notify you of these at such time.
9 Your information rights
9.1. European Data Protection Legislation gives you the right to access information held about you. You are entitled to be told by us whether we or someone else on our behalf is processing your personal information; what personal information we hold; details of the purposes for the processing of your personal information; and details of any third party with whom your personal information has been shared.
9.2. You can access the personal information we hold on you by contacting us at firstname.lastname@example.org.
9.3. We will ask you to provide proof of identity before we show you your personal information – this is so we can prevent unauthorised access.
9.4. In the event that an access request is unfounded, excessive or especially repetitive, we may charge a ‘reasonable fee’ for meeting that request. Similarly, we may charge a reasonable fee to comply with requests for further copies of the same information. ‘Reasonable fee’ for these purposes means the time associated with complying with the access request (and any follow-up queries) charged at our prevailing hourly rates.
9.5. You have the additional rights to request rectification and erasure of your personal data and to request restriction of, and to otherwise object to, our processing of your personal data and you can exercise these rights at any time by contacting email@example.com.
9.6. You will also be entitled to receive your personal in a structured, commonly used and machine-readable format, and to transmit that data to another data controller.
10.1. If you consent to us contacting you, we will always aim to be respectful, relevant and appropriate. If at any time you do not think that we have complied with this, please contact us straight away to let us know.
10.2. You also have the right to make a complaint to the Clermont Group’s supervisory authorities for the purposes of European Data Protection Legislation, being the Federal Data Protection and Information Commisioner (FDPIC) in Switzerland (https://www.edoeb.admin.ch/edoeb/en/home.html) and the Information Commissioner’s Office (ICO) in the UK (https://ico.org.uk