Data Protection Notice
Last updated June 2020
At Apex we take data privacy seriously and that with Data Protection Laws, individuals have more transparency and stronger rights regarding their Personal Data in turn giving you more control over how organisations use and manage your data.
This Data Protection Notice explains what personal data is collected, the purposes for which it is used, the third parties to whom it may be disclosed and the data protection rights of individuals (“Data Subjects”). “Data Protection Laws” includes the GDPR and any applicable laws regarding the processing, privacy and use of Personal Data as applicable to Clients and Apex, including but not limited to the laws and regulations of Bermuda and the Cayman Islands.
Apex Group Ltd., its affiliates and subsidiaries (“Apex”) as well as our service providers, may collect and use your Personal Data for our legitimate business purposes.
WHAT DOES THIS MEAN TO YOU?
Data Protection Laws provide you with more transparency regarding your personal data. It strengthens your rights, giving you improved access to your data and the right to review and, in certain circumstances, edit or delete the information that organisations store about you.
We will continue to look after your data as we always have and this notice provides you an overview of how we hold and how we use your data.
Why Apex collects data?
We collect data for legitimate business purposes which includes:
- to validate authorised signatories for processing agreements and transactions;
- to contact nominated individuals in connection with transactions and contractual agreements;
- to respond to enquiries and fulfill requests from you/our clients, service providers and/or relevant third parties who may require information for providing services and to administer account(s) and manage our relationships;
- to verify an individual’s identity and/or location (or the identity or location of our client’s or service provider’s representative or agent) in order to allow access to relevant client accounts or conduct online transactions;
- to protect the security of accounts and Personal Data;
- for risk management/audit, compliance with our legal and regulatory obligations and for fraud detection, prevention and investigation, including “know your customer”, anti-money laundering, conflict and other necessary onboarding and ongoing client checks, due diligence and verification requirements, credit checks, credit risk analysis, compliance with sanctions procedures or rules, and tax reporting;
- for client research and management, and to improve the quality of services;
- to provide, and perform our obligations with respect to the services provided or otherwise in connection with fulfilling instructions; and
- to comply with applicable law including treaties or agreements with or between foreign or domestic governments (including in relation to tax reporting laws), (which may include laws outside the country you are located in), to respond to requests from public and government authorities (which may include authorities outside your country), to cooperate with law enforcement, governmental, regulatory, securities exchange or other similar agencies.
What personal information Apex collects?
The kinds of personal information that Apex may collect and process includes (but is not limited to):
- contact details, including name, address, email addresses and telephone numbers;
- information required by Apex to meet legal and regulatory requirements in respect of anti-money laundering legislation, including personal details such as gender, date of birth, passport number(s), other government issued number(s), nationality, images of passports and driving licences, signatures, occupation, source of funds and source of wealth, criminal records;
- information required by Apex to meet legal and regulatory requirements relating to the automatic exchange of tax information (e.g. US FATCA and OECD CRS), including details of tax residency, tax classification and tax identification numbers;
- financial information, including billing address, bank account numbers, instruction records, transaction details, counterparty details, and specimen signatures;
- details of meetings and telephone calls with our offices and employees; and
- any other information you may provide to us or might be provided to us by our clients, third parties etc.
Disclosure and Sharing of Data
Personal Data may be disclosed to third parties in connection with the services we are providing. The recipients of such information will depend on the services that are being agreed and provided.
Subject to any restrictions around confidentiality such disclosures may include disclosures:
- to affiliates and subsidiaries of Apex for the purposes described in this Data Protection Notice;
- to our third party service providers (including those outside of the European Economic Area “EEA”) who provide services such as website hosting, data analysis, client research, payment processing, order fulfillment, information technology and related infrastructure provision, customer service, email delivery, auditing and other services;
- to third party experts and advisers (including external legal counsel, notaries, auditors and tax advisers);
- to payment, banking and communication infrastructure providers including SWIFT, financial institutions or intermediaries with which we may have dealings (including correspondent banks), insurers/insurance brokers, central counterparties, clearing houses, clearing and settlement systems, exchanges, trading platforms, regulated markets, credit institutions and other service providers assisting on transactions;
- to third party storage providers (including archive service providers, document repositories and including those outside the EEA) and trade data repositories;
- to third party distribution platforms and to operators of private or common carrier communications or transmission facilities, time sharing suppliers and mail or courier services;
- to other deal/transaction participants including issuers, borrowers, advisers, translation service providers and within prospectuses and marketing materials;
- to counterparties, vendors and beneficiaries, and other entities connected with our clients;
- to other persons as agreed with a client or as required or expressly permitted by applicable law;
- to central banks, regulators, trade data repositories, or approved reporting mechanisms which may be outside your country or outside the EEA;
- to courts, litigation counterparties and others, pursuant to subpoena or other court order or process or otherwise as reasonably necessary, including in the context of litigation, arbitration and similar proceedings to enforce our terms and conditions, and as reasonably necessary to prepare for or conduct any litigation, arbitration and/or similar proceedings.
Disclosures of Personal Data which we make to our third party service providers, as described in this section, will be made subject to conditions of confidentiality and security as we may consider appropriate to the specific circumstances of each such disclosure.
- “Other Information” is any information that does not reveal a person’s specific identity or does not directly relate to an identifiable individual such as browser and device information, app usage data and information collected through cookies, pixel tags and other technologies including demographic information and survey responses revealing views and preferences.
- Uses and disclosures of Other Information may be done by us for any purpose, except where we are required to do otherwise under applicable law. In some instances, we may combine Other Information with Personal Data. If we do, we will treat the combined information as Personal Data as long as it is combined.
Data Subject Rights
Apex is a data controller within the meaning of the Data Protection Legislation.
You have the following rights, in certain circumstances, in relation to your personal information:
- the right to access your personal information;
- the right to amend and rectify any inaccuracies in your personal information;
- the right to restrict the use of your personal information;
- the right to request that your personal information is erased;
- the right to object to the processing of your personal information;
- the right to data portability.
Accessing, amending or deletion of personal data
If you would like to request to review, correct, amend, restrict or delete Personal Data that you have previously provided to us, or if you would like to request to receive an electronic copy of your Personal Data for the purposes of transmitting it to another company (to the extent this right to data portability is provided to you by applicable law), you may contact us using our email address [email protected] or proceed to the DSAR Form.
We will retain Personal Data for as long as needed or permitted in light of the purpose(s) for which it was obtained. The criteria used to determine our retention periods include: (i) the length of time we have an ongoing relationship with our client and provide the Services; (ii) whether there is a legal obligation to which we are subject; and (iii) whether retention is advisable in light of our legal position.
Jurisdiction and cross-border transfer
Personal Data may be stored and processed in any country where we have facilities or in which we engage service providers. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access Personal Data.
The disclosure of personal information to the affiliates and other third parties set out above may involve the transfer of data to the USA and other jurisdictions outside the European Economic Area (EEA). Such countries may not have the same data protection laws as your jurisdiction. Apex have put in place the Standard Contractual Clauses approved by the European Union Commission for such transfers of personal data.
Recording of communications
When individuals communicate with Apex,, telephone conversations and electronic communications, including emails, text messages and instant messages, may be recorded and/or monitored for evidentiary, compliance, quality assurance and governance purposes or as required by any applicable law.
Apex may change this Data Protection Notice from time to time.