Privacy Notice for the website of Real Estate Credit Investments Limited (the "Company")
Privacy Notice
This Privacy Notice sets out how personal data is collected, processed and disclosed in connection with the Company and is issued by the Company as a data controller.
We take privacy and security of your information seriously and will only use such personal information as set out in this Privacy Notice and in ways that are reasonably ancillary to what is set out below.
As a result of your investment or proposed investment (or an investment or proposed investment made by a person firm or entity with which you have a connection) in the Company, your personal information will be provided if necessary to the Company and/or its agents, each of which may also act as an independent data controller. The Company and/or its agents, including Link Market Services (Guernsey) Limited (the "Registrar") and Cheyne Capital Management (UK) LLP (the "Investment Manager"), will process your personal information or such data in respect of your directors, officers, employees or beneficial owners.
As the Company and the Registrar are entities incorporated in Guernsey, they are obliged to comply with the provisions of the Guernsey DP Law. To the extent that data subjects are resident in the EEA, the Company and the Registrar will also be required to comply with the General Data Protection Regulation (EU 2016/679).
This Privacy Notice is issued by the Company. This Privacy Notice should be read in conjunction with the Company's main website terms and conditions, Privacy and Cookies Policy and any other relevant legal notices etc. issued by the Company and its agents.
2 Where we obtain your personal data:
2.1 We may collect various types of personal data about you, including:
2.1.1 Your identification information (which may include your name, ID card and passport numbers, nationality, place and date of birth, gender, photograph and/or IP address and personal data relating to claims, court cases and convictions, politically exposed person (“PEP”) status, personal data available in the public domain and such other information as may be necessary for us to collect in connection with your investment in the Company and to complete our customer due diligence ("CDD") process and discharge our obligations relating to anti-money laundering ("AML") and combatting the financing of terrorism ("CFT"));
2.1.2 Your tax status information (which may include your tax residency, tax identification numbers and/or tax status);
2.1.3 Your contact information (which may include postal address and e-mail address and your home and mobile telephone numbers);
2.1.4 Your family relationships (which may include your marital status, the identity of your spouse and the number of children that you have);
2.1.5 Your professional and employment information (which may include your level of education and professional qualifications, your employment, employer’s name and details of directorships and other offices which you may hold);
2.1.6 Financial information, sources of wealth and your assets (which may include details of your assets, sources of wealth, shareholdings and your beneficial interest in assets, your bank details and your credit history).
2.2 We may also collect and process personal data regarding people connected to you, either by way of professional (or other) association or by way of family relationship.
2.3 We may also collect, store and use the following "special category" of more sensitive personal information, including information about criminal convictions and offences. There are more limited bases for processing special category personal data. This is personal data which reveals or contains racial or ethnic origin, political opinions, religious and philosophical beliefs, trade union membership, genetic data, biometric data, health data, sex life and sexual orientation. We do not intend to actively collect special category data about you. Whilst the Company will use reasonable efforts to limit its holding of such data, please be aware that the Company may hold such data incidentally. For example, where:
(a) you volunteer special category data to the Company or one of its processors, such as if you send an email containing special category data;
(b) documents gathered for legal / regulatory purposes containing special category data, such as a passport copy which references ethnic origin or a due diligence search from public sources which includes special category data.
2.4 We primarily collect your personal data from the following sources:
2.4.1 from information which you or your authorised representative gives to us, including but not limited to:
(a) information set out in any subscription agreement with the Company; or
(b)such other forms and documents as we may request that are completed in relation to the administration/management of any investment in the Company;
(c) information gathered through client due diligence as part of our compliance with regulatory requirements; and
(d) any personal data provided by way of correspondence with us by phone, e-mail or otherwise;
2.4.2 we may receive your personal data from third party sources which may include:
(a) entities in which you or someone connected to you has an interest;
(b) your legal and/or financial advisors;
(c) other financial institutions who hold and your process your personal data;
(d) credit reference agencies and financial crime databases for the purposes of complying with our regulatory requirements; and
(e) information collected via website (including cookies and IP addresses) , emails (e.g. traffic headers for analysing patterns of network traffic and managing investor relationships).
2.5 We may also collect and process your personal data in the course of dealing with advisors, regulators, official authorities and service providers by whom you are employed or engaged or for whom you act in case this is necessary for the purposes set out below.
3 Why we collect your Personal data:
Lawful grounds for processing:
3.1 We are entitled to hold and process your personal data on the following lawful grounds:
3.1.1 the processing is necessary for the legitimate interests of the Company provided your interests and fundamental rights do not override those interests. Paragraphs 3.3.1 to 3.3.6 inclusive further explain the purposes of processing which may be carried out on the grounds of the legitimate interests of the Company;
3.1.2 where any investor or any potential investor is a natural person, the processing is necessary to comply with our respective contractual duties to you under the terms of your investment and all agreements supplemental thereto;
3.1.3 to comply with the legal and regulatory obligations of the Company;
3.1.4 (on exceptional occasions) where we have obtained your consent to processing your personal data for a specific purpose;
3.1.5 on rare occasions, where we need to protect your interests (or someone else's interests); and
3.1.6 on rare occasions, where it is needed in the public interest.
Some of the above grounds for processing described above will overlap and there may be several grounds which justify our use of your personal data.
Inaccurate or Amended Information
3.2 Please let us know if any of your personal data (including correspondence details) changes as soon as possible. Failure to provide accurate information or to update changed information may have a detrimental impact upon your investment including the processing of any related subscription to the Company. Failure to provide information where the same is required for anti-money laundering or other legal requirements means that the Company may not be able to accept you as an investor in the Company.
Purposes of processing
3.3 Pursuant to paragraph 3.1, the Company may process your personal data, for the purposes set out below (“Purposes”). Those based wholly or partly on our legitimate interests are set out in paragraphs 3.3.1 to 3.3.6 inclusive):
3.3.1 conducting credit reference checks;
3.3.2 communicating with you as necessary in connection with your affairs and generally in connection with your investment in the Company;
3.3.3 operating the Company's or its agents' IT systems, software and business applications;
3.3.4 supporting our IT and business applications support teams, accounting, legal, reporting, internal audit and risk management, administrative, transfer, document storage, record keeping and other related functions, including but not limited to processing personal data in connection with the Company;
3.3.5 monitoring and recording telephone and electronic communications and transactions:
(a) for quality, business analysis, training and related purposes in order to improve service delivery;
(b) for investigation and fraud prevention purposes, for crime detection, prevention, investigation and prosecution of any unlawful act (or omission to act); and
(c) to enforce or defend the Company's rights, or through third parties to whom we each may delegate such responsibilities or rights in order to comply with the legal or regulatory obligations imposed on each of us;
3.3.6 disclosing your personal data (including identity and interest in the Company to any bank, financial institution or other third party lender providing any form of facility, loan, finance or other form of credit or guarantee to the Company;
3.3.7 collecting, processing, transferring and storing “customer due diligence”, source of funds information and verification data under applicable anti-money laundering and terrorist financing laws and regulations;
3.3.8 facilitating the internal administration of the Company and each of its agents;
3.3.9 liaising with or reporting to any regulatory authority (including tax authorities) with whom the Company either is required to cooperate, report to or with whom it decides or deems appropriate to cooperate in relation to an investment, and which has jurisdiction over the Company or its investments notwithstanding that such processing may be undertaken by a party who is located in a third country without the same or similar data protection laws as Guernsey or any EU member state (a "Third Country without Adequacy").
3.4 We will only use your personal information for the purposes for which we collected it unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where these are required or permitted by law.
3.5 To the extent that such personal data contains special category data such as, for example: data relating to racial or ethnic origin, political opinion, religious or philosophical belief, trade union membership or criminal data then the processing of such data shall solely be for the purpose of complying with any duty imposed on the Company and/or its agents by an enactment including, but not limited to, legislation and regulatory obligations relating to Anti-Money Laundering and Combatting the Financing of Terrorism and all other related legislation.
3.6 We do not make decisions about you based on automated processing of your personal data.
4 Sharing personal data
4.1 The Company and its agents may share your personal data with group companies and third parties (including its administrator, the Registrar, the Investment Manager, any bookrunner or listing sponsor, banks, financial institutions or other third party lenders, IT service providers, auditors and legal professionals) under the terms of any appropriate delegation or contractual arrangement. Those authorised third parties will, in turn, process your personal data abroad and may have to disclose it to foreign authorities to help them in their fight against crime and terrorism.
4.2 Data processing (as described above) may be undertaken by any entity in the Bailiwick of Guernsey. However, such data processing may also be undertaken by an entity which is located outside the Bailiwick of Guernsey, the United Kingdom or the European Economic Area (the "EEA") in a third country without the same or similar data protection laws as the Bailiwick of Guernsey or any EU member state.
4.3 This means that not all of the countries to which we transfer your data are deemed to provide an adequate level of protection for your personal information. However, to ensure that your personal data does receive an adequate level of protection we or our agents have put in place the following appropriate measures to ensure that your personal information is treated by those third parties in a way that is consistent with and which respects the EU laws, the laws of the Bailiwick of Guernsey and the laws of the United Kingdom on data protection:
4.3.1 utilisation of standard contractual clauses (also known as EU Model Clauses) for data protection which have been approved and adopted by the European Commission and/or the Office of the Data Protection Authority; and/or
4.3.2 the use of another appropriate safeguard envisaged by Article 46 of (i) Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data andon the free movement of such data, and repealing Directive 95/46/EC (the "GDPR"), or (ii) the UK version of the GDPR, which is part of UK law by virtue of the European Union (Withdrawal) Act 2018, as amended (the "UK GDPR") (as applicable) being implemented.
4.4 In limited circumstances, applicable law may permit us to otherwise transfer your personal information outside the UK or the EEA.
4.5 If you would like further information about the safeguards we have in place to protect your personal information, please contact Richard.lang@cheynecapital.com.
5 Retention of personal data
5.1 Your personal data will be retained for or as long as required, which may be up to 13 years from the date that your shareholding becomes a nil share balance and no outstanding cash balance is held in your name by the Registrar:
5.1.1 for the Company and/or any authorised third parties to carry out the Purposes); and/or
5.1.2 in order to establish or defend legal rights or obligations or to satisfy any reporting or accounting obligations;
5.1.3 as required by the data protection laws and any other applicable laws or regulatory requirements.
5.2 We endeavour to store your personal data securely on the Registrar's or other service providers' computer systems and/or manually in accordance with accepted market standards.
5.3 Whilst we have taken every reasonable care to ensure the implementation of appropriate technical and security measures, we cannot guarantee the security of your personal data over the internet, via email or via our websites nor do we accept, to the fullest extent permitted by law, any liability for any errors in data transmission, machine, software or operating error or any other cause.
6 Access and control of personal data
6.1 You have, under certain circumstances, the following rights in respect of personal data:
6.1.1 a right to access and port personal data;
6.1.2 a right to rectify personal data;
6.1.3 a right to restrict the use of personal data;
6.1.4 a right to request that personal data is erased; and
6.1.5 a right to object to processing of personal data.
6.2 You also have the right to lodge a complaint about the processing of your personal information either with us, or with:
6.2.1 The Office of the Data Protection Authority in Guernsey (www.odpa.gg);
6.2.2 the Information Commissioner's Office in the UK (www.ico.org.uk); or
6.2.3 if you are an EU data subject, the supervisory authority in the EU member state of your residence.
7 Right to withdraw consent
In limited circumstances we may approach you for your written consent to allow us to process certain particularly sensitive data or to use data for another purpose. Where you may have provided your consent to the collection, processing and transfer of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact Richard.lang@cheynecapital.com. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
8 Communications and Media
People who email us
We use software to encrypt and protect email traffic. If your email service does not support this software, you should be aware that any emails we send or receive may not be protected in transit. Please contact us for further detail should you require it.
We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.
Visitors to our website
We are committed to protecting and respecting your privacy on-line. We are aware of the concern which exists over the use of personal information provided over the internet and therefore, we do not collect personal data through our website.
We do not control and are not responsible for the privacy policy of any website or organisation to which our website provides links. By including references, hyperlinks or other connections to such third party websites, we do not imply any endorsement of them or any association with their owners or operators.
Google Analytics
The Company's website uses Google Analytics to help analyse how users use the site. The tool uses "cookies", which are text files placed on your computer, to collect standard Internet log information and visitor behaviour information in an anonymous form. The information generated by the cookie about your use of the website (including IP address) is transmitted to Google. This information is then used to evaluate visitors' use of the website and to compile statistical reports on website activity for the Company.
We will never (and will not allow any third party to) use the statistical analytics tool to track or to collect any Personally Identifiable Information ("PII") of visitors to our site. Google will not associate your IP address with any other data held by Google. Neither we nor Google will link, or seek to link, an IP address with the identity of a computer user. We will not associate any data gathered from this site with any PII from any source, unless you explicitly submit that information via a fill-in form on our website.
9 How to contact us:
If you have any questions about our use of your personal data, our retention procedures or our security processes, please contact Richard.lang@cheynecapital.com.
10 Changes to this Policy
This Privacy Notice is dated 28th January 2021.
We reserve the right to amend this Privacy Notice at any time without notice, in which case the date of the Privacy Notice will be revised.