PURPOSES OF PROCESSING AND LEGAL BASIS FOR PROCESSING
When managing and administrating an investor’s holdings in any relevant fund, CREDERE or its Data Processors may process an investor’s personal data to carry out anti-money laundering (‘AML’) checks and related actions which CREDERE considers appropriate to meet any legal obligations imposed on CREDERE relating to the prevention of fraud, money laundering, terrorist financing, bribery, corruption, tax evasion and to prevent the provision of financial and other services to persons who may be subject to economic or trade sanctions.
CREDERE or its Data Processors may monitor and record calls and electronic communications for investigation and fraud prevention purposes, for crime detection, prevention, investigation and prosecution, and to enforce or defend CREDERE and its Data Processors’ rights, itself or through third parties to whom it delegates such responsibilities or rights in order to comply with a legal obligation imposed on CREDERE and to assist with investigations, complaints, regulatory requests, litigation, arbitration, mediation or to pursue any other legitimate interests for which CREDERE or its Data Processors may be entitled.
RECIPIENTS OF DATA AND INTERNATIONAL TRANSFER OF DATA
During processing personal data about the investor and (if applicable) its directors, officers, employees and beneficial owners to carry out money laundering and identity checks and comply with legal obligations, CREDERE or its Data Processors may disclose the personal data to:
· credit reference agencies and other third party information providers; and
· competent authorities (including tax authorities), courts and bodies as required by law or requested or to affiliates for internal investigations and reporting.
The disclosure of personal data to the affiliates and other third parties set out above may involve the transfer of data to jurisdictions outside the European Economic Area (‘EEA’). Such countries may not have the same data protection laws as the EEA.
CREDERE will retain investors’ personal data for as long as is required for the purposes for which the data was collected, depending on the legal basis for which that data was obtained and/or whether additional legal/regulatory obligations mandate that CREDERE retains the personal data.
DATA SUBJECT RIGHTS
To the extent provided by the General Data Protection Regulation (‘GDPR’) or any successor provision that is substantively comparable thereto, each individual has the right to request:
· Access to their personal data.
· Rectification or erasure of their personal data.
· Restriction of the use of their personal data.
· Objection to the processing of their personal data.
· Data portability (in certain specific circumstances).
Where CREDERE requires the personal data of the investor and (if applicable) its directors, officers, employees and beneficial owners to comply with AML or other legal requirements, failure to provide this information means the investor may not be able to invest in the fund.
If the investor considers that CREDERE or its Data Processors have processed personal data in violation of the GDPR and failed to remedy such violation to the investor’s reasonable satisfaction, the investor may lodge a complaint with the Information Commissioner’s Office at www.ico.org.uk.
HOW TO CONTACT US
If the investor has any questions about CREDERE’s use of personal data, please contact firstname.lastname@example.org.