This Privacy Notice (effective from 25 May 2018) explains how particular companies in the Vistra Group collect, use and disclose your personal data, and your rights in relation to the personal data it holds.
Canyon Corporate and Trust Solutions Limited or Canyon Financial Services Limited or Canyon Corporate Secretaries Limited (in this Privacy Notice, “us”, “we” and “our”) are corporate and trust service providers authorised by the Irish Department of Justice and Equality and are subject to the EU General Data Protection Regulation 2016/679 (“GDPR”) and any locally applicable data protection laws in Ireland. Typically, we will be a data processor acting on the instructions of our clients but in some circumstances, we may be a data controller (for example when we are carrying out anti-money laundering checks as part of our legal obligations or maintaining a database of our key contacts).
Under the GDPR you have the following rights:
- To obtain access to, and copies of, the personal data that we hold about you;
- To require that we cease processing your personal data if the processing is causing you damage or distress;
- To require us not to send you marketing communications;
- To require us to erase your personal data;
- To require us to restrict our data processing activities;
- To receive from us the personal data we hold about you which you have provided to us, in a reasonable format specified by you, including for the purpose of you transmitting that personal data to another data controller;
- To require us to correct the personal data we hold about you if it is incorrect.
Please note that the above rights are not absolute, and we may be entitled to refuse requests where exceptions apply.
You can find out more about your rights at the Office of the Data Protection Commissioner, the local regulatory authority here.
If you have any questions about how we use your personal data, or you wish to exercise any of the rights set out above, please contact us using the following:
By post – Attn: Data Protection Officer, Canyon Corporate and Trust Solutions Limited, Atlantic Avenue, Westpark Business Campus, Shannon, Co. Clare, Ireland
By email – [email protected]
By telephone – +353 (0) 61 363824
If you are not satisfied with how we are processing your personal data, you can make a complaint to the Office of the Data Protection Commissioner at [email protected] or here.
HOW WE COLLECT YOUR DATA
We collect your personal data in a number of ways, for example:
- From information provided directly to us from (prospective) clients, business partners and intermediaries for the purposes of entering into a services contract and/or to meet certain legal requirements such as anti-money laundering requirements. By way of example, this would include the responses supplied to us when our client onboarding forms and questionnaire are completed and any follow up queries addressed;
- From information obtained from publicly available sources such as the internet, filings on stock exchanges, commercial or company registers such as the Companies Registration Office in Ireland and similar public sources;
- From information received from clients, third parties as part of the service we provide to you or in connection with a legal requirement that applies to us such as anti-money laundering requirements. By way of example, this might apply where information is requested or obtained from you or your agent, adviser or intermediary because you are a director, shareholder or possible beneficial owner of a company connected to a (prospective) client of ours. It might also include where information is received from other companies in the Vistra Group (of which we form a part) when there is some involvement with that other Vistra office or where they hold anti-money laundering or background information on you; and/or
- From information received when you communicate with us by telephone, fax, email or other forms of electronic communication. In this respect, we may monitor, record and store any such communication.
THE CATEGORIES OF PERSONAL DATA WE COLLECT
We collect the following categories of personal data about you where relevant:
- For compliance with anti-money laundering or similar legislation with which we are obligated to comply: your name and contact information such as your home or business address, your source of wealth and financial situation such as income and expenditure, biographical information which may confirm your identity including your date of birth, tax identification number and your passport number or national identity card details, country of domicile and/or your nationality, details of your background such as your experience in the investment field and where relevant, information about your family or education or employment or other personal circumstances;
- For carrying out our services under a contract such as company secretarial services or financial accounting and reporting or other annual compliance services such as CRS/FATCA filings and similar: such information as is reasonably required to be collected which may include but is not limited to your name and contact information such as your home or business address, email address and telephone number and biographical information to confirm your identity including your date of birth, tax identification number and your passport number or national identity card details, country of domicile and/or your nationality; and/or
- For marketing to you (see the separate section on Marketing below), your name, job title, business address, telephone and/or email address.
THE BASIS FOR PROCESSING YOUR PERSONAL DATA (OTHER THAN WITH YOUR CONSENT), HOW WE USE THAT PERSONAL DATA AND WHOM WE SHARE IT WITH
- Performance of a contract with you
We process your personal data because it is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract.
In this respect, we use your personal data to provide you with the services as set out in our terms of service with you or as otherwise agreed with you from time to time, to prepare a proposal for you regarding the services we offer, to deal with any complaints or feedback you may have or any other purpose for which you provide us with your personal data.
In this respect, we may share your personal data with or transfer it to the following:
- Your agents, advisers, intermediaries, and custodians of your assets who you tell us about;
- Financial institutions or the Irish Companies Registration Office or the Irish Revenue Commissioners and/or third-party professionals where this is required or requested as part of the services performed under a contract (for example when opening a bank account or performing company secretarial services or making annual filings, in each case on behalf of a client entity);
- Other third parties whom we engage to assist in delivering the services to you, including other companies in the Vistra Group or our professional advisers where it is necessary for us to obtain their advice or assistance, including lawyers, accountants, IT or public relations advisers;
- Other third parties such as intermediaries who we introduce to you. We will wherever possible tell you who they are before we introduce you; and/or
- Our data storage providers.
- Legitimate interests
We also process your personal data because it is necessary for our legitimate interests, or sometimes where it is necessary for the legitimate interests of another person. In this respect, we use your personal data for the following:
- For marketing to you. In this respect, see the separate section on Marketing below;
- Training our staff or monitoring their performance;
- For the administration and management of our business, including recovering money you owe to us, and archiving or statistical analysis; and/or
- Seeking advice on our rights and obligations, such as where we require our own legal advice.
In this respect we will share your personal data with our advisers or agents where it is necessary for us to obtain their advice or assistance or with third parties and their advisers where those third parties are acquiring, or considering acquiring, all or part of our business.
- Legal obligations
We also process your personal data for our compliance with a legal obligation which we are under. In this respect, we will use your personal data to meet our compliance and regulatory obligations, such as compliance with anti-money laundering laws and/or as required by tax authorities or any competent court or legal authority.
In this respect, we will share your personal data with the following:
- Our advisers where it is necessary for us to obtain their advice or assistance;
- Our auditors where it is necessary as part of their auditing functions;
- With third parties who assist us in conducting background checks; and/or
- With relevant regulators or law enforcement agencies where we are required to do so.
For certain individuals who we may wish to contact, we keep your contact details (limited to name, job title, business address, telephone and email address) in a secure contacts database and we may send you marketing about similar services we provide, as well as other information in the form of alerts, newsletters and invitations to events or functions which we believe might be of interest to you. We may communicate this to you in a number of ways including by post, telephone, email, SMS or other digital channels.
If you object to receiving marketing from us at any time, please contact us using the contact details provided above.
TRANSFER AND PROCESSING OF YOUR PERSONAL DATA OUTSIDE THE EUROPEAN UNION
When sharing your personal data with third parties as set out in this Privacy Notice, it may be transferred outside the European Union. In these circumstances, your personal data will only be transferred on one of the following bases:
- the country that we send the personal data to is approved by the European Commission as providing an adequate level of protection for personal data;
- the transfer is to a recipient in the United States of America who has registered under the EU/US Privacy Shield;
- the recipient has entered into European Commission standard contractual clauses with us; or
- you have explicitly consented to the same.
To find out more about transfers by us of your personal data outside the European Union and the countries concerned please contact us using the details provided above.
RETENTION OF YOUR DATA
We will only retain your personal data for as long as we have a lawful reason to do so. In particular, where we have collected your personal data as required by anti-money laundering legislation, including for identification, screening and reporting, we will retain that personal data for six years after the termination of our relationship, unless we are required to retain this information by another law or for the purposes of court proceedings; or otherwise we will in most cases retain your relevant personal data for a period of seven years after the termination of our contractual or other relationship with you.