From May 25th 2018, the General Data Protection Regulation (EU) 2016/679 is applicable to our Relation (hereafter the ‘GDPR’) Each party shall therefore be processing Personal Data for the performance of any agreement, service and or due diligence/compliance regulation with the following stipulations and rights as set out below.
1.1 We, Gold Grain Capital Limited (GGCL) (with 'we', 'our' or 'us' being interpreted accordingly), are committed to protecting your privacy and personal information. Personal information relating to you from which you can be identified that we collect or which you provide is called personal data ('Personal Data')
3. Our Legal Obligations regarding your data
We collect and process your Personal Data in accordance with applicable laws that regulate data protection and privacy. This includes, without limitation, the EU General Data Protection Regulation (2016/679) ('GDPR') and the UK Data Protection Act 2018 ('DPA') together with other applicable UK and EU laws that regulate the collection, processing and privacy of your Personal Data (together, 'Data Protection Law'). We are a 'data controller' on the basis that it is necessary for the performance of a contract to which the data subject is party as well as day to day correspondence in carrying out a service.
4. What Personal Data do we collect and use? The Personal Data about you that we collect and use includes the following your name, address, phone, email address and other contact details; your employer, job role and responsibilities; information regarding your use of our website (the 'Site'); copies of certified ID, proof of address, bank details, as well as any other Personal Data that you may provide to us from time to time as is necessary for a contract execution or by regulatory compliance requirements.
5. How your Personal Data is collected
5.1 We collect Personal Data about you in various ways as follows: (a) when you visit or submit information to our Site, provide client registration details, or complete other forms (including online forms) that we provide; (b) when you otherwise submit Personal Data to us in the course of your/your employer's contractual relationship with us; and (c) when you contact us with an enquiry, complaint or regarding an issue related to our services, and we keep a record of that correspondence.
5.2 In some cases, your Personal Data may be supplemented by information that we collect from public sources, including searches via search engines, sector-specific newsletters, public registers, social media and your employer's website, although this is used for the purpose of confirming your current professional position. We may also collect other Personal Data from third party service provider databases when conducting know your client ("KYC") due diligence checks.
6. Information about third parties Please ensure that any Personal Data you supply to us which relates to third party individuals is provided to us with their knowledge of our proposed use of their Personal Data as well as their rights under Data laws.
7. What we use your Personal Data for
We use the Personal Data we collect to: (a) identify your/you organisation's requirements, to deliver services and information, and to promote other services we provide which may be of interest to you, subject to applicable law; (b) contact you for your views on our services and to notify you occasionally about important changes or developments to the Site or to our services or to our terms of business; (c) deal with legal requirements and, in particular, satisfy our regulatory obligations to undertake suitable KYC checks; (d) to enforce and/or defend any of our legal claims or rights; and/or (e) for any other purpose required by applicable law, regulation, the order of any court or regulatory authority.
8. The lawful grounds on which we collect and process your Personal Data
We process your Personal Data for the above purposes relying on one or more of the following lawful grounds: (a) where you have freely provided your specific, informed and unambiguous consent for particular purposes; (b) where we agree to provide product(s) and/or services to you, in order to take any pre-contract steps at your request and/or to perform our contractual obligations to you; (c) where we need to use your Personal Data for legitimate purposes relevant to us being able to market provide and administer our financial services and products; to maintain business relationships in connection with these services and products, and to generally manage our business in that regard; and to keep records of our activities. We will always seek to pursue these legitimate interests in a way that does not unduly infringe on your other legal rights and freedoms and, in particular, your right of privacy; and/or (d) where we need to collect, process or hold your Personal Data to comply with a legal obligation.
9. Disclosing your Personal Data to third parties
9.1 We may need to disclose your Personal Data to certain third party organisations who are handling that data only on our behalf and in accordance with our instructions under contract (called 'data processors') e.g. companies and/or organisations that act as our service providers (e.g. IT suppliers or data hosting companies) or compliance umbrella companies and professional advisers.
9.2 We will ensure that, where relevant, contractual safeguards are implemented to protect your Personal Data when we disclose it to third party processors.
9.3 Other than as described above, we will treat your Personal Data as private and will not disclose your Personal Data to third parties without you knowing about it. The exceptions are in relation to legal proceedings or where we are legally required to do so and cannot tell you.
9.4 In all cases we always aim to ensure that your Personal Data is only used by third parties for lawful purposes and in compliance applicable Data Protection Law.
10. International Transfers
10.1 We are a United Kingdom based company and provide our products and services from UK offices.
10.2 The Personal Data that we collect from you is primarily processed in the UK although it may be transferred to and stored at a destination outside the European Economic Area (EEA). It may be accessed or processed on our behalf by staff operating outside the EEA or by a supplier with such staff (e.g. IT suppliers or data hosting companies), although in each case they will be acting under our instructions.
10.3 Some countries outside the EEA (for example, the United States) are not regarded as having the same legal standards for protection of Personal Data that apply inside the EEA. If we do transfer your Personal Data outside the EEA however, we will take appropriate steps to ensure that adequate measures are taken in accordance with Data Protection Law to safeguard and protect your Personal Data.
11. How long we retain your Personal Data for
11.1 The period for which we keep your Personal Data usually depends on the purpose(s) for which your information was collected.
11.2 We will not keep your Personal Data for longer than necessary for that/those purpose(s) or unless we need to keep data for a longer period to comply with legal requirement.
11.3 The criteria we use for determining our Personal Data retention periods are based on: (a) various legislative requirements (for example, duties to hold transaction details for tax/accounting purposes or KYC data in accordance with financial services regulation); (b) the purpose for which we collected that Personal Data and, where we have identified a continued legitimate need to hold that Personal Data, to serve such purpose; and (c) guidance issued by relevant regulatory authorities including, but not limited to, the UK Information Commissioner's Office (ICO) or the Financial Conduct Authority (FCA).
11.4 Personal Data we no longer need is securely disposed of and/or anonymised so you can no longer be identified from it.
12. Security that we use to protect Personal Data
12.1 We employ appropriate technical and organisational security measures to protect your Personal Data from being accessed by unauthorised persons and against unlawful processing, accidental loss, destruction and damage.
12.2 We also endeavour to take all reasonable steps to protect Personal Data from external threats such as malicious software or hacking. However, please be aware that there are always inherent risks in sending information by public networks or using public computers and we cannot 100% guarantee the security of all data sent to us (including Personal Data).
13.1 A cookie is a small text file which is stored on your computer, tablet or phone when you visit a website. These cookies allow us to distinguish you from other users of our Site. This helps us to provide you with a good experience when you browse our Site and also allows us to improve our Site.
13.2 We use traffic log cookies to identify which pages on our Site are being used. This helps us analyse data about web page traffic and improve our Site by tailoring it to customer needs. We only use this information for statistical analysis purposes.
13.3 Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. Please note however that this may prevent you from taking full advantage of our Site.
13.4 For information about cookies generally, please visit www.allaboutcookies.org.
15. Your personal data rights
15.1 In accordance with your legal rights under applicable law, you have a 'subject access request' right under which can request information about the Personal Data that we hold about you, what we use that Personal Data for and who it may be disclosed to, as well as certain other information. Usually we will have a month to respond to such as subject access request. We reserve the right to verify your identity if you make such a subject access request and we may, in case of complex requests, require a further two months to respond. We may also charge for administrative time in dealing with any manifestly unreasonable or excessive requests for access. We may also require further information to locate the specific information you seek before we can respond in full and may apply certain legal exemptions when responding to your request.
15.2 Under Data Protection Law you also have the following rights, which are exercisable by making a request to us in writing: (a) that we correct Personal Data that we hold about you which is inaccurate or incomplete; (b) that we erase your Personal Data without undue delay if we no longer need to hold or process it; (c) to object to any automated processing (if applicable) that we carry out in relation to your Personal Data, for example if we conduct any automated credit scoring; (d) to object to our use of your Personal Data for direct marketing; (e) to object and/or to restrict the use of your Personal Data for a purpose other than those set out above unless we have a legitimate reason for continuing to use it; or (f) that we transfer Personal Data to another party where the Personal Data has been collected with your consent or is being used to perform contact with you and is being carried out by automated means.
15.3 All of these requests may be forwarded on to a third party provider who is involved in the processing of your Personal Data on our behalf.
15.4 If you would like to exercise any of the rights set out above, please contact us at the address below.
15.5 If you make a request and are not satisfied with our response, or believe that we are illegally processing your Personal Data, you have the right to complain to the Information Commissioner's Office.
Gold Grain Capital Limited (FCA reference number: 734736) is an Appointed Representative of Sapia Partners LLP, which is authorised and regulated by the Financial Conduct Authority (reference number: 550103).