Personal Data That FundBank Collects
FundBank collects and processes certain personal data relating to individuals associated with our institutional clients, which may include clients’ directors, authorized signatories, shareholders, beneficial owners, employees, representatives, agents, and professional advisers (“client data subjects”).
The types of personal data FundBank collects about client data subjects may include:
- identification details (e.g., relationship to the client; name, address; date and place of birth; nationality; passport information; picture ID; signature; utility bill) ·
- other due diligence information such as source of funds/wealth/financial standing; tax identification number; PEP status; information about regulatory, law enforcement, or sanctions status
- contact details (e.g., phone number, email address, mobile number, physical and mailing address)
- transactional details, where there is direct data subject involvement (e.g., wire transfer/bank account details)
Some of the information FundBank collects may fall within the category of sensitive personal data — for example, customer due diligence checks on client data subjects may reveal political opinions or information about criminal convictions or offenses. Where FundBank processes sensitive personal data, it will usually do so to comply with its obligations under anti-money laundering legislation. In all cases, such processing will comply with the additional lawful basis requirements under the DPA.
The Purposes for Which FundBank Processes Personal Data
Set out below are the purposes for which FundBank may process personal data in the context of our client relationships and the lawful basis for doing so:
- to deliver our products and services to clients
- to manage and administer our client relationships
- to comply with customer due diligence obligations and reporting obligations under applicable law regarding anti-money laundering and combatting the financing of terrorism and proliferation; financial sanctions; and FATCA/CRS ·
- to comply with legal and regulatory measures to which we are subject in connection with our business/ service provision, including in particular the conduct of the licensed activity of banking and trust business
- to respond to lawful requests for information from the court or law enforcement, regulatory or government authorities · for general commercial purposes, including marketing/business development (see further below), product/service development and enhancement, quality control; in the context of any merger, sale, or acquisition involving FundBank; and other business purposes
- to respond to or evaluate any queries or complaints concerning your relationship with us
- to establish, exercise, or defend legal claims or rights.
By way of marketing/business development, we may communicate with clients/client data subjects from time to time about products, services, and events offered by FundBank and/or send analysis and insight communications that we think may be of interest. Individuals can opt-out at any time to the receipt of such communications.
FundBank will only process personal data if we have a lawful basis for doing so under the DPA. The lawful bases we primarily rely upon are:
- that it is necessary to comply with our legal obligations
- that it is necessary for our legitimate interests
- that it is necessary to the exercise of a function in the public interest conferred under law (in the case of the processing of sensitive personal data of client data subjects).
Our legitimate interests will include operating our business in a commercially optimal and sound manner; marketing of our products/services; implementation of regulatory measures to which we are subject concerning, for example, IT/data security and business continuity/disaster recovery; establishing, exercising or defending legal claims or rights or dealing with complaints or disputes that may arise; conducting merger, sale or acquisition activity. When FundBank processes personal data to meet its legitimate interests, we ensure that those interests are balanced against the interests or fundamental rights and freedoms of data subjects.
With Whom FundBank May Share Personal Data
- our service providers (including specialist database/screening services), counterparties, and professional advisors
- our outsource service providers where involved in processing personal data on our behalf (i.e., acts as data processor), e.g., our IT service provider · Cayman Islands regulatory, law enforcement, judicial or other competent authorities, under lawful request or legal obligation
- FundBank affiliates or members of our corporate group, including internal service companies and companies with which our clients have a direct customer relationship
- any concerned party as a result of a merger or the sale or acquisition of FundBank or a FundBank service line
Where we engage a third party to process personal data on our behalf, we will ensure a written agreement is in place with contractual terms that provide for appropriate data protection and confidentiality. Similarly, if we transfer personal data outside of the Cayman Islands, e.g., to a FundBank affiliate or in connection with our IT services outsourcing, we will ensure that DPA provisions are observed concerning any such transfers so that an adequate and appropriate level of data protection is achieved.
Retention of Personal Data
FundBank will retain personal data on client data subjects for the duration of your client relationship with FundBank and such period after the relationship ends as is necessary to comply with applicable record retention requirements under the law (e.g., AML legislation) or to enable FundBank to be in a position to deal with any complaint, claim or dispute that might arise.
FundBank deploys reasonable and appropriate technical and organizational measures to ensure that personal data is properly protected against unauthorized or unlawful processing and accidental loss, destruction, or damage. Our measures include ensuring that any data processor we use to process personal data on our behalf is contractually required to keep that personal data equally confidential and secure.
Data Subject Rights
In addition to the right to be informed, to which this privacy notice responds, data subjects have the following rights, which may be restricted in certain circumstances as provided under the DPA:
- the right to access your personal data
- the right to rectification
- the right to stop or restrict processing
- the right to stop direct marketing
- rights concerning automated decision-making ·
- the right to file a complaint with the Ombudsman if you consider that your personal data has not been processed in compliance with the DPA
- the right to seek compensation for damage suffered as a result of a contravention of the DPA by a data controller
How to Contact FundBank
If you have any questions about this privacy notice or how to make a subject access request or exercise other data subject rights, please contact us at firstname.lastname@example.org.
How to Contact The Ombudsman
FundBank is committed to working with individuals to obtain a fair resolution of any complaint or concern about privacy. If individuals believe that FundBank has not been able to assist with their complaint or concern, they have the right to make a complaint to the Cayman Islands Ombudsman, who is the data protection authority. The Ombudsman may be contacted at:
Visit: 5th Floor, Anderson Square, 64 Shedden Road, George Town, Grand Cayman
Mail: PO Box 2252, Grand Cayman KY1-1107, CAYMAN ISLANDS
Email: email@example.com Call: +1 345 946 6283
The Ombudsman provides a complaint form that may be accessed from www.Ombudsman.ky/data-protection
Changes to This Privacy Notice
We reserve the right to modify this privacy notice from time to time at our sole discretion. If we make any material changes, we will post a notice on our website and update the “Last Updated” date at the bottom of this privacy notice. A copy of the latest version may be requested from firstname.lastname@example.org at any time.
Last Updated: April 2021