Who is the Data Controller?
If you are resident in the EEA or the UK, or residing elsewhere, the controller is CdR Capital Ltd (‘CdR UK’) of 11 Charles II St, St. James’s, London SW1Y 4QU. CdR Capital Ltd is authorised and regulated by the Financial Conduct Authority (‘FCA’) and registered in the United States of America (‘USA’) by the Commodity Futures Trading Commission (‘CFTC’) and the National Futures Association (“NFA”). CdR UK is also an Exempt Reporting Adviser (‘ERA’) to the U.S. Securities and Exchange Commission (‘SEC’).
If you are resident in Switzerland, the controller is CdR Capital S.A. of 6 Cours de Rive, 1204 Geneva Switzerland (‘CdR Switzerland’).
If you are resident in the United Arab Emirates (‘UAE’), the controller is CdR Capital Limited of 617 Index Tower, The DIFC, Dubai, UAE (‘CdR Dubai’).
We use ‘CdR’, ‘us’, ‘we’ and ‘our’ to refer to your controllers as identified above.
Collection of Information
Information may be collected from you in the course of your use of a CdR website and/or in any communication between you and CdR personnel. If you are a CdR client, prospective client or a fund manager we may also collect information about you from company and trade registers, and other publicly available sources.
The kinds of personal data we may collect include your contact details (such as your work address, email address and telephone number) and information such as your job title. In addition, we collect the personal data you choose to provide to us, e.g. if you contact us by letter, telephone, email or any other means of electronic or personal communication.
Uses of Personal Data
CdR may use your personal data for any of the following purposes:
- In the course of carrying out client due diligence and achieving a sufficient knowledge and understanding of a prospect or client and its business, management and employees.
- In the course of carrying out fund manager due diligence and achieving a sufficient knowledge and understanding of a fund manager and its business, management and employees.
- To provide investment advisory, due diligence and risk advisory services to its clients.
- To prevent fraud.
- In order to ensure the legitimacy of all requests for further information from CdR.
To check the identity of prospects and new clients and to prevent money laundering.
- To disclose it to its service providers, professional advisers and agents, where necessary.
- If you have registered for this purpose, to review whether you are a suitable candidate for any job opportunities within CdR.
- Occasionally, to trace debtors.
- To record and monitor for internal CdR purposes your use of CdR websites.
- For internal administrative or training purposes.
- To comply with legal requirements, as applicable (e.g., responding to subpoenas, court orders).
- To comply with regulatory requirements.
- For updating our records and databases (such as a Client Relationship Management System ‘CRM’).
- For responding to your queries, or informing you of new developments at CdR, including news, thought-pieces or blogs.
We will process your personal data for our legitimate business interests and if and to the extent applicable law provides a legal basis for us to do so. The legal basis we use will be one of:
- Necessary to comply with a legal obligation, for example to carry out anti-money laundering checks, reporting to regulators and investors.
- Necessary to perform a contract we have entered into with you, or in order to take steps at your request prior to entering into a contract.
- Necessary for our (or a third party’s) legitimate interest, which is not overridden by your interests or fundamental rights and freedoms. Such legitimate interests include the providing of services by us, administrative or operational processes, and direct marketing; or
- Your consent.
Please note that we may use or disclose personal data if we are required by law to do so, or if we reasonably believe that use or disclosure is necessary to protect our rights and/or to comply with judicial or regulatory proceedings, a court order or other legal process.
Sensitive Personal Data
Given the nature of our services, we do not collect ‘special categories of personal data’, which is defined as ‘personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation’. We may collect personal data relating to criminal convictions and offences, particularly for fulfilling our legal obligations regarding anti-money laundering; or checks regarding employment and recruitment matters.
To the extent that we have a business need to collect any of the above sensitive personal data for the purposes set out above, and are permitted to do so by local laws, we will identify the appropriate legal basis for that processing and identify you beforehand.
Disclosure of Data
If CdR appoint third parties to host, maintain, manage, or to provide other services in relation to data then your personal data may be accessed and used by these third parties to the extent necessary to fulfil their hosting, maintenance, managerial, and/or other functions. We may also disclose your personal data to the extent necessary if we enter into negotiations for a merger or acquisition. Where we do so, we will ensure that there is a written contract in place with appropriate safeguards for your personal data, including security measures and restrictions on the use of such data.
Due to the international nature of CdR’s business, personal data may be transferred internationally throughout CdR’s offices. CdR operates as a global business and may have a business need to transfer your personal data to countries outside of the UAE, UK, Switzerland or EEA, which do not provide the same level of data protection as the UAE, UK, Switzerland and EEA. Where we do so, we will ensure that appropriate safeguards are in place to protect your personal data.
How We Protect Your Personal Information
We have implemented appropriate technical and organisational measure to protect your personal data in accordance with applicable law. We take all reasonable steps to make sure your data is accurate, and to protect it from unauthorised access and against unlawful processing, accidental loss and damage.
We retain your personal data for any minimum retention period set out in applicable law and by regulatory requirements; and for any further period necessary for the specified purpose, and subject to any legal hold, in which case a new retention period will apply for the duration of that legal hold. This is also subject to any earlier valid and accepted exercise of your data subject rights.
Your Rights in Relation to Your Information
You have rights as an individual which you can exercise under certain circumstances in relation to your personal data that we hold. These rights are to:
- request access to your personal data (commonly known as a “data subject access request”) and request certain information in relation to its processing;
- request rectification of your personal data;
- request the erasure of your personal data;
- request the restriction of processing of your personal data;
- request the porting of certain of your personal data to another person;
- where processing is based on your consent, to withdraw that consent; and
- object to the processing of your personal data.
You also have the right to object to the use of your personal data for direct marketing at any time.
If you want to exercise one of these rights, please contact us at email@example.com.
You also have the right to make a complaint at any time to the relevant data protection regulator.
In the UK to the Information Commissioner’s Office (‘ICO’) is the UK supervisory authority for data protection issues.
In Dubai you can contact the Commissioner, who is the individual appointed by the President of the DIFC and responsible for administering and ensuring compliance with the applicable data protection law.
In Switzerland you can contact either the Federal Data Protection and Information Commissioner (‘FDPIC’) or the Cantonal Data Protection and Transparency Officer (“PPDT”)
Amendments and Queries