Personal Information Collection Statement
MCP Asset Management Company Limited (the “Company”)
The Company is committed to respecting your privacy in relation to the personal data we collect from you in the course of operating our business and our website and to complying with the Personal Data (Privacy) Ordinance (Cap 486) and other applicable data protection law, including in relation to our hedge funds business only (the “Hedge Funds Business”) the European Union’s General Data Protection Regulation (2016/679) (“GDPR”) and any statutory instrument, order, rule or regulation made thereunder, as from time to time amended, extended, re-enacted or consolidated (the “Data Protection Legislation”).
The purpose of this document is to provide you with information on the collection, use and disclosure of your personal data by the Company and your rights with respect to those personal data. In this document, “we”, “us” and “our” refer to the Company and its affiliates and delegates.
In relation to the Hedge Funds Business, the Company is a data controller for the purposes of the GDPR and more generally, the Company is responsible for ensuring that it uses your personal data in compliance with the Data Protection Legislation.
This document applies to you if (i) you are an applicant for shares in any fund or financial product offered to you through the Company’s products or services (ii) your personal data has been provided to us in connection with an application for shares in any fund or financial product offered to you through the Company’s products or services (such as where you are a director, partner, trustee, agent or direct or indirect owner of an applicant) or (iii) the Company otherwise uses your personal data in connection with the offering of its products or services.
Your Personal Data
The Company might process the following personal data about you:
- Information provided to the Company by you:
This might include your name and address (including proofs of name and address), contact details, date of birth, gender, nationality, photograph, signature, copies of identity documents, occupational history, job title, income, assets, other financial information, bank details, investment history, tax residency and tax identification information. Such information might be provided in an application form or in other documents (as part of an application process or at other times), face-to-face, by telephone, by email or otherwise.
- Information that the Company collects or generates:
This might include information relating to your (or an applicant’s) investment in the funds managed by the Company, emails (and related data), call recordings and website usage data.
- Information that the Company obtains from other sources:
This might include information obtained for the purpose of the Company’s know-your-client procedures (which include (without limitation) anti-money laundering procedures, counterterrorist financing procedures, politically-exposed-person checks, and sanctions checks), information from government or public bodies, public websites and other public sources and information received from your advisers, from intermediaries or from our marketing and events partners.
Use of your Personal Data
The Company may collect, store and use your personal data for lawful purposes disclosed below:
- processing that is necessary for the performance of a contract with you, for example to reflect your ownership of shares or units in funds managed by the Company (i.e. where this is necessary for the performance of the contract to purchase shares or units in the funds managed by the Company including without limitation the processing of redemption, conversion, transfer and additional subscription requests and the payment of distributions);
- processing that is necessary to comply with the our legal obligations to discharge our anti-money laundering obligations to verify the identity of our customers (and, if applicable, their beneficial owners) or for prevention of fraud or for regulatory or tax reporting purposes or in response to legal requests from regulatory authorities (i.e. where this is necessary for compliance with a legal obligation to which we are subject); and/or
- processing that is necessary for the purposes of our legitimate interests or those of a third party where such legitimate interests are not overridden by your interests, fundamental rights or freedoms and provided that we are acting in a fair, transparent and accountable manner and have taken appropriate steps to prevent such activity having any unwarranted impact on you and also noting your right to object to such uses, as discussed below. This may include, for example, processing for:
- Direct marketing purposes (that is, us providing you with relevant information on products and services);
- quality control to maintain the standards of the products and services provided to you;
- business and statistical analysis in order to improve our client service offerings;
- tracking fees and costs in order to appropriately price our products and services;
- improve our customer service, training and related purposes;
- general business administration purposes in order to effectively run and manage our business, for example by communicating with potential investors, communicating with service providers and counterparties, risk monitoring, the administration of IT services and monitoring and improving products including the organisation of conferences and marketing events in relation to our products and services.
Disclosures of Personal Data to Third Parties
The Company shall take reasonable measures to ensure that your personal data is only accessible by those with a need for access to fulfil the purposes set out above. Where the Company is entering into an engagement with a third party pursuant to which data may be processed by that third party, we will seek to enter into an agreement with that third party setting out the respective obligations of each party and will seek to be reasonably satisfied that the third party has measures in place to protect data against unauthorized or accidental use, access, disclosure, damage, loss or destruction and in all circumstances, shall execute such contracts in line with requirements pertaining to such contracts within the Data Protection Legislation. Some of these third parties will process personal data in accordance with the Company’s instructions and others will themselves be responsible for their use of your personal data. These third parties may be permitted to further disclose the personal data to other parties.
Transfers of Personal Data outside the European Economic Area
In the event that any such third party is outside the European Economic Area and where the data being transferred would include personal data which would be protected under applicable Data Protection Legislation in the European Union, we will ensure we meet the relevant requirements of that Data Protection Legislation prior to carrying out any such transfer.
For example, the recipient to which the personal data is transferred may:
- have been approved by the European Commission as providing an “adequate” level of protection of personal data;
- have agreed to model contractual clauses approved by the European Commission that oblige it to protect such personal data; and/or
- be located in the United States and be a certified member of the EU-US Privacy Shield scheme.
You can obtain more details of the protection given to your personal data when it is transferred outside the EEA, including a copy of any standard contractual clauses entered into with recipients of your personal data, by contacting the Company using the details set out below under “Getting in Touch”.
Retention of Personal Data
How long the Company holds your personal data for will vary. The retention period will be determined by various criteria, including the purposes for which we are using it (as it will need to be kept for as long as is necessary for any of those purposes) and legal obligations (as laws or regulations may set a minimum period for which we have to keep your personal data). After the retention period, we shall take appropriate steps to irretrievably delete or put beyond use any records containing your personal data, to the extent this is operationally feasible and proportionate.
Your Data Protection Rights
Under the Data Protection Legislation, you have several legal rights in relation to the personal data that the Company holds about you.
In relation to the Hedge Funds Business where it offers goods or services to EU investors, you also have the following specific rights regarding the Company’s use of your personal data:
- the right to obtain information regarding the processing of your personal data and to access the personal data that the Company holds about you;
- in some circumstances, the right to receive some personal data in a structured, commonly used and machine-readable format and the right to request that the Company transmits that data to a third party where this is technically feasible. Please note that this right would only apply to data that you have provided to the Company; – the right to request that the Company rectifies your personal data if it is inaccurate or incomplete;
- the right to request that the Company erases your personal data in certain circumstances. Please note that there may be circumstances where you ask us to erase your personal data but we are legally entitled to retain it;
- the right to object to, and the right to request that the Company restricts, its processing of your personal data in certain circumstances. Again, there may be circumstances where you object to, or ask the Company to restrict, its processing of your personal data but the Company is legally entitled to continue processing your personal data or to refuse that request; and
- the right to lodge a complaint with the data protection regulator (details of which are provided below) if you think that any of your rights have been infringed by the Company.
You can exercise any of the rights above by using the details set out under “Getting in Touch” below.
Getting in touch
The Company is not required to appoint a data protection officer under the Data Protection Legislation. However, should you have any queries or wish to discuss your data protection rights with us, please contact our Legal and Compliance Department at firstname.lastname@example.org.
You can find out more about your rights listed under “Your Data Protection Rights” above by contacting an EU data protection regulator such as the UK’s Information Commissioner’s Office or the Irish Data Protection Commissioner by searching their website at www.ico.org.uk or www.dataprotection.ie.