Arrow Global Ltd - Privacy Notice

We are a limited company registered in England under company number 05606545, with our registered office at Belvedere, 12 Booth Street, Manchester, M2 4AW and are the data controller registered with the Information Commissioner’s Office, Registration Number: Z9260328

This Privacy Notice is directed to individuals whose Personal Data we handle while carrying out our commercial activities, or who visit our website. This could be clients or prospective clients or their representatives, or representatives of another organisation with which we have a business relationship.

WHAT DO WE USE PERSONAL INFORMATION FOR

Information we receive while providing products or services to you. This may be provided directly from you or from other parties, such as, for example, providers of, fraud prevention, ‘know your customer’ and anti-money laundering services which we sometimes use to help us meet our legal obligations.

Information we receive as part of your interest in our products or services or interaction with our website. This is provided by you and includes enquiries and other activities you perform while using this website.

Information we receive in relation to services that you provide to us, our Clients or associated companies.  This information may include contact information or other details relating to the relevant service or relationship with you. We may combine the personal and other data we collect directly from you with information collected from or about you from third parties.

THE TYPE OF PERSONAL DATA WE COLLECT

The nature of our relationship with you will determine the kind of Personal Data we may process. The types of Personal Data we process may include:

• Identification data: first name; family name; age; gender; nationality; citizenship; place of birth; national insurance number; ID or passport number, occupation and job title; ID documentation (including your photograph); date of birth; signature.
• Contact data: email address; phone number and residential/correspondence address.
• Technical data: Personal Data related to your use of our websites through our use of cookies. This includes information that may identify you, particularly when you interact and/or contact us through our website.
• Financial data: account number; client reference number; fees quotation and proposal; bank account information such as IBANs; bills and invoices; billing amount; taxpayer identifying/identification number(s); country(ies) of tax residency and tax status.
• Contractual data:files that we may produce as a record of our relationship with our clients and prospective Clients, including contact history; information concerning the fulfilment of contractual obligations and pre-contractual measures.
• AML/KYC data: source of wealth and funds, fraud, financial crime, sanctions, adverse media and bankruptcy related search results, power of attorney, information on related parties.
• Sensitive data: health related information; disability status; sexual orientation; personal data revealing racial or ethnic origin or religious or philosophical beliefs; biometric data used for the purpose of authentication in connection with certain applications; details of political opinions or affiliations; or records of criminal offences and court proceedings.
• Communication data: any Personal Data that you provide during telephone and email communications with us which we may monitor and record in order to resolve complaints, manage or improve our service and in order to comply with our legal and regulatory requirements.

You may choose not to provide us with some or all of the Personal Data listed. In this case, however, it may affect the services we can offer or our ability to enter into a contractual or other business relationship with you, if such Personal Data is necessary for the relevant purposes.

You should refrain from providing us with Personal Data which are not requested.

The Personal Data listed above is collected in the following ways:

• Information that you or third parties representing you provide to Arrow. The nature of our relationship with you will determine the kind of Personal Data we might ask for. Such information may include identification data, contact data, financial data, and sensitive data.
• We also process personal data about any person on whose behalf you are acting, for example investment beneficiaries, that you may have provided to us in connection with our provision of services to you. By providing us with their personal data, you agree to provide them with the information set out in this Privacy Notice.
• Information that we collect or generate about you. This may include contractual data, communication data and technical data.
• Information from publicly available sources, including third party agencies such as credit reference agencies; fraud prevention agencies (including CIFAS (Fair Processing Notices for Cifas); law enforcement agencies/authorities; public databases, registers and records such as the UK’s Companies House and the FCA Register and other publicly accessible sources.

HOW WE USE YOUR INFORMATION

Data Protection Laws require us to determine the basis on which we process your Personal Data for. These include the following:

• performing our contractual obligations;
• meeting our legal and regulatory obligations;
• establishing, exercising or defending our legal rights;
• purposes for which we have obtained your consent; and/or
• pursuing our legitimate business interests.

Where our purposes change over time or where we want to use Personal Data for new purposes, we will inform you of such new processing in accordance with the Data Protection Laws.

Where consent is given by you, this consent is separate from any consent given in the context of confidentiality and/or professional secrecy compliance obligations.

Your Personal Data may be stored and processed by us in the following ways and for the following purposes:

For performance of a contract or as we prepare to enter into a contract with you
·       Identification Data ·       Contact Data ·       Financial Data ·       Communication Data	To perform and execute our contract with you, including the provision of products and services to clients and prospective clients
For our legitimate interests as a data controller
·       Identification Data ·       Contact Data ·       Financial Data ·       Communication Data	To assess and monitor client, or prospective client applications for products or services To monitor IT systems in order to protect against cyber threats or malicious activity To protect our premises from unauthorised entry For ongoing review and improvement to our website For ongoing communications, responding to queries and to provide targeted communications to clients and/or prospective clients related to our products and services To monitor and report on the ongoing performance of products and services To establish, exercise or defend legal claims and provide proof, in the event of dispute, of a transaction or commercial communication For the maintenance, administration and ongoing improvements to our IT infrastructure, in which your personal data is stored To disclose the list of current investors to prospective investors, in line with their policies
To comply with a legal obligation
·       Identification Data ·       Contact Data ·       Financial Data ·       Communication Data ·       AML/KYC Data ·       Sensitive Data	Carrying out know your customer, anti-money laundering checks and related actions, to meet legal and regulatory obligations relating to the prevention of fraud, money laundering, terrorist financing, bribery, corruption, tax fraud and evasion and the provision of financial services to individuals subject to economic or trade sanctions Reporting tax related information to applicable tax authorities Carrying out reporting and notifications as set out by applicable regulators within the territories and markets we operate

 

Within Arrow, your Personal Data is accessed only by personnel of Arrow that have a need to access it for the purposes described in this Privacy Notice.

DISCLOSURE OF YOUR INFORMATION TO THIRD PARTIES

We may share your Personal Data within the Arrow Group for the purposes described above.

We may also share your Personal Data outside of the Arrow Group:

• with business partners of ours and with representatives, agents, custodians, intermediaries and/or other third-party product providers appointed by a Client or prospective Client (such as accountants or professional advisors);
• with third party agents and contractors for the purposes of them providing services both to us (for example, Arrow’ accountants, professional advisors, IT and communications providers, background screening providers, credit reference agencies and debt collectors) and to Clients or prospective Clients;
• to the extent required by law or regulation, for example if we are under a duty to disclose your Personal Data in order to comply with any legal obligation (including, without limitation, in order to comply with tax reporting requirements and disclosures to regulators, auditors or public authorities), or to establish, exercise or defend its legal rights; and
• if we sell any part of our business or our assets or reorganise our business, in which case we may need to disclose your Personal Data to a prospective buyer or other third party for purposes related to such sale or reorganisation.

The above recipients of Personal Data may disclose the Personal Data to their agents and/or delegates, who shall process the Personal Data for the purposes of assisting the recipients in providing their services to Arrow acting as controller and/or assisting the Recipients in fulfilling their own legal obligations.

The recipients may process the Personal Data as processors (when processing the Personal Data upon instructions of the controller), or as distinct controllers when processing the Personal Data for their own purposes.

INTERNATIONAL TRANSFERS OF PERSONAL DATA

Arrow is a multinational business. As a result, we may transfer your Personal Data to locations outside of your country.

If we transfer your Personal Data to another country, we take steps to protect and transfer it in a manner consistent with local legal requirements. In particular, in relation to data transferred outside of the European Economic Area (EEA), Switzerland, the UK, and your jurisdiction, we may do so in one of the following ways:

• The EU Commission or UK government (as relevant) has decided that the relevant country offers an adequate level of protection in relation to data protection (an “adequacy decision”);
• We have entered into the relevant “standard contractual clauses” with the recipient of your personal data; or
• We can rely on another basis under the law such as that we have to share the personal data because this is necessary for the purpose of a court case, investigation or to protect our legal rights.

HOW WE SAFEGUARD YOUR PERSONAL DATA

We ensure safe processing operations by implementing and maintaining technical and organisational safeguards to protect your personal information and we restrict access only to authorised personnel. The effectiveness of these safeguards is periodically tested.

We have extensive controls and mechanisms in place designed to detect, respond and recover data and functionality in case of adverse events that may arise.

HOW LONG WE KEEP YOUR PERSONAL DATA

The length of time for which we hold your Personal Data will vary as determined by the following criteria:

• the purpose for which we are using it – we will need to keep the data for as long as is necessary for that purpose; and
• our legal obligations – laws or regulation may set a minimum period for which we have to keep your Personal Data.

For example, we will retain Personal Data for required statutory retention periods where these apply, or we will retain Personal Data for the duration of the contract we have with you (if applicable) and thereafter for a period relating to the duration within which contractual claims are able to be raised.

Once we no longer require your Personal Data for the purposes for which it was collected, we will securely destroy the Personal Data in accordance with applicable laws and regulations.

In some circumstances the Personal Data may be anonymised so that it can no longer be associated with you, in which case documents that have been anonymised may be kept indefinitely.

YOUR RIGHTS

In each the above cases in which we collect, use or store your Personal Data, you may have the following rights:

• Right to be informed – You have the right to be informed about how we collect and use your personal data
• Right of access – You have the right to access your personal data and supplementary information held by us
• Right of erasure – In certain circumstances, you have the right to request the deletion or removal of your personal data where there is no compelling reason for its continued processing
• Right to restrict processing – In certain circumstances, you have the right to request we ‘block’ or suppress processing of your personal data
• Rights to data portability – You have the right to obtain and reuse your personal data for your own purposes, which we may transfer to third parties at your request
• Right to rectification – You have the right to have inaccurate personal data rectified, or completed if it is incomplete
• Rights related to automated decision making – You have rights in relation to any automated decision-making and/or profiling that has legal or similarly significant effects on you
• Right to object – You have the right to object to the processing of your personal data

You can exercise your rights by contacting us using the details provided below.

USE OF ARROW WEBSITE

We may collect technical information using cookies. The type of information collected varies by category of cookies as explained in our Cookie Policy.

If you use this website and follow a link from it to another website, different privacy policies may apply. Prior to submitting any Personal Data to a website, you should read the privacy notice applicable to that website.

CHANGES TO THIS PRIVACY NOTICE

Any changes we make to our Privacy Notice in the future will be posted on this website.

QUESTIONS OR COMPLAINTS

In the first instance, our data protection officer can be contacted by emailing DPO@arrowglobal.net or by writing to us at 12 Booth Street, Manchester, M2 4AW.

If you are unhappy with how we have investigated your complaint, you have the right to refer your concerns to the Information Commissioner’s Office (or ICO), the body that regulates the handling of personal data in the UK. You can contact them by:

• Phone on 0303 123 1113
• Writing to them at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF
• Going to their website at ico.org.uk