Group Privacy Statement

1. Introduction

Langham Hall and the Langham Hall Group (as defined and referred to in the Important Information section of the web site) are committed to maintain the privacy and confidentiality of personal data.

We endeavour to make sure that any personal data we collect about you will be held and processed strictly in accordance with the European General Data Protection Regulation (GDPR).The terms “Personal Data”, Data Controller” and “processing” have the meanings given to them by the GDPR which can be accessed here

https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A32016R0679

Unless otherwise indicated.

2. Data Subject Privacy Notice

2.1 The Data Protection Officers / GDPR Owners are committed to making our group privacy notice publicly and easily available to data subjects prior to Langham Hall Group collecting/processing their personal       data.

2.2 This Online Privacy Notice describes the types of Personal Data we collect and process in our interactions with data subjects, how we use the information, with whom we may share it and the choices available        to you regarding our use of the information. We also describe the measures we take to protect the security of the information and how you can contact us about our privacy practices.

3. Privacy Notice

Who are we?

Langham Hall Group provides fund administration and depository services to fund managers in the debt, private equity, infrastructure and the real estate sector. Langham Hall may act as a Data Controller or Data Processor, depending on the transaction/structure.

4. Langham Hall and Your Personal Data

The personal data we would like to collect from / process on you is:

  • Identifying information (i.e. information used to identify a specific individual, such as: given name(s), preferred name(s), nickname(s); date of birth / age; place of birth; nationality; race; religion; passport details).
  • Contact information (e.g. postal address, telephone number, email address).
  • Family information (e.g. family structure, siblings, offspring, marriages, divorces, relationships).
  • Financial information (e.g. source of wealth, personal assets, bank account numbers and income details).
  • Professional information (e.g. job titles, employment history).
  • Transaction information (e.g. details about payments to and from you and other details of products and services you have purchased from us).
  • Marketing and Communications data includes your preferences in receiving marketing from us and your communication preferences.

In certain circumstances, we will also collect, use, store and transfer Special Categories of data about you. In particular, as part of our due diligence processes, which we aggregate information in the public arena which may include reports of:

  • Political opinions and affiliations, so that we can identify that you are, or are connected to, a politically exposed person; and
  • Alleged criminal activity &/or convictions.

We use different methods to collect data from and about you including through:

a) Direct interactions with you. You may give us your personal information by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:

  • Apply for our services;
  • Respond to our requests for due diligence materials;
  • Ask questions or give us instructions related to our services;
  • Upload information to our client portal;
  • Subscribe to our industry updates or publications; or
  • Request marketing to be sent to you.

b) Third parties or publicly available sources. 

We may receive personal data about you from various third parties and public sources as set out below:

  • Identifying, Contact and Professional information from publicly available sources such as Companies House in the UK.
  • Identifying, Contact, Professional and Special Category information from searches of electronic databases researched and maintained by professional service providers to help identify and manage financial, regulatory and reputational risk, such as World-Check.
  • Identifying, Contact, Family, Financial, Professional, Transaction and Special Category information from your other service providers and advisers including trust companies, fund administrators, accountants, tax advisers and lawyers.

c) CCTV. 

If you visit any of our offices in person, your image may be captured on our CCTV system.  We operate a CCTV system to protect our buildings and assets from damage, for the personal safety of our staff and visitors and to support law enforcement bodies in the prevention, detection and prosecution of crime.

The personal data we collect will be used for the following purposes:

  • Due Diligence;
  • Anti-Money Laundering;
  • To deliver our services to our clients. This will include, if you are a director or shareholder (or equivalent) of an entity administered by Langham Hall:

i) Entering your information on the relevant registers;

ii) Using your contact details to send you notices of meetings and investor communications;

iii) Using your financial information (e.g. bank account details) to make payment of redemption or distribution monies or director’s fees and expenses.

  • To comply with international tax reporting requirements;
  • To manage our relationship with you which will include notifying you about changes to our terms or this notice;
  • To send you marketing information about our services that we think may be of interest to you.

Our legal basis for processing the personal data:

  • Art 6(b) :it  is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; and
  • Art 6 (c): processing is necessary for compliance with a legal obligation to which the controller is subject; and
  • Art 6(e): processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Any legitimate interests pursued by us, or third parties we use, are as follows:

  • To comply with legislation and regulators in performing due diligence; and
  • To properly serve and inform our clients. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

Our Data Protection Officers / GDPR Owners and data protection representatives can be contacted directly here:

GDPR@langhamhall.com 

5. Disclosure

Langham Hall Group, if required may pass on your personal data to third parties in order to fulfil its contractual obligations to you and will only do so when it is necessary.

6. Retention period

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

By law we are required to keep your personal information that we have collected for the purpose of discharging our money laundering obligations for at least 5 years from the end of the relevant client relationship.

With regard to any of your information forming part of our tax records, those records are required to be kept for 7 years ( 10 years in Luxembourg) from the end of the year of assessment.With regard to other records maintained by Langham Hall, unless they relate to AML or tax they must be kept for: in Jersey, 10 years from the date of the record; in Guernsey and the UK, the duration of the relevant client relationship plus 6 years; in Luxembourg, the duration of the relevant client relationship plus 5 years; and in Netherlands, 7-10 years. For more information about our document retention policies, please contact your client relationship manager.

7. Your rights as a data subject

At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:

  • Right of access – you have the right to request a copy of the information that we hold about you.
  • Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
  • Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
  • Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
  • Right of portability – you have the right to have the data we hold about you transferred to another organisation.
  • Right to object – you have the right to object to certain types of processing such as direct marketing.
  • Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
  • Right to judicial review: in the event that Langham Hall Group refuses your request under rights of access, we will provide you with a reason as to why. You have the right to complain as outlined in clause 8 below.

All of the above requests will be forwarded on should there be a third party involved (as stated in 4 above) in the processing of your personal data.

8.Opting Out

You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us.

Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us for other purposes.

9. Change of Purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

10. Disclosures of Your Personal Data

Please note that we may on occasion be required to share your information with the following categories of recipients:

  • Langham Hall offices and our associated firms. A full list of all of the entities within the Langham Hall group is listed on our website.
  • Third parties who provide services on our behalf. For example, we use third parties such as MailChimp to provide marketing automation services. A full list of all our third party service providers is available on request.

We have taken steps to ensure that all such entities keep Your Data confidential and secure and only use it for the purposes that we have specified and have informed you of.  Our service providers are subject to data processing agreements which are, or are in the process of being updated to become, compliant with the requirements set out in the GDPR.  Further details regarding any third parties who are located outside the EEA are set out below.

In relation to any other third parties, we will only disclose your information in the following circumstances:

  • Where you have given your consent;
  • Where we are required to do so by law or enforceable request by a regulatory body;
  • Where it is necessary for the purpose of, or in connection with legal proceedings or in order to exercise or defend legal rights; and
  • If we sell our company, go out of business, or merge with another company.

11. International Transfers

We share your personal data within the Langham Hall Group. This will involve transferring your data within the European Economic Area (EEA) and to Jersey and Guernsey who are outside of the EEA but have been deemed to provide an adequate level of protection for personal data by the European Commission.

Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.
  • Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
  • Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US. For further details, see European Commission: EU-US Privacy Shield.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.

12. Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

13. Complaints

In the event that you wish to make a complaint about how your personal data is being processed by Langham Hall Group (or third parties as described above), or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority and Langham Hall Group’s data protection representatives Data Protection Officers / GDPR Owners.

The details for each of these contacts are:

[Data Protection Officer (DPO)] / [GDPR Owner] contact details

Contact

 GDPR Representative for every jurisdiction

Email

 GDPR-Jersey@langhamhall.com

 GDPR-Guernsey@langhamhall.com

 GDPR-UK@langhamhall.com

 GDPR-Luxembourg@langhamhall.com