What is considered personal data?
As per article 4 of the GDPR, personal data is any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
What personal data do we collect from you? (as part of our contractual obligation)
TCP may collect the following information about you:
- Your contact details: name, email address & telephone numbers.
- Your personal details; age/dob, marital status, nationality, tax residency, bank details, CV.
- Your employment details: company name, position, industry, address, website, contact number & email.
- Identification documents (such as passport, driving licence, etc.) as proof of identity.
- Proof of address (such as utility bills, bank statement, etc.),
- Any other information required by any relevant legislation including but not limited to proof of investor status (qualified/accredited investor) & Anti Money Laundering and Countering Financial Terrorism (as it is industry best practice)
Personal data we could obtain from third party sources
Any publicly available personal data that has been shared via a public platform such as Twitter, LinkedIn, etc. (i.e. employment details, contact details, etc.)
Your contact details
How do we collect the above information?
If you are a source of collection, we usually gather the data via:
- Terms of business, subscription forms or distribution agreement (& necessary supporting KYC/DD).
- Telephone calls & email correspondence
- Face to face meetings & office visitations
- Conferences & sponsorship events attended
If we have obtained your personal data from third parties, we usually gather the data via one or more of the following:
- Public sources such as any available online information including social media.
- Professional bodies and publicly available databases & registers including government registrations.
- Your company web page or social media pages
- Any other available public source
- Financial Intermediaries who you have approached for financial/investment introductions.
How we use your data / purposed of processing?
- To fulfill our contractual obligations with you,
- To verify your identity
- To provide you with ongoing communication & business opportunities,
- For crime and fraud prevention, detection and related purposes,
- To enable us to manage customer/client service interactions with you; and
- Where we have a legal right or duty to use or disclose your information (for example in relation to an investigation by a public authority or in a legal dispute, etc.),
- To exercise our legal rights (for example in court cases),
- To make our services available to you.
Sharing data with third parties
OUR SERVICE PROVIDERS
Following your request or with your written or tacit consent, we may share your personal data with some or all of the following:
- Any service provider we enter into a business relationship with to fulfil and comply with our contractual or statutory obligations (such as transfer agent, custody agent, bank, accountancy firm, auditor, insurer, solicitor etc.).
- Any regulator, enforcement agency or Government agency necessary to fulfil and comply with our statutory and/or legal obligations (such as courts/tribunals, financial/prudential regulators, tax authorities, etc), or to protect our rights or the rights of any third party.
- Sponsors and exhibitors. When you attend one of our events or conferences we share your details with them as permitted by law.
- Any legal or natural person that we or our clients enter into a business relationship, if required by law or contract (i.e. if you are doing business with us through your legal representative, auditors, etc).
INTERNATIONAL SHARING OF THE PERSONAL DATA
As we do business internationally, we could share your information with any relevant country for business based on two considerations:
- In order to meet our statutory and legal obligations.
- In order to fulfil contractual obligations.
Under the GDPR, an international transfer of data may be made where:
- A third country, a territory or one or more specific sectors in the third country, or an international organization ensures an adequate/equivalent level of protection, and
The transfer is:
- made with the individual’s informed consent;
- necessary for the performance of a contract between the individual and the organisation or for pre-contractual steps taken at the individual’s request;
- necessary for the performance of a contract made in the interests of the individual between the controller and another person;
- made from a register which under UK or EU law is intended to provide information to the public.
- If none of the above apply, such transfers are permitted only where the transfer:
- is not repetitive (similar transfers are not made on a regular basis);
- involves data related to only a limited number of individuals;
- is necessary for the purposes of the compelling legitimate interests of the organisation (provided such interests are not overridden by the interests of the individual); and
- is made subject to suitable safeguards put in place by the organisation (in the light of an assessment of all the circumstances surrounding the transfer) to protect the personal data.
- In these cases, we would be obliged to inform the relevant supervisory authority of the transfer and provide additional information to you.
Lawful basis of processing
If you are a person entering into a contract or terms of business with us by either;
- An accredited/qualified/professional/institutional investor
- Acting in your own name as a sole trader or introducer
- Representing a registered company (as a director)
We will be holding your personal data on the basis of ‘contract’. Under this basis, processing of your data is necessary either for the performance of the contract/terms of business to which you are party or to take steps at your request prior to entering into a contract.
Within the bounds of strict necessity and proportionality, in some cases we will process your personal data under the lawful basis of ‘legitimate interest’ where the processing is necessary for any or all of the following 1) keeping a relevant and appropriate relationship, 2) commercial interests, 3) exercise or defense of legal claims, 4) fraud prevention or 5) prevent cyberattacks, and 6)) to protect our rights or 3rd party rights.
If the purpose under which we process your data change, we may still be able to continue processing under the original lawful basis if our new purpose is compatible with the initial purpose (unless your original lawful basis was consent).
How long do we keep your data?
We do not retain any more of your personal information than we believe is necessary for any of the purposes outlined above and we do not retain your personal information for any longer than is reasonably necessary to do so for the purpose set out in this notice. We will retain your information for:
- as long as we hold a business relationship (terms of business)
- as long as you are invested
- as long as we are obliged to by any relevant law
- as long as you do not withdraw your consent, if we hold your data under this lawful basis.
- as long as necessary in order to provide the relevant service to our clients
- as long as necessary to fulfil our legitimate interest
How do we protect your data?
TCP is committed to put in place security measures to ensure your data security:
- Confidentiality – the data can be accessed, altered, disclosed or deleted only by those you have authorised to do so (and that those people only act within the scope of the authority you give them);
- Secure – data is stored on password protected systems
- Integrity – the data we hold is accurate and complete in relation to why we are processing it; and
- Availability – the data remains accessible and usable, i.e. if personal data is accidentally lost, altered or destroyed, we can recover it and therefore prevent any damage or distress to the individuals concerned.
When you visit TCP’S webpage, TCP may file information on your computer in the form of a cookie or similar technologies. Cookies are small text files which are sent by a web server to your browser or device and stored on the hard disk of your device.
Apart from the internet protocol address no personal data concerning the user is stored. We only use session cookies or other cookies that are required to provide a service requested by you. E.g. this information serves to recognize you automatically when you visit sub-websites or our website and to make navigation easier for you. For example, cookies allow us to adapt a website to your interests or – to the extent required – to save your language choices so that you do not need to enter it again each time.
You can view our website without cookies. If you do not want us to recognize your computer you can prevent cookies from being stored on your device by selecting “do not accept cookies” in your browser settings. Please see your browser manufacturer’s instructions for more details on how to do this. However, not accepting cookies may limit certain functions of our website.
Our website uses Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics also uses so-called “cookies” (see already above), text files which are stored on your computer and enable an analysis of the use of the website. The information generated by the cookie on your use of this website is transmitted to a Google server in the USA and stored there. The information does not contain any personal data and will not be used to identify you. In particular, your IP address will not be saved completely but rather anonymized by deleting the last digits of the IP address. Google uses this information to analyze your use of the website in order to compile reports on website activities for us and provide further services connected with website and Internet use. Google will pass this information on to third parties if this is required by law or if third parties process this information on Google’s behalf. Under no circumstances will Google create a connection between your IP address and other data stored by Google. You can revoke your given consent into the use of Google Analytics with future effect and prohibit the future collection and storage of data at any time by either writing to us at the address above, deleting all cookies and deactivating the future saving of cookies by using the respective settings on the browser you are using or by using Google Analytics’s deactivation add-on if this is available for your browser.
You have the following rights:
- the right to be informed, hence this privacy notice;
- the right to ask for a copy of personal data that we hold about you (the right of access);
- the right to ask us to update and correct any out-of-date or incorrect personal data that we hold about you (the right of rectification);
- the right to erasure, also known as the ‘right to be forgotten’. This is not applicable to data held under the lawful basis of ‘legal obligation’ or if processing is necessary for the establishment, exercise or defence of legal claims;
- the right to object the processing of your personal data. So you can object processing based on legitimate interests or direct marketing (in the last case we must stop as soon as we receive your objection).
- You have the right to opt out of receiving promotional communications at any time, by: (i)making use of the simple “unsubscribe” link in emails; (ii)contacting TCP via the contact channels set out in this Policy.
- The right to restrict processing, so you can limit the use of your data, but only applies in certain circumstances.
If you wish to exercise any of the above rights, please contact us using the contact form or the contact details above.
Our website is not intended for children nor is any communication and we do not knowingly collect data relating to children.
If you are dissatisfied with our advice, you have the right to lodge a complaint with the:
National Commission for Data Protection Grand-Duchy of Luxembourg: 1 Avenue due Rock’n’Roll, L-4361 Esch-sur-Alzette