Global Data Protection Information Notice

      Who we are

      This is the Global Data Protection Information Notice (the ‘Notice’) of the Waystone Group (‘Waystone’) which includes the following companies:

      • Waystone Management (UK) Limited
      • Waystone Capital Solutions (UK) Limited
      • Waystone Asset Management (IE) Limited,
      • Waystone Management Company (IE) Limited
      • Waystone Fund Management (IE) Limited
      • Waystone Investment Management (IE)
      • Waystone Corporate Services (Lux) SA
      • Waystone Management Company (Lux) A
      • Waystone Fund Services (Switzerland) SA
      • Waystone Governance Ltd
      • Waystone Asset Management (Cayman) Ltd
      • Waystone Corporate Services (Cayman) Ltd
      • Waystone Compliance Solutions (US) Ltd
      • Waystone Compliance Solutions (Singapore) Pte. Ltd
      • Waystone Corporate Solutions (Singapore) Pte. Ltd
      • Waystone Compliance Solutions (UK) Limited
      • Waystone Compliance Solutions (Middle East) Limited
      • Waystone Compliance Solutions (IE) Limited

      References in this notice to “Waystone”, “we”, “us” or “our” are references to the Waystone Group and, where relevant, of the above-mentioned group entities.

      Waystone is a global organisation providing services in Europe, the UK, Switzerland, Asia, and the Cayman Islands.

      At Waystone, we are committed to processing your Personal Data in a responsible and transparent manner.

      References in this notice to “you” or “your” are references to individuals whose personal data Waystone processes in connection with client services, supplier services, or visitor services. For the avoidance of doubt:

      • any reference in this policy to our “clients” or “third party/ies” includes their employees or other staff whose personal data we might process.

      Scope of Notice

      This Notice contains information on the Personal Data processed by Waystone, in its capacity as a data controller.

      This Notice provides information on the Personal Data processed by Waystone, the source of the Personal Data, purpose for processing, the legal basis relied on for processing, the retention of the Personal Data, the recipients, and transfers of Personal Data. In addition, this Notice will provide information on data subject rights.

      This Notice reflects the requirements as set out in Article 13 and 14 of General Data Protection Regulation (2016/2016/679) (‘GDPR’).

      Out of scope:

      Where Waystone are appointed by clients, we may process Personal Data as a data processor, acting upon the instructions of our clients, who are the data controllers. This activity is outside the scope of this Notice. The Personal Data collected, the purpose of collecting, the means of collecting and the retention period are all determined by our clients, the data controllers and outlined in their respective Data Protection Information Notices or similar documents.

      Waystone have separate Notices for the processing of personal data of employees, contractors and job applicants.

      Personal Data we may collect & purpose for processing

      Personal Data is defined in the GDPR as information relating to an identified or identifiable natural person (a ‘Data Subject’). In certain jurisdictions outside the EEA and the UK, this is known as Personally Identifiable Information.

      The Personal Data processed by Waystone depends on the purpose for such processing.

      Clients and potential clients:

      • As part of our due diligence and on boarding processes and to comply with on- going legal obligations on anti-money laundering and counter terrorist financing, taxation, crime-detection, crime prevention, investigation, the prevention of fraud, bribery, anti-corruption, tax evasion; we may process some or all of the following name, signature, postal address, email address, date and place of birth, nationality, professional or employment related information, source of funds details, tax identification, signatures, other contact details, account numbers (or functional equivalent) and transaction details, your tax or social security ID number or equivalent, utility bills for the purposes of address verification, photographic identification and verification such as copies of your passport, passport number and driver’s license, information relating to your status as an ultimate beneficial owner of an entity, a politically exposed person or a designated individual on a sanctions list.
      • We process your Personal Data for the purpose of delivering a service to you, for the purpose of maintaining appropriate business records, including maintaining appropriate registers required under applicable law and regulation, for the purpose of quality control, business and statistical analysis, market research, for the purpose of tracking fees and costs and for the purpose of customer service, training and related purposes.
      • We may collect and process Personal Data relating to you in connection with our on-going relationship with you, such as via correspondence and calls, and in connection with the administration of our relationship with you. Telephone calls with you may be recorded for the purposes of record keeping, security and training.

      Website & other social media platform visitors: 

      • When you visit our website, we provide you with an option to accept, reject or manage Details of such cookies can be found here (insert link).
      • We also invite you to contact us and, in this regard, we request your name, company and email address.
      • We process your social media platform account details when you connect with us there.

      Attendance at Waystone events:

      • We also collect and process your name, contact details, image, in relation to your attendance at our offices or at an event or seminar organised by Waystone or its business partners.
      • We will only process and use special categories of Personal Data about your dietary or access requirements to cater for your needs and to meet any other legal or regulatory obligations we may have.

      Marketing Communications:

      • We use your name and contact details to send you marketing and other material at your request. We use software that places a cookie on your device when you click on a link in such emails either to additional information or to our website. Please see ‘Use of Cookies’ for more information on cookies and how to manage and remove them.
      • If you receive marketing communications from us and no longer wish to do so, you may unsubscribe at any time by clicking the unsubscribe link at the bottom of all marketing e-mail communications.

      Source of Personal Data processed

      We may obtain Personal Data

      • directly from you in correspondence, contracts, due diligence documents, & feedback forms.
      • indirectly from you through our use of cookies placed on your device, if accepted.
      • from your company, who are our client.
      • from third party sources such as public databases and government entities.
      • from social media platforms you interact with Waystone on.

      Legal basis relied upon for processing Personal Data

      Waystone relies on the following legal bases for the processing of Personal Data:

      • where necessary for the performance of a contract.
      • where necessary for compliance with a legal obligation to which Waystone is subject.
      • Your consent (e.g. when you sign up for marketing material or ask us to contact you, this consent can be withdrawn at any time)
      • where necessary for the purposes of our legitimate interests or the legitimate interests of a third party to whom your personal data is provided. We will not process your personal data for these purposes if our or the third party’s legitimate interests should be overridden by your own interests or fundamental rights and freedoms. The legitimate interests pursued by us in this regard include:
        • Conducting our business in a responsible and commercially prudent manner and dealing with any disputes that may arise;
        • Preventing, investigating or detecting theft, fraud or other criminal activity;
        • Pursuing our corporate and social responsibility objectives

      Recipients of Personal Data

      We may disclose your Personal Data described above to other Waystone Group entities and affiliates for our business purposes and purposes required to deliver a service to you.

      In addition, we may also use or disclose your Personal Data:

      • to third party service providers who provide SaaS services & support, event management, marketing services, website hosting and cloud-based services to Such third parties are appointed data processors.
      • to our lawyers, advisors and auditors who provide services to Waystone and are subject to confidentiality obligations.
      • to local regulators, auditors, government agencies, exchanges, self-regulatory organizations or law enforcement authorities, subject to applicable law.
      • if we are required to do so by law or if we reasonably believe that such disclosure is necessary or appropriate to prevent physical harm or financial loss in connection with an investigation of suspected or actual illegal activity.
      • in connection with the planning, due diligence and implementation of commercial transactions, including a reorganization, merger, acquisition, sale of all or a portion of our assets, a joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock including in connection with any bankruptcy or similar proceedings in such circumstances your Personal data may be disclosed to investors or acquiring entities.

      Cross border transfers of Personal Data

      Waystone operate globally, using global systems and platforms. We offer multi- time zone support to our clients. As a result, Personal Data collected in one jurisdiction may be transferred, stored, and processed in another jurisdiction by a member of Waystone or one of our third-party service providers.

      International transfers to non-EEA countries may take place in compliance with one of the conditions set down in Chapter V of the GDPR. These conditions include but are not limited to a European Commission adequacy decision (whereby the European Commission has recognized the non-EEA country as providing an adequate level of protection of the personal data) or adherence to standard data protection clauses adopted by the European Commission.

      Retention of Personal Data

      Waystone will retain Personal Data for as long as is necessary for the purpose for which the Personal Data are processed unless a longer period is necessary as required by law, our regulatory obligations or professional indemnity obligations, or where we believe it is necessary to establish, defend or protect our legal rights and interests.

      Data Subject Rights

      You have the following rights, in certain circumstances and subject to applicable exemptions, in relation to your Personal Data:

      • the right to access your Personal Data.
      • the right to rectify any inaccuracies in your Personal Data.
      • the right to have any incomplete Personal Data completed.
      • the right to erase your Personal Data (in certain specific circumstances).
      • the right to request that your Personal Data is no longer processed for particular purposes (in certain specific circumstances).
      • where the legal basis for processing is consent, the right to withdraw your consent at any time.
      • the right to object to the use of your Personal Data or the way in which it is processed where Waystone has determined it to be necessary for the purposes of our legitimate interests.
      • the right to data portability (in certain specific circumstances).

      Waystone takes data protection very seriously and will strive to resolve any issues in an amenable manner with any data subject. However, where a data subject is unhappy with the outcome of any request to exercise the above rights they can raise a complaint with a data protection supervisory authority, in particular, in the Member State of their habitual residence, place of work or place of the alleged infringement. You will find details of the European Supervisory Authorities here: European SAs.

      Additional information on other Data Protection laws in our other locations

      Cayman Islands

      Law: Data Protection Act 2021 and the Data Protection Regulations 2018

      Supervisory Authority: Office of the Om budsm an

      United Kingdom

      Law: UK GDPR 2018

      Supervisory Authority: ICO


      Law: Personal Data Protection Act 2012

      Supervisory Authority: Personal Data Protection Commissioner

      Hong Kong

      Law: Cap. 486 Personal Data (Privacy) Ordinance

      Supervisory Authority: Office of the Privacy Commissioner


      Law: Federal Act on Data Protection 1992

      Supervisory Authority: Federal Data Protection & Information Commissioner

      Contact Waystone

      For any data protection related queries and to exercise your Data Subject rights as outlined above, please contact us at to [email protected]

      Links to other sites

      Our website may, from time to time, and this Notice does, contain links to and from other websites. If you follow a link to any of those websites, please note that those websites have their own Data Protection information notices and terms of use and we do not accept any responsibility or liability for those notices. Please check those notices before you submit any Personal Data to those websites.

      Changes to this Notice

      We reserve the right to change this Global Data Protection Information Notice at our sole discretion without advance notice. If we make any changes, we will post those changes here and update the “Last Updated” date at the bottom of this Notice. Your continued use of this website after we make changes is deemed to be acceptance of those changes, so please check this Notice periodically for updates.


      November 2021