This notice sets out details of how and why we (“Waystone”, “we”, “us”, “our”) and third parties collect and process personal information in connection with your interactions with Waystone, where Waystone acts as a controller for the purposes of applicable data protection legislation. We do this in compliance with our obligations under applicable data protection law. This notice explains what personal data is collected, the purposes for which it is used, the third parties to whom it may be disclosed and how individuals can exercise their rights in relation to their personal data.
This notice applies to the collection and processing of personal information relating to individuals associated with you, such as directors, shareholders, trustees, beneficial owners, employees, representatives, agents, professional advisers and other personnel. References to “you” and “your” mean the relevant individuals who are the subjects of the personal data to which this notice relates or you. You should ensure that this notice is provided to any individual whose personal data has been provided to us as soon as practicable.
Where you are a client of Waystone Corporate Services (Cayman) Ltd (formerly known as DMS Corporate Services Ltd) and have entered into a contract for voluntary liquidation services with Waystone Corporate Services (Cayman) Ltd, Waystone is the Controller of the personal data collected as part of your interactions with us. Waystone engages third party service providers to process such personal data on behalf of Waystone and those third parties act as Processors. Waystone is not required to designate a Data Protection Officer. If you have any questions about the use of your personal data, your data protection rights or if you want to exercise those rights, please contact [email protected].
Personal Data that we Process
Waystone collects personal data relating to you that is provided to us in as part of our due diligence process, both from you and from public sources and in connection with our dealings with you or associated interactions with us, including your name, signature, postal address, email address, fax number, date and place of birth, nationality, curriculum vitae, bank account details, source of funds details, tax identification, credit history, signatures and other contact details.
We may also collect personal data in relation to you in connection with ensuring compliance with our legal obligations including your PPS number; passport number; utility bills, photographic identification and verification such as copies of your passport, passport number, drivers licence and address verification. For the purposes of meeting our legal obligations, we may also collect information relating to your status as an ultimate beneficial owner of an entity, or as a politically exposed person.
We may collect and process personal data relating to you in connection with our on-going relationship with you, such as via correspondence and calls, and in connection with the administration of our relationship with you. Telephone calls with you may be recorded for the purposes of record keeping, security and training.
In addition, we may collect personal data relating to you from third party sources in connection with complying with legislation relating to anti-money laundering, taxation, and other legislation applicable to investment funds.
How we obtain your personal information
We collect information from you as part of our client on-boarding take on processes as necessary in the course establishing a business relationship with you. We gather information about you when you provide it to us, or interact with us directly, for instance engaging with our staff, providing a business card or registering on one of our digital platforms or applications. We may also collect or receive information about you from other sources, such as keeping the contact details we already hold for you accurate and up to date using publicly available sources.
Purposes of Processing and Legal Basis
Personal data that you provide, or that we otherwise obtain in relation to you, will be processed for the following purposes:
- Processing the application to become a client of Waystone;
- To manage and administer your relationship with Waystone. This is necessary for the performance of the onboarding contract with Waystone.
- Establishing your identity, and providing, servicing and administering your relationship with Waystone;
- complying with our legislative and regulatory obligations in connection with our dealings with you, including under applicable law regarding anti-money laundering and counter terrorist financing, taxation, the regulation of collective investment schemes, or the provision of financial services, crime-detection, prevention, investigation and prosecution, the prevention of fraud, bribery, anti-corruption, tax evasion, to prevent the provision of financial and other services to those who may be subject to economic or trade sanctions, in response to legal or court requests or requests from regulatory authorities or where it is in the public interest;
- for direct marketing purposes (that is, providing information on products and services) or for quality control, business and statistical analysis, market research or for tracking fees and costs or for customer service, training and related purposes;
- If applicable, processing the fact that you are a politically exposed person, to comply with applicable legal obligations;
- To communicate with you by way of notice pursuant to applicable legislation or Waystone’s constitution or circulating reports;
- Maintaining appropriate business records, including maintaining appropriate registers;
- Where required for global tax reporting purposes;
- Internal training and management of personnel;
- To respond to or evaluate any queries or complaints in relation to your relationship with us;
- Internal and external audits and, where necessary, investigations;
- Establishing, exercising or defending legal claims.
The legal grounds that we rely on to process your personal data are:
- That it is necessary to comply with our legal obligations;
- That it is necessary for the purposes of our legitimate interests or the legitimate interests of a third party to whom your personal data is provided. We will not process your personal data for these purposes if our or the third party’s legitimate interests should be overridden by your own interests or fundamental rights and freedoms. The legitimate interests pursued by us in this regard include:
- Conducting our business in a responsible and commercially prudent manner and dealing with any disputes that may arise;
- Preventing, investigating or detecting theft, fraud or other criminal activity;
- Pursuing our corporate and social responsibility objectives.
- where you are an individual, that it is necessary to take steps at your request prior to entering into our contract with you and for the performance of our contract with you;
- In certain limited circumstances, your consent.
Recipients of Data
Your personal data may be disclosed to various recipients in connection with the above purposes, including:
- The Boards of Waystone;
- Third party service providers that may be appointed to any product to be established, or service to be provided, by you or the board of that product;
- Money Laundering Reporting Officer;
- Company Secretary;
- Tax authorities as required by applicable law;
- The Cayman Islands Monetary Authority and the Central Bank of Ireland, or other competent regulatory authorities and bodies as requested or required by law;
- Other third parties who we engage to provide services to us, such as professional advisers, legal advisers, auditors and IT service providers;
- To screening and other reference agencies in order to carry out money laundering and identity checks and to comply with legal obligations;
- Other members of our corporate group or the corporate groups of the entities referred to above, as well as affiliates, agents and delegates.
In connection with the above purposes your personal data may be transferred outside the European Economic Area, including to a jurisdiction which is not recognised by the European Commission as providing for an equivalent level of protection for personal data as is provided for in the European Union. These jurisdictions may include the United States of America, the Cayman Islands and Asia. If and to the extent that we do so, we will ensure that appropriate measures are in place to protect the privacy and integrity of such personal data and in particular will comply with our obligations under GDPR governing such transfers, which may include:
(a) entering into a contract governing the transfer which contains the “standard contractual clauses” approved for this purpose by the European Commission;
(b) in respect of transfers to the United States of America, ensuring that the transfer is covered by the EU-US Privacy Shield framework (for so long as that it meets with the requirements of GDPR as regards reliance on adequacy decisions under Article 45 of the GDPR);
(c) transferring your personal data pursuant to binding corporate rules; or
(d) a transfer where the European Commission has decided that the recipient ensures an adequate level of protection.
In connection with the above purposes your personal data may be transferred outside the Cayman Islands, including to a jurisdiction which is not recognised by the Cayman Islands Ombudsman (the “Ombudsman”) as providing for an equivalent level of protection for personal data as is provided for in the Cayman Islands. These jurisdictions may include the United States of America, the United Kingdom and Asia. If and to the extent that we do so, we will ensure that appropriate measures are in place to protect the privacy and integrity of such personal data and in particular will comply with our obligations under relevant data protection laws and regulations governing such transfers, which may include:
(a) entering into a contract governing the transfer which contains the “standard contractual clauses” approved for this purpose by the Ombudsman;
(b) in respect of transfers from the European Union to the United States of America, ensuring that the transfer is covered by the EU-US Privacy Shield framework (for so long as that it meets with the requirements of applicable data protection laws as regards reliance on adequacy decisions);
(c) where appropriate, transferring your personal data pursuant to binding corporate rules; or
(d) a transfer where the Ombudsman has decided that the recipient ensures an adequate level of protection.
Further details of the measures that we have taken in this regard and the territories to which your personal data may be transferred are available by contacting us as set out above.
Use of Waystone website
Marketing and other emails
We use personal information to understand whether you read the emails and other materials, such as legal publications, that we send to you, click on the links to the information that we include in them and whether and how you visit our website after you click on that link (immediately and on future visits). We do this by using software that places a cookie on your device which tracks this activity and records it against your email address. Please see ‘Use of Waystone website’ for more information on cookies and how to manage and remove them.
We may also use a relationship management tool, where permitted by applicable law, to track and record the relationship between Waystone and our clients or potential clients based on the frequency of email contact between them. We use that information in order to assess, analyse and improve the services that we provide.
If you receive marketing communications from us and no longer wish to do so, you may unsubscribe at any time by clicking the unsubscribe link at the bottom of all marketing e-mail communications.
Meetings, events and seminars
We also collect and process personal information about you in relation to your attendance at our offices or at an event or seminar organised by Waystone or its business partners. We will only process and use special categories of personal information about your dietary or access requirements in order to cater for your needs and to meet any other legal or regulatory obligations we may have. We may share your information with IT and other service providers or business partners involved in organising or hosting the relevant event.
We will retain your personal data for the duration of your relationship with Waystone and for such a period of time after the relationship ends as is necessary to comply with our obligations under applicable law and, if relevant, to deal with any claim or dispute that might arise.
You have the following rights, in certain circumstances and subject to applicable exemptions, in relation to your personal data:
- the right to access your personal data, together with information about our processing of that personal data;
- the right to rectify any inaccuracies in your personal data;
- the right to have any incomplete personal data completed;
- the right to erase your personal data (in certain specific circumstances).
- the right to request that your personal data is no longer processed for particular purposes (in certain specific circumstances);
- where the legal basis for processing is consent, the right to withdraw your consent at any time;
- the right to object to the use of your personal data or the way in which it is processed where we have determined it to be necessary for the purposes of our legitimate interests;
- the right to data portability (in certain specific circumstances);
- to lodge a complaint with a supervisory authority, in particular in the jurisdiction of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the requirements.
Consent to Direct Marketing
From time to time Waystone or any of the entities listed above may send you information about other products and services that they offer by letter, telephone, by email or by other reasonable means of communication. You have a right not to receive such information.
You have a right to withdraw this consent at any time. However, your withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
Links to other sites
Our website may, from time to time, contain links to and from other websites. If you follow a link to any of those websites, please note that those websites have their own privacy policies and we do not accept any responsibility or liability for those policies. Please check those policies before you submit any personal information to those websites.
Changes to this Privacy Notice
We reserve the right to change this Privacy Notice from time to time at our sole discretion. If we make any changes, we will post those changes here and update the “Last Updated” date at the bottom of this Privacy Notice. Your continued use of this website after we make changes is deemed to be acceptance of those changes, so please check this Privacy Notice periodically for updates.