Gordian Capital Singapore Private Limited – Privacy & Data Protection Policy

Gordian Capital takes seriously its responsibilities under Singapore’s Personal Data Protection Act 2012 (the “PDPA”) and under the legislation of other relevant jurisdictions. We recognise the importance of personal data entrusted to us; it is our responsibility to manage, protect and process personal data properly.

1. Introduction

1.1 Gordian Capital (“we” or “our” or “us”) takes seriously its responsibilities under Singapore’s Personal Data Protection Act 2012 (the “PDPA”) and under the legislation of other relevant jurisdictions. We recognise the importance of personal data entrusted to us; it is our responsibility to manage, protect and process personal data properly. In general we process personal data in accordance with the General Data Protection Regulation 2016/679. Please read this policy to understand what personal data is collected or processed by us, and what it is used for. If you in or reside within the EU, your specific status and how we respond to it is further governed by Annex A.

1.2 “Personal data” means data, regardless of veracity, that allows identification of a living individual from that data, or from that data and other information available to the organisation having access to the data.

1.3 This policy addresses how we handle, collect, use, disclose and process personal data.

1.4 By providing personal data to us, you acknowledge full understanding of this policy, and consent to its collection, use, processing and disclosure according to this policy.

1.5 Provision of personal data about any third party means that you warrant that the third party has acknowledged full understanding of this policy, and given consent to your disclose to us of the personal data and for us to collect, use, process and disclose the personal data according to this policy.

Definition of Data Protection Terms

Data is information stored electronically or in paper-based filing systems.

Data processors include anyone processing personal data on behalf of a data controller, not including employees of data controllers, but including suppliers handling personal data on our behalf.

Personal data means data, regardless of veracity, that allows identification of a living individual from that data, or from that data and other information available to the organisation having access to the data.

Processing is any activity that involves use of personal data. It includes transferring personal data to third parties.

2. Types of Personal Data We Collect

2.1 We may collect your personal data in a number of ways, for example:-

from information that you provide when you meet us;
from information about you provided by your company or an intermediary;
when you communicate with us by telephone, fax, email or other forms of electronic communication;
from published sources.

2.2 Personal data collected may include but is not limited to:

(a) personal information such as name, NRIC/FIN/Passport number, date of birth, marital status, gender;
(b) contact information;
(c) employment & earnings information;
(d) academic & professional qualifications; and/or
(f) financial account & net worth information.

2.3 We collect personal data in accordance with the PDPA.

2.4 We may receive information from third parties.

3. Purposes for which Personal Data is Collected, Used and Disclosed

3.1 We may collect, use, disclose and/or process personal data for one or more of the following purposes:

(a) For the supply of services that you may request from us;
(b) For identification and verification purposes in connection with services that may be rendered to you by us or that you may request from us;
(c) To carry out your instructions, respond to an enquiry or deal with feedback from (or purporting to be from) you or on your behalf;
(d) To conduct research, analysis and development activities; (e) To contact you or communicate with you;
(f) To carry out due diligence or other screening activities (including security and background checks) in accordance with legal or regulatory obligations or our risk management procedures that may be required by law or that may have been put in place by us;
(g) To prevent or investigate any fraud, unlawful activity or omission or misconduct, whether or not there is any suspicion of the aforementioned; dealing with conflict of interests or dealing with and/or investigating complaints;
(h) To comply with or as required by any applicable law, governmental or regulatory requirements of any jurisdiction applicable to us, including meeting the requirements to make disclosure under the requirements of any law binding on us and/or for the purposes of any guidelines issued by regulatory or other authorities (whether of Singapore or elsewhere), with which we are expected to comply;
(i) To comply with or as required by any request or direction of any governmental authority;
(j) For marketing purpose where we send you information about services that we provide. In this regard, we may be doing so by way of postal mail and/or electronic transmission. You may unsubscribe from this in the manner set out below;
(k) To facilitate and/or deal with payment for services provided by us;
(l) To perform internal administrative, operational or technology tasks to facilitate, administer or manage your relationship with us;
(m) To produce statistics and research for internal and/or statutory reporting and/or recordkeeping requirements and performing policy/process reviews;
(n) To disclose to a third party to comply with any law, legal requirements, orders, directions or requests from any court, authority or government body of any jurisdiction, which may be within or outside Singapore;
(o) To help us improve our services to you; and/or
(p) To store, host, back up (whether for disaster recovery or otherwise) of your personal data, whether within or outside Singapore. (collectively, referred to as the “Purposes”

3.2 We may need to disclose your personal data to third parties whether located within or outside Singapore, for one or more of the above Purposes. In this regard, you hereby acknowledge, agree and consent that we may/are permitted to disclose your personal data to such third parties (whether located within or outside Singapore) for one or more of the above Purposes and for the said third parties to subsequently collect, use, disclose and/or process your personal data for or more of the above Purposes.

3.3 You may withdraw your consent for the collection, use and/or disclosure of your personal data in our possession or under our control by contacting our Data Protection Officer. Such withdrawal of consent could result in certain legal consequences, including our being unable to perform transactions requested by you or that we are contractually obligated to perform. Your withdrawal of consent will not affect our ability to collect, use or disclose your personal data for a specific purpose without your consent, if the PDPA or a provision in applicable law permits us to.

3.4 We may collect, use, disclose or process your personal data for other purposes that do not appear above. However, we will notify you of such other purpose at the time of obtaining your consent, unless processing of your personal data without your consent is permitted by the PDPA or by law.

3.5 We may/will also be collecting from sources other than yourself, personal data about you, for one or more of the above Purposes, and thereafter using, disclosing and/or processing such personal data for one or more of the above Purposes. We may combine information we receive from other sources with information you give to us and information we collect about you. We may use this information and the combined information for the Purposes set out above (depending on the types of information we receive).

4. Storage of Personal Data

4.1 Security of your personal data is important to us. We take appropriate action to protect personal data from loss, misuse, unauthorised access or disclosure, alteration or destruction using the same safeguards as we use for our own proprietary information. All information you provide to us is stored on secure servers.

4.2 We will put in place measures such that your personal data in our possession or under our control is destroyed and/or anonymised as soon as it is reasonable to assume that

(a) the purpose for which that personal data was collected is no longer being served by the retention of such personal data; and

(b) retention is no longer necessary for any other legal or business purposes.

5. Withdrawal of Consent for Marketing Purposes

5.1 You have the right to ask us not to use your personal data for marketing purpose. If you no longer wish to receive marketing messages from us, you may request to withdraw your consent by contacting us:-

By post –

Attention: Data Protection Officer, Gordian Capital Singapore Private Limited, 12-01 Philippine Airlines Building, 135 Cecil Street, Singapore 069536

By email – dataprotection@gordian-capital.com

By telephone – +65 6597 6680

6. Data Access and Correction

6.1 You have the right to access and/or correct any personal data that we hold about you, subject to the requirements of the PDPA. If you would like to request for a copy of your personal data being held by us (such right being subject to applicable exemptions), or to update and/or correct the personal data which you have previously provided to us, please write: By post – Attention: Data Protection Officer, Gordian Capital Singapore Private Limited, 12-01 Philippine Airlines Building, 135 Cecil Street, Singapore 069536 By email – dataprotection@gordian-capital.com

6.2 We will need enough information from you in order to ascertain your identity as well as the nature of your request, so as to be able to deal with your request. We reserve the right, or may, charge a reasonable fee for the processing of any data access request.

6.3 For a request to access personal data, once we have sufficient information from you to deal with the request, we will seek to provide you with the relevant personal data within 30 days. Where we are unable to respond to you within the said 30 days, we will notify you of the soonest possible time within which we can provide you with the information requested.

6.4 For a request to correct personal data, once we have sufficient information from you to deal with the request, we will correct your personal data within 30 days. Where we are unable to do so within the said 30 days, we will notify you of the soonest practicable time within which we can make the correction. Note that the PDPA exempts certain types of personal data from being subject to your correction request as well as provides for situation(s) when correction need not be made by us despite your request. We will send the corrected personal data to every other organisation to which the personal data was disclosed by us within a year before the date the correction was made, unless that other organisation does not need the corrected personal data for any legal or business purpose.

7. Complaint Process

7.1 If you have any complaint or grievance regarding about how we are handling your personal data or about how we are complying with the PDPA, we welcome you to contact us with your complaint:- By post – Attention: Data Protection Officer, Gordian Capital Singapore Private Limited, 12-01 Philippine Airlines Building, 135 Cecil Street, Singapore 069536

By email – dataprotection@gordian-capital.com

7.2 We will strive to deal with any complaint or grievance that you may have, speedily and fairly.

8. General

8.1 Your consent that is given pursuant to this Privacy Policy is additional to and does not supersede any other consents that you have provided with regard to processing of your personal data.

8.2 For the avoidance of doubt, in the event that Singapore personal data protection law permits an organisation such as ours to collect, use or disclose your personal data without your consent, such permission granted by the law shall continue to apply. This applies for European and UK Data Protection laws for European residents.

9. Enquiries

9.1 For any enquiries on our privacy policy, please write:-

By post –

Attention: Data Protection Officer, Gordian Capital Singapore Private Limited, 12-01 Philippine Airlines Building, 135 Cecil Street, Singapore 069536

By email – dataprotection@gordian-capital.com

Gordian Capital reserves the right to change this policy with or without notice so please check back frequently. Any changes to this policy will be posted on and can be viewed on our website www.gordian-capital.com

PRIVACY NOTICE

THIS NOTICE APPLIES TO YOU ONLY IF YOU ARE LOCATED OR RESIDING IN THE EUROPEAN UNION

Effective Date: 25 May 2018

This Privacy Notice explains how Gordian Capital Singapore Private Limited (“Gordian Capital”) collects, uses and discloses your personal data, and your rights in relation to the personal data it holds. Gordian Capital (in this Privacy Notice, “us”, “we” and “our”), is the data controller of your personal data for purposes of the EU General Data Protection Regulation 2016/679 (“GDPR”). Our Privacy and Data Compliance Officer is contactable by email at dataprotection@gordiancapital.com

This Privacy Notice supersedes any Privacy Notice or equivalent that you may have been provided or seen prior to the Effective Date stated above.

Your rights Under GDPR

You have the following rights:-

to obtain access to, and copies of, the personal data that we hold about you;
to require that we cease processing your personal data if the processing is causing you damage or distress;
to require us not to send you marketing communications;
to require us to erase your personal data;
to require us to restrict our data processing activities;
to receive from us the personal data we hold about you which you have provided to us, in a reasonable format specified by you, including for the purpose of your transmitting that personal data to another data controller; and
to require us to correct the personal data we hold about you if it is incorrect.

These rights are not absolute; we may be entitled to refuse requests where exceptions apply.

More information about your rights may be found at https://www.eugdpr.org/

If you have questions about how we use your personal data, or you wish to exercise any of your rights, please contact us:-

By post –

Attention: Data Protection Officer, Gordian Capital Singapore Private Limited, 12-01 Philippine Airlines Building, 135 Cecil Street, Singapore 069536

By email – dataprotection@gordian-capital.com

By telephone – +65 6597 6680

If you are not satisfied with how we are processing your personal data, you may make a complaint via https://www.eugdpr.org/

How we collect your personal data

We may collect your personal data in a number of ways, for example:-

from information that you provide when you meet us; • from information about you provided by your company or an intermediary;
when you communicate with us by telephone, fax, email or other forms of electronic communication. We may monitor, record and store communications;
when you complete (or we complete on your behalf) client on-boarding or application or other forms;
from associated companies;
from your agents, representatives, advisers, intermediaries, and custodians of your assets;
from publicly available sources or from third parties, most commonly where we need to conduct background checks about you.

The categories of personal data we collect

We collect the following categories of personal data about you:
your name and contact information such as your home or business address, email address and telephone number;
biographical information that may confirm your identity, including your date of birth, tax identification number and your passport number or national identity card details, country of domicile and/or your nationality, country of tax residency;
information relating to your financial situation such as income, expenditure, assets and liabilities, sources of wealth, as well as your bank account details;
information about your knowledge and experience in the investment field; • an understanding of your goals and objectives in procuring our services;
information about your employment/business, education, family or personal circumstances, and interests, where relevant; and
information to assess whether you may represent a politically exposed person or money laundering risk.

The basis for processing your personal data (potentially without your consent)

(i) Performance of a contract with you

We may process your personal data because it is necessary for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into a contract. In this respect, we use your personal data for the following:-

to prepare a proposal for you regarding the services we offer;
to provide you with services as set out in our Terms of Engagement with you or as otherwise agreed with you from time to time;
to deal with any complaints or feedback you may have;
for any other purpose for which you provide us your personal data. In this respect, we may share your personal data with or transfer it to the following:-
your agents, advisers, intermediaries, and custodians of your assets who you tell us about;
third parties whom we engage to assist in delivering services to you, including associated companies;
our professional advisers where it is necessary for us to obtain their advice or assistance, including lawyers, accountants, IT or public relations advisers;
other third parties, such as intermediaries, whom we introduce to you (wherever possible we shall tell you who they are before making an introduction);
our data storage providers.

(ii) Legitimate interests

We may also process your personal data because it is necessary for our legitimate interests, or, sometimes, where it is necessary for the legitimate interests of another person. In this respect, we may use your personal data for the following:-

for marketing to you (in this respect, see the separate section on Marketing below);
training our staff or monitoring their performance;
for the administration and management of our business, including recovering money you may owe to us, and archiving or statistical analysis;
seeking advice on our rights and obligations, such as where we require our own legal advice; In this respect we may share your personal data with the following:
our advisers or agents where it is necessary for us to obtain their advice or assistance;
third parties and their advisers should such third parties be acquiring, or considering acquiring, all or part of our business.

(iii) Legal obligations

We also process your personal data for our compliance with legal obligation which we are under. In this respect, we may use your personal data for the following:-

to meet our compliance and regulatory obligations, such as compliance with anti-money laundering laws;
as required by tax authorities or any competent court or legal authority. In this respect, we may share your personal data with the following:-
our advisers where it is necessary for us to obtain their advice or assistance;
our auditors where it is necessary as part of their auditing functions;
third parties who assist us in conducting background checks;
with relevant regulators or law enforcement agencies where we are required to do so.

Marketing

We may send you marketing material about services that we provide, as well as other information in the form of alerts or newsletters. We may communicate with you in a number of ways including by post, telephone, email, SMS or other digital channels. If you object at any time to receiving marketing from us, please contact us:-

By post – Attention: Data Protection Officer, Gordian Capital Singapore Private Limited, 12-01 Philippine Airlines Building, 135 Cecil Street, Singapore 069536

By email – dataprotection@gordian-capital.com

By telephone – +65 6597 6680

Retention of your data

We shall only retain your personal data for as long as we have a lawful reason to do so. In particular:

where we have collected your personal data as required by anti-money laundering legislation, including for identification, screening and reporting, we will retain that personal data for five years after the termination of our relationship, unless we are required to retain this information by another law or for the purposes of court proceedings; or
otherwise, we will in most cases retain your personal data for a period of seven years after the termination of our contractual or other relationship with you in case any claims arise out of the provision of our services to you.

Gordian Capital Singapore Private Limited – Privacy & Data Protection Policy

1. Introduction

Definition of Data Protection Terms

2. Types of Personal Data We Collect

3. Purposes for which Personal Data is Collected, Used and Disclosed

4. Storage of Personal Data

5. Withdrawal of Consent for Marketing Purposes

6. Data Access and Correction

7. Complaint Process

8. General

9. Enquiries

PRIVACY NOTICE

THIS NOTICE APPLIES TO YOU ONLY IF YOU ARE LOCATED OR RESIDING IN THE EUROPEAN UNION

How we collect your personal data

The categories of personal data we collect

The basis for processing your personal data (potentially without your consent)

Marketing

Retention of your data

Links

Contact Us

Our Social