Privacy Policy

Introduction

We understand that you are aware of, and care about your own personal privacy interests, and we take that seriously.

This Privacy Notice explains how Cannon Asset Management Limited (“the Company”) collects, uses, and discloses your personal data, and sets forth your rights in relation to the personal data it holds.

This notice serves to inform you of the changes to data protection law under the Data Protection (Bailiwick of Guernsey) Law, 2017 (“DP Law”), as amended to incorporate legislation equivalent to EU Regulation 2016/679 (the “GDPR”). We ask that you read this privacy notice carefully as it contains important information on who we are, how and why we collect, store, use and share personal information and your rights in relation to your personal information. It details how to contact us, and supervisory authorities, in the event you have a complaint.

The Company (“we”, “our”, “us”) aims to protect the privacy of our clients, service providers, representatives, and suppliers (“you”) as far as possible.

The Company is a Data Controller in respect of any personal information we hold about you.

We recognise that information privacy is an ongoing responsibility, and so we will from time to time update this Privacy Notice as we undertake new personal data practices or adopt new privacy policies. Where we do so, we will take appropriate steps to bring the amendment to your attention by publishing it on our website at www.cannonhouse.com. This Privacy Notice was last updated on 4th March, 2023.

Data Protection Officer

The Company has appointed an internal data protection officer for you to contact if you have any questions or concerns about our personal data policies or practices. The data protection officer is:

  • Petra Novakova
    First Floor, Kingsway House, Havilland Street, St Peter Port, Guernsey, GY1 2QE
    Tel: +44 (0)1481 726141 Email: dpo@cannonhouse.com

How we obtain your information

In the course of providing services to you, we collect information that personally identifies you.

The information we collect about you (or your directors, officers, employees, settlors, beneficial owners and/o beneficiaries) comes from:

  • application forms or other materials you submit to us during the course of your relationship with us;

  • your interactions with us, transactions, and use of our products and services (including the use of our website);

  • your business dealings with us, including via email, telephone or as stated in our contracts with you;

  • depending on the products or services you require, third parties (including for anti- money laundering checks, among other things); and

  • recording and monitoring tools that we may use for compliance or security purposes (e.g. recording of telephone calls, monitoring emails, etc.).

The information we collect

We collect information that helps us to identify you and to manage our relationship with you. We also collect financial information about you, information about your transactions with us and information required for us to carry out anti-money laundering and other checks and to comply with our legal obligations.

Information that we collect includes:

  • your name, title and contact details;

  • your professional title and occupation;

  • your age and marital status;

  • financial information, including investments, account details, risk appetite and evidence of ownership of financial assets;

  • personal identifiers such as your social security number, national insurance number, tax file number, IP address or our internal electronic identifiers;

  • information which we need to conduct ‘know your client’ checks such as details relating to your passport and credit history;

  • other information you provide to us in the course of your dealings with us or which we require to provide you with the Company’s product and services; and

  • other information you provide to us in the course of your dealings with us or which we require in order for you to provide goods and services to us.

In limited cases, we also collect what is known as “special categories” of information. Our money laundering, sanctions, financial crime and fraud prevention checks sometimes results in us obtaining information about political opinion, actual or alleged criminal convictions and offences.

You are not obliged to provide us with your information where it is requested but we may be unable to provide certain products and services or proceed with our business relationship with you if you do not do so. Where this is the case, we will make you aware.

Our use of your information

Your personal data may be processed by the Company (or any of its affiliates, agents, employees, delegates or sub-contractors) for the following purposes:

  • in connection with the Company’s internal management and reporting;

  • to facilitate our internal business operations, including assessing and managing risk and fulfilling our legal and regulatory requirements;

  • the administration and/or management of your structures and any related account on an on-going basis (the “Services”) which are necessary for the performance of your contract with the Company;

  • in order to carry out anti-money laundering (AML) checks and related actions which the Company considers appropriate to meet any legal obligations imposed on the Company, or the processing in the public interest, or to pursue the legitimate interests of the Company in relation to, the prevention of fraud, money laundering, terrorist financing, bribery, corruption, tax evasion and to prevent the provision of financial and other services to persons who may be subject to economic or trade sanctions, on an on-going basis, in accordance with the Company’s AML procedures;

  • to monitor electronic communications for

    • processing verification of instructions;

    • investigation and fraud prevention purposes;

    • crime detection, prevention, investigation and prosecution;

    • to enforce or defend the Company’s, or its affiliates rights, whether directly or indirectly (through third parties to whom we delegate such responsibilities) or rights in order to comply with any legal obligation imposed on the Company;

    • to pursue the legitimate interests of the Company in relation to such matters; or

    • where the processing is in the public interest;

  • to disclose information in order to comply with any legal obligation imposed on the Company or in order to pursue the legitimate interests of the Company;

  • to update and maintain records and carry out fee calculations;

  • to retain AML and other records of individuals to assist with subsequent screening;

  • to ensure that the contractual arrangements between us can properly be implemented so that the relationship can run smoothly;

and which are necessary for the purposes of:

  • the performance of our contract with you;

  • the performance of a contract between us and another service provider to us the performance of which is in your interest;

  • compliance with the Company’s legal obligations;

  • the Company’s legitimate interests; or

  • processing in the public interest;

Where we process “special categories” of information about you, we do so either because you have given us your explicit consent, we are required by law to do so or the processing is necessary for the establishment, exercise or defence of a legal claim.

How we share your information

The Company may disclose your personal information as follows:

  • to any of our Group Companies;

  • to the Company’s service providers and other third party vendors in order to store or process the data for the above mentioned purposes;

  • in the event of a merger or acquisition by another business in the future, (or where we are in meaningful discussions about such a possibility) we may share your personal data with the prospective new owners of the business;

  • to competent authorities (including tax authorities), courts and bodies; or

  • to affiliates for internal investigations and reporting.

How we transfer your information

The disclosure of personal information to the third parties set out above may involve the transfer of data to other jurisdictions outside the Bailiwick of Guernsey (“Guernsey”), European Union (“EU”), and the European Economic Area (“EEA”). Such countries may not have the same data protection laws and some of these countries may have lower standards of data protection. Where we transfer your information outside of Guernsey and the EEA, we will ensure that the transfer is subject to appropriate safeguards in accordance with DP Law. Often, these safeguards include contractual safeguards. Please do contact us if you would like more information about these safeguards (see the “Contact Us” section above for further details).

Retention period

The Company will retain your personal information for as long as required to perform the Services and/or carry out the purposes for which the data was collected or perform investigations in relation to the data depending on the legal basis for which that data was obtained and/or where additional legal/regulatory obligations mandate that we retain your personal information.

Your rights

You may have the following rights under DP Law:

  • Right of subject access: the right to make a written request for details of information about you held by the Company and a copy of that information.

  • Right to rectification: the right to have inaccurate information about you rectified. You must provide any relevant updates to your personal data held by the Company promptly to ensure its accuracy.

  • Right to erasure ('right to be forgotten'): the right to have certain information about you erased.

  • Right to restriction of processing: the right to request that your information is only used for restricted purposes.

  • Right to object: the right to object to the use of your information, including the right to object to marketing.

  • Right to data portability: the right, in certain circumstances, to ask for information you have made available to us to be transferred to you or a third party in machine-readable formats.

  • Right to withdraw consent: the right to withdraw any consent you have previously given us to handle your information. If you withdraw your consent, this will not affect the lawfulness of the Company’s use of your information prior to the withdrawal of your consent.

These rights are not absolute: they do not always apply and exemptions may be engaged. We may, in response to a request, ask you to verify your identity and to provide information that helps us to understand your request better. If we do not comply with your request, we will explain why.

To exercise any of these rights, or if you have any other questions about our use of your information, please contact us at the details set out in the “Contact Us” section above.

If you are unhappy with the way we have handled your information you have a right to complain to the data protection regulator. In Guernsey, your local regulator is the Data Protection Commissioner. Their website is available at www.odpa.gg.

Security

The Company takes the protection of your personal information seriously and has appropriate technical & organisational measures and policies in place to secure your information and to protect it against unauthorised or unlawful use and accidental loss or destruction. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will only do so in an authorised manner and are subject to a duty of confidentiality. All staff of the Company are made aware of their information security responsibilities.

We also have procedures in place to deal with any data breach. We will notify you and any applicable regulator of a data breach where we are legally required to do so.

How to contact us

If you have any questions about our use of your personal information, please be in touch with your usual contact or our Data Protection Officer on dpo@cannonhouse.com

Version 07 Date: 04 March, 2023.