Data Protection Policy and Privacy Notification

1. WHO IS RESPONSIBLE FOR YOUR DATA?

Seagate Wealth Management is a trading name of Castle Wealth Management SL CIF: B54524871. The term “personal data” refers to information that relates to you and allows us to identify you, either directly or in a combination with other information that we may hold. The below sets out the way Seagate collects, stores and otherwise uses your personal data and the reasons for doing that.

2. TYPES OF PERSONAL DATA WE COLLECT

Seagate collects personal data from you at various points during your time as a client of ours, including when applying to become a client, or using our website. We may collect and process the following categories of information about you (please note this list is not exhaustive):

Category of Personal Information Description

Personal identifiers Title, name, surname, gender, date of birth

Contact Permanent residential address, correspondence address, home/mobile/work phone number and E-mail address

Social demographic Nationality, country of birth, city of birth, country of issue of identity card/ passport, Politically Exposed Person (“PEP”) classification, Tax Residency, nationality, and earnings

Documentary data Details about you stored on documents in different formats, or copies of them. This may include documents such as passport, drivers licence, birth certificate or bank statements

Social relationships Marital status and nominated beneficiaries

Financial data Bank accounts, IBAN numbers and SWIFT/BIC codes

National identifier A number or code given to you by a government to identify who you are, such as a national insurance number, passport number or Tax Identification Number

Behavioural   Risk profile, other pension arrangements (which may be intended to be transferred to our Scheme), intended retirement age, nominated beneficiaries linked to death benefits

You may also provide further information (either on request or voluntarily) by email, post, in face-to-face meetings or by phone.

3. HOW SEAGATE COLLECT YOUR PERSONAL DATA

We collect information from our applicants and clients predominantly through our application form but also through any subsequent interactions with you.
We use different methods to collect data from and about you, including through:

Direct interactions. You may give us your identity, contact and financial data by filling in forms or by corresponding with us by post, phone, email, online, and face to face meetings or otherwise. This includes personal data you provide when you:
– apply for our products or services;
– subscribe to our services;
– request marketing to be sent to you; or
– give us some feedback.

Automated technologies or interactions. As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. Please see our cookie policy on our website www.seagatewealth.es/cookie-policy for further details.

Third party sources. We may receive personal data about you from various third parties as set out below: – Trafalgar International, Momentum, Old Mutual International, SEB, Lawyers, Currency transfer companies, Avalon.

The above lists under each method are not exhaustive.

4. WHY AND HOW SEAGATE USES YOUR PERSONAL DATA

Seagate uses your personal data for the following purposes:

• In connection with the provision of services to you in order to administer your Investments. This may involve seeking, receiving and processing instructions from you, fulfilling our obligations to you, responding to any request made by you and/or communicating changes to the Scheme/services in question.

• In order to adequately audit and risk assess the services provided.

• In order to contact you directly, including updating you in relation to our services.

• In order to carry out full customer due diligence.

• In order to comply with relevant regulations and obligations including but not limited to obligations relating to prevention of money laundering and funding of terrorism, fraud and crime prevention. This includes performing screening checks at application stage and on a periodic basis thereafter.

Seagate does not use systems to make automated decisions based on personal data collected.

5. HOW LONG SEAGATE RETAINS YOUR PERSONAL DATA

Seagate will keep your personal data during your client relationship, and potentially up to 10 years once your relationship has ceased, for the following reasons:

• To respond to any questions or complaints

• To demonstrate that you are, or have been, treated fairly

• To satisfy our record keeping obligations in accordance with the applicable legislation and regulations

Seagate may be required to keep your personal data for longer than 10 years if it cannot be deleted for legal, regulatory or technical reasons. Seagate may also keep your personal data for research or statistical purposes. In these circumstances, appropriate measures will be established to ensure your privacy is protected, and the personal data is only used for the purposes intended.

6. SHARING YOUR PERSONAL DATA<

 Seagate might share your personal data with third parties, in limited circumstances. Predominantly that sharing is carried out in order to ensure that our services are provided and administered successfully and in compliance with our regulatory and professional obligations. Your personal data may be shared by Seagate as follows:

• We will share your personal data with your ceding/receiving Schemes, investment companies and investment managers where necessary in connection with our services and services intrinsically linked to the same. Where necessary, Seagate sends a copy of the application form to the investment provider and if the ceding/receiving Schemes asks for details, Seagate will provide them with such information as detailed in the application form, identification documents and/or transfer forms.

• We will share your personal data amongst Seagate’s group companies (including Trafalgar International and GlobalNet Ltd).

• We may need to disclose your personal data if required by law, if we believe that disclosure is necessary to comply with a current judicial proceeding, or a court order or legal process served on us, in order to enforce our terms and other agreements or to protect the property, rights or safety of Seagate, our clients or others.

• In the event that the Seagate goes through a business transition, such as a merger, being acquired by another company, or selling a portion of its assets, your personal data will, in most instances, be part of the assets transferred.

• We will not seek to share your personal data other than in the way set out above without taking steps to gain your consent to the same. However, if we are unable to obtain instructions, we may share information where, in our view, it is in your legitimate interest for us to do so.

7. SECURITY OF YOUR PERSONAL DATA

Seagate have in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

There are inherent risks involved when transmitting personal data by post, email and phone or through our website, however Seagate does everything possible to limit these risks by adopting the appropriate technical and organisational measures in order to protect and secure your personal data against unauthorised or unlawful processing and against accidental losses, destruction and/or damage.

As described above, where we disclose your personal data to third parties, we will require that the third party has appropriate technical and organisational measures in place. However, in some instances where we are compelled by law to disclose your personal data, we may have limited control over how it is being protected by that party.

8. COOKIES OR OTHER TRACKING TECHNOLOGIES

Seagate online systems and any third party services Seagate may use such as Google Analytics or others may store cookies on your machines. The cookies may collect information such as but not limited to your machine’s IP address, location from where you access our online systems, number of times you access our systems, and browser you use.

We use cookies in order to improve the online user experience, to provide you with more relevant content and to analyse how you use Seagate’s website.

 For further information, please refer to the Cookie Policy available on Seagate’s website, www.seagatewealth.es/cookie-policy.

9. YOUR LEGAL RIGHTS

Lawful processing

In addition to our Data Protection and Privacy Notification Statement, your privacy is protected by law.

Seagate are legally only allowed to collect and process personal data where there exists a proper reason to do so. The law says Seagate must have one or more of these reasons:

• You have provided your consent for Seagate to do so;

• It is necessary for the performance and servicing of your Investment;

• There is a legal obligation;

• In order to protect your vital interests or of another individual;

• It is necessary for the performance of a task carried out in public interest or in the exercise of official authority vested in Seagate; and

• It is in Seagate’s legitimate interest.

Below is a list of ways in which we may use your personal data, which of the reasons we rely on to do so, and what our legitimate interests are (this is not an exhaustive list):

WHY WE USE YOUR INFORMATION      OUR REASONS                     OUR LEGITIMATE INTEREST
• To manage our relationship with you.

• To develop new ways to meet our clients’ needs and grow our business

• To provide guidance about our services

• Your explicit consent

• Fulfilling contractual   obligations

• Our legitimate interests

• Our legal duty

• Keeping our records about you up to date

• Seeking your consent when we need it to contact you

• Being efficient about how we fulfil our legal and contractual duties

• To deliver our services • Fulfilling contractual obligations

• Our legitimate interests

• Our legal duty

• To develop services to improve our business
• To detect, investigate, report and seek to prevent financial crime.

• To manage risk for us and our customers.

• To comply with laws and regulations applicable to us.

• To respond to complaints and seek to resolve them.

• Fulfilling contractual obligations

• Our legitimate interests

• Our legal duty

• To develop and improve how we deal with financial crime, as well as carrying out our legal duties.

• Comply with regulations applicable to us.

• Being efficient about how we fulfil our legal and contractual duties.

• To run our business in an efficient manner by managing our business capability, planning, governances, communications and audit • Our legitimate interests

• Our legal duty

• Comply with regulations applicable to us.

• Being efficient about how we fulfil our legal and contractual duties.

 

Seagate does not intentionally collect personal data that could reveal your racial or ethnic origin, physical or mental health, religious beliefs or alleged commission or conviction of criminal offences. Such information is considered “sensitive personal data”. Seagate will only collect this information where one of the above reasons are satisfied. We cannot prevent you from disclosing the same to Seagate as part of your correspondence with us but you should ensure that such information is only provided where it is absolutely necessary and in circumstances where you would be content for us to use it in the manner described above.

Right to access your personal data

You also have the right to request access to the personal data that we hold about you. Should you wish to request a copy of your personal data, or have any questions in relation to your personal data, please contact Seagate. Requests for access to your personal data will be processed free of charge. However, if we deem that requests for access are being made in a frequent, excessive and repetitive manner or on unfounded basis, Seagate reserves the right to charge a reasonable fee to meet our administrative costs.

Right to stop Seagate from using your personal data

You have the right to object to Seagate using your personal data, or ask Seagate to delete, remove or stop using your personal data. You also have the right to restrict Seagate from using your data. This means that your personal data can only be used for certain things such as legal claims or in order to exercise legal rights. During such instances, Seagate will not use or share your personal data in other ways. You may ask Seagate to restrict processing your personal data if it is not accurate; if it has been unlawfully used but you don’t want Seagate to delete it; if it is not relevant anymore but you want Seagate to keep it for use in legal claims; or you have already asked Seagate to stop using your data but you’re waiting for confirmation as to whether Seagate are allowed to use it. Seagate may need to keep or continue to use your data to comply with any regulatory reporting requirements or similar requirements.

Right to withdraw your consent

You have the right to withdraw your consent. Please contact Seagate if you wish to do so.
Where consent is the only lawful basis upon which your personal data can be processed, withdrawing your consent may mean Seagate cannot provide you with a full service. If this is the case, this would effectively terminate your agreement with Seagate.

Right to rectify inaccurate personal data

You have the right to question any personal data we have about you that you think is wrong or incomplete. Should you do so, Seagate will take reasonable steps to check the accuracy of all information held, and correct it where necessary.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Time limit to respond

We try to respond to all legitimate requests within [1] one month. Occasionally it may take us longer than this if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

10. UPDATES TO THIS POLICY

We will occasionally update this Policy to reflect changes in the applicable Regulation, and/or relevant legislation as well as both company and customer feedback. We will contact you to inform you of the same whilst the revised Policy can be found on our website. (www.seagatewealth.es).