PRIVACY POLICY
Sumner Global ("we" or "us" or "the Company"), value the privacy and security of information of all Company stakeholders, including registered investors and applicants for investment (including investors in other members of the group of companies held or controlled by us). In this privacy policy ("Policy"), we describe how we may collect, use, and disclose information, including Personal Data (as described below) collected by us or on our behalf.
Please read this Policy carefully. By providing information to or investing with us, you acknowledge the practices described in this Policy. Any dispute over privacy is subject to this Policy and to the relevant clauses of any subscription form or consent form which you have entered into with the Company and/or any investment memorandum, loan note instrument or similar investment-related document which has been provided to you by or on behalf of the Company.
The information that we collect is controlled by the Company. In any case where we share Personal Data with a third party data controller (including, as appropriate, our service providers and other members of the group of companies held or controlled by us), the use by that third party of the Personal Data will be subject to the third party's own privacy policies.
For example, in limited circumstances, where a service provider to the Company is subject to a legal obligation requiring it to act as controller of the Personal Data, including where it is required to use the Personal Data for the discharge of its own AML (as defined below) obligations, such service provider will act as data controller. Where Personal Data needs to be shared with a depositary or custodian appointed to the Company in order to enable it to discharge its legal and regulatory obligations, such depositary or custodian will act as a data controller. The privacy policies of such service providers, depositaries and custodians can be obtained from them upon request.
Where Personal Data needs to be shared within the group of companies, for purposes such as investment administration, certain group entities may act as data controller.
We collect and process the Personal Data of registered investors, applicants for investments, beneficial owners, personal representatives, directors, officers, employees, agents, trustees and/or authorised signatories of registered investors and applicants for investments (being natural persons) ("Individuals") and other information relating to the dealings of Individuals with the Company and/or its service providers.
Where we need to process Personal Data in connection with a registered investor's contract with the Company or in anticipation of an applicant becoming a registered investor, or where we have a legal obligation to collect certain Personal Data relating to an Individual (for example, in order to comply with AML obligations), we will not be able to deal with the registered investor or applicant if the Individual does not provide the necessary Personal Data and other information required by us or (as applicable) our depositary or custodian.
For purposes of this Policy, Personal Data is any information that alone or together with other information in our possession relates to an identified or identifiable Individual. Personal Data may be information which we have or obtain, or which an Individual provides to us or our service providers.
Collection of Personal Data
We may collect the following Personal Data.
Personal Data we collect directly from you:
-
Full name, date of birth, gender, and contact details, including mailing address, email address, and telephone and fax numbers;
-
Tax identification number and bank account and payment method details;
-
Contribution amounts and investment choices;
-
Details about authorised signatories, agents, or representatives;
-
Copies of any relevant trust deeds, partnership agreements, constitutions, or articles of association (or equivalent);
-
Information about employees, agents, or other representatives of an investor or prospective investor, if such information is needed to open or maintain a registered investor account; and
-
Other information that you provide to us in connection with your investment or application for investment.
We may also collect Personal Data for your account from third parties authorised to disclose your Personal Data, such as from your employer or from companies that provide identification verification services.
Information about third parties:
We may collect information from you regarding other Individuals related to your account. Where you disclose information about authorised signatories, dependents, relatives, trustees, potential beneficiaries, employees, agents, or other representatives as outlined above to us, you warrant that you will only do so in accordance with applicable data protection laws; that you will ensure that before doing so, the Individuals in question are provided with a copy of this Policy and made aware of the fact that we will hold information relating to them and may use it for any of the purposes set out in this Policy.
We may, where required under applicable law, notify those Individuals that we have been provided with their Personal Data and provide a copy of this Policy to them.
Use of Personal Data and legal basis for processing
We may use the Personal Data we obtain:
-
for the purposes of performing the contract with a registered investor, or in anticipation of an applicant becoming a registered investor:
-
for the purposes of providing services to the registered investor, and setting up and administering the applicant's or registered investor's account(s), as the case may be;
-
for the collection of subscriptions and payment of distributions, and dividends;
-
to provide information about investments to registered investors; and
-
to deal with queries or complaints from registered investors;
-
-
for compliance with our legal obligations, including:
-
anti-money laundering, anti-terrorist financing, and fraud prevention purposes, including OFAC and PEP screening for these purposes and to comply with UN, EU and other applicable sanctions regimes (collectively, "AML");
-
compliance with applicable tax and regulatory reporting obligations;
-
where we are ordered to disclose information by a court with appropriate jurisdiction; and
-
recording of electronic communications in order to comply with applicable law and regulatory obligations;
-
-
where use is for our legitimate interest, including:
-
for day to day operational and business purposes;
-
to take advice from our external legal and other advisors; and
-
for board reporting and management purposes; and
-
-
where use or sharing is for a legitimate interest of another company in the group of companies, or of a service provider or third party to which we provide the Personal Data, including:
-
for day to day operational and business purposes;
-
for investor relationship management; and
-
for calculation and payment by the recipient of commissions and rebates.
-
Disclosure of Personal Data
We will not disclose any Personal Data to any third party, except as set out in this Policy. You have certain rights to object to the processing of your Personal Data as described in the Your legal rights section below.
We may disclose Personal Data as required:
-
to enable us to carry out the obligations under the contract with a registered investor or in anticipation of an applicant becoming a registered investor;
-
to anyone providing a service to us or acting as our agent in relation to a registered investment or prospective investment in the Company, as data processors or data controllers, on the understanding that they will keep the Personal Data confidential;
-
where Personal Data needs to be shared with a depositary or custodian, in order to enable it to discharge its legal and regulatory obligations in relation to an investment or prospective investment in the Company;
-
in limited circumstances, where an administrator in relation to an investment in the Company is subject to a separate legal obligation requiring it to act as controller of the Personal Data, including where it is required to use the Personal Data for the discharge of its own AML obligations;
-
where the registered investor or applicant is a client of an introducer appointed by the Company or to a company within the group of companies, for the purposes of calculation and payment of commissions and rebates;
-
where we need to share Personal Data with our auditors, and legal and other advisors;
-
in the event of a merger or proposed merger, to any (or any proposed) transferee of, or successor in title to, the whole or any part of our business, and to its officers, employees, agents, and advisers, to the extent necessary to give effect to such merger; or
-
where the disclosure is required by law or regulation, or court or administrative order having force of law, or is required to be made to any of our regulators
Cross-border transfer of Personal Data
Personal Data may be transferred outside the jurisdiction in which it is submitted from or to. This includes (without limitation) transfer into and outside Singapore, Hong Kong, the United Arab Emirates, Jersey, the UK and the European Economic Area (the "EEA"), in connection with administering a registered investor's account(s) and/or in anticipation of an applicant becoming a registered investor, and/or as otherwise required or permitted by law.
Some of the countries to which Personal Data may be transferred will be within the EEA or will be ones which the European Commission has approved and will have data protection laws which are the same as or broadly equivalent to those in the EEA, such as Singapore. However, some transfers may be to countries which do not have equivalent protections, and in that case, we shall use reasonable efforts to implement contractual protections for the Personal Data. While this will not always be possible where we are required to transfer the Personal Data in order to comply with and perform the contract with an Individual or where we have a legal obligation to do so, any transfers will be done in accordance with applicable data protection laws, including through the implementation of appropriate or suitable safeguards in accordance with such applicable data protection laws. This includes entering into data transfer agreements as appropriate.
Sensitive Personal Data
The Company may, in limited circumstances, collect and process sensitive Personal Data (such as data revealing racial or ethnic origin, political opinions, or trade union membership) in connection with its obligations under applicable AML laws. Any sensitive Personal Data will only be used and disclosed, as necessary, for such purpose.
Personal Data quality
We rely on the accuracy of the information provided by you and others. We take reasonable efforts to ensure that Personal Data collected by us or on our behalf is accurate, up to date, and complete, in accordance with applicable law. If any information about you changes or you have any concerns regarding the accuracy of information about you held by us, you should contact us at the address provided in the Contact us section below.
Information security and retention
We use commercially reasonable physical, electronic, and procedural safeguards to protect your Personal Data from loss, misuse, and unauthorised access, disclosure, alteration, and destruction in accordance with applicable law. Please be aware that despite our best efforts, no data security measures can guarantee 100% security all of the time.
We retain Personal Data for as long as necessary to provide our services to you, to fulfill the purposes described in this Policy and/or our business purposes, or as required by law, regulation, or internal policy. We are obliged to retain certain information to ensure accuracy, to help maintain quality of service, and for legal, regulatory, fraud prevention, and legitimate business purposes.
In general, we (or our service providers on our behalf) will hold Personal Data for a period of seven years, unless we are obliged to hold it for a longer period under law or applicable regulations.
Your legal rights
Subject to certain exemptions, and in some cases dependent upon the processing activity we are undertaking, you have certain rights in relation to your Personal Data:
Right to access Personal Data
You have a right to request that we provide you with a copy of your Personal Data that we hold, and you have the right to be informed of:
-
the source of your Personal Data;
-
the purposes, legal basis, and methods of processing;
-
the data controller's identity; and
-
the entities or categories of entities to whom your Personal Data may be transferred.
Right to rectify or erase Personal Data
You have a right to request that we rectify inaccurate Personal Data. We may seek to verify the accuracy of the Personal Data before rectifying it.
You can also request that we erase your Personal Data in limited circumstances where:
-
it is no longer needed for the purposes for which it was collected; or
-
following a successful right to object (see Right to object below); or
-
it has been processed unlawfully; or
-
erasure is required to comply with a legal obligation to which we are subject.
We are not required to comply with your request to erase Personal Data if the processing of your Personal Data is necessary:
-
for compliance with a legal obligation to which we are subject; or
-
for the establishment, exercise, or defence of legal claims.
Right to restrict the processing of your Personal Data
You can ask us to restrict your Personal Data, but only where:
-
its accuracy is contested, to allow us to verify its accuracy; or
-
the processing is unlawful, but you do not want it erased; or
-
it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise, or defend legal claims; or
-
you have exercised the right to object, and verification of overriding grounds is pending.
We can continue to use your Personal Data following a request for restriction:
-
to establish, exercise, or defend legal claims; or
-
to protect the rights of another natural or legal person.
Right to transfer your Personal Data
You can ask us to provide your Personal Data to you in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller, but in each case only where:
-
the processing is based on the performance of a contract with you; and
-
the processing is carried out by automated means.
Right to object to the processing of your Personal Data
You can object to any processing of your Personal Data which has our legitimate interests as its legal basis, if you believe your fundamental rights and freedoms outweigh our legitimate interests.
If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.
Right to obtain a copy of Personal Data safeguards used for transfers outside your jurisdiction
You can ask to obtain details of the safeguards under which your Personal Data is transferred by us. We may redact data transfer agreements to protect commercial terms.
Right to lodge a complaint with your local supervisory authority
You have a right to lodge a complaint with your local supervisory authority if you have concerns about how we are processing your Personal Data.
We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.
If you would like to exercise any of the rights described above, please send us a request at the address or email provided in the Contact us section below. In your message, please indicate the right you would like to exercise and the information that you would like to access, review, correct, or delete.
We may ask you for additional information to confirm your identity and for security purposes, before disclosing the Personal Data requested to you. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive.
Subject to legal and other permissible considerations, we will make every reasonable effort to honour your request promptly or inform you if we require further information in order to fulfill your request.
We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.
Contact us
If you have any questions relating to this Policy, or concerns about the way in which we have handled information about you, please do not hesitate to send us an email info@sumnerglobal-na.com.
If you raise any concerns about how we have handled your Personal Data, we may request additional details from you regarding your concerns and may need to engage or consult with other parties in order to investigate and resolve your issue. We will keep records of your request and any resolution of your issue.
Changes to this Policy
We will post changes to this Policy on our website along with the effective date of the changed policy. We recommend that you review this Policy periodically. If we make a material change to this Policy, you will be provided with appropriate notice.