Sagicor Investments (Cayman) Limited (“SICL”) processes personal data in connection with our client relationships in the course
of our provision of securities investment business services. Accordingly, we have certain obligations and duties as a data controller
under the Data Protection Act of the Cayman Islands. While these obligations and duties are specific to our processing of personal
data, SICL is actively committed to protecting our valued clients’ confidential information from unauthorised access or use whether or
not it constitutes personal data.
In accordance with our obligations as a data controller, this privacy notice explains our personal data processing activity and describes what personal data we collect, how we use it, the safeguards in place, your rights and how to contact us if you have any data protection queries.
Personal data that SICL collects
SICL collects and process certain personal data relating to clients that are individuals as well as on individuals associated with our
institutional clients, which may include clients’ directors, authorised signatories, shareholders, beneficial owners, employees,
representatives, agents and professional advisers (all “client data subjects”).
The types of personal data SICL collects about client data subjects may include:
- identification details (e.g. relationship to the client; name, address; date and place of birth; nationality; passport information; picture ID; signature; utility bill)
- other due diligence information such as source of funds/wealth/financial standing; tax identification number; PEP status; information about regulatory, law enforcement or sanctions status
- contact details (e.g. phone number, email address, mobile number)
- details concerning securities transactions and accounts
- details required to assess investment product suitability for a retail client
Personal data may be collected directly from our clients in various interactions with SICL (including through client usage of our
on-line services) and/or from searches we may conduct of our own records, of publicly available sources and of various specialist
databases. We may also collect information automatically through cookies on our website (please see below).
Some of the information SICL collects may fall within the category of sensitive personal data -- for example, customer due diligence checks on client data subjects may reveal political opinions or information about criminal convictions or offences. Where SICL processes sensitive personal data, it will usually do so in order to comply with its obligations under anti-money laundering (“AML”) legislation and in all cases such processing will comply with the additional lawful basis requirements under the Data Protection Act.
If we are unable to collect the personal data we require to comply with the statutory l obligations that we are under by virtue of being a licensed investment services provider, this will mean that we will not be able to provide the services you have requested.
The purposes for which SICL processes personal data
Set out below are the purposes for which SICL may process personal data in the context of our client relationships and the lawful basis for doing so:
- to deliver our products and services to clients
- to manage and administer our client relationships
- to comply with customer due diligence obligations and reporting obligations under applicable law regarding AML and combatting the financing of terrorism and proliferation (“CFTP”); financial sanctions; and FATCA/CRS
- to comply with legal and regulatory measures to which we are subject in connection with our securities investment business
- to respond to lawful requests for information from the court or law enforcement, regulatory or government authorities
- for general commercial purposes, including marketing/business development (see further below), product/service development and enhancement, quality control; in the context of any merger, sale or acquisition involving SICL; and other business purposes
- to respond to or evaluate any queries or complaints concerning your relationship with us
- to establish, exercise, or defend legal claims or rights
By way of marketing/business development, we may communicate with client data subjects from time to time about products, services and
events offered by SICL and/or send analysis and insight communications that we think may be of interest. Clients can opt-out at any
time to the receipt of such communications.
SICL will only process personal data where we have a lawful basis for doing so under the Data Protection Act. The lawful bases we primarily rely upon are:
- that it is necessary for our performance of the contract we have entered into with you
- that is necessary to comply with our legal obligations
- that it is necessary for our legitimate interests
- that it is necessary to the exercise of a function in the public interest conferred under law (in the case of the processing of sensitive personal data of client data subjects).
Our legitimate interests will include operating our business in a commercially optimal and sound manner; marketing of our products/services; implementation of regulatory measures to which we are subject concerning, for example, IT/data security and business continuity/disaster recovery; establishing, exercising or defending legal claims or rights or dealing with complaints or disputes that may arise; conducting merger, sale or acquisition activity. When SICL processes personal data to meet its legitimate interests, we ensure that those interests are balanced against the rights and freedoms or legitimate interests of data subjects.
With whom SICL may share personal data
Personal data may be shared with or disclosed to various recipients external to SICL including:
- our service providers (including specialist database/screening services), securities business counterparties and professional advisors
- our outsource service providers where involved in processing personal data on our behalf (i.e. acts as data processor), e.g. our IT service provider
- Cayman Islands regulatory, law enforcement, judicial or other competent authorities (including the Ombudsman), under lawful request or legal obligation
- SICL affiliates or members of our corporate group including internal service companies and companies with which our clients have a customer relationship
- any concerned party as a result of a merger or the sale or acquisition of SICL or an SICL service line
If we engage a third party to process personal data on our behalf, we will ensure that there is a written agreement in place with contractual terms that provide for appropriate data protection and confidentiality. Similarly, if we transfer personal data outside of the Cayman Islands e.g. to an SICL affiliate or for the purposes of data resilience/business continuity, we will ensure that Data Protection Act provisions are observed concerning any such transfers so that an adequate and appropriate level of data protection is achieved.
Retention of personal data
SICL will retain personal data on client data subjects for the duration of the client relationship with SICL and for such period after the relationship ends as is necessary to comply with record retention requirements under applicable law or to enable SICL to be in a position to deal with any complaint, claim or dispute that might arise. The AML/CFTP and securities investment business legislation require records to be retained for a minimum of 5 years after the end of the client relationship and the FATCA/CRS legislation, for a minimum of 6 years.
As required not only by the Data Protection Act but also by the regulatory measures to which SICL is subject by virtue of being a
licensee under the Securities Investment Business Act, SICL deploys appropriate technical and organisational measures to ensure that
personal data is properly protected against unauthorised or unlawful use or processing and against accidental loss, destruction or
damage. This includes ensuring that any data processor we use to process personal data on our behalf is contractually required to
keep that personal data equally confidential and secure.
Our employees receive data security training, are bound by a code of conduct concerning confidentiality of client information (including any personal data) and are subject to disciplinary action (including termination) for unauthorized use or disclosure of client information. We restrict access to client information to only those employees who need to know that information in order to do their job.
Data subject rights
In addition to the right to be informed, to which this privacy notice responds, data subjects have the following rights, which may be restricted in certain processing contexts as provided under the Data Protection Act:
- the right to access your personal data
- the right to rectification of inaccurate personal data
- the right to stop or restrict processing
- the right to stop direct marketing
- rights in relation to automated decision-making
- the right to file a complaint with the Ombudsman if you consider that your personal data has not processed in compliance with the Data Protection Act
- the right to seek compensation for damage suffered as a result of a contravention of the Data Protection Act by a data controller
How to contact SICL
Your trust and comfort are important to us. If you have any questions about this privacy notice or how to make a subject access request or exercise other data subject rights, please contact us at:
- Name: Geoffrey Chong
- Email: firstname.lastname@example.org
How to contact the Ombudsman
SICL is committed to working with you to reach a fair resolution of any complaint or concern about the processing of your personal data. If, however, you consider that SICL has not been able to assist with your complaint or concern, you have the right to make a complaint to the Cayman Islands Ombudsman, who is the data protection authority. The Ombudsman may be contacted at:
- Visit: 5th Floor, Anderson Square, 64 Shedden Road, George Town, Grand Cayman
- Mail: PO Box 2252, Grand Cayman KY1-1107, Cayman Islands
- Email: email@example.com
- Call: +1 345 946 6283
The Ombudsman has a complaint form that may be accessed from www.ombudsman.ky/data-protection
Changes to this Privacy Notice
We reserve the right to modify this privacy notice from time to time at our sole discretion. If we make any material changes, we will post a notice on our website and update the "Last updated" date at the bottom of the privacy notice.
Last updated: 12 April 2022