China Last Night, Privacy Notice on GDPR
Regulation S-P defines “consumer” as an individual who obtains or has obtained a financial product or service from a financial institution primarily for personal, family, or household purposes, or for that individual’s legal representative. Generally, an individual is a consumer if he or she provides nonpublic information to the Company in connection with obtaining or seeking to obtain investment advisory services, whether or not the Company provides such services to the individual or establishes a continuing relationship with the individual.
“Customer” is defined as a consumer who has an on-going relationship with the institution. Generally, a customer is a consumer who has an investment advisory contract with the Company (whether written or oral) and/or the Company regularly effects or engages in securities transactions with or for a consumer even though the Company does not hold assets of the consumer.
While these terms have specific definitions, for the purposes of the Company’s policies, both consumers and customers will be collectively referred to as the “Client.”
Please note that we do not disclose Client information to nonaffiliated third parties except as permitted or required by law (e.g., disclosures to service Client account or to respond to subpoenas). No confidential information, whatever the service, regarding the Client may be disclosed except as follows: (1) to other employees in connection with the advisor’s business (2) to an affiliate, but the affiliate may disclose the information only to the same extent as the advisor (3) to non-affiliated third parties with whom the advisor has a confidential agreement to jointly offer, endorse, or sponsor a financial product or services, and to service or maintain Client accounts, including effectuating transactions.
By “personal data” we mean any information relating to the Client such as Client name, contact details, or online identifiers such as Client IP address (only if the Client visits our website). Personal data does not include data where the Client can no longer be identified from it such as anonymized aggregate data. The Company does not receive data from consumer or credit reporting agencies, such as credit reports. If for any reason the Company were to obtain data from consumer reports, such information would be destroyed in the manner described below.
The Company is a data controller. This means that we are responsible for deciding how we hold and use personal data about the Client. Should the Client have any questions about this Privacy Notice, please contact us at 280 Park Avenue 32nd Floor New York, NY 10017 U.S.A. or via e-mail at [email protected].
What personal data do we collect about the Client and what do we use it for?
The categories of personal data about the Client which we may collect, store and use have been carefully determined and are available upon request. In each case, we indicate what we use Client personal data for and our ‘lawful basis’ for processing it. The law specifies certain ‘lawful bases’ under which we are allowed to use Client personal data. Most commonly, we will rely on one or more of the following lawful bases for processing Client personal data:
- Where we need to perform the contract we have entered into with the Client;
- Where we need to comply with a legal obligation; and/or
- Where it is necessary for our legitimate interests (or those of a third party) and the Client’s interests and fundamental rights do not override those interests.
The Company’s distributors and/or service providers may also act as data controllers for data provided by the Client to the distributors as part of the marketing and/or subscription process. In such circumstances, notice of this use will be provided by the relevant distributor and/or service providers to the Client.
Please note that we may process the Client’s personal data without their knowledge or consent, in compliance with the above rules, if we are required by law to do so or if we reasonably believe that it is necessary to protect our rights and/or to comply with judicial or regulatory proceedings, a court order or other legal process.
What if the Client does not provide the personal data we request ?
If the Client does not provide us with certain personal data when requested, we may not be able to perform all or part of the contract we have entered into with the Client, or we may be prevented from complying with our legal obligations.
Change of purpose
We will only use the Client’s personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason which is compatible with the original purpose for which the Client provided it to us. If we need to use the Client’s personal data for a purpose that is unrelated to the original purpose for which the Client provided it to us, we will notify the Client and we will explain the legal basis which allows us to do so.
How do we collect the Client’s personal data?
The Client may provide personal information to us when communicating or transacting with us in writing, electronically, or by phone. For instance, information may come from applications, requests for forms or literature, and the Client’s transactions and account positions with us.
We may collect personal data about the Client:
- When the Client enters into a contract with us
- When the Client contacts our salespeople
- When the Client requests literature or research information from us
- When the Client submits their information on our Websites through our subscription forms or mailing lists
- When the Client visit our website
- When the Client attend our webinars
- When the Client attend other Company events
We may also automatically collect certain data when the Client interacts with our website such as technical data about Client equipment, browsing actions and patterns. We collect this personal data by using cookies.
With whom will we share the Client’s personal data?
We may share the Client’s personal data with third parties where this is required by law, where it is necessary to perform our contract with the Client, or where we have another legitimate interest in doing so.
We may need to share the Client’s personal data with: our service providers, including our transfer agent administrator, depositary, investment managers, distributors, auditors, lawyers, IT service providers, insurers and companies engaged to mail account-related materials.
We may share the Client’s personal data with other entities in our group to service Client accounts, in the context of a business reorganization or group restructuring exercise, for system maintenance support and for hosting of data. We may share the personal data we hold in the context of the possible sale or restructuring of the business. We may also need to share the personal data we hold with a regulator or to otherwise comply with applicable law or judicial process.
Where Client personal data may be processed
As we are domiciled in the USA, any personal data that we collect about the Client will be processed in the USA as our Websites are hosted in the USA and also in order for us to correspond with the Client or otherwise provide the information the Client has requested.
Where required by the GDPR, we will (or will require a processor to) put in place appropriate safeguards such as the standard contractual clauses approved by the European Commission. If the Client requires further information about this, they can request it by contacting [email protected].
How do we protect the confidentiality of the Client’s personal information?
The Company’s internal security policies restrict access to Client’s non-public personal information to authorized employees who require such information to provide products or services to the Client. We maintain physical, electronic, and procedural safeguards that are designed to comply with federal standards to guard this non-public personal information against unauthorized access, theft, or improper disclosure. Security measures include controlled access to the Company’s office and records within the office, password requirements to access Company’s networks and systems and restricted access to information stored in Company systems. All Company staff are subject to privacy procedures when dealing with non-public personal information and are responsible for ensuring the confidentiality of any information that is accessed.
How long will we retain the Client’s personal data?
We will only retain the Client’s personal information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, accounting or reporting requirements.
Once we no longer require Client’s personal data for the purposes we collected it for, we will securely destroy Client’s personal data in accordance with applicable laws and regulations. This includes any data we may have received from consumer reporting agencies, if any.
Accuracy of personal data
It is important that the personal data we hold about the Client is accurate and current. The Client should let us know if their personal data changes during their relationship with us.
Client rights in relation to their personal data
Where the processing of Client personal data is within the scope of the Regulation S-P, GDPR or CCPA, the Client have rights as an individual which they can exercise in relation to the information we hold about them under certain circumstances. These rights are to:
- Request access to Client’s personal data (commonly known as a “data subject access request”) and request certain information in relation to its processing;
- Request rectification of Client’s personal data;
- Request the erasure of Client’s personal data;
- Request the restriction of processing of Client’s personal data;
- Object to the processing of Client’s personal data; and
- Request the transfer of Client’s personal data to another party.
If the Client wants to exercise one of these rights, please contact us at [email protected].
The Client will not usually have to pay a fee to access their personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if the Client request for access is manifestly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
What we may need from the Client
We may need to request specific information from the Client to help us confirm their identity and ensure their right to access the information (or to exercise any of their other rights). This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
Client’s right to withdraw their consent
In the limited circumstances where the Client may have provided their consent to the collection, processing and transfer of their personal data for a specific purpose, the Client have the right to withdraw their consent for that specific processing at any time. To withdraw Client consent, please contact us at [email protected]. Once we have received notification that the Client have withdrawn their consent, we will no longer process Client information for the purpose(s) the Client originally agreed to unless we now have an alternative legal basis for doing so.
Questions and Comments