Company means Sterling Hurricane Hole Limited, or any other company forming part of the Sterling Group.
Bahamas Data Protection Law means the Data Protection (Privacy of Personal Information) Act, 2003 of The Bahamas, as may be amended and supplemented from time to time.
Data Protection Legislation means
- with respect to users who are European residents: the GDPR, European Commission decisions, binding EU and national guidance and all national implementing legislation and
- with respect to all other users : the Bahamas Data Protection Law.
GDPR means Regulation (EU) 2016/679 known as the General Data Protection Regulation, in force on 25 May 2018, as such regulation may be amended and supplemented from time to time.
Interpretation: controller, processor, data subject, personal data and processing shall have the meanings given to them under Data Protection Legislation. The Company is a controller within the meaning of the Data Protection Legislation and undertakes to hold any personal data provided by data subjects (hereinafter users) in accordance with such law.
Sterling Group means the Sterling group of companies including Sterling Hurricane Hole Limited, Sterling Global Financial Limited, Sterling Financial Group Inc (Bahamas), Sterling International Services Limited (Cayman Islands), Sterling Trust (Cayman) Limited, Sterling Directors Limited, Sterling Bank and Trust Limited, Sterling Wealth Management and each of their respective parents, subsidiaries and affiliated companies.
This privacy notice explains the manner in which the Company collects, processes and maintains personal data about users.
Users should review this notice carefully as it contains information about the treatment of personal data and each your rights under the Data Protection Legislation.
User acknowledges and agrees that personal data provided to any Company within the Sterling Group may be provided to other members of the Sterling Group for customer service and promotional purposes and you may be contacted by individuals within other Companies of the Sterling Group for promotional purposes.
Where the user is a non-natural person, the user represents and warrants that:
- if it is resident in European Union
- all the information contained in this Privacy Notice has been transmitted in its original form and without any amendments to the data subject(s);
(ii) all personal data that is provided or made available to the Company or the Sterling Group has been collected, processed and transferred in accordance with the Data Protection Legislation;
(iii) in particular and without restriction, (where applicable) that the consent of the data subjects to whom the personal data relates has been procured to the processing and the disclosure of their personal data as described herein;
(iv) such personal data is adequate, relevant, and limited to what is necessary for the purposes described herein, and is accurate and up-to-date.
Categories of personal data: In the course of business, the Company may collect, record, store, transfer and otherwise process information by which users may be directly or indirectly identified. The categories of personal data include:
|Identifying information||Name, title, date of birth, age, gender, nationality, picture (e.g. passport / driver's licence), national identification number, usernames, email address, residential address|
|Contact information||Postal address, telephone / mobile / fax number, email address|
|Family information||Family structure, siblings, offspring|
|Financial information||Source of wealth, personal assets, bank account numbers and income details, tax identification number, financial and investment qualification, shareholder reference number|
|Transaction information||Payment details and other details of products and services purchased by the user, power of attorney information|
|Professional information||Job titles, employment history, employer details|
|Marketing and communication information||Personal data contained in emails, data regard the user's preferences in connection with marketing communications|
|Special category data||Data obtained pursuant to the Company's standard criminal record checks, political opinion and affiliation data obtained further to the Company's standard AML and user due diligence checks|
Sources of personal data: The Company collects personal data about users mainly through the following sources:
- subscription forms, questionnaires and other information provided by the user in writing (including any anti-money laundering, identification, and verification documentation), in person, by telephone or video transmission (which may be recorded), electronically or by any other means;
- transactions with the Company or the Sterling Group, including account balances, investments, distributions, payments and withdrawals;
- information captured on the Company's website, including registration information and any information captured via cookies,
- credit reference agencies and available public databases or sources, such as news outlets, websites and international sanctions lists; and
- from members of the Sterling Group.
Purposes and legal bases: The Company may process a user's personal data for any one or more of the following purposes and legal bases:
- in order to enable the Company, the Sterling Group and the Company’s users to satisfy their contractual duties and obligations;
- to manage and administer any user accounts on an on-going basis;
- to comply with any applicable legal, tax or regulatory obligations on the Company and/or any of its delegates or service providers under any applicable laws including but not limited to anti-money laundering, sanctions and counter-terrorism legislation. If any such obligations derive from the laws of a non-European Economic Area country, the Company and/or any of its delegates or service providers will be obliged to comply with those obligations in connection with the provision of services to users;
- risk management and control purposes relating to the Company or any entity in the same group;
- to investigate and respond to any complaints about the Company and to help maintain service quality and train staff to deal with complaints and disputes;
- to market our services or engage in business transactions;
- to process applications of employment;
- to invoice or process payment;
- for any other legitimate business interests' of the Company, where such interests are not overridden by the interests of the user; or
- for any other specific purposes where users have given their specific consent.
Users are required to provide their personal data for statutory and contractual purposes. Failure to provide the required personal data or an objection to processing may result in the Company being unable to process the user's agreement with the Company and this may result in the Company terminating its relationship with the user.
The Company will only use a user's personal data for the purposes for which it was collected, unless the Company reasonably considers that the personal data needs to be used for another reason and that reason is compatible with the original purpose. If the Company needs to process personal data for an unrelated purpose, the Company will notify the user and explain the legal basis which allows the Company to do so.
User rights: Users have the following rights:
- access their personal data;
- correct personal data where it is inaccurate or incomplete;
- restrict under certain circumstances the further processing of their personal data;
- ask for erasure of their personal data under certain circumstances;
- object to the use of their personal data (including for direct marketing purposes);
- ask for personal data portability under certain circumstances.
Users have the right to object to the processing of personal data where that processing is carried out for the Company's legitimate business interests or for direct marketing / market research purposes.
However, there are situations where the Company can refuse to comply with a request to restrict further processing (for example, where it is subject to a legal obligation to process the data). The Company may decline a user request if it is under a legal obligation, in order to protect the vital interests of an individual or otherwise permitted under applicable law. Where the processing is based on consent, the withdrawal of consent shall not affect the lawfulness of any prior processing based on consent received or processing for other reasons and based on other grounds where this is permitted under applicable law.
A user may exercise its rights by writing to the Company at the following e-mail address: email@example.com.
External transfers / Processors: For users who are resident of the European Union. the Company will not transfer personal data of that user to a country outside of the EEA unless:
- that country ensures an adequate level of data protection (such as Andorra, Argentina, Canada (commercial organizations), Faroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland, Uruguay and the US (limited to the Privacy Shield framework)), or
- appropriate safeguards such as the model clauses (which are standardised contractual clauses, approved by the European Commission) are in place, or
- the Company relies on one of the derogations provided for under the Data Protection Legislation, for example where the user has consented to such transfer.
Certain of your personal information may be transferred and stored within computer servers located in Canada, Bahamas and the Cayman Islands.
In certain instances the Company may be required to transfer user personal data to jurisdictions that are considered to not have equivalent privacy laws. In such an instance, the Company will ensure that appropriate safeguards are in place.
Where processing is carried out on behalf of the Company, the Company shall engage a data processor (the Processors)) which provides sufficient guarantees to implement appropriate technical and organizational security measures in a manner that such processing meets the requirements of Data Protection Legislation, and ensures the protection of the rights of users. The Company will enter into a written contract with the Processor which will set out the Processor's specific mandatory obligations as laid down in the Data Protection Legislation, if any, including to process personal data only in accordance with documented instructions from the Company.
Retention: The Company will not keep personal data for longer than is necessary for the purpose(s) for which it was collected. In determining appropriate retention periods, the Company shall have regard to any applicable statutes of limitation and any statutory obligations to retain information, including anti-money laundering, counter-terrorism, tax legislation. The Company will take all reasonable steps to destroy or erase the data from its systems when they are no longer required.
Automated decision making: The Company may utilise automated systems to analyse trading patterns an/or other commercial activity of the user for the purposes of determining whether the user poses a money laundering risk or sanctions risk. The results from these automated systems may result in the user being flagged internally and/or reported to applicable governmental or regulatory bodies.
Other than the foregoing, the Company does not envisage that any other decisions will be taken about a user using fully automated means, however the Company will notify the user in writing if this position changes.
Complaints: Should you have any unresolved complaints in relation to the retention or processing of personal data, you may lodge a complaint with your local data protection authority.
Changes to Privacy Notice: The Company reserves the right to update this Privacy Notice at any time, and will ensure that any update to this privacy notice is made available on its website www.sterlinggloballtd.com. The Company encourages users to regularly review this and any updated Privacy Notice to ensure that the user is always aware of how personal data is collected, used, stored and disclosed. The Company may also notify users in other ways from time to time about the processing of their personal data.