GF International Asset Management (UK) Company Limited (“GFIAM”), a 100% subsidiary of GF Fund Management Co. Ltd (“GF Fund”) is established in the European Union with its registered office at First Floor, 43 London Wall, London, EC2M 5TF.
GFIAM as an asset manager is a Data Controller in respect of the Personal Data it holds on its Data Subjects.
GFIAM is committed to ensuring compliance with the GDPR across its group of companies, products and services and in how it manages its client relationships.
It is your responsibility to ensure that individuals connected with you (such as your third-party representatives) (“Relevant Individuals”) are notified by you about how we handle Personal Data that is provided to us or we otherwise obtain.
Whenever you provide the Personal Data of a Relevant Individual to us, we shall rely on you to have the right to provide that data to us, and to have obtained any relevant consents to the collection, use, processing and sharing of such Personal Data by us.
Our Approach to protecting Personal Data
GFIAM complies with all applicable legislation relating to data protection. We have summarised below our approach to protecting the confidentiality and security of information we collect about Relevant Individuals.
GFIAM receives data from intermediaries, employees and individuals in a variety of ways, including but not limited to:
• Information you provide to us – Personal Data that you provide to us, such as when using the contact form on our websites, including your name, email address, and other contact details;
• Survey Information – we may also ask you to complete surveys that we use for research purposes. In such circumstances we shall collect the information provided in the completed survey.
• Marketing preference information – details of your marketing preferences (e.g. communication preferences) and information relevant to selecting appropriate products and services to offer you;
• Our correspondence – if you contact us, we will keep a record of that correspondence;
• Financial Information – to ensure that the advice and/or products we provide you are appropriate for you and the investments you purchase are suitable for you;
• Your transactions and holdings – details of transactions or holdings with us that you have made or initiated;
• Anti-Crime and Fraud Information – Data relating to your financial situation, your creditworthiness or any criminal or fraudulent activities provided to us by you or third parties including information which establishes your identity, such as driving licenses, passports and utility bills; information about transactions, credit ratings from credit reference agencies; fraud, offences, suspicious transactions, politically exposed person and sanctions lists where your details are included;
• Website and Communication usage – details of your visits to the websites and information collected through cookies and other tracking technologies including, but not limited to, your IP address and domain name, your browser version and operating system, traffic data, location data, web logs and other communication data, and the resources that you access;
• Device Information – such as information about your browser, IP address, software applications, operating system, geo-location, security status and other device information in order to improve your experience, to protect against fraud and manage risk;
• Call recordings and CCTV – We may monitor or record our incoming or outgoing telephone calls with you to ensure accuracy, security, service quality, for training purposes and to establish a record of our communications. If you do not wish to have your call recorded, you have other options to conduct business with us such as online, or by contacting us in writing. We may record CCTV footage in and around our premises and other locations for the safety of our clients and employees, and to protect against theft, property damage and fraud;
Where we collect your Personal Data, we may use or disclose it for the following purposes:
• To comply with legal or regulatory requirements, or as otherwise permitted by law – we may process your Personal Data to comply with our regulatory requirements or communication with our regulators or defend or prosecute claims as applicable which may include disclosing your Personal Data to third parties, the court service and/or regulators or law enforcement agencies in connection with enquiries, proceedings or investigations by such parties anywhere in the world. Where permitted, we will direct any such request to you or notify you before responding unless to do so would prejudice the prevention or detection of a crime.
Legal basis for processing: legal obligations; legal claims; legitimate interests (to cooperate with law enforcement and regulatory authorities)
• To verify your identity, protect against fraud and manage risk – we and other organisations may access and use certain information to prevent fraud, money laundering and terrorism as may be required by applicable law and regulation and best practice at any given time, including checking against sanctions, politically exposed persons (PEP) and other fraud or crime screening databases. If false or inaccurate information is provided and fraud is identified or suspected, details may be passed to fraud prevention agencies and may be recorded by us or by them.
Legal basis for processing: legal obligations; legitimate interests (to cooperate with law enforcement and regulatory authorities)
• To monitor certain activities – to monitor queries and transactions to ensure service quality, compliance with procedures and to combat fraud;
Legal basis for processing: legal obligations, legal claims, legitimate interests (to ensure that the quality and legality of our services)
• To provide and manage products and services you have requested – to administer our services, including to carry out our obligations arising from any agreements entered into between you and us, or to notify you about changes to our services and products.
Legal basis for processing: contract performance; consent, legitimate interests (to enable us to perform our obligations and provide our services to you or to notify you about changes to our service)
To inform you of changes – to notify you about changes to our services and products;
Legal basis for processing: legitimate interests (to notify you about changes to our service)
• To communicate with you regarding products and services that may be of interest – to provide you with updates and offers, where you have chosen to receive these. We may also use your information for marketing our own and our selected business partners’ products and services to you by post, email, phone, SMS or online or social media advertisement. Where required by law, we will ask for your consent at the time we collect your data to conduct any of these types of marketing. We will provide an option to unsubscribe or opt-out of further communication on any electronic marketing communication sent to you or you may opt out by visiting Contact Us.
Legal basis for processing: legitimate interests (to keep you updated with news in relation to our products and services); consent
• To understand our customers and to develop and tailor our products and services – we may analyse the Personal Data we hold in order to better understand our clients’ services and marketing requirements, to better understand our business and develop our products and services. In order to ensure that content from our website is presented in the most effective manner for you and for your device, we may pass your data to business partners, suppliers and/or service providers;
Legal basis for processing: legitimate interests (to ensure the quality and legality of our services, to allow us to improve our services and to allow us to provide you with the content and services on the website)
• To communicate effectively with you and conduct our business – to conduct our business, including to respond to your queries, to otherwise communicate with you, or to carry out our obligations arising from any agreements entered into between you and us.
Legal basis for processing: contract performance; legitimate interests (to enable us to perform our obligations and provide our services to you)
• To reorganise or make changes to our business – in the event that we (i) are subject to negotiations for the sale of our business or part thereof to a third party, (ii) are sold to a third party or (iii) undergo a reorganisation, we may need to transfer some or all of your Personal Data to the relevant third party (or its advisors) as part of any due diligence process for the purpose of analysing any proposed sale or reorganisation. We may also need to transfer your Personal Data to that reorganised entity or third party after the sale or reorganisation for them to use for the same purposes as set out herein;
Legal basis for processing: legitimate interests (in order to allow us to change our business)
We may disclose your Personal Data to other entities within the GFIAM group, for legitimate business purposes (including providing services to you and operating our Sites), in accordance with applicable law.
In addition, we may disclose your Personal Data to:
• you and, where appropriate, your family, your associates and your representatives;
• clients and customers of our businesses;
• credit reference agencies;
• anti-fraud services;
• Governmental, legal, regulatory, or similar authorities, ombudsmen, and central and/or local government agencies, upon request or where required, including for the purposes of reporting any actual or suspected breach of applicable law or regulation;
• accountants, auditors, financial advisors, lawyers and other outside professional advisors to GFIAM, subject to binding contractual obligations of confidentiality;
• debt-collection agencies and tracing agencies;
• data aggregation services;
• accreditation bodies;
• third-party Processors (such as payment services providers etc.), located anywhere in the world, subject to the requirements noted below;
• any relevant party, claimant, complainant, enquirer, law enforcement agency or court, to the extent necessary for the establishment, exercise or defence of legal rights in accordance with applicable law;
• any relevant party for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including safeguarding against and the prevention of threats to public security in accordance with applicable law;
• any relevant third-party acquirer(s), in the event that we sell or transfer all or any relevant portion of our business or assets (including in the event of a reorganisation, dissolution or liquidation);
• the press and the media; and
• voluntary and charitable organisations.
If we engage a third-party Processor to Process your Personal Data, the Processor will be subject to binding contractual obligations to: (i) only Process the Personal Data in accordance with our prior written instructions; and (ii) use measures to protect the confidentiality and security of the Personal Data; together with any additional requirements under applicable law.
Data is stored on GFIAM’s UK systems (check). We also transfer data to our affiliates and Parent Company located in countries outside of the European Economic Area (“EEA”). Those countries outside the EEA provide the same level of protection to personal information as the UK does. If we transfer data or share it with others outside the EEA, we ensure that we and those persons or companies who receive the data agree to protect it from improper use or disclosure, in accordance with applicable data protection laws.
GFIAM takes reasonable steps to ensure that your Personal Data are only processed for the minimum period necessary. We will retain Personal Data for as long as needed or permitted in light of the purpose(s) for which it was obtained. The criteria used to determine our retention periods include: (i) the length of time for which we have an ongoing relationship with our client and provide our services; (ii) whether there is a legal obligation to which we are subject; and (iii) whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).
Where any relevant legal claims are brought, we may continue to process your Personal Data for such additional periods as are necessary in connection with such claims.
Once such periods have concluded, we will either:
• permanently delete or destroy;
• archive your Personal Data so that it is beyond use; or
• anonymise the relevant Personal Data.
The security and confidentiality of your Personal Data is extremely important to us. We have implemented appropriate technical and organisational security measures designed to protect your Personal Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, unauthorised access, and other unlawful forms of processing. Our employees are trained to take care in handling Personal Data and will only obtain information when there is a good reason for doing so.
Data Subject Rights
Subject to applicable laws, you may have a number of rights regarding the Processing of your Personal Data, including:
• the right to request access to, or copies of, your Personal Data that we Process or control, together with information regarding the nature, processing and disclosure of those Personal Data;
• the right to request rectification of any inaccuracies in your Personal Data that we Process or control;
• the right to request, on legitimate grounds:
a) erasure of your Personal Data that we Process or control; or
b) restriction of Processing of your Personal Data that we Process or control;
• the right to have your Personal Data that we Process or control transferred to another Controller, to the extent applicable;
• where we Process your Personal Data on the basis of your consent, the right to withdraw that consent;
• the right to lodge complaints with a Data Protection Authority regarding the Processing of your Personal Data by us or on our behalf.
This does not affect your statutory rights. Subject to applicable laws, you may also have the following additional rights regarding the Processing of your Personal Data:
• the right to object, on grounds relating to your particular situation, to the Processing of your Personal Data by us or on our behalf; and
• the right to object to the Processing of your Personal Data by us or on our behalf for direct marketing purposes.
To exercise one or more of these rights, or to ask a question about these rights or any other provision in this communication, or about our Processing of your Personal Data, please use the contact details provided under Contact Us.
You may request copies of paper as well as electronic records about you that we hold, share or use. To deal with your request, we may request proof of identity and enough Personal Data to enable us to locate the Personal Data you request.
We may process your Personal Data to contact you, primarily by mail and email and also on occasion by telephone, so that we can provide you with information concerning products and services that may be of interest, provided that we have first obtained your consent, to the extent required by, and in accordance with, applicable laws.
If you do not wish to receive marketing communications from us you can object at any time to your Personal Data being used for direct marketing purposes (including profiling related to such direct marketing). You can opt out at any time by sending an email to the email address provided under Contact Us, or by electronically unsubscribing from emails we have sent to you. After you unsubscribe, we will not send you further promotional emails, but we may continue to contact you to the extent necessary for the purposes of any services you have requested.
Address: First Floor, 43 London Wall, London, EC2M 5TF
We will use all reasonable endeavours to resolve any questions or concerns promptly and effectively. However, if you are not satisfied with our response you may escalate concerns to the relevant regulator in your respective jurisdiction. Upon request, we will provide you with the relevant contact details.
Data Controller: The entity that decides how and why Personal Data is processed. In many jurisdictions, the Controller has primary responsibility for complying with applicable data protection laws.
Data Processor: Any person or entity that processes Personal Data on behalf of the Controller (other than employees of the Controller).
Data Protection Authority (“DPA”) : An independent public authority that is legally tasked with overseeing compliance with applicable data protection laws.
Personal Data Information that identifies an individual or relates to an identifiable individual, including:
•Account details and related contact information
•Telephone or fax number
•Email address and other identifying addresses for electronic communications
•Date of birth
•Details from passports and other government or state issued forms of personal identification
(including social security, driver’s license, national insurance and other identifying numbers)
•Photographic or video images
•Telephonic or electronic recordings
Process/Processing/Processed: Anything that is done with any Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Data Subject: A natural person whose personal data is processed by a Data Controller or Data Processor.