Northview Privacy Notice

1. What does this Privacy Notice do and does it apply to you?

Most countries have data protection laws that protect the privacy of individuals by regulating the way in which businesses handle personal information. Among other things, data protection laws require businesses that handle personal information to be open and transparent about why and how they handle personal information.

The purpose of this Privacy Notice is to inform you why and how the Northview group (“Northview”, “we”, or “us”) handles personal information about you in connection with our dealings with you in the Cayman Islands.  Please read this Privacy Notice carefully to understand what we do.  If you are not a natural person, you should bring this Privacy Notice to the attention of the individuals whose personal information you have provided to us.

Nothing in this Privacy Notice creates any new relationship between you and us, or alters any existing relationship between you and us. Nothing in this Privacy Notice affects any right you may have under any applicable law, including the Cayman Islands’ Data Protection Act (2021 Revision) (“DPA”) and any other data protection law that applies to you. 

2. Our commitment to privacy

Your privacy is very important to us and we are committed to maintaining the security, confidentiality and privacy of your personal information in compliance with all relevant laws.  As a Data Controller, Northview is responsible for personal information in its possession or control. We have adopted procedures to protect personal information, receive and respond to complaints and inquiries, train staff regarding policies and procedures and communicate our policies to you.

3. Who is responsible for the proper handling of your personal information?

The particular entity within the Northview group which is legally responsible for the proper handling of your personal information in the Cayman Islands can vary depending on the context, but generally speaking it will be Northview Services Ltd., P.O. Box 10741, Grand Cayman KY1-1007, Cayman Islands.   Depending on the context, more than one Northview group entity could be handling your personal information.  Therefore, where we handle your personal information in the context of a particular dealing or relationship, then depending on the context, the actual Northview group entity responsible for your personal information may differ from your perception or understanding.  If you are not sure which particular Northview group entity is relevant to you, for example because you’re not sure in what context we handle your personal information, please get in touch with us so we may assist you in clarifying the position (see paragraph 14 below)

4. What sort of personal information about you does Northview collect?

The types of personal information which we collect will vary significantly depending on numerous factors, including your personal circumstances, the nature of your relationship with us, and the nature of our dealings with you.

By virtue of entering into a relationship or transacting with Northview (including by requesting information from the company and ongoing interactions with Northview and persons engaged by Northview) or by virtue of you otherwise providing us with personal information on individuals connected with you, for example directors, trustees, employees, representatives, shareholders, investors, beneficial owners or agents, you may provide us with certain personal information which constitutes personal data within the meaning of the DPA.

The personal information we collect and retain may include:

• Your name, age, date of birth and gender;
• Contact information, including telephone number, address and email address;
• Employment and education details (for example, your job title, education details and previous employment details);
• Your nationality and your immigration, right to work or residential status;
• Financial and tax-related information (for example your bank account information, income and tax residency);
• Family circumstances (for example, your marital status and dependents); and
• Identification documents and numbers necessary to meet our legal obligations, such as those related to anti-money laundering and “know-your-customer” requirements.

The personal information we collect may also include so called “sensitive” personal information, such as details about your sexual orientation (for example, if you provide us with details of your spouse or partner).

In some rare circumstances, we might also gather other special categories of personal information about you because you volunteer that data to us or we are required to gather that data as a result of legal requirements imposed on us.

If any information you give us relates to a third party (such as a spouse, financial dependent, or joint account holder), by providing us with such personal information you confirm that, in line with the above provisions, you have obtained any necessary permission to use it or are otherwise permitted to give it to us.

We understand the importance of protecting children's privacy. It is not our policy to intentionally collect or store information about children.

5. Why do we collect your personal information and what are the legal justifications

Northview only collects and processes personal information if it is lawful to do so, specifically where:

• It is required to fulfill a contractual obligation to you;
• It is required for us to comply with the law;
• It is necessary for our legitimate business interests, or the legitimate interests of a third party;
• It is necessary for any legal proceedings, obtaining legal advice, or establishing exercising or defending legal rights; or
• You have provided us with your consent.

Your Personal information may be used for the following purposes:

• To meet our regulatory and legal obligations, including undertaking due diligence;
• To establish and manage our relationship with you;
• To monitor and manage the performance of our business operations;
• To assess risks including legal and financial risks;
• To process applications for employment;
• To engage in business transactions;
• To prevent fraud;
• To undertake network and information security activities; and
• For any other purposes for which we have your consent, or for which Northview has a legitimate interest.

Important note:  We may use your personal information to conduct various checks to ensure that we comply with all applicable legal and regulatory requirements, before we enter into a formal contract or other arrangement with you and from time to time afterwards. For example we might check if you are included in the official list published by the relevant authorities which identifies persons with whom we are by law not allowed to do business (i.e. sanctions screening), or we might check if you are a politically exposed person in respect of whom we are required to undertake enhanced due diligence.

If you decide not to provide us with necessary personal information, this may prevent us from meeting our legal obligations, and therefore prevent us from performing our business activities.

Northview does not have systems or procedures that make a decision without human intervention. Therefore, there are no circumstances where decisions will be taken about you using fully automated means.

6. How does Northview obtain my personal information?

We endeavour to collect your personal information directly from you wherever possible. However, the context in which we handle your personal information can often result in us collecting your personal information indirectly from third party sources.   Additionally, there may be circumstances where we are required to seek your personal information from independent sources (for example where we need to use your personal information to comply with a legal requirement to validate your identity and background).

Sources from which we may obtain your personal information can be described as follows:

• Your lawyer, recruiter or other such advisors who provide your personal information to us on your behalf.
• Publicly accessible websites, registers, and databases, including official registers of companies and businesses, database of journals and news articles, and social media such as LinkedIn.
• Providers of background check and business risk screening services, such as credit reference agencies, operators of fraud and financial crime databases, and operators of sanctions/embargoes databases (in some cases they can include authorities such as government departments and the police).
• The relevant corporate entity with whom we have business dealings and who entrusts us with your personal information. Depending on the context, this could be, for example, the business which is owned or controlled by you or the business for which you work.

7. Limits on retention

Typically, the personal information about you which we collect will be retained at least for as long as your personal information continues to be relevant to fulfil the purpose for which we have collected it.  We do not retain any more of your personal information than we believe is necessary for any of the purposes set out in this Privacy Notice or which is dictated by legal requirements.

Once your personal information ceases to be relevant to the services we provide, we will retain your personal information as part of our business records for the duration of the applicable retention period which will be determined by reference to any legal or regulatory record keeping requirement that applies to us. 

In the absence of any specific legal or regulatory record-keeping requirement which applies, we may retain your personal information for an appropriate period where we consider this to be necessary to protect ourselves from any legal claim or dispute that may arise in connection with our prior relationship or dealings.  Where we do so, the retention period applied to your personal information will reflect the relevant limitation periods.

We will take reasonable care when destroying personal information so as to prevent unauthorised access.

8. Changes to personal information

You are required to advise us of any changes to your personal information.  From time to time, you may be asked to verify or update your personal information.

9. Does Northview share my personal information with others?

Northview may, from time to time, use third parties in the course of conducting its business. We will share your information with others only in connection with the performance of their function and if and to the extent it is appropriate and necessary to do so for one or more of the purposes outlined in paragraph 5 above.  Whenever we share your personal information, whether internally or externally, we will ensure that such sharing is kept to the minimum necessary.  We will use reasonable efforts to ensure that third parties meet our standards on processing information and security and are bound by the terms of an equivalent privacy or similar policy. 

The extent to which we share your personal information will vary depending on your circumstances and relationship with us, but your personal information may be shared with one or more of the following categories of recipients:

(a)           Companies, trusts, and partnerships that are part of the Northview group;

(b)          Those who support our business operation, for example data centre operators, IT service providers, administrative support service providers, insurers, accountants, consultants, auditors, etc.;

(c)    Providers of background check and business risk screening services, such as credit reference agencies, operators of fraud and financial crime databases, and operators of sanctions/embargoes databases;

(d)      Third parties with whom we must by necessity interact in order to undertake our business operations.  Depending on the context, such third parties can include exchanges, venues, distributors, brokers, fund managers, platform operators, legal advisors, etc. as well as third parties who participate in or contribute to transactions and arrangements in which we become involved;  and

(e)          Government departments and agencies, police, regulators, courts, tribunals, and other like authorities with whom we are legally obliged to share your personal information, or with whom we decide to cooperate voluntarily (but only to the extent we are legally permitted to do so).

Please note that where we share your personal information with the authorities, we may, depending on the circumstances, be forbidden from advising you of the fact that your personal information was disclosed to or requested by the authorities e.g. when doing so is illegal or might prejudice an on-going investigation.

10. International transfers

As of part of the transfers of personal information as outlined above, personal information may also be transferred to or accessed from countries, whose laws provide a level of protection for personal information not always equivalent to that of the DPA.  This does not mean that your personal information is inevitably put at risk but it can mean that there is less formal legal protection for your personal information. 

Where we share your personal information with recipients who are located outside the Cayman Islands, we will, wherever possible, take all appropriate steps that are within our control to ensure that adequate legal safeguards are in place for such personal information (for example, by obtaining contractual assurances from the recipients to protect the information to the same standards applicable to the data being transferred).  Additionally, if we agree contractually with you to restrict the cross-border transfer of your personal information in any particular way, we will comply with such restriction.

Where we are unable to put in place such adequate safeguards, we may (in the absence of any agreement to the contrary with you) nevertheless share your personal information with such recipients but we will do so only to the extent the applicable legal exemptions permit, and we will ensure that any of your personal information we share with such recipients is kept to the minimum necessary.

11. Safeguarding personal information

We take information security very seriously and we use a broad range of tools and techniques to prevent and detect incidents that might adversely affect information we hold, such as unauthorised access or disclosure, and accidental change or loss, whether they are caused by external factors or internal factors.

The tools and techniques we use include technical measures such as firewalls, backup and disaster recovery systems, antimalware, and encryption, as well as other measures such as vetting of suppliers who are entrusted with our information, awareness training for our workforce, and the continuous evaluation and enhancement of our information security controls.  We also conduct a broad range of monitoring over our IT and communication systems.

Confidentiality and security are not assured when information is transmitted through e-mail or other wireless communication.  Northview will not be responsible for any loss or damage suffered as a result of a breach of security and/or confidentiality when information is transmitted by e-mail or wireless communication. We will take your use of a particular mode of communication as permission for us to communicate with you using the same mode of communication unless otherwise instructed by you.

12. What would Northview do if a data breach happens?

In the unlikely and unfortunate event your personal information under our control becomes compromised due to a breach of our security, we will act promptly to identify the cause and take the necessary steps to contain and mitigate the consequences of the breach.  Where appropriate, we will also notify you of the breach in accordance with the DPA and any other applicable law which requires us to notify you of the breach.

13. Your rights

Under the DPA, you have certain legal rights in respect of your personal information handled by us.   These include the following:  

(a)          The right to ask us to confirm whether or not we handle any personal information about you (a “data subject access request”).

(b)          The right to ask us to provide you with copies of your personal information we hold.

(c)           The right to ask us to correct any inaccuracy or incompleteness in your personal information we hold.

(d)          The right to ask us to stop handling your personal information or to not begin the handling of your personal information.

(e)          The right to ask us to transfer your personal information to another party.

“Right to be forgotten”.  In certain circumstances you are entitled to have personal information erased, including where this is no longer necessary for the purposes for which it was collected and/or processed; or you withdraw consent to our use of the information.  We may nevertheless continue processing the information in certain circumstances, including: if there are grounds other than consent for processing the information; for example, where processing is in compliance with a legal obligation or for the exercise or defence of a legal claim.  If you request that we erase your personal information we shall advise you if we consider that there are ongoing grounds permitting or requiring us to continue processing your information.

Where third party service providers process personal information on behalf of Northview, they may also deem themselves “Data Controllers” of such personal information where they use the personal information for their own purposes. In these circumstances, all the “data subject rights” described above are exercisable by you directly against that third party alone.

14. Contact information and complaints

If you would like to exercise any of the rights you have in respect of your personal information, or if you have any question or concern regarding the way in which we handle your personal information, then please reach out to your usual contact person within Northview in the first instance.

If you have a complaint regarding the way in which we handle your personal information, please email your complaint to privacy@northviewservices.ky.

We will endeavour to respond satisfactorily to any request, query, or complaint you may have in respect of your personal information, but if you are dissatisfied with our response and wish to make a formal complaint, or if you simply wish to learn more about your rights, you can contact the Cayman Islands Ombudsman:

Ombudsman
PO Box 2252
Grand Cayman KY1-1107
Cayman Islands
https://ombudsman.ky/data-protection

15. Updates

This Privacy Notice was last updated July 2021. Northview may modify or amend this privacy statement from time to time to reflect changes in law or changes in how we run our business.