VALID AS OF 04.02.2021
RGI Investment Ltd (hereinafter referred to as “we”, “us”, “our”, or “the Company”) is committed to protecting your privacy and handling your data in an open and transparent manner. The personal data that we collect and process depends on the product or service requested and agreed in each case.
The present privacy notice:
- provides an overview of how the Company collects, processes and uses your personal data and informs you about your rights under the local data protection law and the EU General Data Protection Regulation (“GDPR“),
- is directed to natural persons who are either current or potential customers of the Company, or are authorised representatives/agents or beneficial owners of legal entities or of natural persons which/who are current or potential customers of the Company,
- is directed to natural persons who had such a business relationship with the Company in the past,
- contains information about when we share your personal data with other third parties (for example, our service providers or suppliers).
Through this privacy notice, your data may be called either “personal data” or “personal information”. We may also sometimes collectively refer to handling, collecting, protecting and storing your personal data or any such action as “processing” such personal data.
For the purposes of this notice, personal data shall mean any information relating to you which identifies or may identify you and which includes, for example, your name, address and identification number.
- Consent to Process Data
When you create an account with the Company, you are requested to agree with the terms listed in the given Notice. You confirm acceptance of these terms by ticking the box on the account opening form. If you do not choose to tick the box, then it is considered that you are not giving your consent and the Company cannot collect and process your data neither provide any additional services to you.
If you have given us your specific consent for processing (other than for the reasons set out below) then the lawfulness of such processing is based on that consent. You have the right to revoke consent at any time. However, any processing of personal data prior to the receipt of your revocation will not be affected.
We are furthermore obligated to collect such personal data not only for the commencement and execution of a business relationship with you but also for the performance of our contractual, regulatory, statutory and legal obligations.
Kindly note that if you do not provide us with the required data, then we will not be allowed to commence or continue our business relationship either to you as an individual or as the authorised representative/agent or beneficial owner of a legal entity.
- Personal data we collect
The Company must receive or collect your information to create your account with us and set you as a client of the Company. Further we collect data to operate, provide, improve, understand, customise and support our services in relation to your account. We also have the right and the duty by virtue of its area of activity to check the accuracy of the client data contained in the databases by periodically asking you to update and/or correct or confirm the accuracy of the client data provided. We ask and collect from our clients, prior to using our services, the personal data information below:
- Contact Data: When you decide to open an Account, we require certain information such as your first name, last name, nationality, date of birth, telephone number (landline and mobile), fax number, email address and postal address.
- Family and Professional Data: include information on your marital status, education, occupation, information regarding your financial situation such as source of wealth and income.
- Tax Data: we collect information such as country of residency, tax identification number and citizenship
- Financial data: To use our services we require you to provide certain information (like information about your bank account, name of your bank, IBAN number, SWIFT/BIC number) in order to facilitate the processing of payments.
- Any other data needed from the Company to perform its due diligence obligations and any other statutory, regulatory, legal obligations.
We may also collect and process personal data which we lawfully obtain not only from you but also from other third parties, e.g. companies that introduce you to us.
- Reasons as to why we process your personal data and on what legal basis
As mentioned earlier we are committed to protecting your privacy and handling your data in an open and transparent manner and as such we process your personal data in accordance with the General Data Protection Regulation (GDPR) and the local data protection law for one or more of the following reasons:
3.1 For the performance of a contract
We process personal data in order to offer financial services based on contracts with you but also to be able to complete our acceptance procedure so as to enter into a business relationship with prospective customers. The purpose of processing personal data depends on whether the customer is a natural or legal entity, depends on the classification/categorisation of the client (i.e. retail, professional) and to the requirements for each service.
3.2 For Identity Verification purposes
The Company needs to perform its due diligence measures and apply the principles of KYC (Know-Your-Client) before entering a client relationship in order to prevent actions, such as money laundering or terrorist financing, and also to perform other duties imposed by law. Therefore, we collect from our clients’ identity verification information (such as images of your government issued national ID card or International Passport, or driving licence or other governmental proof of identification, as permitted by applicable laws) or other authentication information. We are also requesting our clients to provide us with a recent Utility Bill in order to verify their address. Further to this, the Company can use third parties which carry out identity checks on its behalf.
3.3 For compliance with a legal obligation
There are a number of legal obligations emanating from the relevant laws to which we are subject as well as statutory requirements. There are also various supervisory authorities whose laws and regulations we are subject to.
Such obligations and requirements impose on us necessary personal data processing activities for identity verification, tax law or other reporting obligations and anti-money laundering controls.
These include amongst others transaction reporting requirements, assessment of the clients’ knowledge and experience, FATCA and CRS reporting.
3.4 For the purposes of safeguarding legitimate interests
We process personal data so as to safeguard the legitimate interests pursued by us or by a third party. A legitimate interest is when we have a business or commercial reason to use your information. But even then, it must not unfairly go against what is right and best for you. Examples of such processing activities include:
– Initiating court proceedings and preparing our defence in litigation procedures,
– Means and processes we undertake to provide for the Company’s IT and system security, preventing potential crime, asset security, admittance controls and anti-trespassing measures,
– Measures to manage business and for further developing products and services,
– The transfer, assignment (whether outright or as security for obligations) and/or sale to one or more persons and/or charge and/or encumbrance over, any or all of the Company’s benefits, rights, title or interest under any agreement between the customer and the Company.
3.5 For Marketing Purposes
The Company may use client data, such as location or trading history to deliver any news, analysis, research, reports, campaigns and training opportunities that may interest the client, to their registered email address. You always have the right to change your option if you no longer wish to receive such communications.
- Who receives your personal data
In the course of the performance of our contractual and statutory obligations, your personal data may be provided to various departments within the Company. Various service providers and suppliers may also receive your personal data so that we may perform our obligations. Such service providers and suppliers enter into contractual agreements with the Company by which they observe confidentiality and data protection according to the data protection law and GDPR.
It must be noted that we may disclose data about you for any of the reasons set out hereinabove, or if we are legally required to do so, or if we are authorised under our contractual and statutory obligations or if you have given your consent.
Under the circumstances referred to above, recipients of personal data may be:
- Supervisory and other regulatory and public authorities, notary offices, tax authorities, criminal prosecution authorities as much as a statutory obligation exists.;
- Credit and financial institutions such as banks, payment systems and processors, institutions participating in the trade execution and execution venues (for example regulated markets, multilateral trading facilities, trade repositories and other local or foreign brokers)
- External legal consultants authorised by the Company
- Financial and business advisers authorised by the Company
- Auditors and accountants authorised by the Company
- Marketing and advertising agencies
- Fraud prevention agencies
- File storage companies, archiving and/or records management companies, cloud storage companies
- External authorised processors for processing client data
- Debt collectors subject to bankruptcy or insolvency claims
- Potential or actual purchasers and/or transferees and/or assignees and/or charges of any of the Company’s benefits, rights, title or interest under any agreement between the customer and the Company, and their professional advisers, service providers, suppliers and financiers.
- How we treat your personal data for marketing activities and whether profiling is used for such activities
We may process your personal data to inform you about products, services and offers that may be of interest to you. The personal data that we process for this purpose consists of information you provide to us and data we collect and/or infer when you use our services, such as information on your transactions. We study all such information to form a view on what we think you may need or what may interest you. In some cases, profiling is used, i.e. we process your data automatically with the aim of evaluating certain personal aspects in order to provide you with targeted marketing information on products.
We can only use your personal data to promote our products and services to you if we have your explicit consent to do so – by clicking on the tick box during the account opening form – or in certain cases, if we consider that it is in our legitimate interest to do so.
Further, you have the option to choose whether you wish to receive marketing related emails to your provided email address by clicking the relevant tick box during the account opening form.
You have the right to object at any time to the processing of your personal data for marketing purposes or unsubscribe to the provision of marketing related emails by the Company, by contacting at any time our customer support department via the following ways:
a) By Email: firstname.lastname@example.org
b) By post or in person at the Company’s Headquarters at: RGI Investment Limited, c/o Griffon Solutions Ltd.C2-401, 4th Floor, Grand Baie La Croisette, Grand Baie, Mauritius
- Period of keeping your personal information
The Company will keep your personal data for as long as a business relationship exists with you, either as an individual or in respect of our dealings with a legal entity you are authorised to represent or are beneficial owner. Once the business relationship with you has ended, we are required to keep your data for a maximum period of seven years to meet our regulatory and legal requirements.
When we no longer need personal data, we securely delete or destroy it.
- Your Rights
You have the following rights in terms of your personal data we hold about you:
- Receive access to your personal data. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Request rectification/correction of the personal data we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected. We may request additional information and documentation required to validate the need for the requested change of data.
- Request erasure of your personal information. You can ask us to erase your personal data, exercising your right “to be forgotten”, where there is no good reason for us continuing to process it. This request to erase your personal data will result in the closure of your account and termination of the client relationship. However, the Company is required to maintain the client’s personal data to comply with its legal and regulatory requirements, as well as in accordance with internal compliance requirements in relation to the maintenance of records. We shall preserve data for at least seven years following the termination of the client relationship, unless other terms for the preservation of data or documents are prescribed by law.
- Object to processing of your personal data where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground. If you lodge an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for such processing which override your interests, rights and freedoms or processing is required for the establishment, exercise or defence of legal claims.
- You also have the right to object to your personal data being processed for direct marketing purposes. This also includes profiling in as much as it is related to direct marketing. If you object to processing for direct marketing purposes, then we shall stop the processing of your personal data for such purposes.
- Request to receive a copy of the personal data concerning you in a format that is structured and commonly used and transmit such data to other organisations. You also have the right to have your personal data transmitted directly by ourselves to other organisations you will name (“right to data portability”).
- Automated decision-making
In establishing and carrying out a business relationship, we generally do not use any automated decision-making. We may process some of your data automatically, with the goal of assessing certain personal aspects (profiling), in order to enter into or perform a contract with you for data assessments (including on payment transactions) which are carried out in the context of combating money laundering and fraud. An account may be detected as being used in a way that is unusual for you or your business. These measures may also serve to protect you.
- Geographical Area of Processing
When you give us your personal data you agree that in some cases it is transferred to and processed in countries outside Mauritius and the EU/EEA. This exception applies to the transfer of client data when it is required by law, e.g. reporting obligation under tax law and other tax treaties. (FATCA and CRS).
Upon request, the client may receive further details on client data transfers to countries outside Mauritius or the EU/EEA.
- Other related information
We use appropriate technical, organisational and administrative security measures to protect any information we hold in our records from loss, misuse, and unauthorised access, disclosure, alteration and destruction. Unfortunately, no company or service can guarantee complete security. Unauthorised entry or use, hardware or software failure, and other factors, may compromise the security of user information at any time.
Among other practices, your account is protected by a password for your privacy and security. You must prevent unauthorised access to your account and Personal Information by selecting and protecting your password appropriately and limiting access to your computer or device and browser by signing off after you have finished accessing your account.
Transmission of information via regular email exchange is not always completely secure. The Company however exercises all possible actions to protect clients’ personal data, yet it cannot guarantee the security of client data that is transmitted via email; any transmission is at the clients’ own risk. Once the Company has received the client information it will use procedures and security features in an attempt to prevent unauthorised access.
When you email the Company (via the “Contact Us” page), you may be requested to provide some additional personal data. Such data will be used to respond to their query and verify their identity. Emails are stored on our standard internal contact systems which are secure and cannot be accessed by unauthorised external parties.
- Your right to lodge a complaint
If you have exercised any or all of your data protection rights and still feel that your concerns about how we use your personal data have not been adequately addressed by us, you have the right to complain by sending an email to email@example.com . You also have the right to complain to the Office of the Commissioner for Personal Data Protection. Instructions as to how to submit a complaint can be found in their website: http://dataprotection.govmu.org/English/Pages/default.aspx
- Changes to this privacy notice
The Company reserves the right to modify or amend this Privacy Notice unilaterally at any time in accordance with this provision.
If any changes are made to this privacy notice, we shall notify you accordingly. The revision date shown on at the end of this page will also be amended. We do however encourage you to review this privacy notice occasionally so as to always be informed about how we are processing and protecting your personal information.
- Contact Details
For any questions you may have or if you want more details about how we use your personal information, you can contact our Data Protection Officer, located at RGI Investment Limited, c/o Griffon Solutions Ltd. C2-401, 4th Floor, Grand Baie La Croisette Grand Baie, Mauritius, email: firstname.lastname@example.org