PRIVACY NOTICE OF THREE ROCK CAPITAL MANAGEMENT LIMITED ON THE PROCESSING OF PERSONAL DATA IN ACCORDANCE WITH THE EU GENERAL DATA PROTECTION REGULATION (GDPR)

 

The following information is intended to provide you with an overview of how your data is processed by Three Rock Capital Management Limited (“TRCM”) and outlines your rights under the new data protection legislation. Which specific data is processed and how it is used depends upon your interactions with TRCM. TRCM is a subsidiary of Bank Julius Baer & Co. Ltd.

 

1       Contact Details of the Person responsible for Data Protection at TRCM

Three Rock Capital Management Limited

Head of Compliance

61, Thomas Street

D08 DFR3 Dublin

info.trcm@threerockcapital.com

 

2       Which Data is used by TRCM?

TRCM processes data that it receives from you and that it generates as part of the business relationship with you. This includes personal data, i.e. data that directly identifies members of the Board or Designated Persons or TRCM employees (e.g. name, address, telephone number, etc.).

The following personal data is processed:

  • personal details (name, address and other contact data, date and place of birth, as well as nationality),
  • identification data (e.g. identification documentation data),
  • authentication data (e.g. specimen signature),
  • record-keeping data (e.g. minutes of consultation),
  • accounting data, details relating to your personal background,
  • data regarding related third parties such as relatives, agents and/or representatives,
  • communication data,
  • data that is transmitted and automatically collected during the use of websites, mobile applications or other electronic services provided by TRCM (electronic services). This data includes date and time of access, name of the file downloaded as well as the amount of data transmitted and the access result, your web browser, the browser language and the requesting domain and IP address. Further information can be found in the privacy policy or the legal provisions of the respective electronic service,
  • personal data that may be obtained from third party sources such as specialized information files (debt collection, fraud and money laundering registers), land registers, trade and association registers and public sources available on the media and internet,
  • as well as other comparable data in line with the criteria outlined above.

By providing TRCM with data relating to third parties, you confirm to be authorised by such third parties to share this data with TRCM and to permit it to process the data. You undertake to inform such third parties about the content of this Privacy Notice.

 

3       For what Purpose and on what Legal Basis MAY TRCM use your Data?

  1. a) For precontractual management

Management of the contract application, for which purpose TRCM will process the personal information that is necessary to establish a business relationship, in application of the corresponding pre-contractual measures and regulatory obligations.

  1. b) To fulfil contractual obligations and take steps prior to entering into a contract

The processing of your data allows TRCM to perform the contractual obligations as agreed with you and to take steps prior to entering into a contract with you. It also is necessary for TRCM to communicate with you. TRCM uses your data, among other purposes, to identify you, verify documents, analyse needs etc. Further details can be found in your contract documents.

  1. c) To safeguard legitimate interests

Where necessary to safeguard TRCM’s, Julius Baer Group companies’ and/or other third parties’ legitimate interests, to comply with legal and regulatory obligations or to satisfy the requirements from regulators and other governmental authorities, TRCM may disclose personal data as follows:

  • Prevention and/or investigation of criminal acts.
  • Risk management within TRCM and the Julius Baer Group.
  • Assertion of legal actions, criminal claims and defence in legal disputes initiated (or threatened to be initiated) by you (or other persons) or by governmental authorities against TRCM, the Julius Baer Group companies and/or any of their directors, officers or employees.
  • Consultation and exchange of data with authorised agents (e.g. debt collection registers) for the performance of background checks.
  • Safeguarding TRCM’s IT security and IT operations.
  • Measures to ensure the security of buildings and systems (e.g. entry controls).
  • Measures to safeguard and enforce TRCM’s and/or Julius Baer Group companies’ rights against clients or other stakeholders and protect TRCM’s and/or Julius Baer Group companies’ interests and claims.
  • Measures to defend against allegations made against TRCM and/or Julius Baer Group companies in public, to the media or to local or foreign authorities or self-regulatory bodies.
  • In other cases of legal threats or actions involving TRCM or other Julius Baer Group companies.

For all the activities detailed above, the TRCM and/or the relevant Julius Baer Group company have carried out a specific legitimate interest analysis of these processing operations and have concluded that TRCM has sufficient legitimacy to carry them out as they do not prejudice the rights and freedoms of data subjects.

  1. d) On the basis of your consent

Provided your consent has been given, TRCM is legally permitted to process personal data for specific purposes (e.g. regulatory reasons). You are able to withdraw your consent at any time. Please note that the withdrawal of consent has no retroactive effect on the use of your data.

  1. e) On the basis of statutory requirements or in the public interest

TRCM activities are subject to various regulations (e.g. banking laws, Anti-Money Laundering Acts, regulations of the markets and financial sector and tax laws) and TRCM has to fulfil requirements outlined by financial market regulations. The processing of data is used, among others, for the verification of the requirements under the fitness and probity regime, as well as of the identity and age, the prevention of fraud and money laundering, the fulfilment of tax related monitoring and reporting obligations, and the assessment and management of risks of TRCM and within the Julius Baer Group. For these purposes, Julius Baer Group companies and third party companies will share information between them.

 

4       Who can Access your Data?

TRCM may disclose and transfer personal data to Julius Baer Group companies which may process such data in particular for the purpose of performing contractual obligations, purpose of international supervision and oversight, investigations, risk management and compliance, for group-internal outsourcing as well as for operational purposes. This includes:

  • Compliance with TRCM’s and Julius Baer Group companies’ legal and regulatory obligations and satisfaction of requirements from regulators and other governmental authorities (such as “know-your-client”, verification of creditworthiness, identity and age, prevention of fraud and money laundering, the fulfilment of monitoring and reporting obligations, assessments, investigations, analysis and management of risks);
  • Prevention and/or investigations (including e-discovery) of misconduct;
  • Managerial oversight, consolidation and maintenance of client data processed by TRCM and Julius Baer Group companies (single-client view);
  • Performance of banking related services and activities (such as the provision of advice, wealth management, wealth planning, financing and credit services, trading and execution of transactions) and the analysis of potential needs of clients;
  • Providing a comprehensive and tailored offering of services, identifying preferences and needs of account holders, communication with account holders, business development, advertising, market research or surveys;
  • Group-internal outsourcing of functions from TRCM to Julius Baer Group companies.

Within TRCM and other Julius Baer Group companies, access is granted only to personnel requiring your data in accordance with the above-mentioned purposes (need­to­know principle). Internal and external service providers and other agents appointed by TRCM process your data for the same purpose. These can be assigned to the following categories, among others: IT (e.g. data hosting and processing, IT development, support and operation), administration of financial instruments and other financial assets (e.g. payments, processing of transactions and services, reporting and output services), wealth management services and ancillary activities, services related to trading, execution and processing of financial instruments and other financial assets, compliance and risk management functions, accounting (financial accounting and controlling), financing and credit services as well as other back- and middle-office activities.

TRCM functions and services may be outsourced to Julius Baer Group companies or to service providers and other agents appointed by TRCM and/or Julius Baer Group companies. If the service providers concerned need to process your data on behalf of TRCM, they are contractually required to comply with the applicable non-disclosure obligations and data protection requirements.

TRCM and/or the relevant Julius Baer Group companies have review processes in place for these service providers to ensure that these companies comply with data protection and information security standards. If TRCM transfers data to external recipients, it has an obligation to ensure the confidentiality of the information is preserved.

Subject to these conditions, recipients of personal data can include, among others

  • public bodies and institutions (e.g. Central Bank of Ireland and other financial authorities, law enforcement authorities) in the event of a statutory or official obligation,
  • other credit and financial services institutions or similar institutions to which TRCM transfers personal data within the context of its business relationship with you (e.g. correspondent banks, custodian banks, brokers, stock exchanges, information agencies),
  • other companies within the Julius Baer Group for risk management, fraud and anti-money laundering purposes as a result of legal or regulatory obligations, as well as service providers and other agents appointed by TRCM.
  • any third party services provider as used by TRCM or the Julius Baer Group, whether located in Ireland or abroad.

 

5       Does TRCM Transfer Data across Borders?

TRCM may disclose personal data to jurisdictions where Julius Baer Group companies are established or located or to other jurisdictions, including Switzerland, EU/EEA member states, UK, or to any other jurisdiction around the world where any service provider is located or where TRCM executes transactions or provides services. If personal data is disclosed or made accessible to recipients in any such jurisdiction, it will be governed by the local laws and regulations applicable in the jurisdiction where it is disclosed to or made accessible. These laws and regulations may offer a lower level of data protection and client secrecy protection than the laws and regulations applicable in Ireland. In these cases, TRCM and/or Julius Baer Group will generally ensure an adequate level of data protection by concluding data transfer agreements with the recipients of your personal data in third countries. These include agreements that have been approved by the European Commission, known as standard contractual clauses (available here). Please contact the Head of Compliance if you would like more information on this topic. By way of an exception, your personal data may also be transferred to countries without an adequate level of protection in other cases, e.g. based on your consent, in connection with legal proceedings abroad or if the transfer is required in order to execute a contract.

Further, recipients of personal data, may potentially forward the information to their branches or group entities, service providers or to other market participants or authorities within and/or outside of its jurisdiction.

TRCM especially but not exclusively transfers your data to countries outside the European Economic Area if:

  • the data is transferred to other Julius Baer Group companies,
  • a service provider is domiciled or located in or operating from such country,
  • it is a statutory requirement (e.g. disclosure obligations under tax law), or
  • it is provided for in your agreements with TRCM or you have given your consent.

In most cases, your personal data will be transferred to countries in which the Julius Baer Group is represented. You can find a corresponding overview at https://www.juliusbaer.com/en/about-us/our-locations/.

 

6       How long will your Data be stored?

TRCM processes and retains your data only for as long as is required to fulfil its contractual and legal obligations.

If the data is no longer required for the fulfilment of contractual or legal obligations, it will be deleted in regular intervals, unless it is required for further processing. For this reason, TRCM will keep the personal data after termination of the contractual relationship, duly blocked, for the period of limitation of any actions that may arise.

Examples of this would be:

  • for the fulfilment of archiving obligations under trade and tax laws (e.g. based on the Code of Commerce or the General Tax Code),
  • for the fulfilment of specific regulations that require TRCM to keep data, for example in the event of anticipated litigation,
  • for the fulfilment of anti-money laundering regulations.

 

7       What are your Rights under the new Data Protection Law?

The EU General Data Protection Regulation grants you the following rights:

  • requesting information on personal data that TRCM holds on record to be shared with you,
  • demanding that the information be rectified should it be incorrect,
  • asking that your data be deleted if TRCM is not permitted or is not legally obliged to retain the data,
  • demanding that the processing of this data be restricted if
    • you have disputed the accuracy of the data stored by TRCM and it has not yet completed its assessment,
    • you object to the deletion although TRCM is obligated to delete the data, or
    • you have objected to the processing, but it has not yet been established whether this outweighs TRCM’s reasons for processing your data,
  • objecting to the processing by TRCM if
    • TRCM only processes the data on the basis of its legitimate interests; in this case it will cease the processing unless this is outweighed by its own interests or it needs to process the data in order to exercise its rights, or
    • the processing is carried out with a view to direct advertising,
  • demanding that your personal data which you have provided to TRCM be transferred in a generally useable, machine readable, and standardized format.

You can exercise any of these rights by contacting by e-mail: info.trcm@threerockcapital.com. You also have a right to lodge a complaint (as far as this affects you) with the relevant Data Protection Authority (https://edpb.europa.eu/about-edpb/about-edpb/members_en).

 

8       What Data are you asked to Supply?

TRCM requires you to provide the data necessary for the acceptance and execution of a business relationship and the fulfilment of the associated contractual and/or legal obligations. Unless it obtains this data from you, TRCM will most likely be unable to enter into a contractual relationship with you.

 

9       DATA PROTECTION RISK ANALYSIS

TRCM and/or Julius Baer Group have carried out data protection risk analyses of all the processing operations identified in this privacy notice. The issues analysed have taken into account aspects relating to: processing of special categories of data; volume of data; participation of third parties in the data flow; assessment of personal aspects of natural persons; categorisation/segmentation; use of external files as a reference; contracting of external suppliers; transfer of data; bases for legitimisation of the processing and the possibility of exercising data protection rights by data subjects, among others.

 

10     Is the Decision-Making Automated?

As a basic principle, TRCM does not use fully automated decision making for commencing and conducting its business relationships. If TRCM does apply this procedure in exceptional cases, it will inform you accordingly if this is a statutory requirement.

 

11     Will your Data be automatically Processed?

In specific areas (e.g. for certain HR analytics use cases), the Bank will process your data on a semi-automated basis, the aim being to evaluate personal criteria (profiling).

 

12     Will Biometric Data be used?

Biometric data is personal data of a particularly sensitive nature. Therefore, where necessary, TRCM will request a separate express consent before using your fingerprint or any other biometric identification feature for accessing certain applications or uses.

 

13     Where can you find the Current Privacy Notice?

This privacy notice can be adapted at any time in accordance with the corresponding regulations. You can find the applicable version at https://www.juliusbaer.com/en/legal/privacy-notices-for-clients or may be sent to you upon request.

 

14     How can you Contact TRCM?

Should you have any questions about the treatment of your data, please contact your relationship manager or the TRCM’s Data Protection Officer, who will be happy to assist you.

Dublin, September 2023