LAINSTON INTERNATIONAL MANAGEMENT, LTD.

(the “Company”)

PRIVACY NOTICE

The purpose of this notice is to provide you with information on our use of your personal data in accordance with the Data Protection Law, 2017 (the “DPL”) of the Cayman Islands.

In this document, “we”, “us” and “our” refers to the Company, and its or their affiliates and/or delegates.

We are committed to protecting your privacy and maintaining the confidentiality and security of your personal data.  Any personal data collected and processed by us is controlled by us and we are the data controller of any such personal data.

Please take the time to read this Policy, which contains important information about the way in which we process personal data.

Reference in this Privacy Policy to “personal data” means any information that identifies, or could reasonably be used to identify, a living individual, either on its own or together with other information.

WHO DOES THIS APPLY TO?

This Privacy Notice will apply to you only if you are at least one of the following types of persons:

  1. Client Contacts. Individuals who are employed by entities which receive services from us (“Clients“) and interact with us in the course of our business. For this purpose, Clients are considered entities that have a direct contractual relationship with the Company.
  2. Business Owners. Individuals who are in control of our Clients and their affiliates/subsidiaries by virtue of being the beneficial owners (regardless of the form of ownership), as well as individuals who exercise control over our Clients and their affiliates/subsidiaries through executive powers vested in them (regardless of whether or not they hold any ownership interest in our Clients or their affiliates/subsidiaries).
  3. Other Relevant Individuals. Individuals who do not belong to any of the foregoing categories but interact with us in connection with (or are otherwise affected by) the services we provide or the business we conduct. Depending on the circumstances, such individuals can include, without limitation:
    1. individuals who work for other entities that interact with us in connection with the services we provide to our Clients, such as other non-executive directors;
    1. individuals who work for entities that provide goods and services to us.

Nothing in this Privacy Notice creates any new relationship between you and us, or alters any existing relationship between you and us. Nothing in this Privacy Notice affects any right you have under any applicable law, including the Cayman Islands’ Data Protection Law 2017 (“DPL“) and any other data protection law that applies to you.

WHAT TYPE OF PERSONAL INFORMATION ABOUT ME DOES THE COMPANY COLLECT?

The types of personal information about you which we collect will vary depending on such factors as, your personal circumstances, the nature of your relationship with us, and the nature of the services we are engaged to perform.

The personal information we obtain can be grouped into the following categories:

  1. Contact Details. Your contact details such as title, gender, position, name, employer, profession, physical address, postal address, email address, and phone number.
  2. KYC Records. Information about you which we (or the Clients who receive our services) are obliged to check for legal or regulatory reasons, such as your date of birth, country of residence, nationality, any ownership interest in any entity and other like information concerning your identity and background (which may include, where applicable, sensitive information such as any criminal record you have and any sanction or embargo enacted against you).
  3. Electronic information. Cookies, web browser type, operating system etc. should you use our website.
  4. Other information. Any other information relation to you or your business which you may provide to us or that we may come across while conducting our work, such as Financial and banking Information.

We will collect your personal information only where we are legally permitted to do so, and only to the extent it is appropriate and necessary for one or more of the purposes described below.

HOW AND WHY WE USE YOUR PERSONAL DATA

Service Delivery – To facilitate the provision of services through our contractual arrangements with our Clients.

Client Relationship Management – To manage, maintain, and develop our relationship with our Clients.

Business Administration – To facilitate the effective management and administration of our business, including in relation to matters such as business planning, budgeting, and forecasting, as well as enforcement of our terms and conditions of service and collection of our fees.

Legal and Regulatory Compliance – To ensure that we and our Clients comply with all relevant legal and regulatory requirements, including, without limitation, legal requirements relating to money laundering, bribery and corruption, tax evasion, sanctions/embargoes, and export control.

If you are an owner or employee of a Client or a director to one of our Clients, we will use your personal information to conduct various checks to ensure that we comply with all applicable legal and regulatory requirements, before we formally accept you (or your business) as a client and from time to time after you (or your business) is accepted as our client. For example, we might check if you are included in official list published by the authorities which lists persons with whom we are by law not allowed to do business, or we might check if you are a politically exposed person in respect of whom we are required to undertake enhanced due diligence.

When we use personal information for the purposes noted above, we rely on the following legal justifications:

Contractual Necessity – This justification comes from paragraph 2, Schedule 2 of DPL and we rely on it where we handle your personal information in order to discharge the contractual obligations we owe to you. This is typically the case where you are an owner or employee of a Client or a fellow non-executive director to one of our Clients and we handle your personal information for the purpose of Service Delivery.

Legitimate Business Interest – This justification comes from paragraph 6, Schedule 2 of the DPL and we rely on it where we need to handle your personal information in order to meet our own requirement to operate, manage, and develop our business (provided that we can strike the right balance between our interests and your interests). This is typically the case where we handle your personal information for the purposes of Service Delivery with respect to services we provide to our Clients, and also for the purposes of Service Development, Client Relationship Management, and Business Administration.

Legal and Regulatory Requirement – This justification comes from paragraph 3, Schedule 2 of DPL and we rely on it where we handle your personal information for the purpose of Legal and Regulatory Compliance.

Consent – This justification comes from paragraph 1, Schedule 2 of DPL and we rely on it where we handle your personal information based exclusively on your consent. We would not ordinarily rely on consent, but occasionally, where none of the other legal justifications are available to us, we may choose to rely on Consent. For example, if would wanted to use you as a reference to market our services to a third party, we would ask you for consent. We would explain the reason for using your personal information when obtaining consent and you can withdraw your consent at any time should you subsequently change your mind.

HOW DOES THE COMPANY OBTAIN MY PERSONAL INFORMATION?

We endeavour to collect your personal information directly from you wherever possible. However, the nature of the services we perform and the context in which we handle your personal information can often result in us collecting your personal information indirectly from third party sources.

Additionally, there may be circumstances where we are required to seek your personal information from independent sources (for example where we need to use your personal information to comply with legal requirement to validate your identity and background).

Sources from which we may obtain your personal information can be described as follows:

  1. Publicly accessible websites, registers, and databases, including official registers of companies and businesses, database of journals and news articles, and social media such as LinkedIn.
  2. Providers of background check and business risk screening services, such as credit reference agencies, operators of fraud and financial crime databases, and operators of sanctions/embargoes databases (in some cases they can include authorities such as government departments and the police).
  3. The relevant Client to whom we provide the service and who entrusts us with your personal information. Depending on the context, this could be, for example, the business which is owned or controlled by you or the business for which you work.
  4. Lawyers, accountants, actuaries, tax advisors, investment managers, risk managers, and other like professional advisors retained by the relevant Client.

DO WE SHARE YOUR PERSONAL DATA?

We will share your information with others only if and to the extent it is appropriate and necessary to do so for one or more of the purposes outlined in this document. Whenever we share your personal information, whether internally or externally, we will ensure that such sharing is kept to the minimum necessary.

Where any of your data is required for such a purpose, we will take all reasonable steps to ensure that your data will be handled safely, securely, and in accordance with your rights, our obligations, and the obligations of the third party under the Data Protection Law and we will take appropriate safeguards to ensure its integrity and protection.  In certain circumstances, we may be legally required to share certain data held by us, which may include your personal data, for example, where we are involved in legal proceedings, where we are complying with legal requirements, a court order, or a governmental authority.

KEEPING YOUR PERSONAL INFORMATION SECURE

We take appropriate measures against unauthorized or unlawful processing of your personal information and against accidental loss or destruction of, or damage to, your personal information in accordance with our procedures regarding its storage, access and destruction. Information may be stored by us or our vendors and sub‐contractors either electronically or in paper files or a combination of both.

RETAINING YOUR PERSONAL INFORMATION

We will delete your personal information when it is no longer reasonably required by us or if you withdraw your consent (if applicable), provided that we are not required by law or regulatory requirements to continue to hold such information.

CONTROLS AND RIGHTS WITH RESPECT TO YOUR PERSONAL DATA

For information concerning the controls, retention of personal data and your rights with respect to your personal information, please refer to our Privacy Policy at: https://lainston.com/privacy-policy/

CONTACTING US

If you have any questions about this Privacy Policy and how it affects you, please contact us by email at [email protected]

However, if you are not satisfied with our response and wish to make a formal complaint or find out more about your rights under the DPL, please contact the Cayman Islands Ombudsman:

Ombudsman – PO Box 2252, Grand Cayman KY1-1107, Cayman Islands, https://ombudsman.ky/data-protection

UPDATES

We reserve the right to amend this Privacy Policy from time to time to reflect changing legal requirements or our processing practices. Any such changes will be posted on our website and will be effective upon posting.