Client Privacy Notice
Fiduciary & Related Services (Cayman Islands)
1. WHO WE ARE
1.1 The purpose of this Privacy Notice is to inform you why and how the Catalyst Global Financial Group (Cayman) ("Catalyst", "we", or "us") handles personal information about you in connection with the services provided in the Cayman Islands through our Fiduciary Services division.
2. THE PURPOSE OF THIS NOTICE
2.1 Most countries have data protection laws that protect the privacy of individuals by regulating the way in which businesses handle personal information. Among other things, data protection laws require businesses that handle personal information to be open and transparent. This notice is aimed at explained why and how we collect, use, transfer and store your personal data.
2.2 This notice applies to The Catalyst Fund Group, its affiliates, partners and subsidiaries. Note that these subsidiaries may have their own privacy statement.
2.3 Nothing in this Privacy Notice creates any new relationship between you and us, or alters any existing relationship between you and us. Nothing in this Privacy Notice affects any right you have under any applicable law, including the Cayman Islands’ Data Protection Act (2021 Revision) "DPA" and any other data protection law that applies to you.
3. THE BASICS
THE EIGHT DATA PROTECTION PRINCIPLES FOR A DATA CONTROLLER
In relation to the Relevant Persons and Catalyst’s use of their Personal Data, Catalyst is a Data Controller and is committed to comply with its obligations as such under the DPA. As Data Controller Catalyst complies with the following eight data protection principles in respect of Personal Data which it processes, or which is processed on its behalf:
FIRST PRINCIPLE: Personal Data shall be processed fairly. In addition, Personal Data may be processed only if certain conditions are met, for example the Data Subject has consented to the processing, the processing is necessary for the performance of a contract to which the Data Subject is a party, or processing is required under a law or to protect the individual’s vital interests.
SECOND PRINCIPLE: Personal Data shall be obtained only for one or more specified lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
THIRD PRINCIPLE: Personal Data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are collected or processed.
FOURTH PRINCIPLE: Personal Data shall be accurate and, where necessary, kept up to date.
FIFTH PRINCIPLE: Personal Data processed for any purpose shall not be kept for longer than is necessary for that purpose.
SIXTH PRINCIPLE: Personal Data shall be processed in accordance with the rights of Data Subjects under the DPA, for example subject access.
SEVENTH PRINCIPLE: Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data.
EIGTH PRINCIPLE: Personal Data shall not be transferred to a country or territory unless that country or territory ensures an adequate level of protection for the rights and freedoms of Data Subjects in relation to the processing of Personal Data. The eighth principle does not apply where the Data Subject has consented to the transfer or where the transfer is necessary for the performance of an obligation imposed by law on the Data Controller in connection with the Data Subject’s employment.
4. THE ENTITIES HANDLING YOUR DATA
4.1 The particular entity within the Catalyst Group which is legally responsible for the proper handling of your personal information by our Fiduciary Services division can vary depending on the context, but generally speaking it will be one or more of the following entities:
(a) Where we handle your personal information in connection with incorporation service, registered office service, registered agent service, company secretarial / board support services and certain shareholder proxy services we provide and other similiar services we provide (excluding where we provide such services in respect of structured finance vehicles), the responsible entity is:
Catalyst Fund Services, Flagship Building, 2nd Floor, 142 Seafarers Way, P.O. Box 1096, KY1-1102, George Town, Grand Cayman, Cayman Islands.
(b) Where we handle your personal information in connection with directorship service, accounting service, and other such like services we provide, the responsible entity is:
Catalyst Fund Administration, Flagship Building, 2nd Floor, 142 Seafarers Way, P.O. Box 1096, KY1-1102, George Town, Grand Cayman, Cayman Islands.
4.2 Please note that:
(a) the above categorisation is only indicative and depending on the context, more than one Catalyst’s Group entities could be handling your personal information (e.g. where we provide different services to the same Corporate Client through multiple Catalyst Group entities).
4.3 Thus, where we handle your personal information in the context of a particular type of service we provide or a particular client relationship, then depending on the context, the actual Catalyst Group entity responsible for your personal information may differ from your perception or understanding. If you are not sure which particular Catalyst Group entity is relevant to you, for example because you’re not sure in what context we handle your personal information, please get in touch with us so we may assist you in clarifying the position.
5. THE TYPE OF INFORMATION CATALYST COLLECTS
5.1 The types of personal information which we collect will vary significantly depending on numerous factors, including your personal circumstances, the nature of your relationship with us, and the nature of the services we are asked to perform.
5.2 The personal information we obtain can be grouped into the following categories:
(a) Personal Details. Your contact details such as title, name, postal address, email address, and phone number.
(b) KYC Records. Information about you which we (or the Corporate Clients who receive our services) are obliged to check for legal or regulatory reasons, such as your date of birth, country of residence, nationality, any ownership interest in any entity or asset you hold, and other like information concerning your identity and background (which may include, where applicable, sensitive information such as any criminal record you have and any sanction or embargo enacted against you).
(c) Service Records. Information about you which we obtain in order to provide services to our Private Clients and Corporate Clients. Depending on the circumstances and the nature of your relationship with us, such information may include, without limitation, your assets and liabilities, any directorship / partnership you hold, your business dealings with us or our Private Clients / Corporate Clients, actions we take towards you based on instruction we receive from our Private Clients / Corporate Clients, and information about your personal circumstances.
(d) Financial Information. Your billing address, bank account numbers, instruction records, transaction details, counterparty details, and specimen signatures.
(e) Other Records. Other information about you which we may obtain as part of our day- to-day business operations, including but not limited to, your attendance at conferences, seminars, and other events hosted or sponsored by Catalyst, and your preference with respect to marketing communication sent by Catalyst.
5.3 We will collect your personal information only where we are legally permitted to do so, and only to the extent it is appropriate and necessary for one or more of the purposes described in Section 6.
6. HOW WE USE YOUR DATA
6.1 We handle your personal information for one or more of the following purposes:
(a) Service Delivery. To facilitate the provision of our services. Further information about the services we provide through our Fund Administration Services division are available online at:
Corporate Services - The Catalyst Group
(b) Service To improve our services and devise new services.
(c) Service Marketing. To promote the services we offer and related services offered by the wider Catalyst Group.
(d) Client Relationship Management. To manage, maintain, and develop our relationship with our clients.
(e) Business Administration. To facilitate the effective management and administration of our business, including in relation to matters such as business planning, budgeting, and forecasting, as well as enforcement of our terms and conditions of service and collection of our fees.
(f) Legal and Regulatory Compliance. To ensure that we (and our Corporate Clients) comply with all relevant legal and regulatory requirements, including, without limitation, legal requirements relating to money laundering, bribery and corruption, tax evasion, sanctions / embargoes, and export control.
(g) Risk Management/Audit. To ensure compliance with legal and regulatory obligations and for fraud detections, prevention and investigation, including KYC, AML, conflict and other necessary onboarding and ongoing client checks, due diligence and verifications requirements.
Important Note: If you are a Private Client or a Business Owner, we will use your personal information to conduct various checks to ensure that we comply with all applicable legal and regulatory requirements, before we formally accept you (or your business) as a client and from time to time after you (or your business) is accepted as our client. For example we might check if you are included in official list published by the authorities which lists persons with whom we are by law not allowed to do business, or we might check if you are a politically exposed person in respect of whom we are required to undertake enhanced due diligence. If you are a Service Beneficiary, we may use your personal information to conduct such checks at the relevant junctures (e.g. when you are appointed as a director of a legal entity we manage on our Corporate Client's behalf) where we are asked to do so by the relevant Corporate Client.
6.2 In handling personal information for the aforementioned purposes, we rely on the following legal justifications:
(a) Contractual Necessity. This justification comes from paragraph 2, Schedule 2 of DPA and we rely on it where we handle your personal information in order to discharge the contractual obligations we owe to you. This is typically the case where you are a Private Client and we handle your personal information for the purpose of Service Delivery.
(b) Legitimate Business This justification comes from paragraph 6, Schedule 2 of DPA and we rely on it where we need to handle your personal information in order to meet our own requirement to operate, manage, and develop our business (provided that we can strike the right balance between our interests and your interests). This is typically the case where we handle your personal information for the purposes of Service Delivery with respect to services we provide to our Corporate Clients, and also for the purposes of Service Development, Service Marketing, Client Relationship Management, and Business Administration.
(c) Legal and Regulatory Requirement. This justification comes from paragraph 3, Schedule 2 of DPA and we rely on it where we handle your personal information for the purpose of Legal and Regulatory Compliance.
(d) Consent. This justification comes from paragraph 1, Schedule 2 of DPA and we rely on it where we handle your personal information based exclusively on your consent. We would not ordinarily rely on consent, but occasionally, where none of the other legal justifications are available to us (e.g. if we are to handle your personal information for any purpose other than those that are described in paragraph we may choose to rely on Consent.
Important Note: Where we rely on your consent to handle your personal information, you can expect us to explain what you are being asked to agree to, and you will be able to decide freely without being penalised in any way for your choice. You can also withdraw your consent at any time should you subsequently change your mind.
7. SOURCES OF INFORMATION
7.1 We endeavor to collect your personal information directly from you wherever possible. However, the nature of the services we perform and the context in which we handle your personal information can often result in us collecting your personal information indirectly from third party sources.
7.2 Additionally, there may be circumstances where we are required to seek your personal information from independent sources (for example where we need to use your personal information to comply with legal requirement to validate your identity and background).
7.3 Sources from which we may obtain your personal information can be described as follows:
(a) Those who have referred you to us, such as your business contact, or another entity or undertaking in the wider Catalyst Group.
(b) Your spouse, partner, or parent who is our Private Client.
(c) Your lawyer, accountant, tax advisor, wealth manager, and other such advisors who provide your personal information to us on your behalf.
(d) Publicly accessible websites, registers, and databases, including official registers of companies and businesses, database of journals and news articles, and social media such as LinkedIn.
(e) Providers of background check and business risk screening services, such as credit reference agencies, operators of fraud and financial crime databases, and operators of sanctions / embargoes databases (in some cases they can include authorities such as government departments and the police).
(f) The relevant Corporate Client to whom we provide the service and who entrusts us with your personal information. Depending on the context, this could be, for example, the business which is owned or controlled by you, the business for which you work, or the investment fund / entity which is supported by us.
8. DOES CATALYST USE MY PERSONAL INFORMATION FOR MARKETING PURPOSES?
8.1 We may from time to time use your personal information to promote to you the services we offer and other related services offered by the wider Catalyst Group. However, we will do so only if you are:
(a) someone who has done business with us or the wider Catalyst Group as a Private Client, a Client Business Contact, or by being involved in transactions which also involved us or another entity or undertaking in the wider Catalyst Group;
(b) someone who has indicated an interest in the services we offer or the related services offered by the wider Catalyst Group, for example by registering on our website to receive email updates and alerts from us, or exchanging business cards with us at a conference, event, or a business meeting; or
(c) someone who has never done any business with us but whom we have identified (based on business-related information such as your position and title, the company you work for, etc.) as potentially having an interest in the business-related service offered by us and the wider Catalyst Group.
8.2 Where we contact you for such purpose, we will typically contact you by email or postal mail (including via third party marketing service providers acting on our behalf) but where the situation warrants, we may contact you by telephone. We will always observe the applicable direct marketing rules when contacting you and we will always respect your marketing preferences.
8.3 If you wish to stop receiving promotional emails and updates from us, you can make use of the ‘unsubscribe’, ‘opt out’, or ‘update your marketing preference’ link we include within our promotional emails and updates. If for whatever reason such links are not functioning or missing, or if you feel that we have otherwise failed to respect your marketing preference, please alert your contact person within Catalyst, or alternatively, contact us using the details provided in paragraph 16.2.
9. SHARING OF DATA
9.1 We will share your information with others only if and to the extent it is appropriate and necessary to do so for one or more of the purposes outlined in Section 6. Whenever we share your personal information, whether internally or externally, we will ensure that such sharing is kept to the minimum necessary.9.2 The extent to which we share your personal information will vary depending on your circumstances and relationship with us, but your personal information will be shared with one or more of the following categories of recipients:
(a) Our Corporate Clients (if you are a Client Business Contact this could be your employer, and if you are a Service Beneficiary this could, for example, be the company which you serve in your capacity as a director, or the investment funds in which you have invested and which are supported by us).
(b) Companies, trusts, and partnerships that belong to the Catalyst Group, including those who perform any of the support roles described in paragraph (c) and / or (d), as well as those who provide ancillary services as described in paragraph (e).
(c) Those who support our business operation, for example data center operators, IT service providers, administrative support service providers, insurers, accountants, consultants, auditors, etc.
(d) Providers of background check and business risk screening services, such as credit reference agencies, operators of fraud and financial crime databases, and operators of sanctions / embargoes databases. Generally speaking, your personal information will be shared with recipients who fall into this category only if you are a Private Client, a Business Owner, or a Service Beneficiary (where we are required to do so as part of the services we provide to our Corporate Clients).
(e) Third parties with whom we must by necessity interact in order to provide or facilitate the provision of our services. Depending on the context, such third parties can include those who provide services or facilities which complement the services we provide (e.g. exchanges, venues, distributors, brokers, fund managers, platform operators, legal advisors, etc.) as well as third parties who participate in or contribute to transactions and arrangements in which our clients become involved (e.g. counterparties in corporate finance transactions involving our clients, and their advisors)
(f) Government departments and agencies, police, regulators, courts, tribunals, and other like authorities with whom we are legally obliged to share your personal information, or with whom we decide to cooperate voluntarily (but only to the extent we are legally permitted to do so).
Important Note: Please note that where we share your personal information with the authorities, we may, depending on the circumstances, be forbidden from advising you of the fact that your personal information was disclosed to or requested by the authorities (e.g. when doing so is illegal or might prejudice an on-going investigation).
10. DOES CATALYST TRANSFER MY PERSONAL INFORMATION OUTSIDE THE CAYMAN ISLANDS?
10.1 Due to the international nature of the Catalyst Group's business operation and the markets in which the we operate, your personal information may be transferred outside the Cayman Islands to any of the different categories of recipients described in Section who could be located anywhere in the world, including, without limitation, Brazil, British Virgin Islands, Canada, Ireland, Luxembourg, South Africa, and the USA.
10.2 These overseas destinations, in particular those outside Europe, may not have laws that protect your personal information in the same way DPA does. This does not mean that your personal information is inevitably put at risk but it can mean that there is less formal legal protection for your personal information.
10.3 Where we share your personal information with recipients who are located outside the Cayman Islands, we will, wherever possible, take all appropriate steps that are within our control to ensure that adequate legal safeguards are in place for your personal information which are shared with such recipients. Additionally, if we agree to restrict the cross-border transfer of your personal information in any particular way with the relevant Private Client or Corporate Client, we will comply with such restriction.
10.4 Where we are unable to put in place such adequate safeguards, we may (in the absence of any agreement to the contrary with the relevant Private Client or Corporate Client) nevertheless share your personal information with such recipients (especially where we would otherwise be prevented from providing our services to the relevant Private Client or Corporate Client) but we will do so only to the extent the applicable legal exemptions permit, and we will ensure that any of your personal information we share with such recipients is kept to the minimum necessary.
11. DATA SECURITY
11.1 We take information security very seriously and we use a broad range of tools and techniques to prevent and detect incidents that might adversely affect information we hold, such as unauthorized access or disclosure, and accidental change or loss, whether they are caused by external factors or internal factors.
11.2 The tools and techniques we use include technical measures such as firewalls, backup and disaster recovery systems, antimalware, and encryption, as well as other measures such as vetting of suppliers who are entrusted with our information, awareness training for our workforce, and the continuous evaluation and enhancement of our information security controls. We also conduct a broad range of monitoring over our IT and communication systems.
12. WHAT WOULD CATALYST DO IF A DATA BREACH HAPPENED?
12.1 In the unlikely and unfortunate event your personal information under our control becomes compromised due to a breach of our security, we will act promptly to identify the cause and take the necessary steps to contain and mitigate the consequences of the breach. Where appropriate, we will also notify you of the breach in accordance with DPA and any other applicable law which requires us to notify you of the breach.
13. DATA RETENTION PERIOD
13.1 The personal information about you which we collect will typically be retained at least for as long as your personal information continues to be relevant to the services we provide. For example, where we obtain your personal information in connection with the provision of corporate secretarial services we provide because you are a director of our Corporate Client, we will retain your personal information at least for as long as you remain a member of the board of directors of that Corporate Client.
13.2 Once your personal information ceases to be relevant to the services we provide (in the context of corporate administration and / or secretarial support we provide, this could happen, for example, when the Corporate Client decides to liquidate a particular legal entity we support), we will retain your personal information as part of our business records for the duration of the applicable retention period which will be determined by reference to any legal or regulatory record keeping requirement that applies to us.
13.3 For example, if your personal information forms part of minutes, board packs, and other like company secretarial records we retain on behalf of entities which are subject to the oversight of the Cayman Islands Monetary Authority, we will typically be required to retain it for at least 5 years.
13.4 In the absence of any specific legal or regulatory record-keeping requirement which applies, we may retain your personal information for an appropriate period where we consider this to be necessary to protect ourselves from any legal claim or dispute that may arise in connection with the relevant services we have provided. Where we do so, the retention period applied to your personal information will reflect the relevant limitation periods.
14. WILL THIS PRIVACY NOTICE CHANGE IN THE FUTURE?
14.1 We may revise this Privacy Notice from time to time to reflect changes in law or changes in how we run our business, but where such revision becomes necessary in the future, we will announce the changes on our website at https://www.thecatalystgroup.com and bring them to your attention to the extent it is practicable to do so.
15. YOUR RIGHTS
15.1 Under DPA, you have certain legal rights in respect of your personal information handled by us. These include the following:
(a) The right to ask us to confirm whether or not we handle any personal information about you.
(b) The right to ask us to provide you with copies of your personal information we
(c) The right to ask us to correct any inaccuracy or incompleteness in your personal information we hold.
(d) The right to ask us to stop handling your personal information or to not begin the handling of your personal information.
(e) The right to ask us not to subject you to automated decision-making that uses your personal information.
(f) The right to object to us using your personal information for direct marketing
Important Note: The rights you have in respect of your personal information are not absolute and are subject to a range of legal conditions and exemptions. If and to the extent a relevant legal condition or exemption applies, we reserve the right not to comply with your request. Additionally, while the rights you have can normally be exercised free of charge, the law allows us to charge you in certain limited circumstances. In such cases, we reserve the right to charge you a fee for processing your request.
16. CONTACT US
16.1 If you would like to exercise any of the rights you have in respect of your personal information, or if you have any question or concern regarding the way in which we handle your personal information, then please reach out to your usual contact person within Catalyst in the first
16.2 If you have a complaint regarding the way in which we handle your personal information, please contact our local Compliance Officer in the first instance. You can do so by emailing your complaint to compliance@thecatalystgroup.com
16.3 We will endeavour to respond satisfactorily to any request, query, or complaint you may have in respect of your personal information, but if you are dissatisfied with our response and wish to make a formal complaint, or if you simply wish to learn more about your rights, you can contact the Cayman Islands Ombudsman:
Ombudsman
PO Box 2252
Grand Cayman KY1-1107 Cayman Islands