PRIVACY
NOTICE
FOR CLIENTS AND POTENTIAL CLIENTS
September 2023
Palmela is committed to protecting the individual privacy rights and choices of all our clients, visitors to our site and the personal information you share with us.
Our Privacy Notice contains important information about the types of personal information we collect and process; what we do with it; who we may share it with and why; and your rights when it comes to the personal information you provide us with. We may need to make changes to our Privacy Notice in line with regulatory requirements; so please check our website for updates from time to time. If there are significant changes such as where your personal data will be processed; we will contact you to let you know.
We have offices in London, Luxembourg and Lisbon. Please find the contact details for each office below.
-
-
-
PALMELA LISBON
CONTACTAv. António Augusto de Aguiar 11, 3 Esq.
1050-212 Lisbon
Portugal
dpo@palmela.co
2. TYPES OF DATA THAT WE PROCESS
Depending on how you choose to interact with us, the personal data about you that we collect and process is shown in the table below.
By law, we must have a legal basis for processing personal data. We take your privacy seriously and we will only ever collect and use personal data where it is necessary, fair and lawful to do so. Our legal bases are shown on the table and may be different for clients and prospective clients.
|
DATA THAT WE PROCESS |
CLIENTS |
LEGAL BASIS FOR CLIENTS |
PROSPECTIVE CLIENTS |
LEGAL BASIS FOR PROSPECTIVE CLIENTS |
|
How to contact you – your title, name, home or correspondence address, telephone numbers and email addresses. |
✔️
|
We will process this data under our contract with you. |
✔️ |
We will process this data with your consent, when you contact us. |
|
Your contact with us – audio-visual recordings of meetings, video or phone calls, emails or letters. |
✔️ |
We will process under our legitimate interest in keeping a record of our meetings and correspondence. |
✔️ |
We will process under our legitimate interest in keeping a record of our meetings and correspondence. |
|
Information that is automatically collected via essential cookies when you visit one of our websites (please see our cookie popup for more information) |
✔️ |
We use legitimate interest for essential cookies and consent for all non-essential cookies. |
✖️ |
We use legitimate interest for essential cookies and consent for all non-essential cookies. |
|
Marketing and communication preferences – this includes marketing emails, client feedback, responses to surveys and complaints. |
✔️ |
We can send you marketing material once you are a client or you have made an inquiry as a prospective client. If you would just like to receive our newsletter and are not a client or a prospective client, we will need your consent. |
✖️ |
We can send you marketing material once you are a client or you have made an inquiry as a prospective client. If you would just like to receive our newsletter and are not a client or a prospective client, we will need your consent. |
|
Images captured by CCTV when you visit one of our offices. |
✔️ |
Legitimate interest |
✖️ |
Legitimate interest |
|
Who you are – your date of birth, marital status, relationships with other people (where you have a joint or mixed finances or equity), country of residence and citizenship. |
✔️ |
We require this information under our contract to provide you with our products or services. |
✖️ |
|
|
Financial information connected to your product or service with us - your bank account details, details of income, tax bands and liabilities, assets and other liabilities, asset planning, and other policies and schemes, where relevant. |
✔️ |
We require this information under our contract to provide you with our products or services. |
✖️ |
|
|
Information to uniquely identify you – government issued identification documents and numbers such as your passport, driving license and National Insurance Number. |
✔️ |
We have legal obligations to properly identity you. |
✖️ |
|
|
Criminal offence, fraud and sanctions data – as part of our regulatory obligations for combatting financial crime we may perform checks against fraud databases, sanctions lists (for politically exposed persons or their immediate family / close associations), or from other publicly available sources such as media outlets or social networking sites. |
✔️ |
Legal obligation to combat money laundering, financial crime and terrorist funding. |
✖️ |
|
|
Information classified as special category personal information relating to your health, biometric information (fingerprints, voice or facial images used to uniquely identify or authenticate you), marital or civil partnership status. |
✔️ |
We will process this information only with your explicit consent. |
✖️ |
|
|
Information relating to vulnerabilities – health, life events, resilience, and capability when this has be/.en provided by you as part of a discussion about your overall financial circumstances. |
✔️ |
We will process this information only with your explicit consent.
|
✖️ |
|
|
Information you may provide to us about other people, such as a spouse or relative. If the other person is a child, we will collect and use only the information required to identify the child (such as their name, age, gender). |
✔️ |
Please ensure that you have the consent of other people to provide us with their personal data. For children, please have the consent of the parent or guardian |
✖️ |
|
|
Information from other organisations such as banking services, investment / pension / insurance / mortgage providers, where you have provided authority for them to share information relating to your existing plans. |
✔️ |
We process this data with your consent. |
✖️ |
|
|
Information from your professional advisers, where you have provided authority for them to share information. |
✔️ |
We process this data with your consent. |
✖️ |
|
3. WHERE WE COLLECT YOUR INFORMATION
We may collect your personal information directly from you, or from a variety of sources, including:
- application forms for products or services
- electronic ID verification services - we use this data to verify and authenticate client identities for anti-money laundering and fraud detection / prevention
- credit reference agencies*
- recorded video or telephone conversations with us
- emails or letters you send to us
- meetings with us
- registering for one of our events or webinars
- participating in research surveys or feedback forms to help us understand you better and improve our products and services
- our online services such as websites, newsletters, social media and mobile device applications (‘Apps’)
- from other organisations such as banking services, investment / pension / insurance / mortgage providers, where you have provided authority for them to share information relating to your existing plans.
- from your professional advisers, where you have provided authority for them to share information.
- from places such as business directories and other commercially or publicly available sources e.g. to verify your identity, to comply with our anti-money laundering and financial crime obligations, check or improve the information we hold (like your address) or to give better contact information if we are unable to contact you directly.
*We may supply your personal information to credit reference agencies (CRAs) who will give us information about you, such as about your financial history. We do this to assess creditworthiness and product or service suitability, check your identity, manage your account, trace and recover debts and prevent criminal activity.
For more information about CRAs, please visit
https://www.experian.co.uk/crain/index.html or https://www.equifax.co.uk/ein.html
If you do not wish us to collect and use your personal information in these ways, it may mean that we will be unable to provide you with our products or services. We will only use your personal data when the law allows us to.
Where we rely on consent as a legal basis for processing your personal data, you have the right to withdraw that consent to at any time by contacting us.
| ACTION |
REASON FOR PROCESSING - LEGITIMATE INTERESTS |
|
Managing our global business and marketing strategies (including recording and reporting on our business development activities) |
We need to have business development and marketing strategies |
| Purchasing, maintaining and claiming against our insurance policies |
We need to protect our business. |
|
Continuously reviewing and improving our services and developing new ones |
We use your feedback to improve our services. |
|
Obtaining legal advice, establishing, defending and enforcing our legal rights and obligations in connection with, any legal proceedings or prospective proceedings. |
We need to understand our obligations and establish and defend our legal rights. |
|
Monitoring and producing statistical information regarding the use of our platforms and analysing and improving their functionality. |
We need to ensure that our website and other platforms are working properly. |
|
Maintaining the security of our systems, platforms, premises and communications, including detecting and preventing threats |
We need to ensure that our premises and our platforms are secure. |
|
Managing the proposed sale, restructuring, transfer or merging of any or all part(s) of our business, including to respond to queries from the prospective buyer or merging organisation |
We need to be able to manage or sell parts of our business, if we choose to do so. |
We have a legitimate interest in using your personal data for the above purposes. We have balanced your rights and freedoms against our business needs. Please inform us if you object to our processing.
4. WHOM WE MAY SHARE YOUR INFORMATION WITH
We may share your information with the third parties in the chart.
Whenever we share your personal information, we will do so in line with our obligations to keep your information safe and secure.
Please note this list is non-exhaustive and there may be other examples where we need to share with other parties in order to provide our services as effectively as we can.
We conduct an appropriate level of due diligence and put in place contractual documentation in relation to any sub-contractor to ensure that they process personal data appropriately and according to our legal and regulatory obligations.
Further, we may appoint external data controllers where necessary to deliver the services (for example, subject matter experts). When doing so we will comply with our legal and regulatory obligations in relation to the personal data and put appropriate safeguards in place.
| ENTITY |
LEGAL BASIS FOR SHARING |
|
Kendris, an independent advisory and fiduciary services firm headquartered in Switzerland, with whom we have a partnership |
Legitimate interest or a contractual requirement to provide our services |
| Our professional advisers such as lawyers and accountants |
Legitimate interest |
|
Government or regulatory authorities or law enforcement |
Legal obligation |
|
Professional indemnity or other relevant insurers |
Legitimate interest |
|
Regulators/tax authorities/corporate registries |
Legal obligation |
|
Third parties to whom we outsource certain services such as, without limitation, document processing and translation services, confidential waste disposal, IT systems or software providers, IT support service providers, document and information storage providers |
Legitimate interest |
|
Third parties engaged in the course of the services we provide to clients such as expert advisors. |
Legitimate interest or a contractual requirement to provide our servicesWe have a legitimate interest in using your personal data for the above purposes. We have balanced your rights and freedoms against our business needs. Please inform us if you object to our processing. |
|
Third party service providers to assist us with client insight analytics, such as Google Analytics |
Consent |
5. WHERE YOUR INFORMATION IS PROCESSED
The majority of your information is processed in the United Kingdom, Portugal, Luxemburg and Switzerland. However, some of your information may be processed by us or the third parties we work with outside of the UK and EEA, such as the USA.
Where your information is being processed outside of the UK or EEA, we take additional steps to ensure that your information is protected to at least an equivalent level as would be applied by UK or European Union data privacy laws as applicable e.g. we will put in place legal agreements with our third party suppliers and do regular checks to ensure they meet these obligations.
Our security controls are aligned to industry standards and good practice; providing a controlled environment that effectively manages risks to the confidentiality, integrity and availability of your information.
Please contact us if you would like to see our data sharing agreements and our international transfer safeguard agreements.
6. HOW WE PROTECT YOUR INFORMATION
We take information and system security very seriously and we strive to comply with our obligations at all times. Any personal data which is collected, recorded, or processed in any way, whether on paper, online or any other media, will have appropriate safeguards applied in line with our data protection responsibilities.
Your data is protected by controls designed to minimise loss or damage through accident, negligence, or deliberate actions. Our employees and consultants are trained to protect sensitive or confidential information when storing or transmitting data in any medium including electronically and must undertake annual refresher exercises on this.
7. HOW LONG WE KEEP YOUR INFORMATION FOR
We will keep your personal information where it is necessary to provide you with our products or services while you are a customer with us. We are also subject to regulatory requirements to retain your data for specified minimum periods.
We may also keep your data after this period but only where it is required to meet our legal, regulatory, tax or accounting obligations. For example, we are required to retain accurate records of your dealings with us to respond to any complaints, challenges, litigation or queries that you or others may raise in the future. Therefore, length of time we keep your information for these purposes will vary depending on the obligations we need to meet and can be viewed in our data retention policy.
8. HOW TO ACCESS YOUR INFORMATION AND OTHER RIGHTS
You have the following rights in relation to the personal data we hold about you.
Your right of access
If you ask us, we'll confirm whether we're processing your personal data and, if necessary, provide you with a copy of that personal data (along with certain other details). If you require additional copies, we may need to charge a reasonable fee.
Your right to rectification
If the personal data we hold about you is inaccurate or incomplete, you are entitled to request to have it rectified. If you are entitled to rectification and if we've shared your personal data with others, we'll let them know about the rectification where possible. If you ask us, where possible and lawful to do so, we'll also tell you who we've shared your personal data with so that you can contact them directly.
Your right to erasure
You can ask us to delete or remove your personal data in some circumstances such as where we no longer need it or if you withdraw your consent (where applicable). If you are entitled to erasure and if we've shared your personal data with others, we'll let them know about the erasure where possible. If you ask us, where it is possible and lawful for us to do so, we'll also tell you who we've shared your personal data with so that you can contact them directly.
Your right to restrict processing
You can ask us to 'block' or suppress the processing of your personal data in certain circumstances, such as where you contest the accuracy of that personal data or you object to us. If you are entitled to restriction and if we've shared your personal data with others, we'll let them know about the restriction where it is possible for us to do so. If you ask us, where it is possible and lawful for us to do so, we'll also tell you who we've shared your personal data with so that you can contact them directly.
Your right to data portability
You have the right, in certain circumstances, to obtain personal data you've provided us with (in a structured, commonly used and machine readable format) and to reuse it elsewhere or to ask us to transfer this to a third party of your choice.
Your right to object
You can ask us to stop processing your personal data, and we will do so, if we are:
- relying on our own or someone else's legitimate interests to process your personal data, except if we can demonstrate compelling legal grounds for the processing; or
- processing your personal data for direct marketing purposes.
Your right to withdraw consent
If we rely on your consent (or explicit consent) as our legal basis for processing your personal data, you have the right to withdraw that consent at any time.
Your right to lodge a complaint with the Supervisory Authority
If you have a concern about any aspect of our privacy practices, including the way we've handled your personal data, you can report it to the Supervisory Authority in your country. We would, however, appreciate the chance to deal with your concerns before you approach the Supervisory Authority so please contact us in the first instance.
Please note that some of these rights may be limited where we have an overriding interest or legal obligation to continue to process the data or where data may be exempt from disclosure due to reasons of legal professional privilege or professional secrecy obligations.