OUR DATA PROTECTION POLICY UNDER THE EU GENERAL DATA PROTECTION REGULATION (GDPR)

On 25 May 2018, the EU General Data Protection Regulation shall enter into force in all EU member countries including Gibraltar. This means Quay Financials (Gibraltar) is also subject to this regulation.

The GDPR is transposed into Gibraltar law and complements the Data Protection Act 2004.

GDPR deals with personal data held about individuals. We will process your data only with your explicit consent. You may opt out of said consent at any time. Details on the data, our uses and our obligations with respect to that are detailed below:

  1. Basis in Law for holding personal data

We collect data about our staff for the following purposes:

During the employee search and hiring process, in other words, to fulfil a contract with an individual in compliance with the provisions on record-keeping of the following laws and regulations:

      • Markets in Financial Instruments Act

      • Markets in Financial Instruments Regulations

      • Gibraltar Companies Act 2014

      • Gibraltar Proceeds of Crime Act 2015

This list is not exhaustive and subject to change.

  1. Types of data we collect

Data we collect about you includes sensitive personal data, which includes the following:

a.) Data received by us during the process of your account opening application and the placement of your funds. This includes the following:

    • Your identification documents like passports or IDs or residency cards including biometric data concerning age, national origin, citizenship, country of legal residency, country of tax residency, other places of residence, immigration status etc.

    • Your primary residential address, both as filled into our forms as well as evidenced by your proof of residence (most likely a recent utility bill or bank statement)

    • Correspondence with or about you, such as references

    • Possibly references or confirmations requested from your bank, at the least information on which bank you use to deposit into or withdraw funds from your accounts with us.

    • Data about the source of the funds deposited into your accounts and you level of knowledge and experience in the investments you wish to make though Quay Financials.

    • Your contact details such as telephone numbers, e-mail address as well as emergency contacts.

    • Data about you or your company contained in commercially available databases we may consult regarding credit scores or status of you or your company, or non-inclusion in any official Anti-Money laundering or Anti-Terrorism sanctions lists such as OFAC or FINCEN or the EU FSF.

b.) Data produced during the course of our work in servicing your account and in which you are referred to, such as

    • Trade confirmations of trades ordered by you

    • Account statements indicating financial instruments positions and cash owned by you

    • Tax information where relevant to your accounts held with us (e.g. you Tax Information Number, amount of interest or dividend withholding taxes withheld and transferred to tax authorities from your account and any eventual refunds thereon)

    • Documents such as correspondence, instructions, forms, authorisations, POAs issued and signed by you

    • Telephone conversations, e-mails, chat logs etc. in which you participated and were monitored by us

c.) Data submitted to regulatory and other governmental authorities:

      • Data submitted to the Financial Services Commission (FSC) in a recurring manner as a matter of fulfilment to legally required periodic filings again to the FSC, as well as to our auditors, tax authorities and foreign regulators, our business partners such as correspondent banks and brokers in fulfilment of their own regulatory and banking supervision obligations, and such as Annual Returns, quarterly regulatory returns, audited Financial Statements, the annual Compliance Report.

      • Much of the same type of data submitted to foreign regulatory authorities or exchanges where we need to do so in order to offer you access to its financial markets or where we receive requests for information under applicable law.

  1. Our Use of your personal data

As already mentioned above, we use personal data for the following purposes:

  • fulfilment of regulatory obligations

  • fulfilment of contractual duties of our agents and other business partners, which in turn likely require them for meeting their own regulatory obligations e.g. we record conversations with you in order to meet regulatory requirements, record customer orders and record resolutions and agreements, resolve errors and issues, enhance quality control

  • fulfilment of Anti-Money laundering Provisions

  • provision of statistical data about our clients

  • meeting operational requirements of the company

  • providing points of contact to our clients and business partners

  1. Term of data storage

Quay Financials Gibraltar Limited is subject to the following periods of data storage depending on the regulation involved:

Companies Act (annual filings of accounts, Particulars of Directors) – 5 years

Markets and Financial Instruments Act and Regulations – 6 years after closure of the account

  1. Transfer of data abroad or to other entities

Under circumstances, your personal data may be transferred abroad and also outside of the EU or EEA. This is likely for compliance with regulatory authorities outside of the EU/EEA, such as U.S. or Canadian regulators, where we do business in the respective countries and we or our agents in those jurisdictions outside of the EU/EEA may be legally required to disclose personal data of our employees transacting on our behalf in these jurisdictions.

This may include, to quote one of the most important examples, data on the beneficial ownership of client entities, at least insofar as to ascertain whether they are U.S. Persons from the perspective of the U.S. Internal Revenue Service.

Our agents in other countries, in or outside of the EU/EEA may equally record telephone conversations or chat logs with our employees for the same purposes that our Company does.

  1. Your rights under GDPR

We will process your data only with your explicit consent. You may opt out of said consent at any time Under the GDPR, you may request a copy of the data we hold about you in a commonly used data format.

Under the General Data Protection Regulation (GDPR) and The Data Protection Act 2004 you have several rights with regard to your personal data. You have the right to request from us access to and rectification or erasure of your personal data, the right to restrict processing, object to processing as well as in certain circumstances the right to data portability. At Quay, we endeavour to provide this data in PDF format whenever feasible.

If you have provided consent for the processing of your data you have the right (in certain circumstances) to withdraw that consent at any time which will not affect the lawfulness of the processing before your consent was withdrawn.

You have the right to lodge a complaint to the Gibraltar Regulatory Authority (GRA) Commissioners’ Office if you believe that we have not complied with the requirements of the GDPR or the Data Protection Act with regard to your personal data.

  1. Additional Information

Our registered Data Controller is Mr. René Felix de la Vega and may be contacted at the e-mail address rene.delavega@quayfinancials.com

The government authority in Gibraltar charged with the function of Data Protection Commissioner is the Gibraltar Regulatory Authority (GRA).

The address of the GRA is as follows:

Gibraltar Regulatory Authority

2nd floor,

Eurotowers 4,

1 Europort Road,

Gibraltar.

Tel.: (+350) 20074636

Fax: (+350) 20072166

E-Mail: info@gra.gi

www.gra.gi