The Company collects personal data from (prospective) clients and investors, business partners and intermediaries (each a "Relevant Person") for the purposes of entering into a contract or a service agreement and/or to meet certain legal requirements. Your personal information may be provided to the Company, which will act as a data controller in respect of such personal data, or certain other service providers to the Company or other third parties the Company authorises to process data for lawful purposes (the "Processors"). The Processors may process your personal information or such data in respect of your directors, officers, employees or beneficial owners. If you are a director, employee or consultant of an entity that provides us with personal data on individuals connected to you for any reason in relation to your involvement with us, this will affect those individuals and you should transmit this document to those individuals or otherwise advise them of its content.
Your personal data may also be collected and processed by us as a result of your professional or family connection with a Relevant Person.
As the Company is incorporated in Guernsey, the Company is obliged to comply with the provisions of the Guernsey data protection laws.
This Privacy Notice should be read in conjunction with the Company's website terms and conditions.
Privacy and personal data protection principles vary from one country to another. When you access or link to a HICL website, please read the applicable privacy statement or agreements (Terms and Conditions) issued by the other websites to determine the policies that apply to information or data maintained by that website.
In these provisions
‘content’ means all pages, screens, information and materials included in or accessible through this Site (including any content available on any email).
‘you’, ‘your’ and ‘yours’ means you, the person(s) accessing this Site and the party on whose behalf you are doing so
‘we’, ‘us’, ‘HICL’, ‘Company’ and ‘our’ means HICL Infrastructure Company Limited.
‘InfraRed’ means InfraRed Capital Partners Limited and its associated companies from time to time.
1. Where we obtain your personal data:
1.1 Your personal data comprises the following categories:
1.1.1 information related to identification (including name, signature, nationality, place and date of birth, passport number, residential address, email address and other contact details);
1.1.2 information required for payroll, benefits and expenses purposes;
1.1.3 bank account details;
1.1.4 correspondence records;
1.1.5 professional qualifications, employment history, references and other details regarding your career history such as training records;
1.1.6 tax status and tax identification numbers; and
1.1.7 where necessary, information regarding your investment activity or health.
1.2 We primarily collect your personal data from the following sources:
1.2.1 from information which you or your authorised representative gives to us, including but not limited to:(a) information set out in any application to act or by virtue of you acting as a Relevant Person;(b) such other forms and documents as we may request that are completed in relation to you acting as a Relevant Person;(c) any documentation that we may obtain as part of our regulatory requirements; and(d) any personal data provided by you by way of correspondence with us by phone, e-mail or otherwise;
1.2.2 personal data we receive from you or any third party sources which may include:(a) entities in which you or someone connected to you has an interest;(b) your legal and/or financial advisors;(c) your relatives, trustees, personal representatives or shareholders;(d) other financial institutions who hold and process your personal data to satisfy their own regulatory requirements;(e) credit reference agencies and financial crime databases for the purposes of complying with our regulatory requirements; and(f) information collected via our website (including cookies and IP addresses) and emails.
1.3 We may also collect and process your personal data in the course of dealing with advisors, regulators, official authorities and service providers by whom you are employed or engaged or for whom you act. 2. Why we collect your personal data: Lawful grounds for processing:
2.1 We are entitled to hold and process your personal data on the following lawful grounds:
2.1.1 the processing is necessary for our legitimate interests, provided your interests and fundamental rights do not override those interests;
2.1.2 the processing is necessary for us to comply with our contractual duties to you under the terms of any contract which we have with you;
2.1.3 to comply with our legal and regulatory obligations;
2.1.4 (on exceptional occasions) where we have obtained your consent; and
2.1.5 (on rare occasions) where it is needed in the public interest. Some of the grounds for processing described above will overlap and there may be several grounds which justify our use of your personal data. Inaccurate or Amended Information
2.2 Please let us know if any of your personal data (including correspondence details) changes as soon as possible. Failure to provide accurate information or to update changed information may have a detrimental impact upon your directorship, employment or consultancy, including the processing of any payment due to you. Failure to provide information where the same is required for anti-money laundering, pursuant to automatic exchange of information agreements, or other legal requirements may mean that any payment due to you cannot be processed. Purposes of processing
2.3 Pursuant to paragraph 2, we may process, store and use your personal data for the purposes set out below (“Purposes”). Those based wholly or partly on our legitimate interests are set out in paragraphs
2.3.1 to 2.3.7: 2.3.1 to reflect your directorship, employment or consultancy relationship with the Company or with one of its service providers;
2.3.2 to communicate with you as necessary in connection with your affairs and generally in connection with your directorship, employment or consultancy relationship with the Company or with one of its service providers; 2.3.3 to operate the Company's IT systems, software and business applications;
2.3.4 to support our IT and business applications support teams, accounting, legal, reporting, internal audit and risk management, administrative, transfer, document storage, record keeping and other related functions, including but not limited to processing personal data in connection with the Company;
2.3.5 for service, training and related purposes;
2.3.6 to monitor and record telephone and electronic communications and transactions:(a) for quality, business analysis, training and related purposes in order to improve service delivery;(b) for investigation and fraud prevention purposes, for crime detection, prevention, investigation and prosecution of any unlawful act (or omission to act); and(c) to enforce or defend the Company's rights, or through third parties to whom we may delegate such responsibilities or rights in order to comply with a legal or regulatory obligations imposed on us;
2.3.7 detecting and preventing crime such as fraud, money laundering, terrorist financing, bribery, corruption, tax evasion and to prevent the provision of financial and other services to persons who may be subject to economic or trade sanction on an ongoing basis ("Regulatory Assessments");
2.3.8 facilitating the internal administration of each of the Processors and retaining your personal data as part of our Regulatory Assessments or future services entered into by you;
2.3.9 liaising with or reporting to any regulatory authority (including tax authorities) with whom the Company is either required to cooperate or report to, or with whom it decides or deems appropriate to cooperate, in relation to an investment, and which has jurisdiction over the Company or its investments in a third country without the same or similar data protection laws as Guernsey or any EU member state (a "Third Country without Adequacy");
2.3.10 disclosing your personal data to any bank, financial institution or other third party lender providing any form of facility, loan, finance or other form of credit or guarantee to the Company;
2.3.11 to carry out our obligations to you in connection with your directorship, employment or consultancy with the Company or with one of its service providers;
2.3.12 to discharge our anti-money laundering obligations to verify the identity of our directors, employees or consultants (or those of our service providers) or for prevention of fraud or for legal, regulatory or tax reporting purposes or in response to legal requests or requests from regulatory authorities (i.e. where it is necessary for compliance with a legal obligation to which we are subject). In discharging our anti-money laundering obligations we may, in certain circumstances, collect, store and process special categories of data such as information regarding criminal convictions;
2.3.13 facilitating the internal administration of the Company;
2.3.14 communicating with our professional advisers for the purposes of obtaining professional advice; and
2.3.15 conducting business analytics and diagnostics. We will only use your personal information for the purposes for which we collected it unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where these are required or permitted by law.
2.4 To the extent that such personal data contains special category data such as, for example: data relating to racial or ethnic origin, political opinion, religious or philosophical belief, trade union membership or criminal data then the processing of such data shall solely be for the purpose of complying with any duty imposed on the Company by an enactment including, but not limited to, legislation and regulatory obligations relating to Anti-Money Laundering and Combatting the Financing of Terrorism and all other related legislation.
2.5 The Company will not make decisions about you based on automated processing of your personal data.
3. Sharing personal data
3.1 The Company may share your personal data with group companies and third parties (including bank, financial institution or other third party lenders, IT service providers, auditors and legal professionals) under the terms of any appropriate delegation or contractual arrangement. Those authorized third parties may, in turn, process your personal data abroad and may have to disclose it to foreign authorities to help them in their fight against crime and terrorism.
3.2 Data processing (as described above) may be undertaken by any entity in the Bailiwick of Guernsey or the European Economic Area (the "EEA"), an entity which is located outside the Bailiwick of Guernsey or the EEA in a Third Country without Adequacy. Any Third Country without Adequacy to which we transfer your data is legally not deemed in general to provide an adequate level of protection for your personal information. However, to ensure that your personal data receives an adequate level of protection we will put in place the following appropriate measures to ensure that your personal information is treated by those third parties in a way that is consistent with and which respects the EU laws and the laws of the Bailiwick of Guernsey on data protection. Any entity having access to your personal data outside Guernsey or the EEA will be required by binding legal contract to protect and only process your data as though it were in the EEA or Guernsey and subject to the same level of protection as applies in those territories.
4. Retention of personal data
4.1 Your personal data will be retained for the longest of the following periods:
4.1.1 for the Processors and/or any authorised third parties to carry out the Purposes for which the data was collected or as long as is set out in any relevant agreement you enter into with us;
4.1.2 in order to establish or defend legal rights or obligations or to satisfy any reporting or accounting obligations;
4.1.3 seven years following the point from when the business relationship with the Company has ceased; or
4.1.4 any retention period that is required by data protection laws and any applicable laws or regulatory requirements.
4.2 We endeavour and require all third parties with access to your personal data, to store such data securely on computer systems and/or manually in accordance with accepted market standards.
4.3 Whilst we have taken every reasonable care to ensure the implementation of appropriate technical and security measures, we cannot guarantee the security of your personal data over the internet, via email or via our websites nor do we accept, to the fullest extent permitted by law, any liability for any errors in data transmission, machine, software or operating error or any other cause.
5. Your rights
5.1 You have, under certain circumstances, the following rights in respect of personal data:
5.1.1 the right to access and port personal data;
5.1.2 the right to rectify personal data;
5.1.3 the right to restrict the use of personal data;
5.1.4 the right to request that personal data is erased;
5.1.5 the right to object to processing of personal data; and
5.1.6 where the Company has relied on consent to process the personal data, the right to withdraw consent at any time by contacting us via the contact details below.
5.2 You also have the right to lodge a complaint with the Guernsey Data Protection Authority if you consider that the processing of your personal data carried out by the Company of any other service provider to the Company, has breached data protection laws. You may also appeal to certain courts against (i) any failure of the Guernsey Data Protection Authority to give written notice of whether the complaint is either being investigated or not being investigated and where applicable, the progress and the outcome of the investigation and (ii) a determination of the Guernsey Data Protection Authority not to investigate the complaint or a determination that a controller or processor has not breached or is not likely to breach an operative provision in connection with the complaint.
5.3 In limited circumstances we may approach you for your written consent to allow us to process certain particularly sensitive data or to use data for another purpose. Where you may have provided your consent to the collection, processing and transfer of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact us at the contact details below. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
6. What Information We Collect About You and What We Do With It
HICL collects information about you each time you come to any part of the HICL Site. We collect information about the time, date, duration and your usage of the HICL website.
HICL uses non-personalised statistics about the use of the website so that we can continually improve it and improve our customer service.
6.1 Third Parties HICL works with third parties to research certain usage and activities on our website on our behalf. No personal information about you is shared, however in the course of conducting this research these third parties may place a unique ‘cookie’ on your browser.
We use two types of cookie on this Site:
• Session cookies, which are temporary cookies that remain in the cookie file of your computer until you close your browser (at which point they are deleted).• Persistent or stored cookies that remain permanently on the cookie file of your computer.
Cookies cannot look into your computer and obtain information about you or your family or read any material kept on your hard drive and, unless you have logged onto an authenticated page, cookies cannot be used to identify who you are. Cookies cannot be used by anyone else who has access to the computer to find out anything about you, other than the fact that someone using the computer has visited a certain website. Cookies do not in any way compromise the security of your computer. Cookies will not be used to contact you for marketing purposes other than by means of advertisements offered within this Site.
Cookies may be used to record details of particular pages that you have visited on this Site. This is to provide us with generic usage statistics to allow us to improve our Site We use Google Analytics a free metrics tool to measure a wide range of site metrics, like visits to the site, you can find out more about Google analytics cookies here. http://code.google.com/apis/analytics/docs/concepts/gaConceptsCookies.html
It basically tells us whether the Site has a small number of regular visitors or a large number of infrequent visitors. None of the information can be traced to an individual – we do not know who you are as a unique user, merely that there are a certain number of people using this Site. The cookie only relates to what goes on in this Site and the information cannot be used for marketing on an individual basis.
6.3 How to manage Cookies
The web browsers of most computers are initially set up to accept cookies. You can choose not to accept certain cookies by turning this feature off within your browser settings. If you prefer, you can set your web browser to disable cookies or to inform you when a website is attempting to add a cookie. You can also delete cookies that have previously been added to your computer’s cookie file. You can set your browser to disable persistent cookies and/or session cookies but if you disable session cookies, although you will be able to view this Site’s unsecured pages, you may not be able to log onto any authenticated pages. Please visit http://www.allaboutcookies.org/manage-cookies/ to discover how to disable and delete cookies.
6.4 Web Beacons and Spotlight Tags
This Site may contain electronic images, known as web beacons or spotlight tags. These enable us to count users who have visited certain pages on the website. Web beacons and spotlight tags are simply tools used to obtain generic information about the web pages visited. They are not used to obtain information about specific users.
7. Your Queries and how to contact us
If you have any queries regarding privacy issues, then please write to us at HICL Infrastructure Company Limited, c/o Aztec Financial Services (Guernsey) Limited, PO Box 656, East Wing, Trafalgar Court, Les Banques, St Peter Port, GY1 3PP. 8. Changes to this Policy This Privacy Notice is dated 25 May 2018. We reserve the right to amend this Privacy Notice at any time without notice, in which case the date of the policy will be revised.