Last updated: December 2023
This notice applies to Apex Group Limited, and its affiliates and subsidiaries (together “Apex” or “we”).
Note that a number of Apex’s subsidiaries also maintain their own privacy statements these include but are not limited to the following –
- FundRock
- Profilir
We also have a candidate privacy notice which covers any interaction you have with us as a prospective employee.
This privacy notice covers how Apex, acting as data controller, collects, uses, transfers and stores your personal data in connection with your interactions with Apex (as defined below) via our website, as a client, as a prospective client or as a vendor. This notice summarises the nature of the information that is stored by Apex, why and how it is used, and your rights in regard to this data, as well as the protections in place to safeguard it.
In relation to personal data processed under this privacy notice Apex is responsible for ensuring that such processing complies with applicable data protection laws, including the European Union General Data Protection Regulation (the “GDPR”) and the California Consumer Privacy Act. Your privacy is important to us. Please be aware that Apex employees are required to comply with Apex's data privacy practices as set out in this privacy notice and other data privacy-related policies.
‘Personal information’ is any information that can be used to identify you or that we can link to you and which we have in our possession or control.
We will collect and process the following personal information about you:
- Personal details such as your full name, title, occupation, nationality, country of residence, contact details, home/work address, email addresses and telephone numbers;
- information required by Apex to meet legal and regulatory requirements in respect of anti-money laundering legislation, including personal details such as gender, date of birth, passport number(s), other government issued number(s), nationality, images of passports and driving licences, signatures, occupation, source of funds and source of wealth, criminal records and political or family associations;
- information required by Apex to meet legal and regulatory requirements relating to the automatic exchange of tax information (e.g. US FATCA and OECD CRS), including details of tax residency, tax classification and tax identification numbers;
- financial information, including billing address, bank account numbers, instruction records, transaction details, counterparty details, and specimen signatures;
- details of meetings and telephone calls with our offices and employees;
- information about entities with which you are connected, including your employer, your advisers, banking and other service providers and entities in which you have an interest; and
- any other information you may provide to us in the course of corresponding with us or might be provided to us by our clients, third parties etc.
Special category data: we may collect this where we are required to do so for the purposes of our legal and/or regulatory obligations including but not limited to those in relation to anti-money laundering and combatting the financing of terrorism. This may include information relating to your racial or ethnic origin or information relating to criminal records.
We collect this information in a variety of ways but mainly directly from you when you contact us or request information from us where we are providing services to you or we receive services from you including:
- When you register for our events, subscribe to our newsletters or mailing lists;
- Information set out in any agreements entered into with us;
- As part of the client due diligence process and through onboarding documentation;
- From subscription, redemption and transfer documentation, questionnaires and other forms and agreements in relation to ongoing services; and
- Personal data provided by you by way of correspondence with us by telephone, email or otherwise.
We also collect information from third parties or publicly available sources. These third parties and publicly available sources include lawyers, accountants and professional advisors, other financial institutions that process your personal data to satisfy their own regulatory requirements, credit reference agencies and financial crime databases in order to comply with our regulatory requirements as well as from other Apex companies.
We collect and use your personal information to:
- provide, and perform our obligations with respect to the services or otherwise in connection with fulfilling instructions;
- validate authorised signatories for processing agreements and transactions;
- contact nominated individuals in connection with transactions and contractual agreements;
- respond to enquiries and fulfill requests from you/our clients, service providers and/or relevant third parties who may require information for providing services and to administer account(s) and manage our relationships;
- verify an individual’s identity and/or location (or the identity or location of our client’s or service provider’s representative or agent) in order to allow access to relevant client accounts or conduct online transactions;
- protect the security of accounts and personal data;
- risk management/audit, compliance with our legal and regulatory obligations and for fraud detection, prevention and investigation, including “know your customer”, anti-money laundering, conflict and other necessary onboarding and ongoing client checks, due diligence and verification requirements, credit checks, credit risk analysis, compliance with sanctions procedures or rules, and tax reporting;
- comply with applicable law including treaties or agreements with or between foreign or domestic governments (including in relation to tax reporting laws), (which may include laws outside the country you are located in), to respond to requests from public and government authorities (which may include authorities outside the country you are located in), to cooperate with law enforcement, governmental, regulatory, securities exchange or other similar agencies.
- the processing is in Apex’s legitimate interests
- for marketing and promotion of complementary services
- monitor and record communications, including emails, for investigation and fraud prevention purposes, crime detection, prevention and investigation; and
- for client research and management, and to improve the quality of services.
Personal Data may be disclosed to third parties in connection with the services we are providing. The recipients of such information will depend on the services that are being agreed and provided.
Subject to any restrictions around confidentiality such disclosures may include disclosures:
- to other entities in the Apex Group for the purposes described in this privacy notice;
- to our third party service providers (including in relation to website hosting, data analysis, client research, payment processing, order fulfillment, information technology and related infrastructure provision, customer service, email delivery, auditing and other services) and to our professional advisers and agents;
- to third party advisers of clients (including external legal counsel, notaries, auditors and tax advisers);
- to payment, banking and communication infrastructure providers including SWIFT, financial institutions or intermediaries with which we may have dealings (including correspondent banks), insurers/insurance brokers, central counterparties, clearing houses, clearing and settlement systems, exchanges, trading platforms, regulated markets, credit institutions and other service providers assisting on transactions;
- to third party storage providers (including archive service providers and document repositories) and trade data repositories;
- to third party distribution platforms and to operators of private or common carrier communications or transmission facilities, time sharing suppliers and mail or courier services;
- to other deal/transaction participants including issuers, borrowers, advisers, translation service providers and within prospectuses and marketing materials;
- to counterparties, vendors and beneficiaries, and other entities connected with our clients;
- to other persons as agreed with a client or as required or expressly permitted by applicable law;
- to central banks, regulators, trade data repositories, or approved reporting mechanisms which may be outside your country; and
- to courts, litigation counterparties, law enforcement, foreign authorities and others, pursuant to subpoena or other court order or process or otherwise as reasonably necessary, including in the context of litigation, arbitration and similar proceedings to enforce our terms and conditions, and as reasonably necessary to prepare for or conduct any litigation, arbitration and/or similar proceedings and to comply with legal and regulatory requirements.
Where there is a transfer within Apex or to a third party in a different jurisdiction, including, but not limited to transfers outside of the European Economic Area, we will take appropriate steps to ensure there is an adequate level of protection for personal information (which includes a legal agreement and appropriate security measures) in place in accordance with applicable legal requirements. The third parties are permitted to use the personal data only for the purposes which we have identified, and not for their own purposes, and they are not permitted to further share the data without our express permission.
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
We have put appropriate security measures in place to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a legitimate need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
We have put procedures in place to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
You have a number of legal rights in relation to the personal information that Apex holds about you, and you can exercise your rights by contacting us using the details set out in section 11 below.
Depending on applicable law, these rights may include:
- Right to access. You have the right to request information regarding the processing of your personal information and access to the personal information we hold about you.
- Right to rectification. You have the right to request that Apex correct any information you believe is inaccurate. You also have the right to request Apex complete information you believe is incomplete.
- Right to erasure. You are able to request we erase your personal information in certain circumstances. There may be circumstances where you request us to erase your personal information but we are legally entitled to retain it.
- Right to restrict processing. You have the right to request that Apex restrict the processing of your personal data under certain conditions. There may be circumstances where you object to or ask us to restrict our processing of your personal information but we are legally entitled to refuse that request.
- Right to object to processing. You have the right to object to Apex’s processing of your personal data under certain conditions.
- Right to data portability. You have the right to request that we transfer the data we have collected to another organisation or directly to you under certain conditions.
- Make a complaint. You can lodge a complaint with the relevant data protection authority if you think that any of your rights have been infringed by us.
When individuals communicate with Apex by way of telephone conversations and electronic communications, including emails, text messages and instant messages, these may be recorded and/or monitored for evidentiary, compliance, quality assurance and governance purposes or as required by applicable law.
You can stop the delivery of marketing emails from Apex at any time by unsubscribing or opting out via the link included in every email. Alternatively you can make a direct request to unsubscribe by emailing enquiries@apex.bm.
If you have any concerns or questions about this privacy notice or would like to exercise your rights as a data subject, you can contact our Group Data Protection Officer:
Email: dpo@apexfs.com
Post: Group Data Protection Officer | Apex Group Ltd. | Vallis Building, 4th Floor | 58 Par-la-Ville Road | Hamilton, HM11 | Bermuda
We will update this privacy notice when necessary to reflect changes in the law, our practices and in our services, as well as to ensure it is accurate and up to date. When we make an update we will amend the date at the top of this notice, you are therefore advised to check this privacy notice periodically. We may also notify you in other ways from time to time about the processing of your personal information.