This Privacy Notice ("Notice") explains how G3 Good Governance Ltd whose principal place of business is 40 George St, Marylebone, London W1U 7DW (see "Contacting Us" below for our contact details) collects, handles, stores and processes personal data.
In this Notice "Data Protection Legislation" means the EU General Data Protection Regulation 2016/679; together with all other applicable legislation relating to privacy or data protection; and where we use the terms "personal data", "data subject", "controller", "processor" and "process" (and its derivatives), such terms shall have the meanings given to them in the Data Protection Legislation.
Our use of information
We hold information that helps financial institutions, corporates, professional services firms, governments, law enforcement agencies, regulators and other clients (“G3 Clients”) to perform due diligence and other screening activities in accordance with their legal or regulatory obligations and risk management procedures carried out in the public interest. We also hold information specifically about G3 Clients which we collect in order to provide our services and satisfy our regulatory obligations.
We may process also any information for a number of other business purposes. Examples of the types of uses of such information are set out below:
- to provide our services to you;
- to administer and operate your client account(s);
- for conflict checks;
- to assess any billing matters;
- to enable us to carry out statistical and other analysis and to meet our legal obligations;
- for our reasonable commercial purposes (including in connection with our insurance, quality control and administration and assisting us to develop new and improved services);
- to confirm identities and carry out background checks, including as part of our checks in relation to anti-money laundering, compliance screening and to prevent fraud and other crimes;
- to follow up with you or them after you request information to see if we can provide any further assistance;
- to comply with any requirement of applicable laws or regulations;
- to check our instructions;
- in the context of a sale or potential sale of a relevant part of our business, subject always to confidentiality obligations; and
- for invitations to briefings and marketing communications unless the recipient indicates at any time that they do not wish to receive invitations and marketing communications.
Information that we collect
The information referred to above includes personal data, which means information that can be used to identify a natural person, including (but not limited to) the following types of personal information:
- contact information, such as home or work addresses and contact details (including mobile telephone number);
- information we obtain from the instructions of G3 Clients;
- details of any complaints or concerns raised;
- employment status;
- financial information (including bank details, assets, tax rates and information in relation to investments);
- date of birth, marital/civil partnership status, details of dependants and next of kin;
- information which is collected from publicly available sources such as [sanctions lists, media coverage, social media platforms and Politically Exposed Persons lists];
- information which is collected from international litigation records, international and national media coverage, national and international social media platforms, aggregated corporate databases and other investigative sources such as specialist search engines, public records databases, electoral registers and databases of IP addresses and domain names.
- information about an individual’s professional qualifications;
- any other information provided by a G3 Client in the course of providing our services;
- information we obtain from third parties, such as information that we obtain when verifying details supplied by G3 Clients. This information obtained from other third party organisations may include fraud prevention agencies and information which is collected from publicly available sources such as Companies House;
- information provided by our advisers and contributors who assist us with providing our services; and
- technical information includes internet protocol (IP) address, usage information, browser type and version, time zone setting and location, language, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access the G3 site.
Some of the information that we collect may include special categories of personal data (such as information about racial or ethnic origin, criminal or alleged criminal offences or health and lifestyle). The processing of such data may be necessary for the establishment, exercise or defence of legal claims.
We may be prevented from providing services where there is a failure to provide the above information.
Lawful Grounds for Using Information
We have described the purposes for which we may use information. We are permitted to process such information in this way, in compliance with the Data Protection Legislation, by relying on one or more of the following lawful grounds:
- consent to the processing of such information for a specific reason;
- the processing is necessary to perform the agreement or to take steps to enter into an agreement;
- the processing is necessary for compliance with a legal obligation we have; or
- the processing is necessary for the purposes of a legitimate interest pursued by us, which might be:
(i) to provide our services;
(ii) to improve our website;
(iii) to keep our website safe and secure;
(iv) to prevent fraud;
(v) to protect our business interests;
(vi) to ensure that complaints are investigated;
(vii) to evaluate, develop or improve our services; or
(viii) to keep G3 Clients informed about relevant services.
Sharing information with others
We keep all information confidential. However, in order to provide our services and service G3 Client needs to the best of our ability, we may share any information with our agents, contributors, advisers, contractors, counterparties and support service or data providers, wherever located.
We may also provide third party service providers access to G3 Client information where they support or provide services to us. We will ensure that if we share information with, or provide access to, third party service providers, any such disclosure or access is at all times in compliance with Data Protection Legislation.
The recipients, or categories of recipients, of information that we hold may be:
- any revenue service or tax authority, including HMRC, if obliged to do so under applicable regulations. For Common Reporting Standards and FATCA, we may also have to report your account(s) to the necessary tax authorities;
- advisers (including, but not limited to, accountants or other professional advisers) where authorised to do so;
- UK and overseas regulators, courts and authorities in connection with their duties (such as crime prevention);
- fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify identities. We and fraud prevention agencies may also enable law enforcement agencies to access and use your information to detect, investigate and prevent crime;
- third party service providers who support or provide services to us;
- anyone to whom we may transfer our rights and/or obligations under this Notice; and
- any other person or organisation after a restructure, sale or acquisition.
If we, or a fraud prevention agency, determine that a G3 Client poses a fraud or money laundering risk:
- we may refuse to provide the services requested, or we may stop providing existing services; and
- a record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment.
Transferring information outside the UK
Information in our possession may be transferred to other countries (particularly to our agents and contractors in different countries which may include countries outside the European Economic Area) for any of the purposes described in this Notice.
These countries may have differing (and potentially less stringent) laws relating to the degree of confidentiality afforded to the information they hold and that such information can become subject to the laws and disclosure requirements of such countries, including disclosure to governmental bodies, courts regulatory agencies and private persons, as a result of applicable governmental or regulatory inquiry, court order or other similar process. In addition, a number of countries have agreements with other countries providing for exchange of information for law enforcement, tax and other purposes.
When we, or our permitted third parties, transfer information outside the European Economic Area, we or they will impose contractual obligations on the recipients of that data to protect such information to the standard required in the European Economic Area. We or they may require the recipient to subscribe to international frameworks intended to enable secure data sharing. In the case of transfers by us, we may also transfer information where:
- the transfer is to a country deemed by the European Commission to provide adequate protection of information;
- we have received consent to such transfer, or
- such transfer is otherwise permissible under Data Protection Legislation (for example if we are required to provide such information by law).
Data subjects have a number of rights concerning their personal, which include the right:
- to request access to, or a copy of, any personal data we hold about them;
- to request the rectification of their personal data, if they consider that it is inaccurate;
- to request the erasure of their personal data, if they consider that we do not have the right to hold it;
- to object to their personal data being processed for a particular purpose or to request that we stop using your or their information;
- to request not to be subject to a decision based on automated processing and to have safeguards put in place if you or they are being profiled based on their personal data;
- to ask us to transfer a copy of their personal data to another party where technically feasible and otherwise required by applicable regulations;
- to withdraw, at any time, any consent that they have previously given to us for our use of their personal data; or
- to ask us to stop or start sending them marketing messages at any time.
Any request for access to or a copy of personal data must be in writing and we will endeavour to respond within a reasonable period and in any event within one month in compliance with Data Protection Legislation. We will comply with our legal obligations as regards any individual’s rights as a data subject.
If you would like to contact us in relation to any of the rights set out above please contact us using the contact details in the "Contacting Us" section below.
Retaining Your Information
We will only keep the information we collect on our systems or with third parties for as long as required for the purposes set out above or as required to comply with any legal obligations to which we are subject. This will involve us regularly reviewing our files to check that information is accurate and up-to-date and still required.
If you terminate your relationship with us, a matter comes to an end, we decline to act on a matter, or you decide not to go ahead with a matter, we may still keep your information.
- Write to G3 Good Governance Group Ltd at 40 George St, Marylebone, London W1U 7DW;
- Email firstname.lastname@example.org
- Call +44 (0)20 7467 2040
Data subjects also have the right to make a complaint to the Information Commissioner's Office, which regulates and supervises the use of personal data in the UK, via their helpline on 0303 123 1113.
We may make changes to this Notice and how we use your information in the future.
G3 Good Governance Group Ltd