This Privacy Notice sets out how personal data (i.e. information which directly or indirectly identifies you) is collected, processed and disclosed by Louvre. We take the privacy and security of your information seriously and will only use such personal information as set out in this Privacy Notice.
This Privacy Notice should be read in conjunction with Louvre's main website Terms and Conditions and any other relevant legal notices etc.
1 The information we collect:
1.1 In the course of offering or providing services to you, or receiving services from you, we may collect information that personally identifies you. The personal data we collect may include:
i) your name, title and contact details;
ii) your professional title and occupation;
iii) your age;
iv) financial information;
v) personal identifiers such as your social security number, national insurance number or tax number;
vi) information which we need to conduct ‘know your client’ checks such as details relating to your passport; and
vii) other information you provide to us in the course of your dealings with us or which we require to provide you with Louvre's product and services.
1.2 In certain very limited cases, we may also collect what is known as “special categories” of information. Our money laundering, sanctions, financial crime and fraud prevention checks sometimes result in us obtaining information about actual or alleged criminal convictions and offences, as well as in respect of Politically Exposed Persons (PEPs).
1.3 You are not obliged to provide us with your information where it is requested but we may be unable to provide certain products and services or proceed with our business relationship with you if you do not do so. Where this is the case, we will make you aware.
1.4 In the event that you are seeking employment or work placement with Louvre, please refer to the 'Employment and Recruitment' section below for more information regarding how your personal data is collected and processed.
2 How we collect your data
2.1 We primarily collect your personal data from the following sources:
2.1.1 from information which you or your authorised representative gives to us, including but not limited to:
i) Client agreements, applications or other materials you submit to us during the course of your relationship with us;
ii) your interactions with us, transactions and use of our services (including but not limited to the use of our website and email system);
iii) your business dealings with us, including via email, telephone, video call, or as stated in our contracts with you;
iv) recording and monitoring tools that we use for compliance or security purposes (e.g. recording of telephone calls, monitoring emails, etc.).
2.1.2 personal data we receive from you or any third party sources which may include:
i) entities in which you or someone connected to you has an interest;
ii) your legal and/or financial advisors;
iii) other financial institutions who hold and process your personal data to satisfy their own regulatory requirements;
iv) credit reference agencies and financial crime databases for the purposes of complying with our regulatory requirements; and
v) information collected via website (including cookies and IP addresses).
2.2 We may also collect and process your personal data in the course of dealing with advisors, regulators, official authorities and service providers by whom you are employed or engaged or for whom you act.
3 Why we collect your Personal data:
Lawful grounds for processing
3.1 We are entitled to hold and process your personal data on the following lawful grounds:
3.1.1 the processing is necessary for our legitimate interests, provided that your interests and fundamental rights do not override those interests;
3.1.2 where the customer is a natural person, the processing is necessary to comply with our respective contractual duties to you under the terms of our service agreement with you and all supplemental agreements thereto;
3.1.3 to comply with the legal and regulatory obligations of any company, foundation, trust or pension arrangement to which the services are provided by Louvre pursuant to its standard terms ("Managed Entity");
3.1.4 (on exceptional occasions) where we have obtained your consent; and
3.1.5 (on rare occasions) where it is needed in the public interest.
3.2 Some of the grounds for processing described above will overlap and there may be several grounds which justify our use of your personal data.
Inaccurate or Amended Information
3.3 Please let us know if any of your personal data (including correspondence details) changes as soon as possible. Failure to provide accurate information or to update changed information may have a detrimental impact upon services. Failure to provide information where the same is required for anti-money laundering, pursuant to automatic exchange of information agreements, or other legal requirements means we may not, or may no longer, be able to accept you as a client.
Purposes of processing
3.4 We may process your personal data for the purposes set out below ("Purposes").
3.4.1 conducting credit reference checks;
3.4.2 communicating with you as necessary in connection with your affairs and generally in connection with the services provided to you;
3.4.3 supporting our IT and business applications support teams, accounting, legal, reporting, internal audit and risk management, administrative, transfer, document storage, record keeping and other related functions, including but not limited to processing personal data in connection with the services provided;
3.4.4 monitoring and recording telephone and electronic communications and transactions:
a) for quality, business analysis, training and related purposes in order to improve service delivery;
b) for investigation and fraud prevention purposes, for crime detection, prevention, investigation and prosecution of any unlawful act (or omission to act); and
c) to enforce or defend Louvre's or a Managed Entity's respective rights, or through third parties to whom we each may delegate such responsibilities or rights in order to comply with a legal or regulatory obligations imposed on each of us;
3.4.5 disclosing your personal data (including identity and interest in company or specified accounts) to any bank, financial institution or other third party lender providing any form of facility, loan, finance or other form of credit or guarantee to you or to any Managed Entity;
3.4.6 detecting and preventing crime such as fraud, money laundering, terrorist financing, bribery, corruption, tax evasion and to prevent the provision of financial and other services to persons who may be subject to economic or trade sanction on an ongoing basis ("Regulatory Assessments");
3.4.7 facilitating the internal administration of you or any Managed Entity and retaining your personal data as part of our Regulatory Assessments or future services entered into by you;
3.4.8 liaising with or reporting to any regulatory authority (including tax authorities); and
3.4.9 communicating with our professional advisers for the purposes of obtaining professional advice.
3.5 We will only use your personal data for the purposes for which we collected it unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
3.6 If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where these are required or permitted by law.
3.7 To the extent that such personal data contains special category data such as, for example: data relating to racial or ethnic origin, political opinion, religious or philosophical belief, trade union membership or criminal data then the processing of such data shall solely be for the purpose of complying with any duty imposed on Louvre of a Managed Entity by an enactment including, but not limited to, legislation and regulatory obligations relating to Anti-Money Laundering and Combatting the Financing of Terrorism and all other related legislation.
3.8 Louvre will not make decisions about you based on automated processing of your personal data.
4 Sharing personal data
4.1 Louvre and/or the Managed Entity may share your personal data with group companies and third parties (including bank, financial institution or other third party lenders, IT service providers, auditors and legal professionals) under the terms of any appropriate delegation or contractual arrangement. Those authorised third parties may, in turn, process your personal data abroad and may have to disclose it to foreign authorities to help them in their fight against crime and terrorism.
4.2 Like many international organisations, we may transfer your information to locations outside the European Economic Area (which for the purposes of this Privacy Notice includes the Bailiwicks of Guernsey and Jersey, the “EEA”).
4.3 Where we transfer your information outside of the EEA, however, we will ensure that the transfer is subject to appropriate safeguards in accordance with data protection laws. Often, these safeguards include contractual safeguards. Please do contact us if you would like more information about these safeguards (see the “Contact Us” section below for further details).
5 Retention of personal data
5.1 Your personal data will be retained for the longest of the following periods:
5.1.1 for Louvre, a Managed Entity and/or any authorised third parties to carry out the Purposes for which the data was collected or as long as is set out in any relevant agreement you enter into with us or as per the Louvre Data Retention Policy in effect at the time;
5.1.2 in order to establish or defend legal rights or obligations or to satisfy any reporting or accounting obligations; and/or
5.1.3 any retention period that is required by the Data Protection (Bailiwick of Guernsey) Law, 2017 and any other applicable laws or regulatory requirements. We endeavor to store your personal data securely in accordance with accepted market standards.
5.2 Whilst we have taken every reasonable care to ensure the implementation of appropriate technical and security measures, we cannot guarantee the security of your personal data over the internet, via email or via our websites nor do we accept, to the fullest extent permitted by law, any liability for any errors in data transmission, machine, software or operating error or any other cause.
6 Your rights
6.1 You have, under certain circumstances, the following rights in respect of personal data:
6.1.1 the right to access and port personal data;
6.1.2 the right to rectify personal data;
6.1.3 the right to restrict the use of personal data;
6.1.4 the right to request that personal data is erased;
6.1.5 the right to object to processing of personal data; and
6.1.6 where Louvre or a Managed Entity has relied on consent to process the personal data, the right to withdraw consent at any time by contacting us via the contact details below.
6.2 You also have the right to lodge a complaint with the Guernsey Data Protection Authority and/or a supervisory authority in the EU member state of your usual residence or place of work or of the place of the alleged breach, if you consider that the processing of your personal data carried out by Louvre or any Managed Entity or any other service provider to Louvre or a Managed Entity, has breached data protection laws.
6.3 You may also appeal to certain courts against (i) any failure of the Guernsey Data Protection Authority to give written notice of whether the complaint is either being investigated or not being investigated and where applicable, the progress and the outcome of the investigation and (ii) a determination of the Guernsey Data Protection Authority not to investigate the complaint or a determination that a controller or processor has not breached or is not likely to breach an operative provision in connection with the complaint. The Guernsey Data Protection Authority is the Data Protection Commissioner, for which more information is available at https://odpa.gg/.
6.4 In limited circumstances we may approach you for your written consent to allow us to process certain particularly special category data or to use data for another purpose. Where you may have provided your consent to the collection, processing and transfer of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact us. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
7 Data Protection Committee
We have appointed a Data Protection Committee to oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal data, please contact us using the details below.
8 Employment and Recruitment
8.1 In the event that you are seeking employment with Louvre and apply for a position or placement, we may invite you to send us your curriculum vitae. Any information you send us for the purpose of a job application will be treated by us with the greatest care for that purpose only. Upon receipt, our recruitment personnel will make an informed decision as to whether to proceed with your application and invite you to attend an interview. All of the information gathered during the application/recruitment process will be taken into account when making our decision.
8.2 If you are unsuccessful following assessment for the position you have applied for, we may ask if you would like your details to be retained on our recruitment records for a period of 6 months. If you say yes, we will contact you should any further suitable vacancies arise during this period. Following this time, we will securely dispose of your information in accordance with our records management procedures.
8.3 If you become an employee of the firm, information provided by you during the recruitment process will be retained by us on your HR file for the duration of your employment plus 7 years following the end of your employment. This includes any criminal records checks, fitness to work declaration, and references.
9 How to contact us
If you have any questions about our use of your personal data, our retention procedures or our security processes, please contact our Data Protection Committee at LTGprivacy@louvretrust.com.
10 Changes to this Policy
This Privacy Notice is dated 11 November 2020.
We reserve the right to amend this Privacy Notice at any time without notice, in which case the date of the policy will be revised.