This Privacy Notice explains how Aurum Private Limited (“Aurum”) processes personal data and sets out the rights of the individuals to whom that data relates (data subjects). Any questions about personal data processed by us should be directed to our Data Protection Officer compliance@aurumprivate.com

Aurum Private Limited provides fiduciary services to residents and international clients to assist them with their business and personal objectives and planning with assistance with their advisors.

In order to perform its functions effectively Aurum needs to process personal data. The processing activities that Aurum may by law carry out in relation to personal data include requesting it, collecting it, storing it, analysing it, sharing it, disclosing it.

Clients, their advisors, and managers of their assets will be required to provide personal information and data to Aurum at the start, during and cessation of the business relationship and this is required for Aurum to provide services under, and comply with the Bailiwicks legal and regulatory framework, and duties imposed on us.

Aurum will not ordinarily use the legal basis of consent due to the regulatory requirements requiring clients, their advisors, and managers to provide personal data and to also keep this up to date. We are also required to keep you updated to your business relationship and matters that may affect it and you, locally and internationally.

Where we do provide marketing material you will have the option to decline from receiving such material.

Aurum is bound by strict provisions, set out in the Bailiwicks’ legal and regulatory framework, as to the confidentiality and safeguarding of the personal information that it acquires during the course of carrying out a business relationship. There may be occasions where this information may be disclosed, without the consent of those who may be identified from it, only in exceptionally limited circumstances such as:

where necessary to enable Aurum to perform its functions or discharge its obligations (both in the Bailiwick

and internationally);

for the purposes of the investigation, prevention or detection of crime; or
in order to comply with directions given by a court, law enforcement or regulatory agency.

These confidentiality provisions bind Aurum and its employees and third-parties contravention of them is an offence which carries liability to punishment.

In cases where Aurum discloses information it will do so on the basis of conditions designed to ensure that the confidentiality of the information is protected by imposing undertakings in relation to the use, disclosure, safe-keeping and return of the information concerned.

The personal data that Aurum may collect and process includes information within the following categories:

• name;
• date of birth;
• contact information (address, telephone, email and fax details etc.);
• financial information (returns data, invoicing information, and notifications data etc.);
• identity (passports and identity cards etc.);
• family members (next of kin and beneficiaries etc.);
• employment (employment history, qualifications, training etc.);
• due diligence documentation (identification information, PEP status information, source of wealth data);
• special category data (health, origin, political opinion etc.);
• criminal convictions and offences (fraud, money laundering, market abuse, taxation offences etc.); and fitness and propriety (disciplinary issues, professional memberships, qualifications, investigations, legal actions, police checks etc.)

In addition to gathering information from data subjects directly, Aurum may use other sources of data in order to gather information, some of which may include personal data. Examples of such sources of information include:

• subscribed service sources of risk intelligence;
• membership registers;
• open-source or publicly available sources;
• References from other third parties

Aurum processes personal data for a number of legal reasons or grounds which may include:

• the exercise of rights or powers conferred or imposed on Aurum by law;
• the performance of or compliance with duties imposed on Aurum by law;
• the performance of a duty or contract owed to the client;
• processing in connection with any legal proceedings, or for the discharge of any court functions, for the purpose of obtaining legal advice or otherwise in connection with legal rights.

In exercising its regulatory and contractual obligations Aurum may share information, which may include personal data, with other entities. These other entities may include, for example:

• external providers of professional services (such as lawyers, accountants, auditors or other experts);
• external service providers (for services such as IT, document storage, office maintenance);
• entities with a legal right to the information (such as law enforcement agencies, regulators or supervisory bodies and controllers of public registers); and
• courts and tribunals.

This will be locally or to jurisdictions that have assessed as having data protection frameworks that meet EU privacy adequacy equivalence or where you consent for the data to be provided outside of this. Where Aurum transfers data outside of these jurisdictions it will be in the performance of a contract for you. Aurum retains information, which may include personal data, for as long as necessary for the purpose(s) for which that information was collected and to meet the regulatory and legal requirements of the Bailiwick.

Data subjects have the following rights:

• Right to information for personal data collected from data subject
• Right of access
• Right to object to processing for direct marketing purposes
• Right to object to processing on grounds of public interest
• Right to object to processing for historical or scientific purposes
• Right to rectification
• Right to erasure
• Right to restriction of processing
• Right not to be subject to decisions based on automated processing
• Right to data portability