Privacy Notice

This Privacy Notice describes how Mainstream Group Holdings Limited and its Related Bodies Corporate (as defined in the Corporations Act 2001 (Cth)) (‘Mainstream’, ‘We’, ‘Us’, or ‘Our’) collects, uses and shares the personal data you provide to us and the personal data we collect in the course of operating our business.

The protection of your personal data is important to us, this Privacy Notice provides you with detailed information relating to the protection of your personal data by Mainstream Group and its subsidiaries. At all times we will comply with the prevailing laws and regulations governing data protection and security of personal data, including The General Data Protection Regulation (GDPR) (EU) 2016/679, the Cayman Data Protection Law (the “DPL”) and other applicable data protection laws (together the “Data Protection Laws”).

This notice explains what personal data is collected, the purposes for which it is used, the third parties to whom it may be disclosed and how individuals can exercise their rights in relation to their personal data.

This notice applies to the collection and processing of personal information relating to individuals associated with our clients, such as directors, shareholders, trustees, beneficial owners, employees, representatives, agents, professional advisers and other personnel. References to “you” and “your” mean the relevant individuals who are the subjects of the personal data to which this notice relates.

 

What personal data do we collect from you?

We collect personal data from you, which is necessary to complete our functions or activities, this may include:

  • identification information – (e.g. name, passport, nationality, place and data of birth, gender)
  • contact information – (phone number, email and postal address)
  • tax status (e.g. tax ID)
  • employment information (e.g. occupation)
  • banking, financial and transactional data (e.g. bank account details)
  • other personal data (e.g. criminal conviction data)

We take reasonable steps to ensure the security of your personal data once it is collected. This includes protecting it from misuse, interference and loss, unauthorised access, modification or disclosure.

How do we collect personal data from you?

We collect personal data from the:

  • information you provide us;
  • information generated during the provision of our services; and
  • information provided to us by third parties in connection with complying with legislation relating to anti-money laundering, taxation, and other legislation applicable to our clients and services.

What is our legal basis for processing your personal data?

We process your personal data where:

  • you have agreed or explicitly consented to using of your data in a specific way (e.g. to receive information on new products or services). If you have provided your consent you may withdraw your consent at any time by contacting us;
  • processing is necessary to provide a service or fulfil a contract that you have entered into (e.g. to provide you with fund administration or other services) or because you have asked for something to be done so you can enter into a contract with us;
  • processing is necessary because we have to comply with a legal obligation (e.g. complying with our Anti-Money Laundering obligations, reporting to regulatory authorities and law enforcement, etc.);
  • processing is necessary to protect your “vital interests” in exceptional circumstances;
  • processing for our legitimate interests such as managing our business, fraud or crime prevention. This may include things like training and quality assurance, marketing, client research and management, strategic planning, statistical analysis of our service provision. You may object to your personal data being used for these purposes.

Who do we share your personal data with?

We may share your personal data within Mainstream for the purpose in which it was disclosed to us, including with colleagues based in our other offices where data protection laws differ from those in your home jurisdiction. We may also share your personal data to third party service providers for the purpose in which it was disclosed to us. Parties to whom we disclose personal data may operate outside your home jurisdiction in countries such as Malta, Isle of Man, Singapore, Hong Kong, Cayman Islands, Ireland, United States, Australia and the Philippines. If you are in Europe, we may send your personal data to countries outside the European Economic Area (EEA). For transfers to non-EEA countries where the level of protection has not been recognised as adequate by the European Commission, we will either rely on a derogation applicable to that specific situation or implement standard contractual clauses approved by the European Commission to ensure the protection of your personal data.

Which third parties do we share your personal data with?

In the course of providing our services to you, complying with legal obligations or pursuing our legitimate interests, we may share your personal data with the following categories of recipients:

  • third parties with whom:
    • we need to share your personal data to facilitate transactions you have requested, and
    • you ask us to share your personal data;
  • your authorised representatives;
  • service providers who provide us with support services to enable delivery of our services
  • statutory and regulatory bodies and law enforcement authorities;
  • where required, debt collection agencies, tracing agencies, receivers, liquidators, examiners, Official Assignee for Bankruptcy and equivalent in other jurisdictions;
  • pension fund administrators, trustees of collective investment undertakings and pensions trustees, insurers/re-insurers;
  • Mainstream Related Bodies Corporate including without limitation, Apex Group Ltd. and its Related Bodies Corporate, business or joint venture partners.

How long do we keep your personal data for?

How long we retain your personal data for will depend on:

  • the purpose for which we are using your personal data;
  • the legal and regulatory obligations – there may be a set minimum period for which we have to keep your personal data.

We will endeavour not to keep any of your personal data longer than is necessary to fulfil the relevant purpose and/or comply with a specific legal retention period.

What are your rights and how can you exercise them?

Depending on the data protection laws that apply to you, you have certain legal rights in relation to the personal data that we hold about you. Where Mainstream controls or processes data in accordance to GDPR or the Cayman Islands Data Protection Law, you have the following rights to:

  • find out if we use, access or receive your personal data;
  • have inaccurate/incomplete information corrected and updated;
  • object to particular use of your personal data for our legitimate business interests or direct marketing purposes;
  • to withdraw consent at any time where processing is based on consent.
  • in certain circumstances, to have your information deleted or our use of your data restricted;
  • in certain circumstances, a right not to be subject to solely automated decisions and where we make such automated decisions, a right to have a person review the decision;
  • exercise the right to data portability (i.e. obtain a transferable copy of your information we hold to transfer to another provider);

Ireland

Mainstream Fund Services Ireland Limited (“we”) is a Data Controller and Processor for our clients within the meaning of the GDPR, applicable Irish data protection legislation (currently the Irish Data Protection Acts 1988 to 2018 as may be amended) and the Cayman Data Protection Law. As a Data Controller, Mainstream Fund Services Ireland Limited is obliged to provide you with information on how we collect, use, store and share your personal data. This document has been made available for that purpose.

Malta

Mainstream Fund Services Malta Limited (“we”) is a Data Controller and Processor within the meaning of the GDPR and applicable Malta Data Protection Act, Chapter 440 of the Laws of Malta. As a Data Controller, Mainstream Fund Services Malta Limited is obliged to provide you with information on how we collect, use, store and share your personal data. This document has been made available for that purpose.

Isle of Man

Mainstream Fund Services (IOM) Limited (“we”) is a Data Controller and Processor within the meaning of the GDPR and applicable Isle of Man data protection legislation currently the Data Protection Act 2018, the GDPR and LED Implementation Regulations 2016 (as these may be amended and applied in the Isle of Man) and any successor legislation. As a Data Controller, Mainstream Fund Services (IOM) Limited is obliged to provide you with information on how we collect, use, store and share your personal data. This document has been made available for that purpose.

The Cayman Islands

Mainstream Fund Services (Cayman) Limited (“we”) is a Data Controller and Data Processor for our clients within the meaning of the Cayman Data Protection Law and any successor legislation. As a Data Controller and Processor, Mainstream Fund Services (Cayman) Limited is obliged to provide you with information on how we collect, use, store and share your personal data. This document has been made available for that purpose.

Hong Kong

Mainstream Fund Services (HK) Limited (“we”) is a Data Controller and Data Processor for our clients within the meaning of the Cayman Data Protection Law, GDPR and applicable Hong Kong data protection legislation currently The Personal Data (Privacy) Ordinance (Cap.486) and any successor legislation. As a Data Controller and Processor, we are obliged to provide you with information on how we collect, use, store and share your personal data. This document has been made available for that purpose.

Singapore

Mainstream Fund Services Pte Ltd (“we”) is a Data Controller and Data Processor for our clients within the meaning of the Cayman Data Protection Law, GDPR and applicable Singapore data protection legislation currently the Personal Data Protection Act of 2012 and any successor legislation. As a Data Controller and Processor, Mainstream Fund Services Pte Ltd is obliged to provide you with information on how we collect, use, store and share your personal data. This document has been made available for that purpose.

USA

Fundadministration, Inc. and Mainstream PE Services, Inc. (“we”) are Data Processors for our clients within the meaning of the GDPR, and the Cayman Data Protection Law. As Data Processors, Mainstream Fund Services Inc. and Mainstream PE Services, Inc are obliged to provide you with information on how we collect, use, store and share your personal data. This document has been made available for that purpose.

Australia

Mainstream Fund Services Pty Ltd and Mainstream Superannuation Services Pty Ltd (we) handle personal information in accordance with the Australian Privacy Principles (APPs). To comply with the Australian Notifiable Data Breach Scheme Mainstream has in place policies and procedures to ensure that data breaches are reported to the Office of the Australian Information Commissioner (OAIC) and to the individuals affected in accordance with the scheme. Further details can be found in the Privacy Policy.

Contact us

If you have any queries with respect to how Mainstream processes your personal data or wish to exercise your rights under the Data Protection Laws please write to:  dataprotection@mainstreamgroup.com

Changes to this Privacy Notice

We may occasionally update this Privacy Notice as our services and privacy practices change, or as required by applicable legal or regulatory requirements. We may also notify you in other ways for time to time about the processing of your personal information.

Last updated: October 2021