This Privacy Notice describes how Mainstream Group Holdings Limited (‘the Company’, ‘We’, ‘Us’, or ‘Our’) collects, uses and shares the personal data you provide to us and the personal data we collect in the course of operating our business. The protection of your personal data is important to us, this Privacy Notice provides you with detailed information relating to the protection of your personal data by Mainstream Group and its subsidiaries. At all times we will comply with the prevailing laws and regulations governing data protection and security of personal data, including The General Data Protection Regulation (GDPR) (EU) 2016/679.
What personal data do we collect from you?
We collect personal data from you, which is necessary to complete our functions or activities, this may include:
- identification information – (e.g. name, passport, nationality, place and data of birth, gender)
- contact information – (phone number, email and postal address)
- tax status (e.g. tax ID)
- employment information (e.g. occupation)
- banking, financial and transactional data (e.g. bank account details)
- other personal data (e.g. criminal conviction data)
We take reasonable steps to ensure the security of your personal data once it is collected. This includes protecting it from misuse, interference and loss, unauthorised access, modification or disclosure.
How do we collect personal data from you?
We collect personal data from the:
- information you provide us;
- information generated during the provision of our services and;
- information provided to us by third parties.
What is our legal basis for processing your personal data?
We process your personal data where:
- you have agreed or explicitly consented to using of your data in a specific way (e.g. to receive information on new products or services). If you have provided your consent you may withdraw your consent at any time by contacting us;
- processing is necessary to provide a service or fulfil a contract that you have entered into (e.g. to provide you with fund or administration services) or because you have asked for something to be done so you can enter into a contract with us;
- processing is necessary because we have to comply with a legal obligation (e.g. complying with our Anti-Money Laundering obligations, reporting to regulatory authorities and law enforcement, etc.);
- processing is necessary to protect your “vital interests” in exceptional circumstances;
- processing for our legitimate interests such as managing our business, fraud or crime prevention. This may include things like training and quality assurance, strategic planning, statistical analysis of our service provision. You may object to your personal data being used for these purposes.
Who do we share your personal data with?
We may share your personal data within the Company for the purpose in which it was disclosed to us, including with colleagues based in our other offices where data protection laws and standards differ from those in your home jurisdiction. We may also share your personal data to third party service providers for the purpose in which it was disclosed to us. Parties to whom we disclose personal data may operate outside your home jurisdiction in countries such as Malta, Isle of Man, Singapore, Hong Kong, Cayman Islands, Ireland, United States and Australia. If you are in Europe, we may send your personal data to countries outside the European Economic Area (EEA). For transfers to non-EEA countries where the level of protection has not been recognised as adequate by the European Commission, we will either rely on a derogation applicable to that specific situation or implement standard contractual clauses approved by the European Commission to ensure the protection of your personal data.
Which third parties do we share your personal data with?
In the course of providing our services to you, complying with legal obligations or pursuing our legitimate interests, we may share your personal data with the following categories of recipients:
- third parties with whom:
- we need to share your personal data to facilitate transactions you have requested, and
- you ask us to share your personal data;
- your authorised representatives;
- service providers who provide us with support services to enable delivery of our services;
- statutory and regulatory bodies and law enforcement authorities;
- where required, debt collection agencies, tracing agencies, receivers, liquidators, examiners, Official Assignee for Bankruptcy and equivalent in other jurisdictions;
- pension fund administrators, trustees of collective investment undertakings and pensions trustees, insurers/re-insurers;
- Mainstream group companies, business or joint venture partners.
How long do we keep your personal data for?
How long we retain your personal data for will depend on:
- the purpose for which we are using your personal data;
- the legal and regulatory obligations – there may be a set minimum period for which we have to keep your personal data.
We will endeavour not to keep any of your personal data longer than is necessary to fulfil the relevant purpose and/or comply with a specific legal retention period.
What are your rights and how can you exercise them?
Depending on the data protection laws that apply to you, you have certain legal rights in relation to the personal data that we hold about you. Where a Mainstream entity within the EEA, such as Mainstream Fund Services (Ireland) Limited and Mainstream Fund Services (Malta) Limited controls your personal data in accordance with the GDPR, you have the following rights to:
- find out if we use, access or receive your personal data;
- have inaccurate/incomplete information corrected and updated;
- object to particular use of your personal data for our legitimate business interests or direct marketing purposes;
- to withdraw consent at any time where processing is based on consent.
- in certain circumstances, to have your information deleted or our use of your data restricted;
- in certain circumstances, a right not to be subject to solely automated decisions and where we make such automated decisions, a right to have a person review the decision;
- exercise the right to data portability (i.e. obtain a transferable copy of your information we hold to transfer to another provider);
Mainstream Fund Services Ireland Limited (“we”) is a Data Controller within the meaning of the GDPR and applicable Irish data protection legislation (currently the Irish Data Protection Acts 1988 to 2003 as may be amended). As a Data Controller, Mainstream Fund Services Ireland Limited is obliged to provide you with information on how we collect, use, store and share your personal data. This document has been made available for that purpose.
Mainstream Fund Services Malta Limited (“we”) is a Data Controller within the meaning of the GDPR and applicable Malta Data Protection Act, Chapter 440 of the Laws of Malta. As a Data Controller, Mainstream Fund Services Malta Limited is obliged to provide you with information on how we collect, use, store and share your personal data. This document has been made available for that purpose.
Isle of Man
Galileo Fund Services Limited (“we”) is a Data Controller within the meaning of the GDPR and applicable Isle of Man data protection legislation (currently the Data Protection Act 2002). As a Data Controller, Galileo Fund Services Limited is obliged to provide you with information on how we collect, use, store and share your personal data. This document has been made available for that purpose.
Data Protection Officer
The Company has appointed a designated Data Protection Officer. If you have any queries with respect to how the Company processes your personal data or wish to exercise your rights under GDPR please write to:
The Data Protection Officer – firstname.lastname@example.org