External Privacy Notice

1 Introduction

In the context of our activities and your business relationship with us, we will collect, hold, use and/or otherwise process personal data about you. 

Based on applicable data protection and privacy law, such as EU General Data Protection Regulation 2016/679, GDPR and the Dutch GDPR Implementation Act, United International Holdings (Netherlands) B.V., Perennial Administration Services B.V. and United International Management B.V. (hereinafter referred to as United), qualify as individual “controllers” with respect to the personal data which each entity collects and processes about you. The aforementioned entities will hereinafter be referred to as: “we” or “us”. 

We understand that your privacy is important and that you care about how your personal data is used. We respect and value your privacy and will only collect and use personal data in the manner and for the purposes as described in this document and that is consistent with our obligations and your rights under the applicable legislation and regulations. By entering into a business relationship with us and by sharing your personal data with us, you acknowledge and understand that your personal data will be processed by us in accordance with this Privacy Notice. 

2 Information about us

United International Holdings (Netherlands) B.V.
Registered in the Netherlands under company number 34373123
Address: Strawinskylaan 411 (1077 XX) Amsterdam, the Netherlands

United International Management B.V.
Registered in the Netherlands under company number 34269697
Address: Strawinskylaan 411 (1077 XX) Amsterdam, the Netherlands

United has appointed a privacy officer. For questions and requests in connection with the processing of your personal information you can also contact our privacy officer by email at: privacynl@uibt.com.

3 What does this Privacy Notice cover and whose personal data do we process?

This Privacy Notice is intended to ensure compliance with the GDPR and the Dutch GDPR Implementation Act (UAVG).

This external Privacy Notice is relevant for anyone whose personal data we may process in the context of our (business) activities, including but not limited to directors, authorised representatives, employees and/or (other) contact persons of our current and former clients, contracting parties, business partners and/or service providers and users of our corporate website (United – finance and trust services (uibt.com)) (hereinafter also referred to as: “you”). This Privacy Notice is not relevant for employees and job applicants. 

This Privacy Notice explains on what legal basis we may process your personal data and:

• What personal data we collect
• For what purposes and how we may use/process such personal data
• How we collect the personal data 
• How we store the personal data
• For what period we store the personal data
• What your rights are under the applicable data protection and privacy legislation 

We encourage you to carefully read this Privacy Notice. From time to time, we may need to update this Privacy Notice. This may be necessary, for example, if the law changes or if we change our business in a way that affects the way we process personal data. The most recent version of this Privacy Notice will always be available on our website United – finance and trust services (uibt.com). You may also ask us to send you a copy of the most recent version of this Privacy Notice.

In the event that the Privacy Notice materially and/or substantially changes, we will actively inform you of this change and provide you with the new version of the Privacy Notice.

Note: Where you provide personal data to us which relates to another individual than yourself (for example of the legal representative of the company you are representing), please provide the concerned individual with (a copy of) this Privacy Notice before providing us with their personal data.

4 What personal data do we collect and how do we collect this personal data?

We collect personal data in various ways:

• Directly from you, for example when you provide us with your personal information by telephone, email or other correspondence
• Directly from you, for example when you engage in business with us
• From third parties, for example agents, advisors, intermediaries, custodians of your assets, tax authorities, credit agencies, governmental and competent regulatory authorities
• From the company you work for (in case the client/contracting party is a legal entity)
• From other companies of the United group (within the meaning of article 2:24 b of the Dutch Civil Code)
• Otherwise, for example, from public sources such as the trade register, public directories or your website
• When you visit our website United – finance and trust services (uibt.com) and use the contact information provided on this website to get in touch with us

We collect or process some or all of the following personal data:

• Name, date and place of birth
• Contact details, including but not limited to addresses, telephone numbers and email addresses
• Anti-money laundering identification (including but not limited to residential addresses, passport or driver’s licence) and verification documentation and, if applicable, additional information for any individual regarded as a politically exposed person
• Information relating to your financial situation such as income, expenditure, assets and liabilities, sources of wealth, as well as your bank account details and tax identification number
• Information about your employment, education, family, your (criminal) background or personal circumstances and/or information on adverse media hits, and interests, where relevant 
• Excerpts of registers (public or not, for example excerpts from the Chamber of Commerce)

It is a necessary condition to enter into an agreement with us and/or a legal obligation to provide us with the personal data above.

5 Legal bases for processing

The following legal bases apply with respect to the processing of these personal data:

• The processing is necessary for the performance of a contract with you or to take steps prior to entering into a contract with us (for a natural person who is the data subject), such as further detailed in paragraph 6 section (a)
• The processing is necessary for compliance with legal obligations to which we are subject, such as further detailed in paragraph 6 sections (b) and (c)
• The processing is necessary for the purposes of the legitimate interests pursued by us, such as further detailed in paragraph 6 sections (d), (e), (f) and (g) 

We will only process your personal data on the basis of consent if this has been explicitly stated. If any kind of processing is based on your consent, we hereby inform you that you have the right to withdraw your consent at any time by contacting us via the contact details mentioned in paragraph 13, without affecting the lawfulness of processing based on consent before its withdrawal.

We do not seek to collect or otherwise process your sensitive personal data, save for instances where we receive personal data relating to your political affiliations as part of our politically-exposed-persons (PEP) checks and/or sanctions information. Any processing of such sensitive personal data about you will be necessary for reasons of substantial public interest, on the basis of an applicable law that is proportionate to the aim pursued and provides for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject. 

There may, however, be other exceptional occasions where we may need to process your sensitive personal data or information relating to a criminal background namely where:

• The processing is necessary for the detection or prevention of crime (including the prevention of fraud, money laundering or financing of terrorism) to the extent permitted by applicable law or regulation 
• The processing is necessary for the establishment, exercise or defence of legal rights

6 Purposes for processing

We process your personal data for the following purposes:

• (a) To provide our services to you and/or to comply with contractual obligations
• (b) For onboarding and ongoing KYC purposes
• (c) To comply with other regulatory, fiscal, tax information reporting, anti-trust, anti-money laundering and terrorist financing and other legal and regulatory obligations
• (d) For the purposes of our internal administration
• (e) To deal with any complaints or feedback you may have 
• (f) For establishing, exercising and defending our legal rights
• (g) To monitor and record telephone and electronic communications for:

• (i) Quality assurance, business analysis, training and related purposes in order to improve our service (callers are advised beforehand if their telephone call will be recorded and recordings are subsequently edited to ensure that no personal data is revealed and the identity of the caller and as much as possible the voice of the same caller are rendered non-identifiable)
• (ii) Ensuring accuracy and proper performance of your instructions
• (iii) Investigation and fraud prevention, crime detection, prevention, investigation and prosecution 
• (iv) Exercising and defending our legal rights

7 How long will we keep your personal data?

We will not keep your personal data for a longer period than is necessary in light of the purposes for which we process them (we refer to the purposes as listed above in paragraph 6). Only where we are legally obliged to, or where this is necessary for defending our interests in the context of judicial proceedings, we will keep the personal data for longer periods. 

We will only retain your personal data for as long as necessary to fulfil the purposes for which we had collected it (that is, the ongoing performance of your business relationship with us) and, thereafter:

• For the purpose of satisfying any legal, accounting, tax, AML and regulatory reporting requirements or obligations to which we may be subject 
• To the extent that we may also need to retain your personal data to be able to assert, exercise or defend possible future legal claims against or otherwise involving you

By and large, our retention of your personal data shall not exceed the period of six (6) years from the end or termination of your business relationship with us. This retention period enables us to make use of your personal data for potential AML reporting obligations to the Financial Intelligence Unit – Netherlands (FIU-NL) (a legal obligation), and/or to assert, file, exercise or defend possible legal claims against you (taking into account applicable statutes of limitation and prescriptive periods).

In certain cases though, we may need to retain your personal data for a period of up to eleven (11) years to comply with applicable accounting and tax laws or where continued retention has been mandated by the FIU-NL or other applicable competent authority.

In some circumstances you can ask us to delete your data. See Request erasure below for further information.

8 How do we protect your personal data?

We have implemented the necessary administrative, technical and organisational measures for ensuring a level of security appropriate to the specific risks that we have identified. We protect your personal data against destruction, loss, alteration, unauthorised disclosure of or access to personal data transmitted, stored or otherwise processed. 

Further, we seek to ensure that we keep your personal data accurate and up to date. In that respect we kindly request that you actively inform us of any changes to your personal data (such as a change in your contact details).

9 Do we share your personal data?

In the context of the purposes as listed above in paragraph 6, we may share your personal data with third parties in the following situations:

1. To our affiliates and/or United group companies for the purposes of:

• Providing services to you and/or complying with contractual obligations
• For onboarding and ongoing KYC purposes
• Complying with other regulatory, fiscal, tax information reporting, anti-trust, anti-money laundering and terrorist financing and other legal and regulatory obligations
• Our affiliates’ and/or United group companies’ internal administration

2. To any third party service providers engaged by us, in order to provide our services to you, to comply with regulatory requirements or to provide (without limitation) the following functions: 

• Using our IT systems, software and business applications 
• Supporting our IT and business applications support teams, accounting, legal, reporting, internal audit and risk management, administrative, transfer, document storage, record keeping and other related functions 
• Collecting, processing, transferring and storing “client due diligence”, source of funds information and verification data under applicable anti-money laundering and terrorist financing laws and regulations

3. To our professional advisors where it is necessary for us to obtain their advice or assistance, including lawyers, accountants, IT or public relations advisors

4. To third parties and their advisors where those third parties are acquiring, or considering acquiring, all or part of our business

5. To any bank, financial institution, insurer, tax authority, court or any other authority or supervisor, where required 

Where relevant, we will implement appropriate safeguards to ensure the protection of your personal data when disclosing your personal data to a third party. For example, we will enter into data processing agreements when engaging a data processor (providing for restrictions on the use of your personal data and obligations with respect to the protection and security of your personal data).

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our documented instructions. 

Some of the above-mentioned recipients may be situated or operating in countries outside the European Economic Area. Where we transfer your data outside the European Economic Area we will do so on the basis of: (i) an adequacy decision; (ii) contractual model clauses as drafted and approved by the European Commission; or (iii) other valid transfer mechanisms pursuant to the GDPR. For more information about the safeguards applied by us to international transfers, please contact us via our contact details mentioned in paragraph 13.

10 Can I access my personal data?

If you want to know what personal data we have relating to you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “data subject access request”.

All such requests should be made in writing (including by email) and sent to the email or postal addresses shown in paragraph 13 below. In principle, there is no charge for a subject access request. If your request is “manifestly unfounded or excessive” (for example, if you make unnecessary repetitive requests) a fee may be charged to cover our administrative costs in responding.

We will respond to your subject access request within 30 working days after receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time is required up to a maximum of three months after the date on which we received your request. In this case you will, of course, be kept fully informed of our progress.

11 What are your other rights?

Under certain circumstances you have the right to:

• Receive additional information regarding the processing of your personal data
• Rectify your personal data
• Have your personal data erased
• Object to some or all of the processing of your personal data
• The restriction of some or all of the processing of your personal data
• Data portability (i.e. the right to receive your personal data in a structured, commonly used and machine readable format and to transmit your personal data or have it transmitted to another organisation)

You have the right to receive information when we collect and process personal data about you from publicly accessible or third-party sources. When this takes place, we will inform you, within a reasonable and practicable timeframe, about the third-party or publicly accessible source from which we have collected your personal data.

You have the right to request correction or rectification of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected and/or updated, though we may need to verify the accuracy of the new data you provide to us. As mentioned, it is in your interest to keep us informed of any changes or updates to your personal data which occur during the course of your relationship with us.

You have the right to request erasure of your personal data. This enables you to ask us to delete or remove personal data where: 

• There is no good reason for us continuing to process it 
• You have successfully exercised your right to object to processing (see below)
• We may have processed your information unlawfully 
• We are required to erase your personal data to comply with local law

Note, however, that we may not always be able to comply with your erasure request for specific legal reasons which will be notified to you, if applicable, at the time of your request. These may include instances where continued processing is necessary in order to be able to:

• Comply with a legal or regulatory obligation to which we are subject
• Establish, exercise or defend legal claims

You have the right to object to processing of your personal data where we are relying on a legitimate interest (or that of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes on the basis of our legitimate interests.

In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms. 

You have a right to request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:

• If you want us to establish the data’s accuracy 
• Where our use of the data is unlawful but you do not want us to erase it 
• Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims
• Where you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it 

You have a right to request the transfer (data portability) of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you. 

You have a right to withdraw consent at any time where we are relying on your consent to process your personal data (which will not generally be the case). This will not, however, affect the lawfulness of any processing which we carried out before you withdrew your consent. Any processing activities that are not based on your consent will remain unaffected.

Kindly note that none of these data subject rights are absolute and must generally be weighed against our own legal obligations and legitimate interests. If a decision is taken to override your data subject request, you will be informed of this by our privacy team along with the reasons for our decision.

Finally, you also have the right to lodge a complaint to the local data protection authority. The contact details of the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) are as follows: Bezuidenhoutseweg 30 (2594 AV) The Hague; telephone no. 088 – 1805 250.

12 Contact details

To contact us about anything related to your personal data and/or data protection, including exercising your data subject rights as discussed above in paragraphs 10 and 11, in particular your right to object, please use the contact details below:

For the attention of: Privacy Officer
Email address: privacynl@uibt.com
Telephone number: +31 (0)20 575 2727 
Postal Address: P.O. Box 79141, 1070 ND, Amsterdam 
The Netherlands