We have adopted general policies and procedures concerning confidentiality, proprietary data and privacy of customer personal information, and the information we gather over the Workspace is protected by those policies and procedures.
The General Data Protection Regulation (“GDPR”) in the EU and the Data Protection Act 2018 (“DPA”) in the UK governs the controlling and processing, such as the use or holding, of personal data, which is essentially any information about identifiable living individuals, and also gives those individuals certain rights and remedies in respect of that information.
The purpose of this notice is to supply you with the required information at the time of providing us with your personal data. This will lay out the essentials such as the what; where; when; and how in relation to the personal information collected. This should help you feel more confident about the privacy and the security of your personal information.
Generally, we collect non-public personal information about our clients, investors and third parties from the following sources:
- Information received from investors or prospective investors on subscription documents or other related documents or forms, including any information we collect on the Workspace; and
- Information about a transaction reviewed or entered into by the funds or accounts Castlelake manages, their respective affiliates, or others.
Our policy is that:
Castlelake takes precautions to maintain any nonpublic personal information about prospective, existing or former investors in funds or accounts it manages or has managed to anyone, except as permitted by law and regulation. Castlelake takes similar precautions to ensure that third party transactional information is not inappropriately disclosed to any other person.
Castlelake restricts access to nonpublic personal information to those employees and agents who need to know that information in order to provide services to Castlelake, the funds or accounts it manages. Castlelake maintains physical, electronic, and procedural safeguards to safeguard the nonpublic personal information and which Castlelake believes are adequate to prevent unauthorized disclosure of such information.
Collection of Information
In general, you can browse the non-password-protected sections of the Workspace without telling us who you are or revealing any personal information about yourself. We automatically track certain information that your browser makes available whenever you visit the Workspace. This information may include your Internet Protocol address, browser type, browser language and one or more files that may uniquely identify your browser. We use this information to operate, develop and improve our services.
We will also collect information from you when you register with us, apply to use any of our services, become our client, or contact us in person, by telephone, by email or by post. We also collect information from you when you provide feedback or complete a contact form on our website.
We may collect information about you from fraud prevention agencies and other organisations when we undertake checks such as identification verification checks, as explained further below.
We may collect the following information depending on the service provided:
- Your contact details, such as your name, address, telephone number and email address;
- Your date of birth, nationality, country of birth, country of residence, employment status and tax identification number;
- Passport details, driving licence and utility bills;
- Details of the services you request from us;
- Any records held by financial crime prevention agencies, on the Electoral Register and by providers of utility services; and
- Details of your employment status, income and source of wealth.
In some cases, you are not obliged to provide any personal data to us, but if you have requested information or a service from us, we will not be able to provide it without certain information, such as your contact details. Before we can begin providing you with our services, we need to obtain certain information about you, so that we can verify your identity in order for us to meet our obligations under the Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017 and any other applicable legislation and for the purposes of crime prevention and fraud prevention. You are obliged to provide this information and if you do not provide it, we will be unable to provide you with our services.
We also collect information from you when you voluntarily complete customer surveys, provide feedback or complete a contact form on our website.
Use and Disclosure of Information
You agree that we may use personal information about you to analyze Workspace usage, improve our content and customize the Workspace's content, layout, and services. These uses improve the Workspace and better tailor it to meet your needs, so as to provide you with a smooth, efficient, safe and customized experience while using the Workspace.
We may also use this information to provide you with information about other services we offer that are similar to those that you have already engaged us to provide, or enquired about or to provide information about Castlelake by way of newsletters or emails.
In such instances Castlelake will only do so where we have either received consent from you or we have assessed that there is a legitimate interest for us to send you the communication. When assessing legitimate interest, we will balance our interests with your rights and will only send communications where you would reasonably expect to hear from us. You may opt out of receiving this information when we collect details or at any time by contacting us using the contact details below.
We may also share information about you if we believe that disclosure is required under law. For example, we may need to disclose information in response to a subpoena or to cooperate with regulatory or law enforcement authorities.
Control of Your Password and Personal Information
If you apply for a password to access password-restricted areas on the Workspace, you must provide to us such information as Castlelake may reasonably request.
You are responsible for all actions taken with your user name and password. Therefore, we recommend that you do not disclose your password to anyone. You may not allow others to use your user name or password to access or use any part of this Workspace. If your password has been compromised for any reason, you should contact us immediately for a new password.
You can review and change the information that you submit to us by contacting us at Investor.Relations@castlelake.com. You can change your User ID, email address, contact information, financial information, other personal information and user preferences. You must promptly update your personal information if it changes or is inaccurate.
On your request, we will deactivate your password and remove your contact information and financial information from our active databases. Your password will be deactivated promptly based on your account activity and in accordance with our deactivation policy.
Your information is stored on our servers located in the United States. We use procedural and technical safeguards to protect your personal information against loss or theft as well as unauthorized access and disclosure to protect your privacy, which may include encryption, "firewalls" and Secure Socket Layers. We treat data as an asset that must be protected against loss and unauthorized access. We employ security techniques to protect such data from unauthorized access by users inside and outside the company. However, "perfect security" does not exist on the Internet.
We are committed to only keeping your personal data for as long as we need to in order to fulfil the relevant purpose(s) it was collected for, as set out above in this notice, and for as long as we are required or permitted to keep it by law.
We retain copies of our customer contracts in order to enable us to deal with any legal issues and the information provided to us for identification verification checks, financial crime and anti-money laundering checks (as required by law) for 5 years after termination or expiry of our contract with you. We retain details of complaints for 5 years from the date of receipt.
We shall keep records of the following for 5 years:
- call recordings, electronic communications and minutes of face-to-face meetings;
- suitability and appropriateness assessments;
- periodic statements (for example, valuations); and
- all orders and transactions in financial instruments on your behalf (including information about your identity).
Castlelake retain copies of all records aforementioned for a maximum of 7 years.
Conditions of Use
If you have any questions, would like to lodge a complaint you can contact us at the Data Protection Officer:
Post: United Kingdom: Elizabeth Turner, Castlelake (UK) LLP, 15 Sackville Street, London, W1S 3DJ.
Alternatively, if you would like to contact your Data Protection Authority, please use the contact details below.
United Kingdom: Information Commissioner’s Office
Where we rely on your consent to use your personal data, you have the right to withdraw that consent at any time.