This privacy notice explains the manner in which GPF Metals plc with its registered address at 2nd Floor, Block 5, Irish Life Centre, Abbey Street Lower, Dublin D01 P767, Ireland (the Issuer) collects, processes and maintains personal data about you pursuant to the Data Protection Law.
You should review this notice carefully as it contains information about the treatment of your personal data and your rights under the Data Protection Law.
This Privacy Notice was last updated on 25 November 2020.
Interpretation:: For the purposes of this privacy notice: (i) Data Protection Law means the General Data Protection Regulation (EU) 2016/679 and the Irish Data Protection Acts 1988 to 2018, as amended from time to time (ii) controller, processor, data subject, personal data, and processing shall have the meanings given to them under the Data Protection Law, (iii) we, us or our means the Issuer in its capacity as data controller of the personal data, and (iv) you or your means the ETC Holder under the GPF Physical Metal ETC Securities Programme (the Programme) (the investor) and includes any person owning or controlling the investor, having a beneficial interest in the investor, or for whom the investor is acting as agent or nominee.
For the avoidance of doubt, Processor (as defined below) shall include Global Palladium Fund, L.P., Apex Fund Services (Ireland) Limited, and The Bank of New York Mellon, SA/NV, Luxembourg Branch (and each of their affiliates) acting as respectively arranger, administrator, and registrar in relation to the Programme in their capacity as processor of the personal data.
Sources of personal data:
Personal data includes identifiers such as: name, date of birth, gender, address, email address, nationality, tax identification number (TIN), financial and investment qualification, shareholder reference number, national identification number, telephone/mobile number, fax number, bank details, and power of attorney details.
The Issuer collects personal data about investors mainly through the following sources:
(a) subscription forms, investor questionnaires and other information provided by the investor in writing (including any anti-money laundering, identification, and verification documentation), in person, by telephone (which may be recorded), electronically or by any other means;
(b) from third party vendors, transfer agencies, financial intermediaries and/or financial administrators;
(c) transactions within the Programme, including account balances, investments, distributions, payments and withdrawals; and
(d) we may also collect personal data relating to you from credit reference agencies and available public databases or data sources, such as news outlets, websites and other media sources and international sanctions lists.
The storage, processing and use of personal data will take place for the following purposes:
(a) Where the processing is necessary for compliance with a legal obligation to which the Issuer is subject
(i) to comply with in-house procedures and statutory/regulatory requirements applicable to the Issuer (including (where applicable) under FATCA, CRS, AML legislation and customer due diligence verification purposes).
(b) Where the processing is necessary for the Issuer to perform a contract to which you are a party or for taking pre-contract steps at your request
(i) to manage or administer your investment and any related accounts on an ongoing basis;
(ii) to administer and operate the Programme and/or the Issuer; and
(iii) risk management and risk controlling purposes relating to the Issuer or any entity in the same group as the Issuer.
(c) Where the processing is necessary in order to pursue the Issuer's legitimate interests
(i) to carry out statistical analysis or market research;
(ii) for direct marketing purposes (subject to applicable law);
(iii) to help detect, prevent, investigate, and prosecute fraud and/or other criminal activity, and share this data with our legal, compliance, risk and managerial staff to assess suspicious activities; and
(iv) to investigate and respond to any complaints about us and to help maintain service quality and train staff to deal with complaints and disputes.
(d) Where you consent to the processing of personal data
(i) for any other specific purpose to which you have given specific consent.
As a data controller, we will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
We do not envisage that any decisions will be taken about you using fully automated means, however
we will notify you in writing if this position changes.
Disclosure of personal data: Any disclosure of personal data shall be in accordance with the obligations of the disclosing party under the Data Protection Law. Further:
(a) where you have notified us of your adviser, the personal data provided may be shared with such adviser. You must notify us in writing if you no longer wish us to share your personal data with your adviser or of any change to your adviser. Your adviser should have its own arrangements with you about its use of your personal data;
(b) we may share your personal data with any third party to whom the Issuer may delegate certain functions in relation to the Issuer which may include Apex Fund Services (Ireland) Limited (and its affiliates) in its capacity as Administrator, Apex Corporate Trustees (UK) Limited in its capacity as Trustee, Tokentrust AG in its capacity as Custodian, The Bank of New York Mellon, London Branch in its capacity as Principal Paying Agent and/or other service providers (Processors) for the purposes set out in this Privacy Notice; and
(c) in the course of the processing of personal data such personal data may be transferred to Processors situated or operating in countries and territories outside of the European Economic Area and such countries and territories may not have data protection laws equivalent to those in the EEA. When we transfer personal data to entities outside of the EEA, we will do so on the basis of (i) an adequacy decision; or from the European Commission or (ii) on the basis of approved standard contractual clauses which will ensure that any such entity is contractually bound to provide an adequate level of protection in respect of the personal data transferred to it. For more information about these transfer mechanisms and to obtain a copy of any relevant contract concerning the transfer of your personal data, please contact us using the details provided below.
You have the right to:
(a) request access to your personal data;
(b) request rectification of your personal data where it is inaccurate or incomplete;
(c) request the restriction of processing of your personal data under certain circumstances;
(d) request erasure of your personal data under certain circumstances;
(e) object to the processing of your personal data (including for direct marketing purposes); and
(f) data portability under certain circumstances.
Further, you may at your discretion refuse to communicate personal data to the Issuer. There are situations where the Issuer can refuse to comply with such a request, for example, where it is subject to a legal obligation to process the data. The Issuer may also reject your investment or withhold payments until such time as the requisite data has been provided.
Where the processing is based on your consent, you may withdraw your consent at any time, however the withdrawal of consent shall not affect the lawfulness of processing prior to this withdrawal or any processing based on a different lawful basis where this is permitted under applicable law.
Exercise of rights: You may exercise your rights by writing to the Issuer at the following e-mail address: firstname.lastname@example.org
Retention of Personal Data: The personal data shall be held by the Issuer for a minimum of six years and thereafter shall not be held by the Issuer for longer than necessary with regard to the purposes of the data processing, subject to any limitation periods provided by law.
Changes to Privacy Notice:
The Issuer reserves the right to update this Privacy Notice at any time, and will ensure that any update to this privacy notice is made available on its website www.gpfmetals.com. We encourage you to regularly review this and any updated Privacy Notice to ensure that you are always aware of how personal data is collected, used, stored and disclosed. We may also notify you in other ways from time to time about the processing of your personal data.
Complaints: Should you have any unresolved complaints in relation to the retention or processing of personal data, you may lodge a complaint with the Irish Data Protection Commission.
Data Protection Commission 21 Fitzwilliam Square South Dublin 2
+353 (0)76 110 4800 +353 (0)57 868 4800 email@example.com www.dataprotection.ie.