Cain International (together with our subsidiaries, “we”, “our”, “us”) are committed to protecting and respecting your privacy.
Part 1 describes the data we collect, and how we use it, when you are a visitor on our Website.
Part 2 describes the data we collect, and how we use it, when you apply for a job with us.
Part 3 describes the data we collect, and how we use it, when we are required to conduct Know Your Client checks on clients, prospective clients, partners, service providers and other parties with whom we do business.
Part 4 applies generally to the way we process data.
If you are in the EU, then for the purposes of the General Data Protection Regulation, Cain International is the controller of your data collected and used in the context of you visiting our Website (as described in this Part 1). We are established in the United Kingdom with a registered office at 33 Davies Street, London W1K 4LR.
The type of information we, or our third parties’, collect
Technical usage information. We use Google Analytics, which is a web analytics tool that helps us understand how users engage with the Website. Like many services, Google Analytics uses first-party cookies to track user interactions, as in our case, where they are used to collect information about how users use our Website. This information is used to compile reports and to help us improve our Website. The reports disclose website trends without identifying individual visitors. You can opt out of Google Analytics without affecting how you visit our site – for more information on opting out of being tracked by Google Analytics across all websites you use, visit this Google page: https://tools.google.com/dlpage/gaoptout.
Information you give us. You may also provide us with information by contacting us via email, web enquiry form, telephone or when you engage with our personnel.
Purpose and legal basis for processing
As it is in our legitimate interests to be responsive to you and to ensure the proper functioning of our Website and to provide useful content, we will use your information to:
- communicate with you;
- enforce our Website terms and conditions;
- perform analytics on our Website including:
- monitor and analyse trends, usage and activity in connection with our Website and services to improve the Website;
- administer the Website, and for internal operations, in order to conduct troubleshooting, data analysis, testing, research, statistical and survey analysis; or
- provide third parties with statistical information about our users;
Further information about the analytics we perform on data collected from our Website can be found in our Cookies Policy.
If you apply for a job with Cain International in the EU, the company you apply to is, for the purposes of the General Data Protection Regulation, the controller of your data. For the purpose of this Part 2, we refer to such company as the Employing Entity.
The type of information we collect
Information you give us. When you apply for a job, the Employing Entity will ask you to provide a CV. Your CV will likely include data such as your name, contact details, education and previous experience. During the application process, the Employing Entity may ask you further questions about this information and/ or request additional information such as proof of identity, proof of your qualifications, a criminal records declaration and names and contact details for referees.
Where permitted by local law, you have the option of providing certain sensitive data, such as, race or ethnic origin, or whether you have a disability, for the purposes of equal opportunities monitoring. If you decide not to provide this data, your application will not be prejudiced.
Information from third parties.
Background Screening Checks. The Employing Entity will receive information from third parties in connection with your application, such as data provided by referees, recruiters and organisations that provide background checks (this will include right to work and criminal reference checks, to the extent permitted by applicable law).
Purpose and legal basis for processing
The Employing Entity processes data to assess your suitability for the role you have applied for. The Employing Entity is therefore processing this data with a view to entering into a contract with you. We do not rely upon automated decision making in our recruitment process.
The Employing Entity processes any sensitive data you provide for equal opportunities monitoring for the purpose of carrying out specific obligations as an employer.
The Employing Entity will use your information to:
- communicate with you;
- progress your application, including conducting background checks and determining the validity of the information you have provided; and
- to fulfil its legal and regulatory obligations as an employer/ potential employer.
How do we share your data?
Please see How do we share your data? below.
The Employing Entity will also, when processing data for job applications, share your data with:
- background check providers to verify the information that you provided as part of your application;
- recruitment agents through whom you have made your application; and
- referees (as provided by you) to identify you so they can provide a reference.
In addition to Your Rights described below, if you are located in the EU and have given information to an Employing Entity for the purpose of entering into an employment contract, you have the right to request that the Employing Entity transfer this data to you or another organisation. If you wish for the Employing Entity to transfer the data to another party, please ensure you detail that party and note that the Employing Entity can only do so where it is technically feasible. The Employing Entity is not responsible for the security of the data or its processing once received by the third party.
The Employing Entity may not be able to provide you with certain data following a portability request if providing it would interfere with another individual’s rights (e.g. where providing the data it holds about you would reveal information about another person) or where another exemption applies.
If you are a client, or prospective client, of Cain International within the EU, the company you are onboarding/ onboarded with is, for the purposes of the General Data Protection Regulation, the controller of your data. For the purpose of this Part 3, we refer to such company as the Onboarding Entity.
The type of information we collect and our purpose and legal basis for processing
Cain International collects a variety of information about its clients and client contacts as part of our new client onboarding process. This may be referred to as ‘Know Your Client (KYC)’ checks and, where required by law or our internal policies, we will also undertake anti-money laundering (AML) checks. When conducting these checks, the Onboarding Entity will seek to collect data in accordance with the Joint Money Laundering Steering Group Guidance. Specifically:
- In the case of corporate clients, the Onboarding Entity may collect the following data: a list of directors; a list of individuals who own or control over 25% of its shares or voting rights; names of individuals who exercise control over the management of the company and, in each case, the Onboarding Entity will take reasonable steps to verify the identity of such individuals (as further described below).
- In the case of individual clients or where verification of individuals related to a corporate client is required, the Onboarding Entity may collect the following data:
- proof of identity documents such as current signed passport, current photocard driving licence (full or provisional); or national identity card;
- Office of Foreign Assets Control or NavEx Global search results; and
- background check results (see Background Screening Checks).
If we are entering into a contract with you directly, then it is necessary for the purpose of that contract, that we verify your identity. In other cases, it may be in our legitimate interests, as a provider of services to your employer, that we verify your identity as a key contact or director. It is further incumbent on Cain International to meet its legal obligations to undertake appropriate due diligence so as to identify and assess the risks of money laundering and terrorist financing.
In order to provide you with services as agreed in our contract with you, we will process information to contact you, identify the appropriate mandate for investment and comply with local laws. This information will include data you provide to us in the course of KYC/AML checks (see above) and when filling in forms we provide to you from time to time.
How do we share your data?
Please see How do we share your data? below.
The Onboarding Entity will share your data with the following third-party vendors who assist Cain International in its performance of services:
- Ocorian, a provider of administration and fiduciary services;
- ACA Compliance Group, a provider of governance, risk and compliance advisory services; and
- Mirabella Group, a provider of advisory, marketing and investment management services.
For the purpose of this Part 4, “we”, “our” and “us” refers to the relevant data controller of your data, as identified in Part 1 to 3.
How do we share your data?
- IT Services providers that provide us with storage and hosting, SaaS services, such as our customer relationship management information, and other software. These vendors include:
- EDGE Technologies
- Global Relay
Sharing within the Cain International Group. The Cain International Group is a group of global companies. Your data may be transferred within the Group, which may include entities located in the UK and the USA. This transfer is limited solely to the extent it is necessary due to the centralization of certain administrative and processing services.
Sharing with Law Enforcement. We will share your information with law enforcement agencies, public authorities or other organisations if legally required to do so, or if we have a good faith belief that such use is reasonably necessary to:
- comply with a legal obligation, process or request;
- enforce our terms and conditions and other agreements, including investigation of any potential violation thereof;
- detect, prevent or otherwise address security, fraud or technical issues; or
- protect the rights, property or safety of us, our users, a third party or the public as required or permitted by law (exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction).
Sharing data for business purposes. We will also disclose your information to third parties:
- in the event that we sell any business or assets, in which case we will disclose your data to the prospective buyer of such business or assets; or
- if we or substantially all of our assets are acquired by a third party, in which case information held by us about our users will be one of the transferred assets.
Location of data
If you are located in the European Union, we will only share your data with third parties outside of the European Economic Area, if the third party:
- complies with the US Department of Commerce's EU-US Privacy Shield and has certified that it will adhere to the EU-US Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. For more information about the EU-US Privacy Shield Framework, visit the U.S. Department of Commerce's Privacy Shield website
- has entered into standard data protection clauses adopted pursuant to European Commission Decisions 2004/915/EC and 2010/87/EU.
How long do we store your data?
For information about how long we hold your data, please our Retention Schedule.
If you are located in the European Union the, under data protection law, you have certain rights with respect to the data we process about you. The rights available to you depend on our reason for processing your information and may be limited in certain circumstances, for example, where fulfilling your request would adversely affect other individuals, where there are overriding public interest reasons or where we are required by law to retain your data.
Your right of access. You have the right to ask us to access the data we hold about you and be provided with certain information about how we use your data and who we share it with.
Your right to rectification. You have the right to ask us to correct your data where it is inaccurate or incomplete and we will endeavour to do so without undue delay.
Your right to erasure. In certain circumstances, you have the right to ask us to delete the data we hold about you:
- where you believe that it is no longer necessary for us to hold your data (for example, if you decide that you no longer wish to submit a job application to us);
- where we are processing your data on the basis of legitimate interests and you object to such processing and we cannot demonstrate an overriding legitimate ground for the processing; or
- where you believe the data we hold about you is being unlawfully processed by us.
Your right to restrict processing. In certain circumstances, you have the right to ask us to restrict (stop any active) processing of your data. You may choose to restrict processing:
- while we are considering: (i) a challenge you have made to the accuracy of your data; or (ii) an objection you have made to the use of your data.
- where we want to erase your data, as the processing is unlawful, but you want us to continue to store it; or
- where we no longer need your data for the purposes of our processing but you require us to retain the data for the establishment, exercise or defence of legal claims; or
To exercise any of these rights above, please contact us at email@example.com. In addition, you have the right to complain to the Information Commissioner’s Office or other applicable data protection supervisory authority.
Objection to Communications
At any time you have the right to object to our processing of data about you in order to send you newsletters or other materials relating to Cain International. If you object, which you can do by emailing firstname.lastname@example.org or by clicking ‘unsubscribe’ on any correspondence you receive from us, we will stop processing the data for that purpose.
The security of your data
We cannot guarantee the security of your information transmitted through the Website or over email; any transmission is at your own risk. Once we have received your information, we will take appropriate technical and organisational measures to safeguard your data against loss, theft and unauthorised use, access or modification.
We will, from time to time, host links to and from the websites of our affiliates or third parties. If you follow a link to any of these websites, these websites will have their own privacy policies and we do not accept any responsibility or liability for these policies. Please check these policies before you submit any information to those websites.
In the event that you wish to make a complaint about how we process your data, please contact us in the first instance at email@example.com and we will endeavour to deal with your request. This is without prejudice to your right to launch a claim with the Information Commissioner’s Office or the data protection supervisory authority in the EU country in which you live or work where you think we have infringed data protection laws.
Any changes we will make to this policy in the future will be posted on this page. Please check back frequently to see any updates or changes to this policy.
Questions, comments and requests regarding this policy are welcomed and should be addressed to firstname.lastname@example.org.