External Privacy Notice

1 Introduction

In the context of our activities and your business relationship with us, we will collect, hold, use and/or otherwise process personal data about you.

Based on applicable data protection and privacy law, such as EU General Data Protection Regulation 2016/679, GDPR and the Dutch GDPR Implementation Act, United International Holdings (Netherlands) B.V., Perennial Administration Services B.V. and United International Management B.V. (hereinafter referred to as United), qualify as individual “controllers” with respect to the personal data which each entity collects and processes about you. The aforementioned entities will hereinafter be referred to as: “we” or “us”.

We understand that your privacy is important and that you care about how your personal data is used. We respect and value your privacy and will only collect and use personal data in the manner and for the purposes as described in this document and that is consistent with our obligations and your rights under the applicable legislation and regulations. By entering into a business relationship with us and by sharing your personal data with us, you acknowledge and understand that your personal data will be processed by us in accordance with this Privacy Notice.

2 Information about us

United International Holdings (Netherlands) B.V.Registered in the Netherlands under company number 34373123Address: Strawinskylaan 411 (1077 XX) Amsterdam, the Netherlands
United International Management B.V.Registered in the Netherlands under company number 34269697Address: Strawinskylaan 411 (1077 XX) Amsterdam, the Netherlands
United has appointed a privacy officer. For questions and requests in connection with the processing of your personal information you can also contact our privacy officer by email at: privacynl@uibt.com.

3 What does this Privacy Notice cover and whose personal data do we process?

This Privacy Notice is intended to ensure compliance with the GDPR and the Dutch GDPR Implementation Act (UAVG).

This external Privacy Notice is relevant for anyone whose personal data we may process in the context of our (business) activities, including but not limited to directors, authorised representatives, employees and/or (other) contact persons of our current and former clients, contracting parties, business partners and/or service providers and users of our corporate website (United – finance and trust services (uibt.com)) (hereinafter also referred to as: “you”). This Privacy Notice is not relevant for employees and job applicants.
This Privacy Notice explains on what legal basis we may process your personal data and:

• What personal data we collect
• For what purposes and how we may use/process such personal data
• How we collect the personal data
• How we store the personal data
• For what period we store the personal data
• What your rights are under the applicable data protection and privacy legislation

We encourage you to carefully read this Privacy Notice. From time to time, we may need to update this Privacy Notice. This may be necessary, for example, if the law changes or if we change our business in a way that affects the way we process personal data. The most recent version of this Privacy Notice will always be available on our website United – finance and trust services (uibt.com). You may also ask us to send you a copy of the most recent version of this Privacy Notice.

In the event that the Privacy Notice materially and/or substantially changes, we will actively inform you of this change and provide you with the new version of the Privacy Notice.

Note: Where you provide personal data to us which relates to another individual than yourself (for example of the legal representative of the company you are representing), please provide the concerned individual with (a copy of) this Privacy Notice before providing us with their personal data.

4 What personal data do we collect and how do we collect this personal data?

We collect personal data in various ways:

• Directly from you, for example when you provide us with your personal information by telephone, email or other correspondence
• Directly from you, for example when you engage in business with us
• From third parties, for example agents, advisors, intermediaries, custodians of your assets, tax authorities, credit agencies, governmental and competent regulatory authorities
• From the company you work for (in case the client/contracting party is a legal entity)
• From other companies of the United group (within the meaning of article 2:24 b of the Dutch Civil Code)
• Otherwise, for example, from public sources such as the trade register, public directories or your website
• When you visit our website United – finance and trust services (uibt.com) and use the contact information provided on this website to get in touch with us

We collect or process some or all of the following personal data:

• Name, date and place of birth
• Contact details, including but not limited to addresses, telephone numbers and email addresses
• Anti-money laundering identification (including but not limited to residential addresses, passport or driver’s licence) and verification documentation and, if applicable, additional information for any individual regarded as a politically exposed person
• Information relating to your financial situation such as income, expenditure, assets and liabilities, sources of wealth, as well as your bank account details and tax identification number
• Information about your employment, education, family, your (criminal) background or personal circumstances and/or information on adverse media hits, and interests, where relevant
• Excerpts of registers (public or not, for example excerpts from the Chamber of Commerce)

It is a necessary condition to enter into an agreement with us and/or a legal obligation to provide us with the personal data above.

5 Legal bases for processing

The following legal bases apply with respect to the processing of these personal data:
The processing is necessary for the performance of a contract with you or to take steps prior to entering into a contract with us (for a natural person who is the data subject), such as further detailed in paragraph 6 section (a)
The processing is necessary for compliance with legal obligations to which we are subject, such as further detailed in paragraph 6 sections (b) and (c)
The processing is necessary for the purposes of the legitimate interests pursued by us, such as further detailed in paragraph 6 sections (d), (e), (f) and (g)

We will only process your personal data on the basis of consent if this has been explicitly stated. If any kind of processing is based on your consent, we hereby inform you that you have the right to withdraw your consent at any time by contacting us via the contact details mentioned in paragraph 13, without affecting the lawfulness of processing based on consent before its withdrawal.

We do not seek to collect or otherwise process your sensitive personal data, save for instances where we receive personal data relating to your political affiliations as part of our politically-exposed-persons (PEP) checks and/or sanctions information. Any processing of such sensitive personal data about you will be necessary for reasons of substantial public interest, on the basis of an applicable law that is proportionate to the aim pursued and provides for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject.
There may, however, be other exceptional occasions where we may need to process your sensitive personal data or information relating to a criminal background namely where:

• The processing is necessary for the detection or prevention of crime (including the prevention of fraud, money laundering or financing of terrorism) to the extent permitted by applicable law or regulation
• The processing is necessary for the establishment, exercise or defence of legal rights

6 Purposes for processing

We process your personal data for the following purposes:

• (a) To provide our services to you and/or to comply with contractual obligations
• (b) For onboarding and ongoing KYC purposes
• (c) To comply with other regulatory, fiscal, tax information reporting, anti-trust, anti-money laundering and terrorist financing and other legal and regulatory obligations
• (d) For the purposes of our internal administration
• (e) To deal with any complaints or feedback you may have
• (f) For establishing, exercising and defending our legal rights​
• (g) To monitor and record telephone and electronic communications for:
• (i) Quality assurance, business analysis, training and related purposes in order to improve our service (callers are advised beforehand if their telephone call will be recorded and recordings are subsequently edited to ensure that no personal data is revealed and the identity of the caller and as much as possible the voice of the same caller are rendered non-identifiable)
• (ii) Ensuring accuracy and proper performance of your instructions
• (iii) Investigation and fraud prevention, crime detection, prevention, investigation and prosecution
• (iv) Exercising and defending our legal rights

7 How long will we keep your personal data?

We will not keep your personal data for a longer period than is necessary in light of the purposes for which we process them (we refer to the purposes as listed above in paragraph 6). Only where we are legally obliged to, or where this is necessary for defending our interests in the context of judicial proceedings, we will keep the personal data for longer periods.
We will only retain your personal data for as long as necessary to fulfil the purposes for which we had collected it (that is, the ongoing performance of your business relationship with us) and, thereafter:
For the purpose of satisfying any legal, accounting, tax, AML and regulatory reporting requirements or obligations to which we may be subject
To the extent that we may also need to retain your personal data to be able to assert, exercise or defend possible future legal claims against or otherwise involving you

By and large, our retention of your personal data shall not exceed the period of six (6) years from the end or termination of your business relationship with us. This retention period enables us to make use of your personal data for potential AML reporting obligations to the Financial Intelligence Unit – Netherlands (FIU-NL) (a legal obligation), and/or to assert, file, exercise or defend possible legal claims against you (taking into account applicable statutes of limitation and prescriptive periods).

In certain cases though, we may need to retain your personal data for a period of up to eleven (11) years to comply with applicable accounting and tax laws or where continued retention has been mandated by the FIU-NL or other applicable competent authority.
In some circumstances you can ask us to delete your data. See Request erasure below for further information.