Kronstadt Asset Management collects, holds, uses, verifies and discloses (“processes”) information about corporates and individuals which may constitute personal data, under applicable data protection and privacy laws in Europe. Please read this Privacy Policy to understand how we process your personal data.
How do we collect your personal data?
The personal data we collect regarding you comes primarily from information that you submit to us or that is otherwise captured during the course of your relationship with us. For clients, we obtain personal identification data and other personal financial information collected via the forms and documents completed by clients in order to use the Company’s services. For employees or applicants for employment, we obtain personal data from their resumes or job application form. For individuals acting as third-party service providers to Kronstadt Asset Management, we request personal data from the employer. We also collect personal data when we monitor or record our communications with you or use specific technology, as detailed further below.
Personal data obtained from other sources
We can also obtain personal data from our service providers acting on our behalf, from third parties authorized to provide us with such information, such as credit reporting bodies, other credit providers, or other agencies used for running due diligence checks, on our behalf and/or from third parties who provide services to you such as your financial adviser, financial planner, dealer group, accountant or other professional advisers. Some of this information is publicly accessible and/or reliable and independent databases that we access through an authorized third party to whom we disclose your personal data for the purpose of performing required identity verification procedures. Where you are an individual associated with a corporation or institution with whom Kronstadt Asset Management does business, your personal data will also be provided to us via that corporation or institution. Such personal data include but are not limited to personal and contact details, financial information, identification documents, information relating to political affiliations, trade union membership, and/or criminal convictions.
What are the purposes and legal basis for using your personal data? We are not allowed to process personal data if we do not have a valid legal ground. Accordingly, we, our associated firms, and/or other persons acting on our or their behalf will only process and use your personal data:
If necessary for our legitimate interests or necessary for taking steps to enter into or executing a contract with you for the services you request, or for carrying out our obligations under such a contract.
When dealing with us as an individual, where necessary for taking steps to enter into or executing a contract with you for the services you request; or for carrying out our obligations under such a contract, in this case, the provision of your personal data is a requirement necessary to enter into a contract with us, meaning that you are obliged to provide your personal data to us in order to carry out the relevant contract (which otherwise, we will not be able to do), including recruitment purposes, to confirm your references and educational background and to consider your suitability for any current or future recruitment requirements; In case of employees, to carry out the employment relationship, to fulfil our duties as an employer and to make use of our rights as employer.
To exercise and defend our legal rights anywhere in the world including in relation to any litigation, disputes or contentious matter we or that of any Associated Firm anywhere in the world are involved in and/or to assist with investigations, complaints, regulatory requests, litigation, arbitration, mediation or requests from individuals.
In order to comply with legal and regulatory obligations and requests, (including any legal or regulatory guidance, codes or opinions), applicable to us anywhere in the world or for the performance of a task carried out in the public interest, including: To carry out money laundering and conflict checks and for fraud, financial crime prevention purposes (and this may include consideration of information regarding political affiliations and criminal offences committed or alleged to have been committed); to verify your personal data we collect from you for such credit, money laundering and conflict checks; For reporting (including without limitation transaction reporting) to, and audits by national and international regulatory, enforcement or exchange bodies and complying with court orders associated with us; and for monitoring purposes.
What monitoring do we conduct? To the extent permitted by applicable law, we, our associated Firms, or any other persons on our or their behalf access, review, disclose, intercept, monitor, and/or record (“Monitor”)
Verbal and electronic messaging and communications (e.g., telephone, fax, sms, instant message, email, Bloomberg and any other electronic or recordable communications) with you and your agent (the “Communications”) and
Your use of technology owned by or made accessible by us, our associated firms or any other persons on our or their behalf, including but not limited to systems that facilitate communications with you or your agent, information processing, transmission, storage and access, as well as remote access (collectively the “Systems”).
We will only Monitor Communications and Systems to the extent permissible under applicable law from time to time for the following purposes:
Establish the existence of facts (e.g., keeping records of transactions).
Ascertain compliance with regulatory or self-regulatory practices or procedures which relate to our business.
Ascertain or demonstrate standards which are achieved or ought to be achieved by persons using Systems, including compliance with any terms of use associated with use of Communications and Systems.
Prevent, detect or investigate crime, money laundering, fraud, financial crime and/or other breaches of applicable law.
Comply with applicable laws and regulations, this Privacy Policy and any applicable policies and procedures.
Safeguard against the loss, theft, unauthorized and unlawful collection, use, disclosure, destruction or other processing or misuse of confidential and proprietary information.
Prevent, detect or investigate unauthorized use of Communications and Systems and/or data (e.g., Monitoring to ensure compliance with our policies and procedures, including without limitation those relating to information security and cyber security).
Ensure the effective operation of Kronstadt Asset Management Systems (including telephones, email and internet) systems.
Security or health and safety purposes.
Support and administration purposes.
Assist with investigations, complaints, regulatory requests, litigation, arbitration, mediation or requests from individuals, or
Evaluating the quality of customer service, efficiency, cost and risk management purposes.
Monitoring is conducted by us using various methods, including:
The use of “intelligent” automated monitoring tools.
IT filtering tools which randomly review Communications and Systems.
Through random monitoring of Communications and Systems, e.g., by authorized supervisors randomly joining on-going telephone calls on the sales and trading floors.
Specific monitoring of key Communications and Systems e.g., in relation to investigations, regulatory requests, subject access requests, litigation, arbitration or mediation, or
Data tracking, aggregation and analysis tools that pull data from various disparate data sources to draw linkages and/or detect behavioral patterns, interactions or preferences for analysis (including predictive analysis).
Using other similar Monitoring technology that may become available from time to time.
We also use cookies and similar technologies to collect information about you when you visit our websites or interact with us on-line e.g., via email or other electronic means.
When do we disclose personal data collected about you?
Kronstadt Asset Management does not sell, rent or trade your personal data. Kronstadt Asset Management does not disclose your personal data, except as described in this Privacy Policy. Our processing and use of your personal data, for the purposes specified in this Privacy Policy, includes disclosure of your personal data:
To other persons processing your personal data on our behalf or otherwise providing us or them with professional or other services including our associated firms and vendors which conduct operational, technology and customer service functions in various jurisdictions.
To third parties such as settlement agents, overseas banks or exchange or clearing houses to whom we disclose personal data in the course of providing products and services to you.
To credit reference, fraud prevention and other similar agencies, and other financial institutions, with whom information is shared for credit and money laundering checking and fraud prevention purposes.
To persons to whom we assign or novate our rights or obligations.
To a prospective seller or buyer in the event that we sell or buy any business or assets or if all or substantially all of our assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
To national and international regulatory, enforcement or exchange bodies or courts anywhere in the world as required by applicable law or regulations anywhere in the world or at their request, and
To any third party to whom you authorize us to disclose your personal data.
How do we protect your personal data we collect about you? Kronstadt Asset Management maintains appropriate physical, technical, and procedural safeguards designed to protect any information that you provide to us from accidental or unauthorized loss, misuse, damage, modification, access, or disclosure. Kronstadt Asset Management has established a global Information Security Office, which leads efforts to:
Safeguard the confidentiality and privacy of information resources.
Properly classify information resources.
Meet legal and regulatory obligations concerning the protection of information resources.
Implement and maintain information security policies and procedures.
Integrate protection of information resources into the process life cycles of the business.
Educate those working for or on behalf of Kronstadt Asset Management on Information Security policies and responsibilities, and
Authenticate users and limit access to information resources based on authorization that has been granted.
Third parties who process your personal data on our behalf must adhere to appropriate security standards designed to protect such information against unauthorized access, destruction, or loss.
How do we retain your personal data?
We retain personal data in an identifiable form in accordance with our records retention policy which establishes general standards and procedures regarding the retention, handling, and disposition of personal data. Personal data is retained if necessary to meet legal, regulatory, and business requirements. Retention periods will be extended if we are required to preserve personal data concerning litigation, investigations, and proceedings. Upon request, we and/or our Associated Firms will provide you with more information on the same retention periods applying to your information in each case.
What marketing do we conduct?
If there are any products or services that we believe may be of particular interest to you, we will contact you by mail, email, telephone, etc., including outside standard working hours or if you are traveling overseas. Where required by applicable law, we will request your prior consent before we use your personal data for marketing purposes. If you do not wish us to use your information for informative purposes, you may notify us at inquiry@kronstadtam.com at any time or as directed in any informative materials we send to you. Please note that if you do not wish us to contact you for such purposes, we may need to limit the range of products and services which we will offer to you, or we may not be able to open an account for you or continue our relationship with you.
What rights do you have?
To the extent provided by applicable law and subject to exemptions thereunder, you have the right to request access to and rectification or erasure of personal data; to obtain restriction of the processing of personal data; to object to the processing of personal data; and to data portability. If we have collected personal data with your consent, please note that you have the right to withdraw this consent at any time, subject to applicable law and exemptions thereunder. If you wish to exercise any of your data protection rights or if you consider that we have processed personal data in violation of applicable law, please contact our Compliance Department. You may be required to supply a valid means of identification as a security precaution to assist us in preventing the unauthorized disclosure of your personal data. We will process your request within the time provided by applicable law. If you consider that we have processed personal data in violation of applicable law and failed to remedy such violation to your reasonable satisfaction, you may also lodge a complaint with the Cyprus Data Protection Commissioner’sOffice (http://www.dataprotection.gov.cy/).
How do we update our privacy policy?
We may change or update portions of this Privacy Policy to reflect changes in our practices and or applicable law and regulation. Please check this Privacy Policy from time to time so you are aware of any changes or updates to the Privacy Policy, which may be indicated by a change in the effective date noted at the beginning of the Privacy Policy. Where required under applicable data protection and privacy laws, we will notify you of any change or update portions of this Privacy Policy by individual message or by disclosing the changes to the data processing on a publicly available medium.
How can you contact us?
If you would like to contact us in respect of any element of this Privacy Policy, including, without limitation and subject to applicable data protection law, where you wish to exercise any of your data protection rights or where you wish to raise a complaint or grievance, please contact our Compliance Department. If you complain about a breach of applicable data protection laws by Kronstadt Asset Management, we will ensure to respond as soon as possible and let you know who is responsible for managing your complaint. Kronstadt Asset Management will investigate the complaint, and where necessary, we will consult with third parties who may be involved in the processing of your personal data. Kronstadt Asset Management will respond to all complaints in a timely manner and as soon as practically possible. If further investigation is required, it will be carried out, and then you will be notified of a proposed remedy. This will be confirmed to you in writing. If you do not receive a response from us within a reasonable timeframe or your complaint is not resolved within that time to your satisfaction, you may apply to the applicable data protection authorities to have your complaint heard and determined. We will investigate any complaint and will notify you of the making of a decision in relation to your complaint as soon as it is practicable after it has been made.