Last Updated: November 11, 2022
Wilby Securities and all related affiliates and subsidiaries (collectively "WS," "we," or "us") respect your privacy and are dedicated to safeguarding it.
WS acts as the data controller for personal information collected through the Sites. We are also the controller for personal data collected for our key business contacts. At times, we act as a controller for personal data provided in relation to our business products. If you have questions about when we act as a controller or about the processing of your personal data (or any content in this policy), please find our contact details, including those of our Data Protection Officers, in the How to Contact Us section at the end of this policy.
Please carefully read this policy. Your use of the Sites and/or the Services, including your disclosure of any personal information into the Sites and/or Services, is subject to and governed by this policy.
- Personal information we collect about you;
- Sensitive data;
- How we use and share personal information;
- How we transfer and store personal information;
- How long we keep personal information;
- Your rights;
- Children’s privacy:
- Effective date and policy changes; and
- How to contact us.
Personal information we collect about you
We collect and store information that you voluntarily provide to us, information related to your visit and usage of our Sites, as well as information provided by or through our clients in connection with our Services. We also collect certain information when you:
- Submit inquiries via an online form;
- Sign up for Services offered by WS;
- Apply for jobs with WS via our online portal;
- Browse our Sites; or
- Engage with our electronic marketing communications (also referred to below as emails).
Information that you provide us
Personal information that you provide directly to us will be apparent from the context in which you provide it, for example:
- If you fill out a form on our Sites, you will generally provide your name, contact details, and any other information required by the form, such as the content of your inquiry;
- If you sign up to receive electronic marketing communications from us, you will generally provide your name, email address, and other contact information, along with your product or topic preferences;
- If you sign up for any of the online Services we provide, you will generally provide your name, contact information, and any other information necessary to access the feature;
- If you apply for a role with WS via our online application facility, you will generally provide your name, contact details, and a copy of your CV or resume. If you apply using your LinkedIn profile, you will generally provide information about your LinkedIn account.
- If you are a key contact in a business that has a business account with WS, we generally have your name, email address, phone number, title, and other information relevant to your interaction with WS on behalf of your employer.
- If you are a person that we hold information on in relation to Services provided by us, we generally have information you have provided to us in order to open and administer your account and/or the register of the Fund(s) you own shares of, which could include data to detect and prevent fraud, anti-money laundering, and terrorism financing, as well as to perform negative news and sanctions screening.
Information that is collected automatically
“Do Not Track” Signals
Your browser settings may have the option to send a "Do Not Track" signal to websites and online services you visit. However, like many other websites and online services, we currently do not process or respond to "Do Not Track" signals from your browser or other mechanisms that provide choice.
If you are a client of WS
In addition to collecting information directly from you, we may gather information from third-party sources to fulfill our due diligence obligations related to your new account opening. This third-party data enables us to verify the information you provided, ensuring compliance with legal requirements such as "know your customer" laws.
We understand that certain jurisdictions require heightened protection for specific sensitive personally identifiable information, such as state or national ID numbers, or other details concerning racial or ethnic origin, health, or medical records ("Sensitive Data"). Generally, we do not collect Sensitive Data from you.
In the limited cases where we do seek to collect such information, we will do so in accordance with applicable data privacy law requirements.
How we use and share personal information
Information that we collect from you
We may use the personal information you provide for various purposes, including, but not limited to:
- To respond to inquiries or service requests and monitor the responses;
- To provide information about and market our products or Services that we believe may be of interest to you. This includes personalized product, thought leadership, and event communications;
- To manage and enhance the Sites and assess their usage and effectiveness;
- To develop our business and inform our marketing strategy, including monitoring marketing campaign effectiveness;
- To assess the usage of the Services we provide;
- To operate our business in line with industry standards and applicable law, which may involve supporting the Services, addressing inquiries and requests, preventing fraud, and monitoring and archiving communications;
- To administer client accounts, including anti-money laundering, sanctions, and anti-fraud checks.
We use the personal information for the purposes mentioned above because we have a legitimate interest in operating and improving our business that is not overridden by your interests, rights, and freedoms to protect personal information about you. We will only send you direct marketing materials if you have given consent for us to do so, unless such consent is not required, in which case you will be provided the opportunity to opt-out of receiving direct marketing materials.
Information that we collect automatically
Other uses of your personal information
We may also utilize the personal information we collect to safeguard against and prevent fraud, claims, and other liabilities, as well as to comply with applicable legal requirements, industry standards, and our policies and terms. When necessary to protect, exercise, or defend our legal rights, or when required by relevant laws, we use personal information for these purposes.
Mobile Phone Information
For certain products and services, we may authenticate instructions purportedly from you by calling back a telephone number you provided earlier. By giving us a mobile phone number for call back purposes or submitting an instruction, you authorize (on behalf of yourself and any Authorized Person) the carrier (AT&T, Sprint, T-Mobile, U.S. Cellular, Verizon, or any other branded operator) to disclose to us and our third-party service providers the mobile number, network status, customer type, customer’s role, billing type, mobile device identifiers (IMSI [International Mobile Subscriber Identity] and IMEI [International Mobile Equipment Identifier]), and other subscriber status and device details, if available. This is solely to verify the caller's identity and prevent fraud during the relationship. Please note that this information is used only for call back verification and is not retained after the verification is completed.
In addition to the described uses above, we may use the personal information you provide or we collect for other purposes. In such cases, we will provide you with an additional privacy notice explaining the purposes and our legal basis for using the personal information.
Sharing your personal information
We do not sell any personal information collected about you. We do not disclose any personal information about our current or former clients to anyone, except as described in this policy, as permitted by contract or law, and subject to confidentiality obligations in certain jurisdictions.
We may disclose or share personal information about our customers with our affiliates, as permitted by law, for them to provide services. Additionally, we may share your personal information with service providers who perform services on our behalf, such as hosting providers and advisers. All service providers are bound by legally binding agreements to use or disclose personal information solely for performing services on our behalf or complying with applicable legal requirements. We may share personal information with our affiliates and service providers for reasons such as providing information about our affiliates' products and services or relying on their services to meet your requirements.
In addition, we may disclose your personal information in various circumstances: (i) at the request of a bank or regulatory agency, or during an examination of our organization by bank or examiners; (ii) to our internal or external auditors or attorneys; (iii) when necessary to prevent physical harm or financial loss; (iv) if required or permitted by law, such as in response to a court order or law enforcement agency request; (v) to protect vital interests of a person; or (vi) in the event of selling or transferring all or a portion of our business or assets (e.g., reorganization, dissolution, or liquidation).
Transferring and Storing Personal Information
As a global organization, we may transfer personal information internationally to countries where we conduct business, which may have different data protection laws from your country. We maintain internal policies and procedures to ensure equivalent levels of protection across our organization. Personal information may be accessed under lawful orders made in foreign jurisdictions where it is stored or processed. If you are in the EEA, the United Kingdom, or Switzerland, we comply with applicable legal requirements for the transfer of personal information to recipients outside these regions. Such transfers will occur if:
- The recipient country has been granted a European Commission adequacy decision;
- The recipient in the U.S. has certified to the EU-U.S. Privacy Shield Framework;
- We have implemented appropriate safeguards, such as EU Model Clauses;
- The recipient has adopted Binding Corporate Rules regarding the personal information transferred; or
- The transfer is authorized by applicable legal requirements.
You may request details of the safeguards we have put in place for personal information transfers by contacting us as described in the "How to Contact Us" section below.
Retention of Personal Information
The duration of personal information retention depends on the purpose for its collection. Generally, we keep personal information for as long as needed to fulfill the original purposes, and then we delete or anonymize it. However, we may retain it longer if legally required or to comply with obligations like tax and accounting.
Typically, we retain personal information as follows:
- Personal information you provide through our Sites: kept until we respond to your request and for a short period thereafter;
- Personal information provided for direct marketing communications: kept during our relationship until you opt out or we have no contact for a significant time;
- Personal information used for analytics: retained for the duration necessary for analytics, then anonymized or aggregated;
- Website logs (e.g., access, error, and security logs): kept for several months to monitor and maintain Site security.
If you provide us with personal information, you have the right to inquire about the nature of the information stored and processed by us. We will provide reasonable access to your personal information and, if necessary, allow you to review and correct inaccuracies. Requests for access can be made in writing to: email@example.com.
If you are in the EEA or Switzerland, you have additional rights related to your personal information we hold:
- To request confirmation of whether we process your personal information and obtain a copy of it;
- To request rectification or updating of inaccurate, incomplete, or outdated personal information;
- To request erasure of your personal information in certain circumstances, such as withdrawing your consent;
- To request restriction of your personal information use in certain circumstances;
- To withdraw your consent for processing personal information;
- To request a copy of your personal information in a structured, machine-readable format in certain circumstances.
We may take reasonable steps to verify your identity before fulfilling your request. We will respond to your request within the required time under applicable law after confirming your identity.
You also have the right to lodge a complaint with your country's data protection supervisory authority.
We acknowledge the need to protect the privacy of personal information collected from children. Our Sites and Services are not intended for children.
Effective Date and Policy Changes
How to Contact Us
By email at: firstname.lastname@example.org.
In writing at:
Attention: Privacy Officer
14/F, OTB Building, 259-265 Des Voeux Road Central, Hong Kong
You may also contact our Data Protection Officers:
By email at: email@example.com
In writing at:
Attention: Data Protection Officer
14/F, OTB Building, 259-265 Des Voeux Road Central, Hong Kong