1.1 Dymon Asia Capital Ltd, its affiliates and the collective investment vehicles and client accounts which are managed or advised by Dymon Asia Capital Ltd and/or its affiliates (together, “Dymon”, “we”, “us” or “our”) may obtain personal data about you. For the purposes of data protection law, we are a user or controller in respect of your personal data. We are responsible for ensuring that we use your personal data in compliance with applicable data protection law.
1.2 Dymon respects your concerns about privacy and is committed to protecting the privacy of all personal data obtained.
1.3 This Privacy Statement explains: (i) the personal data we process; (ii) how that information is processed; (iii) with whom we may share it; and (iv) the rights available to you.
1.4 This Privacy Statement concerns the information we collect through your use of our website www.dymonasiaprivateequity.com (the “Website”), when you contact or request information from us, when you engage us for services and personal data we handle in the course of carrying on our commercial activities, including personal data of officers or representatives of organisations with which we have a business relationship.
1.5 As referenced in this Privacy Statement:
“personal data” generally means any data which relates to a living individual who can be identified from that data or from that data and other information which is in the possession of, or is likely to come into the possession of, Dymon (or its representatives or its service providers). In addition to factual information, it may also include any expression of opinion about an individual and any indication of the intentions of Dymon or any other person in respect of such individual; and
“process” includes any operation that is carried out in respect of personal data, including but not limited to, collecting, using, storing, disclosing or otherwise processing personal data.
2. Personal data that we collect about you
2.1 Dymon may collect and process the following personal data about you:
a. Information that you provide to us or one of our affiliates. This includes information about you that you give to us by filling in online forms or by communicating with us, whether by e-mail or otherwise. The nature of our relationship and the services you are requesting will determine the kind of personal data we might collect and use. This information may include (but is not limited to):
i. basic personal data (such as your name, date of birth, national insurance number, social security number, address, telephone number(s), e-mail address, occupation and job title);
ii. when you have an investor account, your username and password to access Dymon products and services online;
iii. financial information (such as information relating to your financial health and details of your income and assets); and
iv. any information that you choose to share with us (whether through the Website or otherwise, including IP address, cookie, any comments or other content you submit to us) which may be considered personal data.
b. Information we collect or generate about you. This may include (but is not limited to):
i. information about our business relationships with you and our interactions with you, including any personal data that you provide during telephone and email communications with us which we may monitor and record in order to resolve complaints, improve our service and in order to comply with our legal and regulatory requirements;
ii. when you submit identifiable comments and other content to us, we collect whatever information you supply and use this information to communicate with you if requested, and otherwise fulfil the purpose of the content submission; and
iii. a file with your contact history used for enquiry purposes that we may ensure that you are satisfied with the services we have provided to you.
c. Information we obtain from other sources. This may include (but is not limited to):
i. information from publicly available sources (including third party agencies such as credit reference agencies, fraud prevention agencies, law enforcement agencies and other publicly accessible sources);
ii. information obtained from independent financial advisors (IFAs), other professional advisers, product providers, events organisers, and other agents and/or representatives; and
iii. information obtained from sanctions checking and background screening providers.
3.1 Dymon may process your personal data for the following purposes (to the extent applicable):
a. to provide, manage or administer the products or services provided to you, including processing transactions;
b. to review and improve the information provided on our Website to ensure it is user friendly and to prevent any potential disruptions;
c. to manage your account, maintain your personal profile and personalize your experience on our Website;
d. to communicate with you when necessary or appropriate in relation to the services being provided to you or the services being provided to us;
e. to assess applications or contracts for our products and services, including to ascertain whether you meet the applicable suitability standards imposed by the jurisdiction of your residence and any laws, rules regulations, guidelines, notices or directions that apply to Dymon, and otherwise ascertain whether we determine that you are suitable to enter into any vendor or service agreement with us;
f. to perform analytics (including market research, trend analysis, financial analysis and anonymization of personal data);
g. to keep you updated whilst you are a client in relation to the products or services provided to you and to provide you with information or opportunities that we believe may be relevant to you;
h. to manage our business, including to enable third party service providers to provide services on our behalf;
i. to administer and maintain IT systems in order to uphold standards of service;
j. to monitor IT systems in order to protect against cyber threats or malicious activity including abuse and misuse;
k. to conduct our everyday business purposes, which may include compliance with industry standards and policies and/or obligations under applicable law;
l. to ensure that we meet our obligations under any applicable laws, rules, regulations, guidelines, notices or directions, including (without limitation):
i. verifying compliance with the relevant laws, rules, regulations, guidelines, notices or directions that apply to Dymon;
ii. any obligations related to tax matters (such as identification, tax reporting and tax audit);
iii. any obligations related to anti-money laundering and countering the financing of terrorism legislation or regulations; and
iv. responding to any mandatory request for information made by a governmental or other regulatory body, any exchange or self-regulatory organization;
m. in order to establish, exercise or defend our legal rights; and
n. to administer and maintain databases storing personal data.
3.2 We are entitled to use your personal data in these ways because:
a. we need to in order to perform our contractual obligations under the vendor or service agreement which you have entered or are entering into with us, or will be done at your request prior to entering into that agreement and exercise our rights in connection with managing your account and providing the products and services to you;
b. we have obtained your consent;
c. we have legal and regulatory obligations that we have to discharge;
d. we may need to in order to establish, exercise or defend our legal rights or for the purpose of legal proceedings; or
e. the use of your personal data as described may be necessary for our legitimate interests (or the legitimate interests of one or more of our affiliates), such as:
i. allowing us to effectively and efficiently administer and manage the operation of our business;
ii. ensuring compliance with all legal and regulatory obligations and industry standards, and preventing fraud;
iii. maintaining compliance with internal policies and procedures; or
iv. ensuring the security of our information systems.
4.1 We may share your personal data within the Dymon group for the purposes described above.
4.2 We may also share your personal data with third parties outside of the Dymon group for the following purposes:
a. to our business partners who are contractually obliged to comply with appropriate data protection obligations;
b. assessing compliance with applicable laws, rules and regulations, as required by law of relevant government or administrative authority and then, to the extent reasonably practicable, only subject to customary undertakings of confidentiality;
c. to the extent required by law (for example, if we are under a duty to disclose your personal data in order to comply with any legal obligation), establish, exercise or defend our legal rights or for the purpose of legal proceedings;
d. if we sell any of our business or assets, in which case we may disclose your personal data to the prospective buyer for due diligence purposes;
e. if we are acquired by a third party, in which case personal data held by us about you will be disclosed to the third party buyer;
f. to third party agents and contractors for the purposes of providing services to us, including (but not being limited to) Dymon’s outside counsel, auditors, professional advisors and IT and communications providers. These third parties will be subject to confidentiality requirements and they will only use your personal data as described in this Privacy Statement; and
g. to any organization at your request or any person acting on your behalf (including your agents, advisers, brokers and product providers).
4.3 No personal data is shared with unaffiliated third parties for their marketing purposes.
5. International Transfers
5.1 Personal data may be transferred internationally for the purposes described in this Privacy Statement and as otherwise required or permitted by applicable law. The protections which apply to international transfers of personal data are further described in this section, and will apply regardless of the international transfer or processing of such information.
5.2 Transfers Outside the European Economic Area (“EEA”)
Where we are subject to the EU General Data Protection Regulation (or any equivalent data protection legislation) in respect of our processing of your personal data and if we transfer your personal data outside the EEA, we will ensure that it is protected in a manner that is consistent with how your personal data will be protected by us in the EEA. This can be done in a number of ways, for instance where:
a. the recipient destination has been subject to a finding from the European Commission that it ensures an adequate level of protection for the rights and freedoms that you possess in respect of your personal data;
b. if the recipient is in the United States of America, it is a certified member of the EU-US Privacy Shield scheme; or
c. the recipient has signed up to a contract based on “model contractual clauses” approved by the European Commission, obliging them to protect your personal data.
To the extent that the EU General Data Protection Regulation (or any equivalent data protection legislation) applies to you, you are entitled to request further details of the protection given to your personal data when it is transferred outside its country or jurisdiction of origin.
5.3 Transfers Outside Singapore
Where we are subject to the Singapore Personal Data Protection Act 2012 (No. 26 of 2012) (the “PDPA”) in respect of our processing of your personal data and if we transfer your personal data outside Singapore, we will take all reasonable steps to ensure that:
a. the recipient agrees to protect personal data at a standard that is at least comparable to the PDPA in accordance with the PDPA; or
b. any other transfer will otherwise be in accordance with the PDPA.
5.4 Transfers Outside Hong Kong
Where we are subject to the Hong Kong Personal Data (Privacy) Ordinance (the “PDPO”) in respect of our processing of your personal data and if we transfer your personal data outside Hong Kong, we will ensure that:
a. we have reasonable grounds for believing that there is in force in that recipient destination any law which is substantially similar to, or which serves the same purposes as the PDPO;
b. you have consented in writing to the transfer;
c. we have reasonable grounds for believing that, in the circumstances in question:
i. the transfer is for the avoidance or mitigation of adverse action against you;
ii. it is not practicable to obtain your consent in writing to that transfer; and
iii. if it was practicable to obtain such consent, you would give it; or
d. we have taken all reasonable precautions and exercised all due diligence to ensure that the data will not, in that recipient destination, be collected, held, processed or used in any manner which, if that recipient destination were Hong Kong, would be a contravention of a requirement under the PDPO.
5.5 Transfers Outside the Cayman Islands
Where we are subject to the Cayman Islands Data Protection Law and we transfer your personal data outside of the Cayman Islands, we have put in place relevant data protection policies and data transfer agreements so as to provide your personal data with the same protections as set out under Cayman Islands law.
5.6 Transfers Outside Japan
Where we are subject to the Personal Information Protection Act of Japan (No. 57 of 2003, as amended) (the “PIPA”) in respect of our processing of your personal data, your personal information may be transferred outside Japan only if:
a. you have expressly consented that personal information can be transferred to a third party outside Japan, unless such personal information is transferred to an EU country or the overseas organisation to which the data will be transferred is bound by legally enforceable obligations to provide to the personal information transferred a standard of protection that is comparable under the PIPA; or
b. we are permitted to provide your personal data to a third party under the PIPA on any of the following grounds;
i. the transfer is required under Japanese laws and regulations;
ii. it is necessary to protect a person’s life, body or property and it is difficult to obtain your consent;
iii. it is particularly necessary to enhance public health or promote fostering healthy children and it is difficult to obtain your consent; or
iv. it is necessary to cooperate Japanese government authorities in executing their duties and obtaining your consent may impede the execution of such duties.
How long we will retain your personal data for will vary and will be determined by the following criteria: (i) the purpose for which we are using it – Dymon will need to keep the data for as long as is necessary for that purpose; and (ii) to the extent that we are permitted by law to retain it for a longer period of time (in which case we will retain it for the period permitted by law) or to the extent that we may need to in order to establish, exercise or defend our legal rights or for the purpose of legal proceedings.
7.1 To the extent you are entitled to do so under applicable law:
a. you have a right to obtain information on, and access to, the personal data that we process about you and to request the correction of any error or inaccuracy in relation to such personal data; and
b. you also have the following rights in respect of your personal data:
i. the right to withdraw your consent to our processing of your personal data at any time. Please note, however, that we may still be entitled to process your personal data if we can rely on another legal ground for doing so;
ii. in some circumstances, the right to receive any personal data which we process about you on the basis of your consent (as opposed to any other legal ground) in a structured, commonly used and machine-readable format and/or request that we transmit such data where this is technically feasible. Please note that this right only applies to personal data which you have provided to us;
iii. the right to request that we rectify your personal data if it is inaccurate or incomplete;
iv. the right to request that we erase your personal data in certain circumstances. This may include (but is not limited to) circumstances in which:
A. it is no longer necessary for us to retain your personal data for the purposes for which we collected it;
B. we are only entitled to process your personal data with your consent, and you withdraw your consent, and where there is no other legal ground for the processing; or
C. you object to our processing of your personal data for our legitimate interests, and our legitimate interests do not override your own interests, rights and freedom.
Notwithstanding the above, please note that there may be circumstances where you ask us to erase your personal data but we are legally entitled to retain it;
v. in some circumstances, the right to request that we restrict our processing of your personal data. This may include (but is not limited to) circumstances in which:
A. you dispute the accuracy of your personal data (but only for the period of time necessary for us to verify its accuracy);
B. we no longer need to use the personal data except for the establishment, exercise or defence of legal claims; or
C. you object to our processing of your personal data for our legitimate interests (but only for the period of time necessary for us to assess whether our legitimate interests override your own interests, rights and freedom).
Notwithstanding the above, please note that there may be circumstances where you object to, or ask us to restrict, our processing of your personal data but we are legally entitled to continue processing your personal data and/or to refuse that request;
vi. the right not to be subject to a decision based solely on the automated processing of your personal data, where this produces legal effects concerning you or which significantly affects you; and
vii. the right to lodge a complaint with the data protection regulator in your jurisdiction if you think that any of your rights have been infringed by us.
7.2 You may exercise any of the above rights or obtain further information about the use of your personal data by contacting firstname.lastname@example.org. In order to process your request, we reserve the right to use personal data previously obtained to verify your identity or take other actions that we believe are appropriate, subject to the requirements under applicable law.
8.1 To protect your personal data from unauthorized access and use, Dymon uses security measures that comply with applicable law. These measures include appropriate physical, electronic and procedural controls which are reasonably designed to:
a. ensure the security and confidentiality of your records and information;
b. protect against any anticipated threats or hazards to the security or integrity of your records and information; and
c. protect against unauthorized access to or use of your records or information that could result in substantial harm or inconvenience to you.
8.2 You may also wish to note that you may be able to access other organizations’ websites through links on this website and in this regard, please note that Dymon is not responsible for the privacy standards and processes of those organizations and external websites.
This Privacy Statement may be updated periodically to reflect changes in our firm’s policies and applicable law. We suggest that you periodically review this Privacy Statement for any update.
10. How to Contact Us
10.1 If you have any questions or concerns about Dymon’s handling of your personal data, please contact the Chief Compliance Officer of Dymon at email@example.com.
10.2 We are usually able to resolve privacy questions or concerns promptly and effectively. If you are not satisfied with the response you receive from us, you may escalate concerns to the applicable privacy regulator in your jurisdiction.