Third parties connected to our clients

Collection of personal data 

This section is relevant for our clients’ third party advisors or family members. Where we engage with you (either directly or through our client) we will collect personal data to enable us to carry out the agreed services with our clients.  The personal data we will collect is dependent on your relationship with our client and what is applicable to the services we are providing. It will typically include:  

• personal details (e.g. name, age/date of birth, gender, marital status, country of residence); 
• contact details (e.g. email address, contact number, postal address); 
• financial details (e.g. salary, payroll details and other financial-related details such as income, investments and other financial interests, benefits, tax status); and 
• job details (e.g. role, grade, experience, performance information and other information about management and employees).  

When relevant, we will collect special categories of personal data (for example to perform client checks and to provide immigration and tax services). If applicable, we will collect government identification documents (which could include biometric data), information about political affiliations, information about your health, or data revealing racial or ethnic origin. 

Personal data will be collected either from you directly, a third party acting on your/our client’s instructions, or from information that has been made publicly available. We will only ask for personal data that is necessary for the agreed services and request that you do not provide anything in addition to what is necessary. 

How do we use your personal data? 

We use personal data for the following purposes: 

• to conduct due diligence checks for clients and prospective clients
  
  We carry out due diligence checks on clients and their close connections both prior to and during contracts to manage risk. These checks involve internet searches and sanctions lists to identify politically exposed persons, high-risk individuals, and organisations, as well as any concerns such as sanctions, criminal convictions, or reputational issues that may preclude us from working with a client.  

• for administration purposes (e.g. verification purposes, ongoing matter management)
  
  We will use your personal data to authenticate you, manage our IT systems and applications, and to manage the agreed services we have with our clients.   

• to provide our professional services
  
  The personal data we process when providing our professional services will depend on the agreed services with our client, your relationship with our client, and the role you are providing during those agreed services. For example, we use personal data of family members when providing global mobility or pension services. 

• for security monitoring purposes
  
  To protect both our own and our clients’ information, we carry out security monitoring to detect, investigate, and resolve security threats. This involves scans of our systems and software, where client files and personal data are stored.  

• to comply with a requirement of law, regulation or a request from a professional body to which we are subject 
  
  As with any provider of professional services, we are subject to legal, regulatory and professional obligations. We need to keep certain records to demonstrate that our services are provided in compliance with those obligations and those records may contain personal data. 

How long will we keep your personal data? 

We will only keep your personal data for as long as necessary to fulfil the purposes for which we collected it. Personal data may be held for longer periods where extended retention periods are required by law or regulation and in order to establish, exercise or defend our legal rights. When permissible, we may anonymise your personal data instead of deleting it. In such cases, all identifying information is removed, making it impossible to associate the data with you.