Confidentiality and Data Protection Agreement – Corporate Policy 2023
Our Commitment
Hatton Garden Metals Ltd (company registration number: 6426684) is committed to processing data in accordance with its responsibilities under GDPR. We have an active data protection program in place which complies with existing laws and abides by data protection principles. We are dedicated to safeguarding your data and personal information. We will continue to develop our policies to meet all GDPR regulations, train employees and build awareness over such policies. We operate under a risk-based approach to data-protection; this means that we evaluate the likelihood and severity of a risk to an individual’s personal data and fundamentals rights and freedom of individuals.
Before providing us with any information relating to you with this Agreement, you should be aware of the following information:
The categories of personal data that you are providing to us may be processed for the purposes of:
a. our Identity, and that you are able to contact Our Data Protection Officer ( Christopher Lyons) via email to [email protected] or via our postal address: Data Protection Officer, Data Protection, Hatton Garden Metals, 11 St Cross Street, London, EC1N 8UB;
b. lawful, fair and transparent administering and operating your account; data we hold will consist solely of information that you provide to us, or is determined through your direct interaction with our website (e.g. your IP address, purpose of your transaction, etc);
c. collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes. This may include administrative purposes and operating your account;
d. our legitimate interests, particularly in the course of the operational support and development of our business including for the purpose of risk management;
e. policies are developed to ensure consistency when dealing with an individual’s data in relation to our responsibility as an organisation. We are dedicated to ensuring that our policies are easy to understand. We are committed to our organisation’s accountability and these processes are embedded within our organisational processes. These policies are reviewed regularly and systematically;
f. carrying out credit, money laundering and conflict checks for the prevention of fraud and financial crime. We are aware of common-processing activities within our industry which reflect the specificities of our sector;
g. complying with applicable regulations, legal and regulatory requests;
h. accurate and updated database; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay; Individuals have the right to access their personal data and rectification or erasure of, received personal data and restriction or objection to its processing;
i. kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures. We retain personal data that you supply for as long as you are a client with an active account, and for as long as we are legally required to do so.
For the purposes set out above we shall retain personal data for a minimum of 5 years to meet our legal and business requirements. Should we need to hold data for a longer period than 5 years due to a customer connection with an investigation or legal proceedings we reserve the right to do so.
Responsibilities for risk assessment in Hatton Garden Metals
Our DPO has an obligation to advice, monitor, and evidence any outcome in respect of DPIA’s (Data Protection Impact Assessment). Our training allows our employees within our organisation to conduct a preliminary risk assessment and then escalate any matters to the DPO. Risk assessments including any DPIA’s are documented and stored on file. When performing tasks our DPO has due regard to the risks associated with processing operations and takes into account the nature, scope and purposes of processing.
Transactions exceeding the equivalent to cash EUR10,000 or more
We have a policy in place, through record keeping of a client’s purchase history that does not allow an individual to pay high value transactions in cash (EUR10,000 ore more). Our system maintains an ongoing log of all an individual’s orders, this puts a transactional cash limit per client that cannot exceeded EUR10,000 within a 12-month period. In this capacity, any client that either makes a cash payment or is refunded a cash payment (providing this stays below the threshold of EUR10,000) must satisfy our due diligence policy and AML policy outlines, this includes obtaining original proof of identity and address of the client.