Privacy Policy

Who we are

Suggested text: Our website address is: https://shallonCSP.com

ShallonCSP is committed to protecting the privacy of all individuals it interacts with and we therefore ask that you please read this fair processing notice carefully. This fair processing notice explains how various ShallonCSP companies within the ShallonCSP collects and uses your personal information.

1. About ShallonCSP

ShallonCSP are independent Trustees and Corporate Services providers who provide unbiased advice and solutions to Private, Corporate, Institutional and Family Clients.

As independent advisors, no Bank, Life or Investment Company influences us on the solutions we offer. This provides added value for our clients and a truly unbiased approach in creating tailored structuring. Seeking a bespoke service to match your needs should be your prime consideration and one that we can deliver.

The company is incorporated in Nevis & St Kitts. In addition, Shallon has established an entity in the Fujairah International Free Zone, UAE to provide administration services to the other group entities and holds the requisite licenses to do so. Whilst not required to do so, it complies fully with the ARIF (Association Romande des Intermediaries Financiers) code of conduct, whose purpose is to set forth the rules of good professional practice and to prevent money laundering and is recognised by the Swiss Federal State according to Article 24 of the MLA.

The principal requirements set out by the CoD are:

• Respect for the integrity of the client
• Guarantee of irreproachable management
• Duty of information on services offered and remuneration
• Guarantee of confidentiality

Since we have terms with some of the largest financial institutions in the world, our due diligence and procedures must be of the very highest level.

At ShallonCSP our highly qualified advisors and administrators maintain an ongoing relationship with their clients as their strategy develops and any changes in their life cycle occur. With the many years of collective experience in the legal, financial and banking fields, we are here to build futures together.

2. ShallonCSP’s processing of your personal information

We will collect and use different personal information about you for different reasons, depending on our relationship with you. Sometimes we will request or receive “special categories of personal information” (which is information relating to your health, genetic or biometric data, criminal convictions, sex life, sexual orientation, racial or ethnic origin, political opinions, religious or philosophical beliefs, and trade union membership) in order to provide comprehensive advice and deliver health related products to you.

In our role as principal and on behalf of advisors, we may also use details of any unspent criminal convictions for fraud prevention purposes to help advisors during the process of investing money.

Where you provide personal information to us about other individuals (for example, members of your family or other dependents) we will also be data controller of their personal information and we are responsible for protecting their personal information and using it appropriately. This notice will therefore apply to those individuals and you should refer them to this notice.

Where you are a prospective or existing client enquiring about, being introduced to or receiving wealth or asset management services through our advisors

This section will apply if you receive wealth or asset management services, or you are looking to receive wealth or asset management services from a advisor.

What personal information may we collect?

• Information collected from any communications with you; and
• Information obtained through audits or processed in the process of ensuring our advisors comply with their regulatory obligations.
• Information stored on our client relationship management systems which advisors have access to and store information onto.
• Information collected when dealing with any complaints you may have;

This will include the following personal information:

• General information such as your name, address, phone numbers and email addresses, date of birth and gender.
• Identification information including passport, driving license, national identity card, government issued ID verification and address verification documents such as official letters, bank statements and evidence of benefit entitlement.
• Employment information such as job title, employment history and professional accreditations.
• Financial information:
  • Bank details;
  • Financial reviews (fact finds);
  • Information relating to your personal finances such as your financial liabilities and assets, income and outgoings; 
  • Information obtained from carrying out identification checks and checking sanction lists and politically exposed persons (PEP) screening, including bankruptcy orders;
• Information relevant to the services that your advisor provides to you, including:
  • previous and current investments;
  • information about your lifestyle; 
  • attitude to investment risk;
  • existing plan details;
  • objectives;
  • copies of your will; 
  • information about any trusts you have;
  • information relating to any corporate entities you have;
• Information about your family including information about your dependents;
• Information obtained during telephone recordings; 
• Information which we have gathered from publicly available sources such as internet search engines and social media sites (including but not limited to LinkedIn, Facebook, Twitter etc.);
• Where you have been flagged as a PEP and our advisors are required to carry out enhanced due diligence;

What special categories of personal information will we collect?

• Details about any criminal convictions and any related information which have been obtained from our advisors’ sanctions checks and PEP screening. This will include information relating to any offences or alleged offences you have committed or any court sentences which you are subject to.
• Details about your health which are relevant to the service you are receiving, for example where you have disclosed such information to our advisors or to us because it explains your risk appetite for investments.
• In limited circumstances and where relevant to the advice being provided by our advisor, we may also collect information which relates to your trade union membership, ethnicity or political opinions where you have disclosed it to our advisor. 

How will we collect your personal information?

We will collect information directly from you when:

• you contact us by email, telephone and through other written and verbal communications;

We will also collect your personal information from:

• Your advisor directly;
• The ShallonCSP client relationship management system and hosted platforms[SF1] ;
• Publicly available sources such as the court judgments, insolvency registers, commercial registry, internet search engines and social media sites;
• Other ShallonCSP companies where appropriate, including any of the following entities, asset management companies or Trustee service companies (where you were previously a client) that have been acquired by the ShallonCSP:
  • Shallon LLC;
• Where an entity has been acquired by ShallonCSP, advice will be provided by your advisor and your personal information that is held by those entities will be governed by their individual privacy notices which will have been made available to you;

What will we use your personal information for?

There are a number of reasons we use your personal information and for each use we need to have a “lawful basis” to do so.

We will rely on the following “lawful basis” when we process your “personal information”:

• We have a legal or regulatory obligation to use such personal information. For example, our regulators require us to hold certain records of our dealings with you;
• We have a valid business reason to use your personal information and which is necessary for our everyday business operations and activities, for example to respond to any queries relating to our services that we receive;
• In each case we assess our need to use this personal information for these purposes against your rights to privacy to ensure we are protecting your rights;

When we use your “special categories of personal information”, we must have an additional “lawful basis” and we will rely on the following lawful basis in these circumstances:

• It is in the substantial public interest to comply with regulatory requirements relating to unlawful acts and dishonesty – such as carrying out fraud, credit and anti-money laundering checks;
• You have given your explicit consent to our use of your special categories of personal information. In some cases we are not able to review a complaint in respect of the advisor service you have received unless we have all the information we need, which could include your health information for example;
• We need to use such special categories of personal information to establish, exercise or defend legal rights, such as when we are facing legal proceedings or want to bring legal proceedings ourselves;
• There is a substantial public interest in the prevention and detection of unlawful acts such as where we suspect fraud;

Purpose for processing	Lawful basis for using your personal information	Lawful basis for using your special categories of personal information
To comply with our legal or regulatory obligations, including ensuring that our advisors are compliant with the appropriate regulatory requirements.	We need to use your information in order to comply with our legal obligations.We have a valid business reason (to run our business efficiently and effectively).	We need to use your information in order to establish, exercise or defend legal rights.We have a substantial public interest to prevent or detect unlawful acts (where we suspect fraud).It is in the substantial public interest to comply with regulatory requirements relating to unlawful acts and dishonesty. We have your explicit consent.
For communications purposes including handling complaints and dealing with any other communications.	We have a valid business reason to communicate with you about products and services.	We need to use your information in order to establish, exercise or defend legal rights.You have given us your explicit consent.
For business purposes and activities including managing the ShallonCSP CRM system and hosting platform, and ensuring the continued improvement of the ShallonCSP client service.	We have a valid business reason (to run our business efficiently and effectively).	You have given us your explicit consent.We need to use your information in order to establish, exercise or defend legal rights.
To assist in the transition of your services from your advisor to another advisor if your advisor leaves ShallonCSP. Introducing prospective clients to our services	We have a valid business reason (to run our business efficiently and effectively).We have a valid business reason (to help expand and grow our business).	We need to use your information in order to establish, exercise or defend legal rights.

Who will we share your personal information with?

We will not sell or transfer your personal information to anyone unless we have a valid purpose as set out above

and we will only disclose it to the following parties:

• Your advisor;
• Other advisors within ShallonCSP only where we have to transition services (e.g. if your advisor leaves ShallonCSP);
• Other ShallonCSP companies, including any advisory entities (where you were previously a client) that have been acquired by the ShallonCSP;
• Our regulators and any other competent bodies;
• Selected third parties in connection with any sale, transfer or disposal of our business;
• Our insurers;
• Data protection authorities;
• Financial crime and fraud detection[JD2]  agencies;
• The police, governmental tax authorities and other crime prevention and detection agencies;
• Third parties who have entered into contractual arrangements with us to provide services we need to carry out our everyday business activities such as advisor support specialists, document management providers, back office system providers, secure login and email providers, storage warehouses, IT suppliers, actuaries, auditors, lawyers, outsourced business process management providers, our subcontractors and tax advisors;

Family members. business associates or other beneficiaries of a client receiving our services

This section will apply where a client receiving our services provides information about their family member(s) or business associates to explain their lifestyle and approach to investments and wealth management (for example if you are a spouse, advisor or dependent mentioned in a will or trust document, another beneficiary or a business advisor). This section will set out how we use your information.

What personal information may we collect?

• Information collected from the client;
• Information collected when dealing with any complaints you may have;
• Information collected from any communications with you; and
• Information obtained through audits or in the process of ensuring our advisors comply with their regulatory obligations;

This will include:

• General information such as your name, address, phone numbers and email addresses, date of birth and gender;
  • Your relationship to our client who is receiving ShallonCSP services;
  • Financial information relating to your financial liabilities, for example where a debt has been secured against an asset and you are a joint holder of that asset with the client receiving our services;

What special categories of personal information will we collect?

• We may collect details about your health which are relevant to the services our client receives from the relevant advisor (for example where you are the client’s advisor and you have a medical condition which means that you are unable to work and therefore our client has a higher need for investment return and a lower risk appetite).
• In limited circumstances where relevant to the advice being provided by our advisor, we may also collect information which relates to your trade union membership, ethnicity or political opinions where it has been disclosed to the advisor by the client. 

How will we collect your personal information?

We will collect information directly from you when:

• Directly from the client receiving our services;
• [SF3] 

We may also collect your personal information from:

• our client’s advisor;
  • the ShallonCSP client relationship management system and hosted platforms;[SF4] 

What will we use your personal information for?

There are a number of reasons we use your personal information and for each use we need to have a “lawful basis” to do so.

We will rely on the following “lawful basis” when we process your “personal information”:

• We have a legal or regulatory obligation to use such personal information. For example, our regulators require us to hold certain records of our dealings with you;
• We have a valid business reason to use your personal information which is necessary for our everyday business operations and activities, for example to maintain our business records;
• In each case we assess our need to use this personal information for these purposes against your rights to privacy to ensure we are protecting your rights;

When we use your “special categories of personal information”, we must have an additional “lawful basis” and we will rely on the following lawful basis in these circumstances:

• You have given your explicit consent to our use of your special categories of personal information which may have been provided to us by your family member, spouse or business associate who is our client;
• We need to use such special categories of personal information to establish, exercise or defend legal rights, such as when we are facing legal proceedings or want to bring legal proceedings ourselves;
• There is a substantial public interest in the prevention and detection of unlawful acts such as where we suspect fraud;
• It is in the substantial public interest to comply with regulatory requirements relating to unlawful acts and dishonesty – such as carrying out fraud, credit and anti-money laundering checks;

Purpose for processing	Lawful basis for using your personal information	Lawful basis for using your special categories of personal information
To comply with our legal or regulatory obligations, including ensuring that our advisors are compliant with the appropriate regulatory requirements.	We need to use your information in order to comply with our legal obligations.We have a valid business reason (to run our business efficiently and effectively).	We need to use your information in order to establish, exercise or defend legal rights.We have a substantial public interest to prevent or detect unlawful acts (where we suspect fraud).It is in the substantial public interest to comply with regulatory requirements relating to unlawful acts and dishonesty. We have your explicit consent and this has been provided to use by the client.
For communications purposes including handling complaints and dealing with any other communications.	We have a valid business reason (to run our business efficiently and effectively).	You have given us your explicit consent and this has been provided to us by the client. We need to use your information in order to establish, exercise or defend legal rights.
For business purposes and activities including managing the ShallonCSP system and hosting platform, and ensuring the continued improvement of ShallonCSP services.	We have a valid business reason (to run our business efficiently and effectively).	You have given us your explicit consent and this has been provided to us by the client.We need to use your information in order to establish, exercise or defend legal rights.
To assist in the transition of our client’s services from our client’s advisor to another advisor if our client’s advisor leaves ShallonCSP	We have a valid business reason (to run our business efficiently and effectively).	You have given us your explicit consent and this has been provided to us by the client. We need to use your information in order to establish, exercise or defend legal rights.

Who will we share your personal information with?

We will not sell or transfer your personal information to anyone unless we have a valid purpose as set out above and we will only disclose it to the following parties:

• The client’s advisor;
• Other advisors within ShallonCSP only where we have to transition services for clients. (e.g. if your spouse is a client and his or her advisor leaves ShallonCSP;
• Other ShallonCSP companies;
• Our regulators and any other competent bodies;
• Selected third parties in connection with any sale, transfer or disposal of our business;
• Our insurers;
• Data protection authorities;
• Financial crime and fraud detection agencies;
• The police, government tax authorities and other crime prevention and detection agencies;
• Third parties who have entered into contractual arrangements with us to provide services we need to carry out our everyday business activities such as advisor support specialists, document management providers, back office system providers, secure login and email providers, storage warehouses, IT suppliers, actuaries, auditors, lawyers, outsourced business process management providers, our subcontractors and tax advisors;

Other business advisors of ShallonCSP

If you are a business advisor such as products providers, portfolio or fund managers and contractors who carry out business functions on our behalf, this section will be relevant to you and sets out our uses of your personal information.

What personal information may we collect?

• General information such as your name, address, business phone numbers and email addresses.
• Employment information such as job title, business cards and professional accreditations.
• Information about your clients and the services and products you offer.
• Your bank details and information obtained from checking sanction lists and credit checks
• Information which we have gathered from publicly available sources such as internet search engines and generally obtained as part of the due diligence process conducted by the ShallonCSP of companies.

How will we collect your information?

• Directly from you.
• From other ShallonCSP companies.
• From publicly available sources such as internet search engines.
• From service providers who carry out sanctions checks.

What will we use your personal information for?

There are a number of reasons we use your personal information and for each use we need to have a “lawful basis” to do so.

We will rely on the following “lawful basis” when we process your “personal information”:

• We need to use your personal information to enter into or perform the contract that we hold with you;
• We have a legal or regulatory obligation to use such personal information. For example, we may be required to carry out certain background checks;
• We have a valid business reason to use your personal information which is necessary for our everyday business operations and activities, for example to keep records of investments and the reasoning behind such investments, to maintain business records, to carry out due diligence, to review our business models and undertake strategic and operational business analysis;

In each case we assess our need to use this personal information for these purposes against your rights to privacy to ensure we are protecting your rights;

Purpose for processing	Lawful basis for using your personal information	Lawful basis for using your special categories of personal information
To carry out fraud, credit and anti-money laundering checks on you	It is necessary to enter into a contract with you.We have a valid business reason (to assess your suitability as a business advisor).We need to use your information in order to comply with our legal obligations.
To carry out due diligence on you.	We have a valid business reason (to ensure that you can provide guarantees in terms of confidentiality and security measures you implement to protect the information we are sharing with you about our clients).
To comply with our legal or regulatory obligations.	We need to use your information in order to comply with our legal obligations.
For business purposes and activities including maintaining business records, file keeping, strategic business planning and internal audit, and management information.	We have a valid business reason (to run our business efficiently and effectively)
For compliance and monitoring purposes such as recording and managing complaints made against you by our customers.	It is necessary to enter into a contract with you.We have a valid business reason (to ensure we are compliant and carrying out appropriate monitoring activities).

Who will we share your personal information with?

We will not sell or transfer your personal information to anyone unless we have a valid reason as set out above and we will only disclose it to the following parties:

• Where you are providing a product or services to one of our clients on our behalf, the relevant ShallonCSP advisor where the client receives wealth management services from that advisor;
• Other ShallonCSP companies;
• Third parties who provide sanctions checking services including Thomson Reuters Worldcheck and Vital4;
• Our regulators and any other competent bodies;
• Selected third parties in connection with any sale, transfer or disposal of our business;
• Our insurers;
• Third parties who have entered into contractual arrangements with us to provide services we need to carry out our everyday business activities such as advisor support specialists, document management providers, back office system providers, secure login and email providers, storage warehouses, IT suppliers, actuaries, auditors, lawyers, outsourced business process management providers, our subcontractors and tax advisors;

Users of the ShallonCSP website

If you use our website, this section will be relevant to you and sets out our uses of your personal information. 

What personal information may we collect?

• General information submitted via the website, for example where you provide your details in the contact section such as your name, contact details and company name.
• Information such as IP address and browsing history obtained through our use of cookies. You can find more information about this in our cookies policy which can be found in section 9 below.

How will we collect your personal information?

We will collect your information via cookies and directly from you through interaction with forms on our website.

What will we use your personal information for?

There are a number of reasons we use your personal information and for each use we need to have a “lawful basis” to do so. 

We will rely on the following “lawful basis” when we process your “personal information”:

• We have a valid business reason to use your personal information, necessary for our everyday business operations and activities, for example to maintain business records and to monitor usage of the website.
  In each case we assess our need to use this personal information for these purposes against your rights to privacy to ensure we are protecting your rights;

Purpose for processing	Lawful basis for using your personal information	Lawful basis for using your special categories of personal information
To respond to any enquiries you have submitted.	We have a business reason (to respond to your enquires).

Who will we share your personal information with?

We will not sell or transfer your personal information to anyone unless we have a valid purpose as set out above and we will only disclose it to:

• Other ShallonCSP companies;
• If you receive wealth management services from a ShallonCSP advisor, the relevant advisor if relevant to the services you receive; and
• Third parties who we have entered into contractual arrangements with to provide services we need to carry out our everyday business activities such as IT suppliers and website providers;

Photographs at ShallonCSP Events and Offices

During the course of its business ShallonCSP may take photographs of its activities including its offices and various recruitment and marketing events. These photographs and related images may be used in printed and online publications and used on our various social media sites. Where a photograph or image is considered to be personal data in particular where it explicitly identifies an individual through captions published alongside the photograph or image then ShallonCSP will obtain consent from the individual to use the image before publishing. It may not always be practical to obtain written consent from an individual and in such cases we may rely upon verbal consent obtained from an individual at the time photographs are taken. Where images are of a generic nature capturing the event as a whole we will process these images on the basis that we have a legitimate interest in promoting the and the success of various events that ShallonCSP may organise. If at any point an individual wishes ShallonCSP to stop using photographs or images in which they appear they should contact ShallonCSP using the contact details given in section 8. 

3. What marketing activities do we carry out?

Where you are an existing client[OR5] 

We may use your personal information to provide you with information about products or services which may be of interest including e-briefings and newsletters, where you have provided your consent for us to do so. 

If you wish to opt out of marketing, you may do so by clicking on the “unsubscribe” link that appears in all emails which are sent by your advisor or telling us when we call you.[SF6]  Otherwise you can always contact us using the details set out in section 8 to update your contact preferences.

Please note that, even if you opt out of receiving marketing messages, you may still receive communications from your advisor in connection with the products we offer you. 

4. How long do we keep your personal information for?

We will only keep your personal information for as long as reasonably necessary to fulfil the purposes set out in section 2 above, to comply with our legal and regulatory obligations or for as long as necessary to respond to concerns you raise with the advice you received. As a Trust and corporate services provider, we are licensed in the Fujairah International Free Zone and comply with the ARIF Code of Conduct who impose certain record-keeping rules which we must adhere to.

5. What is our approach to sending information overseas?

There are a number of instances where your personal information shall be transferred to countries outside of the European Economic Area (“EEA”) the UAE, or Switzerland [SF7] such as when we transfer information to our other companies in the ShallonCSP or to third party suppliers who are based outside the EEA or when third parties who act on our behalf transfer your personal information to countries outside the EEA. Where such a transfer takes place, we will take the appropriate safeguarding measures to ensure that your personal information is adequately protected. We will do so in a number of ways including: 

• entering into data transfer contracts which meet EEA and Switzerland data protection standards; 

We are also entitled under European data protection laws to transfer your personal information to countries outside the EEA where it is necessary for the performance of the contract we have with you;

Depending on our relationship and your particular circumstances, we might transfer personal information anywhere in the world. An example of our regular data transfers outside the EEA is set out below:

Country of transfer	Reason for the transfer	Method we use to protect your information
Nevis, UAE, Isle of Man, Gibraltar, Guernsey, Jersey	Provision of data to our international offices to support our client servicing proposition.	We have standard contractual clauses in place.

6. Automated decision making and profiling 

What is automated decision making?

Automated decision making refers to a situation where a decision is taken using personal information that is processed solely by automatic means (i.e. using an algorithm or other computer software) rather than a decision that is made with some form of human involvement. We do not currently use automated decision making as all decisions are reviewed by an individual.

What is profiling?

Profiling is any form of automated processing of personal information which evaluates certain personal aspects and we use profiling tools to assist in risk assessment and marketing activities.

We will use profiling [SF8] in a number of circumstances including the following:

• where you are a prospective client we will use your location to determine which office is closest to you;
• for existing clients – where there are any investment fund switches, we will monitor irregular activity; and
• using a financial strategy segment profiling tool which uses information such as date of birth, occupation and financial information to determine appropriate investment wealth bands;
• the use of social media platforms including but not limited to LinkedIn, Facebook. Etc  to profile prospective clients based on publicly available employment and education history and location;

7. Your rights

You have several rights which you can exercise at any time relating to the personal information that we hold about you and use in the ways set out in this notice. Please contact us at any time using the details set out in section 8 if you wish to exercise these rights; we will not usually charge you. 

We respect your rights and will always consider and assess them but please be aware that there may be some instances where we cannot comply with a request that you make as the consequence might be that:

• in doing so we could not comply with our own legal or regulatory requirements for example we are under obligations to hold records of our dealings with you for certain periods of time; or
• in doing so we could not provide services to you and would have to cancel your client agreement, for example we could not enter into investments on your behalf if we had deleted your personal information;

We will of course inform you if any of the above situations arise and if we are unable to comply with your request.

The right to make a complaint with the competent data protection commissioner in your relevant jurisdiction

If you believe that we have breached data protection laws when using your personal information, you have a right to complain to the Federal Data Protection and Information Commissioner, the Office of the Data Protection Commissioner (UAE) or the competent data protection commissioner in your relevant jurisdiction;

You can visit the FDPIC website at https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/task.html or the ODPC website at https://adgm.com/doing-business/registration-authority/office-of-data-protection/intro/?pgNm=reg-authority for more information. Please note that lodging a complaint will not affect any other legal rights or remedies that you have.

The right to access your personal information

You are entitled to a copy of the personal information we hold about you and certain details of how we use it.

We are happy to provide you with such details but in the interests of confidentiality, we follow strict disclosure procedures which may mean that we will require proof of identify from you prior to disclosing such information.

We will usually provide your personal information to you in writing unless you request otherwise. Where your request has been made electronically (e.g. by email), a copy of your personal information will be provided to you by electronic means where possible.

The right to rectification

Please help us to keep your personal information accurate and up to date so if you believe that there are any inaccuracies, discrepancies or gaps in the information we hold about you, please contact us and ask us to update or amend it.

The right to restriction of processing

In certain circumstances, you have the right to ask us to stop using your personal information, for example where you think that the personal information we hold about you may be inaccurate or where you think that we no longer need to use your personal information.

The right to withdraw your consent

Where we rely on your consent to process your personal information, you have the right to withdraw such consent to further use of your personal information.

The right to erasure

You are entitled to request your personal information to be deleted in certain circumstances such as where we no longer need your personal information for the purpose we originally collected it. When you exercise this right, we need to consider other factors such as our own regulatory obligation, to assess whether we can comply with your request. We shall retain sufficient information to demonstrate that we have complied with your request.

The right to object to direct marketing

You have a choice about whether or not you wish to receive marketing information from us and you have the right to request that we stop sending you marketing messages at any time. You can do this either by responding to any email that we send to you or by contacting us using the details set out in section 8.

Please note that, even if you opt out of receiving marketing messages, we may still send you communications which are relevant to the services we offer you.

The right to data portability

In certain circumstances, you can request that we transfer personal information that you have provided to us to a third party.

When you exercise this right, we need to consider other factors such as our own regulatory obligations, to assess whether we can comply with your request.

Rights relating to automated decision-making

If we use software to carry out automated decision making ([SF9] as set out in section 6 above), we will always have some form of human involvement to check any decisions made that arise out of such automated decisions. This complies with your data protection rights to have a decision taken by automated means reviewed. 

8. Contacting us

If you would like any further information about any of the matters in this notice or if you have any other questions about how we collect, store or use your personal information, you may contact our ShallonCSP Data Protection Officer at ShallonCSP Limited, data@shallontrustees.com.

9. Cookies

The ShallonCSP website uses cookies – small text files that are stored on your computer or in your browser – to help us to monitor how visitors use our site and allow us to maintain the optimum experience for website users. The website does not store or capture personal information about you when you visit it, it merely records traffic information. This means information about all of our visitors collectively, for example the number of visits the website receives. In order to respect our visitors’ rights of privacy, this information is anonymous and no individual visitor can be identified from it.

You can disable and delete cookies by changing the appropriate setting within your browser’s ‘Help’, ‘Tools’ or ‘Settings’ menu. Please note that by disabling cookies you may not benefit from some of the features of our site. You can find out more about deleting or controlling cookies by visiting aboutcookies.org.

10. Keeping your information safe?

At ShallonCSP, we take our responsibility to look after your personal information and privacy seriously. In today’s world, we have all seen a growing trend in cybercrime and security breaches. We have a number of security measures in place to help prevent fraud and cybercrime.

If we become aware that a personal data breach has occurred and is likely to result in a high risk to the rights and freedoms of our clients, advisors or employees, we will inform them without undue delay.

We have a dedicated, the ‘Information Security Committee’, that provides oversight and guidance to our information security and privacy programme.

The ISC has a reporting line that enables effective escalation of issues up to the Board where appropriate.

We educate and train our employees, advisors and contractors on their information security, fraud prevention and privacy obligations annually.

Our employees, advisors and contractors take part in an annual Information Security training and awareness program and must agree to adhere to the GDPR, and our own Internal Privacy Policy that is designed to keep your information safe. These are reviewed each year to assess the current trends that are being observed across the information security landscape. Information Security awareness also forms part of our new employee induction program.

We also educate our employees in identifying potential financial crime and internal fraud; any suspicious activity is reported to our Financial Crime Prevention team.

When you login or send us information on the internet we protect the security of this information while it is being transmitted by encrypting it using Secure Sockets Layer (SSL).

When you use your web browser to login, view or share information with us, all electronic information exchanged is encrypted using 2048bit SSL (Secure Sockets Layer) certificate. You can identify this by looking for the HTTPS:// and the padlock in the address bar at the top of your browser.

We will always interact with you in a safe, secure and consistent manner

To keep your information secure and to protect our clients from fraud, ShallonCSP will only interact with you in the following ways.

When interacting with you, we will: 

• Only request you send funds directly to providers using verified bank account details. We will only request providers make distributions /withdrawals /payments to a verified bank account in your name.  
• Verify who you are when speaking to you on the phone, by asking you security questions.

We will not: 

• Ask you for your any password over the phone. 
• Send you bank details without first discussing this with you.
• Send you an unsolicited email with a link to our login page asking you to enter any online account credentials.
• Ask you for payment or credit card details by email or telephone.
• Call you to notify you of a problem, and then request you call us back immediately to discuss the problem further.

If in doubt, call your relationship manager directly or alternatively email the ShallonCSP Data Protection Officer at data@shallontrustees.com.

We continually review our physical and logical security controls in place across the business.

Physical controls – As well as protecting your digital information, ShallonCSP also protects their premises and physical locations where personal data may be used and stored. These measures include security entrances, secure disposal of confidential waste and hardware, CCTV and locks on doors and file storage cabinets, with a ‘clear desk’ policy to ensure all information is locked away and protected. 

Logical controls – ShallonCSP uses technical security measures to make sure our systems where we store and use personal information are protected from unauthorised access. Tools such as two-step authentication controls, antivirus, firewalls, malware detection and back-up procedures are used across the business. 

All employee emails and devices are encrypted to enable secure transfer and storage of personal information.

We use trusted third parties to manage the security of online tools and applications to ensure your data is secure at all times.

We have a business continuity plan with disaster recovery and business continuity testing.

The purpose of Business Continuity Management and the ShallonCSP Business Continuity Plan, is to provide an effective, predefined and documented framework to respond to an incident affecting the Group’s activities. The key drivers in developing the business recovery plans are;

However, whilst we take appropriate technical and organisational measures to safeguard your Personal Information, please note that we cannot guarantee the security of any data that you transfer over the internet to us.[PH10] 

11. Google Analytics

This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses cookies (text files placed on your computer) to help the website operators analyse how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. 

In addition, we use Google’s remarketing technology to advertise online. In doing so, Google will place or read a unique ad-serving cookie on your computer and will use non-personal information about your browser and your activity on our sites to serve ads on their content network. Please visit https://tools.google.com/dlpage/gaoptout for more information about remarketing or to opt-out of the Google remarketing cookie.

We will only collect personal information about you if you send us an e-mail enquiry via the ‘contact us’ facility or you register to receive your investment performance reports by email. In order for this to happen, you will need to fill out the on line ‘contact us’ form or complete the registration details. The type of information being collected for an enquiry will be apparent from the layout of the ‘contact us’ form, which also tells you how this information will be used. The type of information collected to register to receive the investment performance report by email will be apparent from the details requested when you register. The information collected when you register will only be used to email your investment performance report and for no other reason.

We take all reasonable precautions to protect our visitors’ information, both on and off line. If your personal information changes, please let us know and we will correct, update or remove any information that we hold about you on our active databases. We may however need to retain archive copies of that personal information for legal or audit purposes. If you have any queries regarding the way in which ShallonCSP handles data collected from you on this website, please visit the contact us page.

By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out in the above four paragraphs.[PH11] 

12. Monitoring

Please note that if you communicate with us electronically, including by e-mail, telephone or fax, this communication may be randomly monitored and/or recorded to protect the interests of our business and our customers. This includes for the purposes of maintaining customer/service quality standards, detection of and/or prevention of crime and to ensure that ShallonCSP employees comply with legal obligations and ShallonCSP policies and procedures (including our customer relations practices).

13. Hyperlinks

We may provide hyperlinks from our websites to websites of other organisations. Please note that this Privacy Policy applies only to our website and that ShallonCSP will not be liable for the contents of linked web sites or any transactions carried out with organisations operating those websites.

14. Updates to this notice

From time to time we may need to make changes to this notice, for example, as the result of changes to law, technologies, or other developments. We will provide you with the most up-to-date notice and you can check our website periodically to view it.