Privacy Notice

July 2023

This notice contains information for the benefit of individuals whose details we handle in the course of our business. Among others this includes our clients, their representatives, owners, beneficiaries and guarantors.

Below we describe our handling of personal data and the rights people have under data protection law regarding the information we hold about them. Please share the content of this notice with such individuals where appropriate.

1. Contact details for personal data queries

The “controller” of your personal data, meaning the entity legally responsible for its handling (“processing”) is:

DB Investment Partners Limited
21 Moorfields
London
EC2Y 9DB
United Kingdom

Telephone: +44 (0)20 7545 8000

If you wish to discuss our processing of your personal data, you may do so through your usual DB Investment Partners Limited contact or by getting in touch with our Data Protection Officer via the contact details above or the following email address: dpo.uk@db.com.

2. What personal data might we hold about you and where do we obtain it?

We will only hold data about you that is relevant in the context of the business relationship which we have with you.

Some of this information we will obtain directly from you. We also process personal data from a range of other sources, which may include your employer, other Deutsche Bank Group entities, other companies and financial institutions, publicly available sources (e.g. the media, registers of companies or assets, internet websites, including social media platforms like LinkedIn) and from providers of business risk screening services, such as credit reference agencies, anti-fraud databases, sanctions lists and databases of news articles.

The types of personal data that we process may include, but are not limited to:

  • Name and contact details, marital status, employment details, power of attorney, specimen signature;
  • Passport/ID card data, date and place of birth, social security number, relationships with public officials, criminal record, sanctions and media screening results;
  • Assets, liabilities, credit score, account numbers, source of wealth, rationale for use of corporate structures, financial experience (MiFID status), financial objectives and risk appetite, domicile, tax status;
  • Records relating to our business relationship and relevant services, such as product sales, account activity, correspondence, data deriving from your usage of our IT platforms, mobile apps, recorded telephone lines, engagement with our marketing activities, attendance at our offices or events.

3. What do we use your personal data for?

We collect and use personal data in the course of providing financial services. Illustrations are provided below, under the specific grounds in the UK General Data Protection Regulation (GDPR) which allow us to do this:

For the performance of contractual obligations

It may be necessary for us to process your personal data in order to perform a contract we have with you or to take steps at your request prior to entering into a contract. For further details, please refer to your contractual documentation with us.

For compliance with a legal obligation or acting in the public interest

We are subject to a number of statutory and regulatory obligations that may require us to collect, store or disclose personal data, such as for fraud or money laundering prevention and detection or to respond to investigations or disclosure orders from the police, regulators of DB Group entities, and tax or other public authorities or courts, including outside the UK.

For the purposes of legitimate interests

We may process your personal data to the extent necessary to serve our legitimate interests or those of a third party. (The law permits this only insofar as such interests are not outweighed by a greater need to protect your privacy.) Cases where we may rely on legitimate interests to process your personal data include but are not limited to:

  • recording of telephone lines and monitoring of electronic communications for business and compliance purposes;
  • compliance and risk management activities, e.g. KYC (Know-Your-Customer) and creditworthiness checks or co-operating with relevant regulators and public authorities;
  • prevention and detection of financial crime;
  • information security and building security, including CCTV recording;
  • client or vendor relationship management, including marketing (unless you have objected/unsubscribed);
  • business analysis, operational efficiency;
  • development of products and services;
  • profiling of individuals for business or risk management reasons (see section 7 below);
  • evaluating, bringing or defending legal claims;
  • audits;
  • business restructurings.

On the basis of your consent

If you have a contract with us, its terms and conditions might provide consent for us to use your personal data in certain ways.

Further, there are some categories of personal data which the law deems so inherently sensitive that we generally need an individual’s consent to be able to store and use it. Information about a person’s health or religious beliefs are examples. If you voluntarily provide us with such information in circumstances where this could be relevant to the financial products and services we offer you (as could be the case for appropriate investment planning or Islamic financing) or for broader relationship management purposes, we will take it that this constitutes sufficiently clear consent from you for us to use this information as appropriate.

You are entitled to withdraw consent at any time under the GDPR. Note, however, that withdrawing your consent does not render our prior handling of your personal data unlawful and it might have an impact on our ability to continue to provide our services - for example if this means we will no longer be able to meet our regulatory or policy requirements satisfactorily.

4. Who might we share your personal data with?

Where necessary to fulfil your instructions to us or otherwise in line with the purposes outlined above, we may share information relating to you with a range of recipients including (but not limited to) the following: fund managers, depositaries and administrators, fund vehicles, DB Group affiliates and service providers, professional advisors, auditors, insurers, parties with whom we are negotiating a disposal of part of our business; credit reference agencies; background screening providers; financial institutions, payment and settlement infrastructure providers, exchanges, beneficiaries, regulators, courts and public authorities including tax authorities.

We will only disclose information about you as permissible in accordance with data protection law and our duties of client confidentiality.

5. Will we transfer your personal data to other countries?

Where lawful, your personal data may be transferred out of the UK for the purposes described above, including to countries without equivalent data protection laws to those in the UK. We require service providers everywhere to apply the same level of protection to your data as in the UK. We do this through the use of standard clauses approved by UK governmental and regulatory authorities which ensure adequate safeguards for data.

6. How long will we keep your personal data for?

We retain your personal data as long as necessary in light of the purposes for which we obtain it (see section 3 above) and in line with the periods set out in our data retention policies. Then we delete or anonymise it. Our retention decisions take into account the following:

  • The termination date of the relevant contract or business relationship;
  • Any retention period required by law, regulation or internal policy;
  • Any need to preserve records beyond the above periods in order to be able to deal with actual or potential audits, tax matters or legal claims.


7. Do we use your data for marketing or profiling purposes?

We may use your personal data to give you information about products and services offered by us or our DB Group affiliates that we think you may be interested in receiving. Where we consider it appropriate, and so far as compliant with marketing laws, we may contact you in this regard by email or telephone. See your right to object to marketing activity in the next section.

“Profiling” in the context of this notice is the use of an automated process to analyse personal data in order to assess or predict aspects of a person’s behaviour. We may use profiling in the following circumstances:

  • To assess creditworthiness (automated credit scoring based on proven techniques assists us with decision making and ongoing risk management).
  • To help prevent or detect financial crime;
  • To provide you with information on DB products and services that seem likely to be of interest;


8. Are you under an obligation to provide us with your personal data?

You are not required by law to provide us with your personal data. However, if you refuse to do so we may not be able conduct further business with you. For example, in order to satisfy our anti-money laundering obligations we have to verify the identity of our clients or owners. This inevitably requires us to collect certain personal data from current and prospective clients.

9. Will your data be kept secure?

As you would expect from a financial services provider, we take information security very seriously. We operate in accordance with the strict policy standards applied across DB Group. Appropriate technical and administrative measures are in place to protect your personal data from unauthorised access and accidental or unlawful disclosure, alteration, loss or destruction.

10. What legal rights do you have regarding your personal data?

You have a right to object to the processing of your personal data, including profiling (see section 7 above) where this is carried out:

  • for the purposes of our, or another party’s, legitimate interests; or
  • on the basis that we are acting in the public interest; or
  • for direct marketing purposes.

If you lodge an objection on the last of these three grounds we will simply stop processing your personal data for marketing purposes and any associated profiling. In the other two cases you have to provide grounds for your objection and we will stop processing the relevant data unless (i) we identify compelling legitimate grounds for the processing which override your rights and interests or (ii) we need to process the data in connection with a legal claim.

Subject to certain exceptions and limitations, by law you also have the right to:

  • Request access to your personal data. This enables you to receive a copy of the personal data we hold about you.
  • Request us to transfer personal data you have given us either back to you or to another company in a commonly used electronic format. This is known as the right to portability.
  • Request correction of the personal data that we hold about you. This enables you to have incomplete or inaccurate data that we hold about you corrected.
  • Request erasure of your personal data. This enables you to ask us to delete your personal data where there is no good reason for us continuing to process it. This is sometimes referred to as the “right to be forgotten”.
  • Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of your data, such as while we consider any objection or erasure request you have submitted (see above).
  • Withdraw consent to our processing of your personal data. This is discussed at the end of section 3 above.
  • Request not to be subject to automated decision making. This enables you to ask us not to make a decision about you that affects your legal position (or has some other significant effect on you) based purely on automated processing of your data. We do not as a rule make decisions of this nature based solely on automated processing and without any human assessment whatsoever. We would notify you specifically if we did.
  • Lodge a complaint about the processing of your personal data with the UK data protection regulator, the Information Commissioner’s Office (ICO). The ICO can be reached via its website, www.ico.org.uk, or by post at Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.

Further detail about these rights can be found mainly in Articles 12-22 of the GDPR and in guidance on the ICO website. See the contact details given in section 1 above if you wish to speak to us about exercising your rights.

11. Changes to this privacy notice

We may update this privacy notice from time to time in order to clarify it or address changes in law or our business operations. We will notify you if we make any substantial updates and you can always access the current version at the following website address:

www.dbip.com

We may also notify you in other ways about the processing of your personal data, such as in specific product documentation and online.