Privacy Statement NorthCape AS – Update May 2022
Introduction
NorthCape is an international arranger of finance, specializing in the shipping, cruise, offshore and aviation sectors.
We are committed to being transparent about how we collect and use personal data and to meeting our obligations in relation to data protection.
Data Controller/Responsible Person
All references to NorthCape refer to NorthCape AS or any of its’ affiliated entities NorthCape Capital AS, NorthCape Pte. Ltd, NorthCape Partners Pte. Ltd and NorthCape Capital Ltd.
NorthCape is the “data controller” for the purposes of processing personal data as well as for the purpose of the applicable data protection legislation, meaning that we are responsible for deciding how we both hold and use personal information about you. Data about you collected and processed (i.e. activities such as storing, recording, altering, retrieving, restricting or erasing) by the relevant NorthCape entity with which you have been engaging, may be shared with the other companies within the NorthCape group of companies.
The day to day responsibility for collection and processing of personal data lies with the Managing Partner(s)/CEO(s) of NorthCape AS.
Personal data that is stored
We store personal data about:
- our clients, financial institutions and contacts;
- guests to our events and seminars;
- individuals for the purposes of employment, recruitments or internships;
- visitors to any of our offices; and
- providers of services and suppliers.
The data we store includes, but is not limited to:
- name, address and contact details, including both business and personal email addresses and telephone numbers;
- date (and place) of birth, identification numbers and documents;
- employment status, professional qualifications, references and pay records as well as directorships and shareholdings;
- background checks and information about medical or health records;
- other information about an individual that you or they disclose to us when communicating with us; and
- information we obtain from third parties, such as information that we obtain when verifying details supplied by you.
Reason for processing
The reason for collecting and processing of personal data is for legitimate business purposes such as:
- Provision of services to you and carry out obligations according to agreements with you or others;
- Establishing client relationships;
- Confirming your or their identity and carry out background checks, including as part of our checks in relation to anti-money laundering, compliance screening and to prevent fraud and other crimes;
- For our reasonable commercial purposes (including in connection with our insurance, quality control and administration and assisting us to develop new and improved services);
- To enable us to do business with our clients, companies or institutions providing finance or capital, business relations and service providers; and
- To comply with any requirement of applicable laws or regulations;
The basis for collecting and processing of personal data is the General Data Protection Regulation Article 6 (1).
Collection of personal data
We use cookies on our website to provide visitors to our website with the best visitor experience and service. The act relating to electronic communication requires that we inform our visitors about the use of cookies. We use Google Analytics to track and report website traffic. The information collected is not of a character that be traced back to individuals, but provides information about,
amongst others, how many people visit our website, how long the visits last, the website visited prior to our website, what browser is used etc. The data allows us information necessary to improve our website. You can read more about how Google Analytics collect and handles data here.
Disclosure of information to third parties
Other than to legal advisors appointed for a specific transaction in which you are involved, or third parties where we have your express consent to do so, we do not share, sell, transfer or otherwise disclose personal data to others unless we are legally obliged to do so.
Erasure of personal data
Personal data collected from you will be stored for the duration of our business relationship or for as long as NorthCape has a legitimate need for, and a lawful right to, keep these, but in any case not for a shorter period that was is required for the compliance with the statutory storage obligations of
NorthCape.
Personal data i) about our clients’ contact persons or ii) collected pursuant to Anti-Money Laundering purposes will be erased five years after the client relationship is terminated.
Data we are obliged to keep according to the Accounting Act will be stored for up to 5 years, in accordance with the requirements of the law.
Rights of the registered person
We process your personal data in accordance with the Personal Data Act of Norway and applicable regulations.
You have the right to request
a) access to any personal data we have stored in relation to you;
b) that any incorrect data be corrected and/or erased; and
c) processing limitations under certain circumstances.
In cases where the processing is based on your consent, you have the right to withdraw your consent to such processing at any time.
We retain our right to refuse access, rectification and erasure if we are entitled or required by law to do so.
A complaint may be registered with the Norwegian Data Protection Authority for processing in contravention of the rules.
Information security
We safeguard your personal data in the case of both physical and virtual access, and access control, as well as by encrypting sensitive areas of the information provided.
Contact information
Inquiries regarding what information is recorded, correction and deletion can be submitted in writing to our data protection officer, Vibeke Vilhelmsen, at the following addresses:
dataprotection@ncape.com