Concorde Investments Ireland Ltd ("CII"), with its registered office at Pembroke Hall, 38/39 Fitzwilliam Square, Dublin 2 is required under the General Data Protection Regulation ("GDPR"), to have in place a transparent Privacy Notice which explains how CII collects, uses and stores your personal data and also how, where applicable, CII discloses your personal data to third parties.
CII's Privacy Notice is contained in CII's Terms of Business and will be provided to you at the time of collection of the data. The Privacy Notice is also available on CII's website. CII may update its Privacy Notice from time to time and the most up to date version will be on CII's website. In this Privacy Notice we will use language and terms that are defined by the GDPR. We have included some of the main definitions in Appendix 1 to this Privacy Notice for your ease.
CII is a Data Controller for the purposes of GDPR.
If you have any questions relating to data protection you can contact us at info@ciireland.com.
In order for CII to provide you with its financial services it will collect personal data which allow it comply with relevant legislation and regulation thereby allowing us provide a service to you which will be in your best interest. If you do not provide CII with the requested personal data we will not be in a position to provide you with our services.
CII will collect personal data at the outset of the relationship. At that time you will be asked to complete application forms which will be the primary source of this personal data. The application form will also include relevant consents which you will be asked to provide. Additional sources of personal data include but are not limited to, email correspondence, telephone recordings, searches and publicly available information.
CII will collect this data from you directly when you engage with us. Alternatively, where you engage with an appointed intermediary acting on our behalf, the data will be collected from that appointed intermediary. Your personal data may also be provided to us by one of our affiliates for the purpose of providing you with our financial services.
Set out below is a table of the data we will collect from you.
| Data Collected | Legal basis and why we collect this data |
|---|---|
| Information which allows us to identify you. This includes information such as first name, surname, date of birth, address. | To allow us to perform the contract by meeting regulatory requirements associated with MiFID II. |
| Information which allows us to determine the suitability or appropriateness of a product or service for you. This extends to financial information, occupation, knowledge and experience, marital status, dependents. | To allow us to perform the contract by meeting regulatory requirements associated with MiFID II. |
| The nature of any trust or power of attorney | To allow us to perform the contract by meeting regulatory requirements associated with MiFID II and also any anti money laundering and counter terrorist financing obligations and as necessary for our legitimate interests. |
| Tax identification and residency | To meet revenue obligations. |
| Contact details, to include address, email address, telephone number |
To allow us to contact you in order to Fulfil reporting obligations to you. To keep you up to date on our services. To keep you up to date on our services, policies or Terms of Business or material changes thereto. To contact you in relation to any service currently being offered in order to provide you with relevant information pertaining to those services. |
| Proof of Address and ID | To meet anti money laundering and counter terrorist financing requirements and as necessary for our legitimate interests. |
| Account details | To meet anti-money laundering and anti-terrorist financing requirements and to prevent against cyber security fraud by securely transferring your funds to your dedicated account (which can be updated by you) and as necessary for our legitimate interests. |
| Criminal convictions and offences data | To meet anti-money laundering and anti-terrorist financing requirements and as necessary for our legitimate interests. Such information may form part of searches undertaken to meet these requirements. |
| Special categories of personal data |
Explicit consent will be sought To meet obligations in relation to dealing with a vulnerable individual. To meet anti-money laundering and anti-terrorist financing requirements and as necessary for our legitimate interests. Such information may result from searches undertaken to meet these requirements. To meet obligations in relation to dealing with employees |
| Information on business relationships, beneficial ownership, and financial information | To fulfill obligations relating to corporates for the purposes of anti-money laundering and counter terrorist financing and as necessary for our legitimate interests. |
| Consent and declaration information | To allow us to perform the contract by meeting legal and regulatory requirements. |
| Sharing of customer data with affiliates for internal administrative purposes | Legitimate interests. Also so that CII may offer you their products or services. |
| Recruitment: Applicant and employee information | Legitimate interests. Legal basis is the performance of a contract with CII. Necessary to assess suitability for a particular role. |
| Smartphone identification information (IP address, device Id) and security logs entries of client devices usage related to mobile application for clients | Security interests: Digital Operational Resilience Act , (EU) 2022/2554) , and the Network and Information Security (NIS) Directive |
CII also uses cookies on its webpages to make it easier to use its website, to provide customised services and to enhance user experience. Please see our Cookie Policy on CII's website.
CII will only share this information with third parties appointed to allow CII comply with its regulatory and legislative requirements and in order to provide you with the relevant service.
CII has appointed Citibank Europe plc, Hungarian Branch Office acting in the name and on behalf of Citibank Europe Plc. ("CEP") as an eligible credit institution which shall provide custody and safekeeping services. Where you avail of these services we will disclose to CEP aspects of your personal data which are required for the provision of this service.
CII will also share information with our affiliates so that they may offer you their products or services.
CII will not transfer your personal data outside of the EEA. Should CII need to transfer your personal data outside of the EEA in the future we will inform you of this by way of a revised Privacy Notice. In such cases CII will ensure that the country to which personal data is transferred has in place adequate levels of protection and safeguards as determined by the European Commission or alternatively has appropriate transfer mechanisms in place such as Model Contracts or the US Privacy Shield.
CII will only retain your personal data for as long as is necessary in order to comply with legal and regulatory requirements.
There are a number of rights available to you under GDPR relating to your personal data. These are set out below. If you wish to exercise any of these rights you are asked to submit your request to do so in writing to our registered address or by email to info@ciireland.com.
As a security measure we will be required to confirm your identity in advance of carrying out any requests.
We will endeavor to respond to you within 30 calendar days of receiving your request and once satisfied of your identity. More complex requests may require up to 90 calendar days and we will inform you of this extended timeframe where applicable within 30 calendar days.
We will process your request to the extent permissible by GDPR and in accordance with our legal and regulatory obligations and disclose to you any grounds for restricting or refusing your request.
Right of Access
You have the right to access the personal data we hold about
you. This is called a Subject Access Request or a Data Access Request to
which there may be grounds for restricting or refusing access.
Right of Data Portability
You have the right to receive your personal data in a form which
you can use and re-use it electronically as you wish. You can request
this information be transferred to yourself or to a third party.
Right of Rectification
You have a right to have personal data we hold about you corrected, completed or brought up to date.
Right to have Processing Restricted or Stopped
You can request that we stop processing your personal data in
certain circumstances for example in the case of direct marketing.
Right to be Forgotten (Right of Erasure)
You have a right to have your personal data erased in certain circumstances.
Right to Complain
You have the right to make a complaint to the Data Protection
Commissioner at Canal House, Station road, Portarlington, Co. Laois, R32
AP23, Ireland.
CII will hold data relating to applicants considering working with CII and the principles of data protection as outlined above also apply to CII applicants. CII will inform you in advance should we wish to review your social media profiles where warranted by the particular role. Data relating to an unsuccessful application may be retained by CII for up to 12 months. Should you become an employee of CII, your data will be held on your HR file and you will be provided with employee policies on this topic.
CII will hold data relating to its employees and the principles of data protection as outlined above also apply to CII employees. A separate privacy notice for employees will be provided to employees.
CII do not use fully automated decision making tools when dealing with your personal data. CII may use partially automated processes in order to evaluate your appetite for risk thus allowing CII provide you with services which are in your best interest.
Our website contains links to other websites. This privacy notice only applies to CII and its website www.ciireland.com. When you link to other websites you should read those websites privacy notices.
CII takes proportionate technical and organisational measures against the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to your personal data.
Should you wish to avail of CII's services you will be asked to confirm that you have read and understood this Privacy Notice and to provide your consent to the collection of your personal data in line with this Privacy Notice.
You may withdraw your consent at any time in relation to marketing activity by writing to us at info@ciireland.com
June 2024
Data means automated and/or manual data;
Data controller; Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means for the processing of personal data; where the purposes and means of such processing are determined by Union or Member State Law, the controller or the specific criteria for its nomination may be provided for by the Union or Member State Law.Data processor means an organisation, individual or public authority, agency or other body that processes personal data on behalf of a data controller;
Data subject means an individual who is the subject of personal data;
EEA means the European Economic Area, as defined in the EEA Agreement;
GDPR means the General Data Protection Regulation, which is more formally known as Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC;
Personal data means data relating to a living individual who is or can be identified either from the data or from the data in conjunction with other information that is in, or is likely to come into, the possession of the data controller;
Processing means carrying out an action or series of actions on the information or data, including:
(a) Obtaining, recording or keeping the information, or data;
(b) Collecting, organising, storing, altering or adapting the information or data;
(c) Retrieving, consulting or using the information or data;
(d) Disclosing the information or data by transmitting; disseminating or otherwise making it available;
(e) Aligning, combining, blocking, erasing or destroying the information or data;
Special categories of personal data means any personal data relating to:
(a) The racial or ethnic origin of the data subject;
(b) The political opinions or the religious or philosophical beliefs of the data subject;
(c) Trade-union membership of the data subject;
(d) The physical or mental health or condition or sexual life of the data subject;
(e) Biometric data; and
(f) Genetic data;
Criminal convictions data means any personal data relating to:
(a) The commission or alleged commission of any offence by the data subject;
(b) Any proceedings for an offence committed or alleged to have
been committed by the data subject, the disposal of such proceedings or
the sentence of any court in such proceedings; and
(c) Any related security matters