Truva Corp Privacy Notice
Dated October 2023
This privacy notice applies to Personal Data held by Truva Corp as data controllers, as described below.
It explains what information we collect about you, how we will use that information, who we will share it with and in what circumstances. This notice also outlines the steps we take to make sure the information stays private and secure.
We have implemented appropriate technical and organizational security measures designed to protect your Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, unauthorized access, and other unlawful or unauthorized forms of Processing, in accordance with applicable law. You are responsible for ensuring that any Personal Data that you send to us is sent securely. It is also important that the Personal Data we hold is accurate and current. Clients should inform Truva Corp if the Personal Data supplied changes during the term of a Client Agreement or any other contractual relationship.
Please refer to the definitions in our Terms and Conditions to understand the meaning of some of the terms used in this privacy notice.
We will only collect Personal Data in line with Data Protection Legislation. We may collect it from a range of sources and it may relate to any of our Services you apply for, currently receive from us or have had in the past. We may also collect information about you when you interact with us, e.g. visit our website or other channels, call us or visit our offices or ask about any of our services.
Some of it will come directly from you, e.g. when you provide CDD. It can also come from your advisors and intermediaries. We might also get some of it from publicly available sources.
The type of information that we collect will differ depending on what sort of Service you receive from us. If you are applying for a job with us, we will send you an additional privacy notice.
We collect and otherwise Process Personal Data relating to Data Subjects and any other person(s) involved in the business relationship, as the case may be, such as authorised representative(s), person(s) holding a power of attorney, beneficial owners, if different from the Client, any natural person who exercises control over an entity (control is generally exercised by any natural person who ultimately has a controlling ownership interest in an entity) and any person for the benefit of which the client is holding a company as agent, nominee or similar and if we receive Personal Data from those natural persons we will deem them to be a Data Subject.
Personal Data Processed by Truva Corp includes, but is not limited to:
- Information you provide to us;
- Personal details: name(s); sex; date and place of birth;
- Identity information: passport number(s); other government issued number(s); nationality; images of identity documents and signatures; authentication data; photographs and visual images;
- Contact details: address; telephone number; email address;
- Employment details: role; business activities; names of current and former employers; work address; work telephone number; work email address;
- Financial details: billing address; bank account numbers; credit card numbers; cardholder or account holder name and details; instruction records; transaction details; and counter party details.
- Electronic Identifying Data: IP addresses; cookies; activity logs; online identifiers; unique device identifiers; and geolocation data;
- Images: videos, pictures, CCTV footages; and
- Data without personal information, which could be attributed to a natural person by the use of additional information, can also be considered Personal Data.
Information we collect or generate about you:
- your financial information and information about your relationship with us, including the Services you access, your ways of interacting with us, your payment history, transactions records, and information concerning complaints and disputes;
- information we use to identify and authenticate you, e.g. your signature and your biometric information, and additional information that we receive from external sources that we need for compliance purposes;
- geographic information, e.g. about where you are located;
- information included in customer documentation;
- marketing and sales information, e.g. details of the Services you receive and your preferences;
- risk rating information, e.g. credit risk rating, transactional behaviour and underwriting information;
- investigations data, e.g. due diligence checks, sanctions and anti-money laundering checks, external intelligence reports, content and metadata related to relevant exchanges of information between and among individuals, organisations, including emails, voicemail;
- records of correspondence and other communications between us, including email and social media communications; and
- information that we need to support our regulatory obligations, e.g. information about transaction details, detection of any suspicious and unusual activity, and information about parties connected to you or these activities.
Information we collect from other sources, e.g.:
- information you’ve asked us to collect for you, e.g. information about your accounts or holdings with other companies, including transaction information;
- information from third party providers, e.g. information that helps us to combat fraud;
- Information from social media networking sites; and
- Cookies on our website.
We’ll only use your information where we have your consent or we have another lawful reason for using it. These reasons include where we:
- need to pursue our legitimate interests;
- need to process the information to enter into or carry out an agreement we have with you;
- need to process the information to comply with a legal obligation;
- believe the use of your information as described is in the public interest, e.g. for the purpose of preventing or detecting crime; and
- need to establish, exercise or defend our legal rights.
The reasons we use your information include (but are not limited to) to:
- deliver our products and services;
- carry out your instructions;
- carry out checks in relation to you;
- manage our relationship with you, including (unless you tell us otherwise) telling you about products and services we think may be relevant for you;
- understand how you use your accounts and services;
- prevent or detect crime, including fraud and financial crime, e.g. financing for terrorism and human trafficking;
- investigate and resolve complaints;
- ensure security and business continuity;
- enable risk management;
- provide online product platforms;
- implement product and service improvement;
- undertake data analytics to better understand your needs;
- protect our legal rights and comply with our legal obligations;
- correspond with solicitors, lenders, servicers and third party intermediaries;
- undertake system or product development and planning, insurance, audit and administrative purposes;
- recover money which you owe; and
- to bring a claim against a third party (where relevant).
Marketing and market research
We may use your information for market research and to identify trends. We may use your information to provide you with details about Truva Corp products and services, and also products and services from our partners and other relevant third parties. We may send you marketing messages by post or email. You can change your mind on how you receive marketing messages or choose to stop receiving them at any time. To make that change, please contact us in the usual way.
If you ask us not to send you marketing, it may take us a short period of time to update our systems and records to reflect your request, during which time you may continue to receive marketing messages. Even if you tell us not to send you marketing messages, we’ll continue to use your contact details to provide you with important information, or if we need to tell you something to comply with our regulatory obligations.
Our website may contain links to Truva Corp’s social networking accounts. We may offer you to publish graphic, visual and / or other information about you on our social networking accounts. We process this information in accordance with our legitimate interest to raise awareness about our goods and services. This Privacy Notice does not apply to the particular processing of Personal Data in our social network accounts for which we have obtained your consent (consent terms govern for these situations).
Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy notices. Our website is not intended for children, and we do not knowingly collect data relating to children.
We may share your information with others where lawful to do so, including where we or they:
- need to in order to provide you with products or services you’ve requested, e.g. fulfilling a payment request;
- have a public or legal duty to do so, e.g. to assist with detecting and preventing fraud, tax evasion and financial crime;
- need to in connection with regulatory reporting, litigation or asserting or defending legal rights and interests;
- have a legitimate business reason for doing so, e.g. to manage risk, verify your identity, enable another company to provide you with services you’ve requested, or assess your suitability for products and services;
- have asked you for your permission to share it, and you’ve agreed.
We may share your information for these purposes with others including:
- other Truva Corp Affiliates and any sub-contractors, agents or service providers who work for us or provide services to the Truva Corp group (including their employees, sub-contractors, service providers, directors and officers);
- any joint account holders, trustees, beneficiaries or administrators;
- people who give guarantees or other security for any amounts you owe us;
- people you make payments to and receive payments from;
- your intermediaries, correspondent and agent banks, clearing houses, clearing or settlement systems, market counterparties and any companies you hold securities in e.g. notes, bonds or options;
- other financial institutions, lenders and holders of security over any property you charge, tax authorities, trade associations, credit reference agencies, payment service providers and debt recovery agents;
- any fund managers who provide asset management services to you and any brokers who introduce you to us or deal with us for you;
- any entity that has an interest in the products or services that we provide to you, including if they take on the risk related to them;
- any people or companies where required in connection with potential or actual corporate restructuring, merger, acquisition or takeover, including any transfer or potential transfer of any of our rights or duties under our agreement with you;
- law enforcement, government, courts, dispute resolution bodies, our regulators, auditors and any party appointed or requested by our regulators to carry out investigations or audits of our activities;
- other parties involved in any disputes, including disputed transactions;
- fraud prevention agencies who’ll also use it to detect and prevent fraud and other financial crime and to verify your identity;
- anyone who provides instructions or operates any of your accounts, products or services on your behalf, e.g. power of attorney, solicitors, intermediaries, etc;
- anybody else that we’ve been instructed to share your information with by either you or anybody else who provides instructions or operates any of your accounts on your behalf; and
- we may share aggregated or anonymised information, with partners such as research groups, universities or advertisers. You won’t be able to be identified from this information.
We keep your information in line with our data retention policy. For example, we’ll normally keep your core data for a period of ten years from the end of our relationship with you. This enables us to comply with legal and regulatory requirements or use it where we need to for our legitimate purposes, such as dealing with any disputes or concerns that may arise.
We may need to retain your information for a longer period, where we need the information to comply with regulatory or legal requirements or where we may need it for our legitimate purposes, e.g. to help us respond to queries or complaints, fighting fraud and financial crime, responding to requests from regulators, etc. If we don’t need to retain information for this period of time, we may destroy, delete or anonymise it more promptly.
Your information may be transferred to and stored in locations outside of the UK and the European Economic Area (EEA), including countries that may not have the same level of protection for personal information as the UK and the EEA do. When we do this, we’ll ensure it has an appropriate level of protection and that the transfer is lawful. We may need to transfer your information in this way to carry out our contract with you, to fulfil a legal obligation, to protect the public interest and / or for our legitimate interests. In some countries the law might compel us to share certain information, e.g. with tax authorities. Even in these cases, we’ll only share your information with people who have the right to see it.
Subject to applicable law, you may have a number of rights regarding the Processing of your Personal Data, including:
- the right to request access to, or copies of, your Personal Data that we Process or control, together with information regarding the nature, Processing and disclosure of those Personal Data;
- the right to request rectification of any inaccuracies in your Personal Data that we Process or control;
- the right to request erasure or restriction of your Personal Data that we Process or control;
- the right to have your Personal Data that we Process or control transferred to another Controller, to the extent applicable;
- the right to withdraw your consent. Please note that Processing that was carried out before the withdrawal is not affected by it;
- the right to lodge complaints with a Data Protection Authority regarding the Processing of your Personal Data by us or on our behalf; and
- the right to object to the Processing of your Personal Data by us or on our behalf that is necessary for our purposes of the legitimate interests. Please note that in such cases we might not be able to provide services and/or maintain a business relationship with you anymore.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
We keep our privacy notice under regular review. We do not meet the necessary criteria for a mandatory appointment of a Data Protection Officer under the UK General Data Protection Regulation or an EU Representative under the General Data Protection Regulation. We have allocated informal responsibility to a person in our business who can deal with any data protection related matters. You can contact our privacy manager by sending an email to [email protected] or writing to us at 3rd Floor, 30 Bedford Street, London WC2E 9ED.