1. Introduction
“Maslow A8”, “we”, “us” and “our” means Maslow A8 Designated Activity Company.
We are committed to respecting your privacy. For the purposes of data protection law, Maslow A8 is a controller in respect of your personal data. Maslow A8 is responsible for ensuring that your personal data is used in compliance with applicable data protection law, including the EU General Data Protection Regulation 2016/679 (“GDPR”) and the Irish Data Protection Acts 1988 to 2018.
This privacy notice (“Privacy Notice”) applies to you if:
a) you are engaged in the provision of finance to Maslow A8 or any member of a group of companies involved in the provision of such financing, including directors and individual beneficial owners (the “Financing Parties”);
b) you are a borrower of funds from Maslow A8 or any member of the borrower’s group, including directors and individual ultimate beneficial owners) (the “Borrowing Parties”);
c) you are a director, officer, shareholder or ultimate beneficial owner of Maslow A8;
d) you are the provider of professional services to Maslow A8, the Financing Parties or the Borrowing Parties; and
e) you otherwise provide services to Maslow A8, the Financing Parties or the Borrowing Parties.
The Privacy Notice sets out how we handle your personal data, that we create, you provide to us or that we obtain about you from other sources. You must not share any personal data in respect of the Financing Parties or the Borrowing Parties with us unless you have the explicit authority of the relevant individuals and have shared this Privacy Notice with them in advance.
Please take the time to read and understand this Privacy Notice. We may update this Privacy Notice from time to time.
2. Personal data we collect about you
We will collect and process the following personal data about you:
a) Information that you provide directly to us or to one of our appointed service providers
This includes information and documentation that you provide to us by filling in forms or by communicating with us, whether face-to-face, by phone, email or otherwise. Our procedures include a requirement to submit information and documentation to allow us to perform relevant customer due diligence (“CDD”) checks to comply with applicable anti-money laundering and counter-terrorist financing laws and regulations, both at onboarding and on a continuous basis, and/or to assess your suitability for the purposes of the making of a loan by Maslow A8 to you.
The personal data we collect about you may include:
• identity (such as, your name, address, date of birth, gender, nationality, citizenship, marital status, residential address, tax residency and tax related information, family details), contact details (including email, telephone, correspondence address) and financial information about you as well as about directors, partners, members, shareholders, beneficial owners and guarantors connected with the Financing or Borrowing Parties as appropriate;
• employment details (including job title and name of employer or details of any self-employment);
• information provided to us for the purposes of verifying identity, including but not limited to copies of passport, driving license or other photo identification, in addition to proof of residential address; and
• recordings of any telephone calls with you that we or our appointed service providers
are required to make as a matter of law or for dispute resolution purposes and records of your activity on any information technology system maintained and provided by us or by any of our appointed service providers.
b) Information we obtain from other sources
We may also obtain information about you from third parties, including but not limited to credit reference agencies, fraud prevention agencies, Companies Registration Office (Ireland), Irish Revenue Commissioners, Central Register of Beneficial Ownership of Companies and Industrial and Provident Societies (Ireland), Companies House (UK), the Home Office (UK), HM Revenue & Customs (UK), accountants, insolvency practitioners, debt advisers, AML specialist providers and screening tools, tracing agents, commercial databases, public records and other publicly available information sources.
The types of information we collect from third parties may include CDD details and any money laundering, terrorist financing, financial sanctions or suspected fraud details, and we use the information we receive from these third parties to assess suitability for the making of loans, undertake CDD checks, prevent fraud, money-laundering and terrorist financing, ensure compliance with financial sanctions obligations and to maintain and improve the accuracy of the records we hold about you.
In general, we will use the personal data we collect from or about you only for the purposes described in this Privacy Notice or for purposes that we explain to you at the time we collect your personal data.
3. Uses of your personal data
Your personal data may be stored and processed by Maslow A8 in the following ways and for the following purposes:
a) To make lending decisions: if you are a prospective borrower of funds from Maslow A8, this may include assessing your application, checking details on proposals and claims for all types of insurance, making a credit decision, opening accounts and/or verifying your identity.
b) To verify your identity and prevent any fraud, money laundering or terrorist financing and ensure compliance with financial sanctions obligations: by, for example, checking details provided on applications for credit facilities or due diligence packs.
Please note:
• If you give us false or inaccurate information and/or we suspect or identify fraud or money laundering or terrorist financing risks, we will record this and will allow law enforcement agencies to access and use your personal data to detect, investigate and prevent crime as required. We may also access and use information recorded by credit or fraud prevention agencies in other countries. This information may contain your personal data.
• If we, or a fraud prevention agency, determine that you pose a fraud, money laundering or terrorist financing risk, we may refuse to provide the services or financing you have requested and/or we may stop providing existing services to you.
• If we determine that it is necessary for the purposes of compliance with applicable financial sanctions obligations, we may refuse to provide the services or financing you have requested and/or we may stop providing existing services to you.
c) To provide you with information and services that you request from us: this will include maintaining accounts, updating our records, verifying your identity, transferring or receiving money and servicing your loan.
d) Security: we are required to secure and manage access to our IT and communication systems and other systems and prevent and detect security threats, fraud or other criminal or malicious activities.
e) Audit: we are required to process certain personal data to meet our audit obligations, implementing risk management processes, corporate governance, maintaining and monitoring IT systems and management of third party service providers.
f) Debt collection: enforcing loan or security provisions or tracing you in the case of a default.
4. Lawful bases for processing your personal data
We are entitled to use your personal data, as detailed above, as follows:
a) you require us to take specific steps to decide if we can enter into a loan contract with you, including to make credit decisions and where appropriate provide you with loan terms and/or a loan offer;
b) the processing is necessary for us to enter into a loan agreement with you and to comply with our obligations under the loan agreement including to provide you with information and services that you request from us;
c) we have legal and regulatory obligations that we have to discharge, particularly in respect to compliance with company law requirements, for the prevention of fraud, money laundering and terrorist financing, for the purposes of compliance with applicable financial sanctions obligations and for us to comply with certain audit obligations;
d) we may need to use your personal data to establish, exercise or defend our legal rights or for the purpose of legal proceedings; or
e) the use of your personal data is necessary for our legitimate business interests (or the legitimate interests of one or more of our appointed service providers), such as:
• being able to enforce our contractual agreements including but not limited to our loan agreements terms and conditions and loan security;
• being able to carry out internal and external audits on our loans and origination processes to ensure quality and consistency across our portfolio;
• compliance with company law requirements, preventing fraud, money laundering, terrorist financing and for the purposes of compliance with financial sanctions obligations, as well as protecting the business of Maslow A8 more generally.
5. Disclosure of your information to third parties
We may share your personal data as follows:
a) with credit reference and fraud prevention agencies. If false or inaccurate information is provided and/or fraud is suspected or identified, details will be passed to fraud prevention agencies;
b) with a third-party loan servicer for the purposes of providing services to us and you, and in particular providing investment advisory and asset management services, facility agent services and security agent services. Any third-party servicer will be subject to confidentiality requirements and they will only use your personal data as described in this Privacy Notice;
c) with third party service providers, such as IT service providers, corporate service providers, data hosting providers, professional advisers, legal services providers for the purposes of providing services to us. Any third-party service provider will be subject to confidentiality
obligations to safeguard your personal data when they have access to it;
d) we may disclose your personal data to our institutional funding lines and equity providers in accordance with our contractual obligations. Any such disclosure will be subject to confidentiality requirements and your personal data would only be used as described in this Privacy Notice;
e) if we sell any of our business or assets, in which case we may disclose your personal data to the prospective buyer for due diligence purposes;
f) if we are acquired by a third party, in which case personal data held by us about you will be disclosed to the third-party buyer;
g) to government bodies and agencies in the UK, Ireland and overseas, as required;
h) payment systems if you require us to use them to process transactions; and
i) there may also be circumstances where we are obliged by law to disclose personal data, including to law enforcement agencies and applicable regulators, or when we believe that disclosure is necessary to protect our rights and/or comply with a judicial proceeding, court order, request from a regulator, national security, for the purposes of public importance or any other legal or investigatory process involving us.
6. Transfers of personal data outside the European Economic Area/ United Kingdom
Noting that the EU Commission has published an adequacy decision with respect to the UK, the personal data that we collect from you may be stored in the UK and/or European Economic Area (“EEA”). Where we transfer your personal data to a country outside the UK or the EEA, which is not already recognised by the European Commission as providing adequate protection, we will implement appropriate safeguards (such as the European Commission approved standard contractual clauses) to govern such transfers, pursuant to applicable data protection laws. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.
7. Retention of personal data
The retention policy period of Maslow A8 for personal data is six years in most cases, subject to such shorter timelines as may be specified in applicable laws and regulations in respect of certain categories of records.
8. Your rights
Individuals whose personal data is processed by us have certain legal rights in respect of their personal data where EU data protection laws apply. To exercise these rights and controls, please use the details provided in the “Contact Us” section below. These individual rights include:
a) The right to request a copy of the personal data that we hold about you free of charge; however we may charge a ‘reasonable fee’ if we think that your request is excessive, unfounded or repetitive, to help us cover the costs of locating the information you have requested, or if you ask for additional copies of your personal data. Alternatively, we could refuse to comply with your request in these circumstances.
b) The right to require rectification (correction) of errors in personal data if it is inaccurate or needs to be updated.
c) The right to have personal data erased in certain circumstances where you think that we should not be holding or processing your personal data any more. Please note that this may not always be possible due to legal obligations.
d) The right to restrict the processing of your personal data (other than storing it) in certain situations including where: (i) you contest the accuracy of the personal data (until the accuracy is verified); (ii) the personal data is being processed unlawfully but you do not want the personal data erased; (iii) the personal data is no longer needed for the purposes for which it was collected, but you still require that personal data to help establish, exercise or defend legal claims; or (iv) you object to the processing where we process your personal data on the basis of our, or a third party’s legitimate interests pending verification of whether our, or a third party’s legitimate interests override your own rights.
e) The right to receive personal data in a structured, commonly used and machine- readable format and (if certain conditions are satisfied), transmit that personal data to a third party, if we have the technical means.
f) The right to object to processing, including:
(i) for direct marketing;
(ii) for research or statistical purposes; or (iii) where processing is based on legitimate interests.
In the limited circumstances where the individual may have provided their consent to the collection, processing and transfer of personal data for a specific purpose, the individual has the right to withdraw consent for that specific processing at any time. To withdraw consent, please use the details provided in the “Contact Us” section below.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to facilitate our response.
9. Contact us
If you would like further information on the collection, use, disclosure, transfer or processing of your personal data, the exercise of any of the rights listed above, or if you have any other questions about the processing of your personal data, please address questions, comments and requests to MaslowA8@caficointernational.com.
Issues or concerns you may have regarding how we handle your personal data can also be brought to the attention of your local data protection authority. However, if you have any concerns or question, we request that you contact in the first instance to respond and address any concerns.