XCM respects your privacy and is committed to protecting your personal information. This privacy statement will inform you as to how we look after your personal information and inform you about your privacy rights and how the law protects you. This statement applies to you only if you are a resident of a member state of the European Union or the European Economic Area. If you are a resident of Curaçao or elsewhere, please see our Non-EU privacy statement.
- Visitors to XCM’s website
- Visitors to XCM’s premises
- Individuals with whom XCM has contact for business purposes
- Individuals who are associated with XCM’s suppliers, vendors or professional advisers
- Lawful basis for using your personal information
- Change of purpose
- IMPORTANT INFORMATION
XCM respects your privacy and is committed to protecting your personal information.
This privacy statement describes how we collect and use personal information about you during and after your relationship with us, in accordance with the General Data Protection Regulation (GDPR).
It applies to:
- individuals with whom XCM may have had contact for business purposes, either on our own account or on behalf of third parties or organizations;
- individuals who are employed by or otherwise associated with XCM’s suppliers, vendors or professional advisors;
- individuals who are involved in transactions or potential transactions which are evaluated or conducted by XCM or any of XCM’s sub-advisors; and
- individuals who have opted to receive communications from XCM.
This privacy statement does not form part of any contract of services.
This website is not intended for children and we do not knowingly collect data relating to children.
XCM (Xecutive Corporate Management N.V.) is a Limited Liability Company that is an independent, privately held provider of professional fiduciary services headquartered in Willemstad, Curaçao.
This privacy statement is issued on behalf of XCM, so when “XCM”, “we”, “us” or “our” is mentioned in this privacy statement, we are referring to the relevant entity XCM, which is responsible for processing your personal information.
Unless otherwise specified, the designated contact entity in relation to XCM matters in the EU and EEA is Xecutive Corporate Management N.V. (registered in on Curaçao under licence number 0131TRUSTRP, granted by the Central Bank of Curaçao and Sint Maarten). You may contact us at email@example.com or using the details set out on our website.
For the purposes of the GDPR, XCM is the controller of your personal information, for further details of which, please click below as appropriate. This means that we are responsible for deciding how we hold and use personal information about you. We are required under the GDPR to notify you of the information contained in this privacy statement.
If you have any questions about this privacy statement, including any requests to exercise your legal rights, please contact the Data Privacy Officer at firstname.lastname@example.org or using the details set out on our website.
You have the right to make a complaint at any time to the relevant data protection authority (for details of which please click below). We would, however, appreciate the chance to deal with your concerns before you approach the data protection authority, so please contact us in the first instance.
Xecutive Corporate Management N.V. is the main controller of personal information in relation to XCM business in the Caribbean and so responsible for this privacy notice.
You can contact XCM as follows:
- By post Fransche Bloemweg 4, Willemstad, Curaçao, Dutch Caribbean and communications should be marked for the attention of the Data Privacy Officer.
- By telephone on +5999 843-0012
- By email email@example.com
You have the right to make a complaint at any time to the EUROPEAN DATA PROTECTION SUPERVISOR (EDPS), the EU’s independent data protection authority (edps.europa.eu). We would, however, appreciate the chance to deal with your concerns before you approach the EDPS, so please contact us in the first instance.
It is important that you read this statement, together with any other privacy statement we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information.
We reserve the right to update this privacy statement at any time. We may also notify you in other ways from time to time about the processing of your personal information.
- DATA PROTECTION PRINCIPLES
We will comply with applicable data protection law. This says that the personal information we hold about you must be:
- used lawfully, fairly and in a transparent way;
- collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;
- relevant to the purposes we have told you about and limited only to those purposes;
- accurate and to the extent appropriate, kept up to date;
- kept only as long as necessary for the purposes we have told you about; and
- kept securely.
- PERSONAL INFORMATION WE HOLD ABOUT YOU, PURPOSES AND LAWFUL BASIS FOR PROCESSING
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
There are more sensitive types of personal data which require a higher level of protection, known as ‘special categories’ of personal data under the GDPR. We do not collect any ‘special categories’ of personal data under the GDPR. We do not collect any ‘special categories’ of personal data about you except in the context of dietary requirements for events and meetings that you voluntarily provide to us. We do not collect any information about criminal convictions and offences, unless revealed by due diligence conducted to comply with a legal or regulatory obligation or as part of recruitment processes.
Please click on the relevant section to see the categories of personal information about you that we collect, store, and use, the purposes of processing and our lawful basis for doing so.
Visitors to XCM’s website
We may collect information about you through technology. For example, we may collect your IP address each time you request a page during a visit to the website. (An IP address is often associated with the portal through which you enter the Internet.) At times, we may also use IP addresses to collect information regarding the frequency with which users browse various parts of the website.
The website may also use other technical methods to track and analyze the traffic patterns on the website, such as the frequency with which our users visit various parts of the website. These technical methods may involve the transmission of information either directly to us or to another party authorized by us to collect information on our behalf. We may also use these technical methods in HTML e-mails that we send our website users to determine whether such users have opened those e-mails and/or clicked on links in those e- mails. We may collect the information from use of these technical methods in a form that is personally identifiable.
You are not required to provide any personal information to access public areas of our website.
Please also see the section on Cookies below.
Visitors to XCM’s premises
When you visit our premises, we may collect the following personal information about you for the following purposes:
- contact information by completion of the security list of visitors in line with our legitimate interests (security of the building);
- video images of you in the entry and exit areas from CCTV footage in line with our legitimate interests (security of the building);
- your name and time of entry to XCM’s premises through a security access system in line with our legitimate interests (maintaining security of our premises);
- names and dietary preferences for catering purposes in meetings in line with our legitimate interests (respecting visitors’ needs);
- if applicable, health information by completion of the first aid accident book in order to comply with legal obligations (health and safety); and
- When organizing events (for example conferences, charity events or student/alumni events), we may provide guests with name badges indicating their name and organization and provide attendee lists, team lists and table plans.
Individuals with whom XCM has contact for business purposes
If you have had contact with XCM, for example through emailing or meeting a representative of XCM, we collect, use and store limited amounts of personal information relating to you, such as your name, job title, employer organization and contact details. We use publicly available information about you or information you have provided us with to add to XCM’s contact directory. If your contacts with XCM also fall within other categories defined below, we will also collect, store and share your personal information as described in those categories.
We will collect and store this personal information for the purposes of:
- maintaining a directory of contacts;
- organizing meetings between you and XCM’s representatives; and
- general business marketing, including reporting on macro trends and other business and economic insights;
We will share the personal information we hold about business contacts with:
- third-party service providers which process personal information on XCM’s behalf,
- professional advisors, such as accountants, lawyers or other consultants;
- XCM’s auditors; and
- applicable regulators and other governmental agencies anywhere in the world.
The legal basis for collecting, using and storing personal information about business contacts is that such processing is necessary for our legitimate interests in undertaking business development and promotion.
Individuals who are associated with XCM’s suppliers, vendors or professional advisers
If you are a supplier or vendor to XCM, or one of our professional advisers, we will collect, use and store limited amounts of personal information relating to you, including your name, job title, qualifications, employer or parent organization and contact details.
We will collect, use and store this personal information for the purposes of conducting anti-money laundering checks, administering and maintaining records of goods, services or advice we have received, and commissioning further services or procuring further goods.
The personal information we hold about suppliers and professional advisers will be shared with:
- a wide range of third-party service providers which process personal information on XCM’s behalf, such as providers of telecoms, IT, courier, HR, security, legal accountancy, data and catering services.
- professional advisors, such as accountants, lawyers or other consultants;
- XCM’s auditors; and
- applicable regulators and other governmental agencies anywhere in the world.
Our legal basis for collecting, using and storing personal information that you provide to us is that such processing is necessary for our legitimate interests in operating our business.
Lawful basis for using your personal information
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances (each a lawful basis):
- where we need to perform the contract we are about to enter into or have entered into with you;
- where it is necessary for our legitimate interests (as further explained in the relevant section applicable to you above) and your interests and fundamental rights do not override those interests; or
- where we need to comply with a legal or regulatory obligation.
Generally, we do not rely on consent as a legal basis for processing your personal data.
Change of purpose
We will only use your personal information for the purposes for which we collected it or as otherwise described in this notice, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
The help menu of most browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie, and how to disable cookies completely. Additionally, you can disable or delete similar data used by browser extensions by changing the extension’s settings or visiting the website of its manufacturer. However, if you disable cookies, you may experience reduced functionality.
To learn more about what cookies are set on your computer as you browse the Web and how to manage or delete them, visit www.allaboutcookies.org.
We want to ensure that our websites provide a good experience. These cookies (which are set by third parties providing services to us) allow us to monitor how visitors use our Website. These cookies provide us with anonymous statistics on how many people visit the Website and where they have come from and the pages they visit so that we can continue to develop and improve the Website and our services.
|Google Analytics||Collects statistical information about how you use the Website so that we can improve the Website http://tools.google.com/dlpage/gaoptout|
You may refuse to accept cookies by altering the settings on your internet browser. For more information about how to do this, look at your browser ‘help’ section or visit www.allaboutcookies.org and www.youronlinechoices.eu.
Please note that if you adjust your internet browser settings to refuse the setting of cookies, you may not be able to access or use fully certain parts or functionality of the Website.
Updates to this policy
So that we can offer you the best possible online experience, new services using cookies may be added to our Website from time to time. We aim to keep the cookies information provided here as accurate as possible and use all reasonable efforts to regularly review and update the details. When we update these details we will post changes on this page or on other pages of our Website or let you know about changes in our communications with you.
- DATA SHARING
We seek to share your personal information with third parties only where we believe it is necessary or consistent with our legitimate interests, including to third-party service providers.
We require third parties to respect the security of your personal information and to treat it in accordance with the law. We use a range of third parties from time to time to provide a wide range of services, including telecoms, IT, courier, HR, security, legal, accountancy, data, and catering services.
We collect your personal information outside the European Economic Area and when we do, you can expect a similar degree of protection in respect of your personal information.
- The Types of Information We Collect About You
When you enter and browse the Website, we may collect two different types of information about you: information you provide to us, and information we collect through technology.
Information You Provide to Us
In order to obtain access to certain information or materials provided via the Website, you may have to provide information that we collect and store in a way that allows us to relate it to you personally, including but not limited to your name, e-mail address, mailing address and phone number. We refer to such information as personally identifiable information. Additionally, we may collect and retain a record of all communications with you.
Information We Collect Through Technology
We may collect information about you through technology. For example, we may collect your IP address each time you request a page during a visit to the Website. (An IP address is often associated with the portal through which you enter the Internet.) At times, we may also use IP addresses to collect information regarding the frequency with which users browse various parts of the Website.
The Website may also use other technical methods to track and analyze the traffic patterns on the Website, such as the frequency with which our users visit various parts of the Website. These technical methods may involve the transmission of information either directly to us or to another party authorized by us to collect information on our behalf. We may also use these technical methods in HTML e-mails that we send our Website users to determine whether such users have opened those e-mails and/or clicked on links in those e-mails. We may collect the information from use of these technical methods in a form that is personally identifiable.
Cookies and How We Use Them
Cookies are small text files that may be placed on your browser when you visit our Website. Cookies are used primarily for administrative purposes, to improve your experience with our Website. For instance, when you return to the Website after logging in, cookies provide information to the Website, including personal information, so that the Website will remember who you are.
Using the settings of your Internet browser, you can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. Consult your browser Help menu to learn the correct way to modify your cookies. If you choose to turn off cookies, you may not have access to many features make your browsing of our Website smoother, and some of our services may not function properly. You may at any time delete any cookies set by using the relevant option of your Internet browser or by deleting the cookies on your hard drive. If you would like to modify your browser to notify you when you receive a new cookie or to disable cookies altogether, please refer to Managing Cookies.
If you continue without changing your settings, we will assume that you accept receipt of all cookies on the XCM Website.
- Our Use of Your Personally Identifiable Information
XCM does not disclose any nonpublic personally identifiable information about its Website users to any nonaffiliated third party, except as set forth below.
We may also store your personally identifiable information and share it with our affiliates. We may use or disclose this information for research and other business purposes, and we may associate your personally identifiable information with other information we collect about you, such as details about your usage patterns and interests, but we will not sell this information or disclose it to third parties.
We may also use service providers to facilitate our services or platform functions on our behalf. These companies and individuals may have access to your personally identifiable information, as needed to perform their functions, but may not use it for another purpose.
- How We Use Your Non-Personally Identifiable Information
Non-personally identifiable information is information that does not personally identify you, including anonymous information and aggregate data. We may use this information to understand better how our visitors use the Website, research our visitors’ demographics, interests, and behavior, improve the Website, provide visitors with customized services and information, and for other similar purposes. We may combine this information with personally identifiable information. We may share this information with others, such as investors, for information or promotional purposes, and may use this information in any manner permitted by law, but any disclosure that identifies you personally will be governed by Section 2 of this page.
- Protection of Information
We endeavor to protect your personally identifiable information. We use technical, administrative and physical methods to maintain the integrity and security of our databases, including firewalls. However, please be aware that there is no such thing as “perfect security” on the Internet, and third parties may unlawfully intercept or access transmissions or private communications. We will not be responsible or liable for any damages, losses or causes of action arising out of or in connection with the disclosure of your personally identifiable information.
- Do Not Track
XCM does not track its customers over time and across third party websites to provide targeted advertising and therefore does not respond to Do Not Track (“DNT”) signals. However, some third party sites do keep track of your browsing activities when they serve you content, which enables them to tailor what they present to you. If you are visiting such sites, your browser allows you to set the DNT signal so that third parties (particularly advertisers) know you do not want to be tracked. You should consult the help pages of your browser to learn how to set your preferences so that websites do not track you.
- International Use
XCM makes no claims that materials on the Website are appropriate or may be downloaded for use in locations outside of Curaçao. Access to the Website from countries or territories where such access is illegal is prohibited. Furthermore, our databases are located in Curaçao. If you access this Website from outside Curaçao, you do so at your own risk. By sending us your data, you consent to its collection and storage within Curaçao. Those who access the Website from outside Curaçao do so on their own initiative and are responsible for compliance with local laws, rules and regulations.
- Limitation of Liability and Disclaimers
IN NO EVENT SHALL XCM OR ITS RELATED PERSONS (AS DEFINED BELOW) BE LIABLE TO ANY PARTY FOR ANY CLAIMS, LIABILITIES, LOSSES, COSTS OR DAMAGES, INCLUDING BUT NOT LIMITED TO ANY DIRECT, INDIRECT, PUNITIVE, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES (“DAMAGES”) ARISING OUT OF OR IN CONNECTION WITH ANY ACCESS, USE (OR INABILITY TO USE) OR DISTRIBUTION OF THE WEBSITE, INCLUDING DAMAGES CAUSED BY ANY FAILURE OF PERFORMANCE, ERROR, OMISSION, INTERRUPTION, DELETION, DEFECT, DELAY IN OPERATION OR TRANSMISSION, COMPUTER VIRUS, COMMUNICATION LINE FAILURE, THEFT, DESTRUCTION OR UNAUTHORIZED ACCESS TO, ALTERATION OF OR USE OF ANY ASSET, WHETHER FOR BREACH OF CONTRACT, TORTIOUS BEHAVIOR, NEGLIGENCE OR UNDER ANY OTHER CAUSE OF ACTION, OR ANY CONTENT OBTAINED THROUGH USE OF THE WEBSITE. THIS IS TRUE EVEN IF XCM HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES OR LOSSES.
XCM its affiliates and their respective officers, directors, managers, partners, members, shareholders, employees, affiliates and agents (collectively “Related Persons”) make no representations or warranties and specifically disclaim any and all warranties of any kind, express or implied, with respect to the Website, including any representations or warranties with respect to merchantability, fitness for a particular purpose, title, non-infringement, availability, security, accuracy, freedom from viruses or malware, completeness, timeliness, functionality, reliability, sequencing or speed of delivery.
While we use reasonable efforts to obtain information from reliable sources, XCM does not warrant that the information in this Website is accurate, reliable, complete, or correct, or that this Website will be available at any particular time or location. Such information or materials are provided “as is” and “as available”. Please be aware that there is no such thing as “perfect security” on the Internet, and third parties may unlawfully intercept or access transmissions or private communications, and accordingly electronic mail and other transmissions to and from the Website or made via the Website may not be secure.
- Governing Law and Forum
When do we share your personal information with any other third parties?
We may share your personal information with other third parties, for example in the context of the possible sale or restructuring of the business. If needed to comply with law and regulations, we will also need to share your personal information with a regulator, governmental agency or otherwise.
How secure is your personal information with third-party service providers?
All our third-party service providers are required to take appropriate security measures to protect your personal information in line with the GDPR. Except where needed for their own direct relationship with you or where they otherwise act as a controller of your personal information, we do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
Collecting your personal information outside Europe
We collect your personal data within XCM. This will involve collecting your personal information outside the European Economic Area (EEA).
XCM and many of our third-party service providers are based outside the EEA, so their processing of your personal information will involve a collection of data outside the EEA.
Whenever we collect your personal data out of the EEA, we ensure a similar degree of protection is applied to it by implementing at least one of the following safeguard:
We will collect your personal data in a country that has been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.
Please contact us (preferably via email at firstname.lastname@example.org) if you would like further information on the specific mechanism used by us when collecting your personal information out of the European Economic Area.
Why do we share your personal information with third parties?
We will share your personal information with third parties where required by law, where it is necessary to administer our relationship with you or where we have another legitimate interest in doing so. “Third parties” includes third-party service providers (including contractors).
- DATA SECURITY
We have put in place appropriate security measures to protect personal information.
Third parties will only process your personal information held by us where they are obliged to treat the information confidentially and to keep it secure.
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to access it.
They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
- DATA RETENTION
How long will you use my information for?
We will only retain your personal information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
- YOUR RIGHTS IN RELATION TO YOUR PERSONAL INFORMATION
Your duty to inform us of changes
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.
Your rights in connection with your personal information
Under certain circumstances, under the GDPR you have the right to:
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information to another party.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact us via email at email@example.com or via the other methods set out above.
No fee usually required
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may, where the relevant law permits, charge a reasonable fee if your request for access is clearly unfounded or excessive (for example, for repeat copies). Alternatively, we may refuse to comply with the request in such circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
Your right to withdraw consent
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact us via email at firstname.lastname@example.org or via the other methods set out above. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.