EXCELSIOR PRIVACY and COOKIES POLICY
Under The EU General Data Protection Regulation (GDPR), The UK General Data Protection Regulation (UK GDPR) and The Personal Data Protection Act 2019 (Thailand PDPA)
Excelsior strongly believe in protecting the confidentiality and security of your personal and financial information. This enable us to provide you with a secure website for your transactions.
- Who we are
- The information we collect
- How and why we use your information
- Your consent
- Who we share your information with
- Security and Storage of Personal Information
- Your rights and transparency
- How to make a complaint
- How you can contact us
- Other websites
- Cookies Policy
Who we are
We are the Data Controller of your information.
The information we collect
In order that we can provide you with a service that meets your precise financial needs we obtain certain information about your personal and financial situation.
We collect the following types of information:
- Internal Protocol (IP) address. This information is collected passively when you use our website or client portal.
- Use of our website. This information is collected through cookies as further explained in our Cookies Policy.
- Identity details. This information is collected directly from you when you complete our forms on our website or provide information directly to us. This includes:
- Name, address and contact details including but not limited to phone number and email address;
- Date of birth and gender;
- Professional and employment details;
- ID and/or passport number;
- National/tax identification number;
- Information about your income and wealth including details about your assets and liabilities, account balance, tax and financial statements;
- Trading history and performance;
- Any other similar information.
How and why we use your information
Data Protection law states that the personal information we hold about you must be:
- Used lawfully, fairly and in a transparent way.
- Collected only valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
- Relevant to the purposes we have told you about and limited only to those purposes.
- Accurate and kept up to date.
- Kept only as long as necessary for the purposes we have told you about.
- Kept securely.
We only ever use your information where:
- we have determined that we have a legitimate business interestin doing so and your right to privacy is not overridden (you have the right to object to this should you wish);
- we need to do so as part of performance of our contract with you or to take steps at your request in order to enter into such contract;
- where we have a legal obligation to do so; or
- you have provided your consent for a specific purpose (which you may withdraw at any time).
Where you wish to enter into or have signed a contract with us to provide products and services, we will use your information to enable us to enter into and perform the contract. For our clients, the use of your information may be required in order to fulfil our contractual or regulatory obligations. Therefore, if you do not provide this information or restrict our use of it then we may not be able to provide certain services to you.
Please note that we keep records of your personal history including:
- products and their performance
- products we trade on your behalf and their performance
- historical data about the products and investments you made including the amount invested
- your preference for certain types of services and products
We may record any communications, electronic, by telephone, in person or otherwise, that we have with you in relation to the services we provide to you and our relationship with you. These recordings will be our sole property and constitute evidence of the communications between us. Any telephone conversation may be recorded without the use of a warning tone or any other further notice. Please note that our offices or premises may have CCTV which will record your image.
We have a legitimate business interest to use the information we collect from you for the following purposes:
- To identify you. We will need to verify your identity to set you up as a customer and we will need to use those details in order to effectively manage your account with us to ensure that you are getting the best possible service from us. This may include third parties carrying out credit or identity checks on our behalf. It is in our legitimate interest to do so and the use of your personal information in this way is necessary for us to know who you are as we also have a legal obligation to comply with certain Know Your Customer regulations. This information is recorded within our customer relationship and portfolio management systems.
- To communicate with you. We use the contact information you provide so that we may appropriately communicate with you in the course of providing services to you or providing you with the information that you request from us.
- To determine the suitability of certain products and services for you. We use the following information you provide so that the services we offer you more precisely fit your financial requirements:
- employment details;
- family details;
- information regarding your current health condition, which we use for internal purposes only;
- associated third parties (such as your spouse, children or beneficiaries of trusts);
- your financial experience and background with investment;
- financial details (such as source of wealth, existing investments, tax returns or bank details).
- To assess your attitude to risk to help us determine the appropriate products and services to discuss with you. As this process involves us creating a profile of your risk appetite, you have the right to object to us doing so, however this may limit our ability to provide you with products and services.
- To comply with our legal and regulatory obligations. In certain circumstances, we use your information (only to the extent required) in order to enable us to comply with our legal obligations, including share your information with law enforcement agencies, regulators, courts or other public authorities if required to do so by law.
- For potential, current and former employees we will keep and use the personal data to enable us to fulfil our contractual and legal obligations, enable us to pay you, process and provide your benefits and complete statutory reporting.
- For marketing purposes. We may collect your name and contact details in order to send you information about our products and services which you might be interested in. We may collect this directly from you, or through a third party. If a third party collected your name and contact details, they will only pass those details to us for marketing purposes if you have consented to them doing so. You always have the right to ‘opt out’ of us making contact for marketing purposes or sending you marketing materials at any time. This can be done by either contacting us or simply unsubscribing from any future marketing email you receive.
- To investigate and respond to complaints and disputes. Where we consider there to be a risk that we may need to defence or bring legal claims, we may retain your personal information for as long as necessary. We may also need to share this information with our insurers or legal advisers. How long we keep this information for will depend on the nature or the claim and how long we consider there to be a risk that we will need to defend or bring a claim.
- For internal business purposes and Record Keeping. We use your information as part of our internal business processes which may include business and disaster recovery, document retention/storage, IT service continuity (e.g. back-ups and helpdesk assistance) to ensure the quality and reliability of the services we provide to you. We will also keep records to ensure that you comply with your obligations under any contract you have entered into with us.
- To track interaction with our website and emails. Our web pages and emails may contain data analysis tools which allow us to track receipt of correspondence and to count the number of users that have visited our webpage or opened our correspondence. Where your personal information is completely anonymised, we do not require a legal basis as the information will no longer constitute personal information. However, where your personal information is not in an anonymised form, it is in our legitimate interest to continually evaluate that personal information to ensure that the products and services we provide are relevant to the market.
Where the use of your personal information by us requires your consent, such consent will be provided in accordance with the applicable customer terms and conditions available on our website or any other contract we may have entered into with you or stipulated in our communication with you from time to time. Where we rely on your consent as our legal basis for processing your personal information, you have the right to withdraw your consent at any time by contacting us using the contact details set out below.
Who we share your information with
To fulfil our commitments to you, we share your information with several third party organisations who perform certain tasks on our behalf. Information is only shared with these third parties to the extent necessary in order to enable them to provide the services required on our behalf. These third parties act on our instructions and are processors of your information.
We may share your personal information with other entities in our group as part of our regular reporting activities on company performance, in the context of a business reorganisation or group restructuring exercise, and for system maintenance support and hosting of data.
We also may share your information with third parties you have a direct contractual relationship with (such as your appointed agent) or to assist in facilitating your acquisition of a third party’s products and services. In these instances the third party is likely to also be a controller of your information for their own purposes. We ensure that we have in place strong data sharing protocols with these third parties to govern and guide the sharing of your information in these circumstances.
In addition, we meet our regulatory and reporting obligations, we may be required to share your information with any regulatory or tax authority we may be subject to.
We require all third party processors to take appropriate steps to protect your information and only use your information for the purposes of performing the relevant services.
Disclosure of Personal Data and Transfer outside of the United Kingdom and/or Thailand
In some instances we may transfer your personal information into and out of the United Kingdom and/or Thailand. In these instances we require that third parties who handle or obtain your personal information acknowledge the confidentiality of this information, to respect any individual’s right to privacy and comply with all relevant data protection laws along with this privacy notice.
For potential, current and former employees, we will share your personal data with our employees, agents and/or professional advisors and with third party firms in order to fulfil our contractual and legal obligations to you. These include but are not limited to payroll, benefit providers, regulators and background check firms.
Security and Storage of Personal Information
Where appropriate, we use encryption or other security measures which we deem appropriate to protect your information. We also review our security procedures periodically to consider appropriate new technology and updated methods. But, despite our reasonable efforts, no security measure can ever be perfect or impenetrable.
We hold personal information in secure computer storage facilities, paper-based files and/or other records. When we consider that personal information is no longer needed, we will remove any details that will identify you and we will securely destroy the records. Please note that we are subject to certain laws and regulations which require us to retain a copy of the documents we used to comply with our customer due diligence obligations, and supporting evidence and records of transactions with you and your relationship with us for a period of eight years after our relationship with you has terminated. Personal information held in the form of a deed is subject to a storage period of twelve years after our relationship with you has terminated.
If we hold any personal information in the form of a recorded communication, by telephone, electronic, in person or otherwise, this information will be held in line with local regulatory requirements which will be eight years after our relationship with you has terminated. Where you have opted out of receiving marketing communication we will hold your details on our suppression list so that we know that you do not want to receive these communications.
Your rights and transparency
You have the following rights regarding your information:
Right to be informed
Right of access
Right to correct your information
You are entitled to have your information corrected if it is inaccurate or incomplete.
If you tell us in writing that the information we hold on you is incorrect, we will review it and if we agree with you, we will correct our records within one month unless the request is deemed as complex. For legal reasons, we may not be able to show you anything that we learned in connection with a claim or legal proceeding.
Right to erasure
This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there is no compelling reason for us to keep using it. Please note, there are exceptions to this (for example, we have the right to continue using your information if such usage is necessary for compliance with our legal obligations).
Right to restrict processing
You have the right to ‘block’ or suppress further use of your information in certain circumstances (for example, where you think the information we are using about you is inaccurate, whilst we verify its accuracy). When usage is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future.
Right to data portability
You have the right to obtain and reuse your information in a structured, commonly used and machine-readable format in certain circumstances when we use your information on certain legal grounds, such as consent. In addition, where certain conditions apply, you have the right to have such information transferred directly to a third party.
The right to data portability does not apply to information which it is necessary for us to process for our organisation’s legitimate purposes. Please see the section How and why we use your information to read about the circumstances in which we use your information on the basis of consent or for our organisation’s legitimate purposes.
Right to object to processing on the grounds of legitimate interests
You have the right to object to us using your information for our organisation’s legitimate purposes. Please see the section How and why we use your information to read about the circumstances in which we use your information for our organisation’s legitimate purposes.
You also have the right to object to us using your information to create a profile of your risk appetite.
Right to withdraw consent to processing
If you have given your consent to us to use your information for a particular purpose, you have the right to withdraw your consent at any time (although if you do so, it does not mean that any use of your information up to that point is unlawful).
For processing activities where we rely on your consent, you are able to withdraw consent that consent at any time. This can be done by contacting our Excelsior Data Protection Officer.
Right to make a complaint to the data protection authorities
If you are unhappy with how we have handled your information or believe our use of your information does not comply with data protection law you have the right to make a complaint. This complaint will be lodged with your national data protection supervisory authority (if you are in the UK, this will be the Information Commissioner’s Office (ICO)
For more information about your rights or if you would like to exercise any of your rights, you are welcome to contact us at the contact details set out on our website.
How to make a complaint
We try to meet the highest standards when collecting and using information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
If you want to make a complaint about how we have handled your information, please contact the Data Protection Officer.
How you can contact us
You can contact us by contacting our Data Protection Officer at:
Excelsior Worldwide Ltd
19/65, 9th Floor, Sukhumvit Suite Building, Soi Sukhumvit 13 (Saeng Chan), Klongtoey Nua, Wattana, Bangkok 10110, Thailand or by email firstname.lastname@example.org
If you are not satisfied with our response to your complaint or believe our processing of your information does not comply with data protection law, you can make a complaint to the Information Commissioner’s Office (ICO) through:
- Writing to: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF;
- Calling: 0303 123 1113; or
- Submitting a message through the ICO’s website at: org.uk
We are registered as a data controller with the UK Information Commissioners Office.
Please note that by deleting our cookies or disabling future cookies some of the features of this site may not work as intended.
What are cookies?
Cookies are small text files which are stored on the browser or hard drive of your computer or mobile device when you visit a webpage or application. Cookies work to make your experience browsing our site as smooth as possible and they remember your preferences so you don’t have to insert your details again and again.
Some cookies come directly from our website and others come from third parties which place cookies on our site.
Cookies can be stored for varying lengths of time on your browser or device. Session cookies are deleted from your computer or device when you close your web-browser. Persistent cookies will remain stored on your computer or device until deleted or until they reach their expiry date.
There are varieties of cookies which operate on our website:
- The essentials
Some cookies are essential for you to be able to experience the full functionality of our site. Without these cookies, some parts of our site just won’t work as they should.
- The customisers
These cookies (also called functional cookies) allow our site to remember your preferences, helping you to customise your experience on our site. That way we can remember you when you return to our site.
- The performance improvers
These cookies tell us about how you use the site and they help us to make it better. For example these cookies count the number of visitors to our website and see how visitors move around when they are using it. This helps us to improve the way our site works, for example, by ensuring that users find what they are looking for easily.
- Giving you a browsing experience that is unique to you and to serve you content which we believe improves your site experience
- Analysing how your use our site which helps us to troubleshoot any problems and to monitor our own performance.
Cookies allow you to navigate our site.
To opt out of these cookies you will need to change the settings on your browser Cookie preferences. If you choose to block these cookies our website may not work as it should and any preferences you have may be lost.
Third Party cookies
Google Analytics – We use this to track visits to our website and movement around site. The data which is collected is anonymous and is used for benchmarking purposes to monitor the performance of our site and to measure user engagement on our site.
Google ReCAPTCHA – We use “Google ReCAPTCHA” (hereinafter referred to as “ReCAPTCHA”) on our websites. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
The purpose of ReCAPTCHA is to determine whether data entered on our websites (e.g. information entered into a contact form) is being provided by a human user or by an automated program. To determine this, ReCAPTCHA analyses the behaviour of the website visitors based on a variety of parameters. This analysis is triggered automatically as soon as the website visitor enters the site. For this analysis, ReCAPTCHA evaluates a variety of data (e.g. IP address, time the website visitor spent on the site or cursor movements initiated by the user). The data tracked during such analyses are forwarded to Google.
ReCAPTCHA analyses run entirely in the background. Website visitors are not alerted that an analysis is underway.
The data is processed on the basis of Art. 6 Sect. 1 (f) GDPR. It is in the website operator’s legitimate interest, to protect the operator’s web content against misuse by automated industrial espionage systems and against SPAM.
For more information about Google ReCAPTCHA and to review the Data Privacy Declaration of Google, please follow these links: https://policies.google.com/privacy?hl=en and https://www.google.com/ReCAPTCHA/intro/android.html.
We also use social media buttons on our site which allow you to share content and interact with your social network on platforms like Facebook and Linkedin. These social media platforms may set their own cookies on your device. We do not control the settings of these cookies so we suggest you check the social media website for more information about their cookies and how to manage them.
For our social media buttons to work, they cookies on our site which may be used to optimise any profile you may have on their site.
How do you change cookie preferences or block cookies?
Within your browser you can choose whether you wish to accept cookies or not. Different browsers make different controls available to you. Generally, your browser will offer you the choice to accept, refuse or delete cookies at all times, or those from providers that website owners use i.e. third party cookies, or those from specific websites. Each browser’s website should contain instructions on how you can do this.
For further information please refer to: https://www.aboutcookies.org/how-to-delete-cookies/
If you block cookies on our website, you may be unable to access certain areas of our website and certain functions and pages will not work in the usual way.
We may update this Policy from time to time. Please regularly check this Policy to ensure you are aware of the most updated version.
This Policy was last updated on 26th April 2022
Excelsior Support Services Limited (HQ Admin)
19/65, 9th Floor, Sukhumvit Suite Building, Soi Sukhumvit 13 (Saeng Chan), Klongtoey Nua, Wattana, Bangkok 10110, Thailand
Excelsior Asset Management Limited
Registered office, c/o AAcapital International Limited
3rd Floor, Manor House, 30 St George Street, Port Louis, Republic of Mauritius