Cayman Islands, European Union, and United Kingdom Privacy Notice

Last Updated: 4/28/2022

Scope of Disclosures

The purpose of this notice (the “Cayman Islands, EU, and UK Notice”) is to provide you with information on SMBC's use of your personal data in accordance with the Cayman Islands Data Protection Act (as amended) and, in respect of any data subjects in the European Union (the “EU”) or the United Kingdom (the “UK”), the EU General Data Protection Regulation and the UK General Data Protection Regulation (together, the “Data Protection Legislation”).

Your personal data will be processed by SMBC, and by persons engaged by SMBC. Under the Data Protection Legislation, you have rights, and SMBC has obligations, with respect to your personal data. The purpose of this notice is to explain how and why SMBC, and persons engaged by SMBC, will use, store, share and otherwise process your personal data. This notice also sets out your rights under the Data Protection Legislation, and how you may exercise them.

If you are an individual, one of our employees or potential employees, or an employee of an entity that does business with us, this will affect you directly. If you are an institution that provides us with personal data on individuals connected to you for any reason, this will be relevant for those individuals and you should make the information in this document available to such individuals or otherwise advise them of its contents, which may be by directing them to our website.

Unless otherwise expressly stated, all terms in the Cayman Islands, EU, and UK Notice have the same meaning as defined in our Privacy Notice or as otherwise defined in the Data Protection Legislation.

Your Personal Data

By virtue of being a customer of SMBC, you will provide us with certain personal information which constitutes personal data within the meaning of the Data Protection Legislation.

You may provide us with personal information related to any of our products or services you apply for, currently hold or have held in the past, when you provide personal information to SMBC or its service providers in correspondence and conversations (including by email), when you make transactions with respect to SMBC and when you provide remittance instructions.

We may also obtain personal data on you from other publicly accessible directories and sources. These may include websites; bankruptcy registers; tax authorities; governmental agencies and departments, and regulatory authorities, to whom we have regulatory obligations; credit reference agencies; sanctions screening databases; and fraud prevention and detection agencies and organizations, including law enforcement.

This includes information relating to you and/or any individuals connected with you such as: name, residential address, email address, contact details, corporate contact information, signature, nationality, place of birth, date of birth, tax identification, credit history, correspondence records, passport number and bank account details. For more details about the types of data we collect, please see our Privacy Notice.

Legal Basis for Processing Personal Data

SMBC, as the data controller, may collect, store and use your personal data for purposes including the following:

The processing is necessary for the performance of a contract, including:

to deliver our products and services to you;
to carry out your instructions related to our products and services;
to facilitate the continuation or termination of the contractual relationship between you and SMBC;
to facilitate the transfer of funds, and administering and facilitating any other transaction, between you and SMBC or its affiliates;
to perform a contract between us and your employer, who may be our business partners and third-party vendors; and
to evaluate you for employment with us, to provide our employees with benefits and compensation, and in making other employment-related decisions.

The processing is necessary for compliance with applicable legal or regulatory obligations, including:

undertaking customer due diligence including anti-money laundering and counter-terrorist financing checks, including verifying the identity and addresses of our customers (and, where applicable, their beneficial owners);
sanctions screening and complying with applicable sanctions and embargo legislation;
complying with requests from regulatory, governmental, tax and law enforcement authorities;
surveillance and investigation activities;
carrying out audit checks, and instructing our auditors;
maintaining statutory registers; and
preventing and detecting fraud.

In pursuance of our legitimate interests, or those of a third party to whom your personal data are disclosed, including:

complying with a legal, tax, accounting or regulatory obligation to which we or the third party are subject;
assessing and processing requests you make;
facilitating the investigation of any complaints, claims, disputes, or potential crimes, or pursuing or defending any claims, proceedings or disputes;
providing you with, and informing you about our products and services;
managing our risk and operations;
complying with audit requirements;
ensuring internal compliance with our policies and procedures;
protecting SMBC against fraud, breach of confidence or theft of proprietary materials;
recovering debts owed to us;
seeking professional advice, including legal advice;
facilitating business asset transactions involving SMBC or related entities;
monitoring communications to/from us (where permitted by law); and
protecting the security and integrity of our IT systems.

We will only process your personal data in pursuit of our legitimate interests where we have considered that the processing is necessary and, on balance, our legitimate interests are not overridden by your legitimate interests, rights or freedoms.

Generally, we do not rely on consent as a legal basis for processing your personal data. However, in relation to sending direct marketing communications to you, we may rely on legitimate interests or consent. If you do not want to receive marketing materials, you may opt out of those marketing communications at any time by following the opt-out instructions contained in the marketing messages or by contacting us.

Sharing Your Personal Data

We may share your personal data with our affiliates and delegates. In certain circumstances we may be legally obliged to share your personal data and other financial information with respect to your interest in SMBC with relevant regulatory authorities such as the Cayman Islands Monetary Authority or the Tax Information Authority or other regulators. They, in turn, may exchange this information with foreign authorities, including tax authorities and other applicable regulatory authorities.

SMBC’s affiliates and delegates may process your personal data on SMBC's behalf, including with our banks, accountants, auditors and lawyers which may be data controllers in their own right. SMBC's services providers are generally processors acting on the instructions of SMBC. SMBC continues to be a data controller even though it may engage service providers and other third parties to perform certain activities on SMBC's behalf. Additionally, a service provider may use your personal data where it is necessary for compliance with a legal obligation to which it is directly subject (for example, to comply with applicable law in the area of anti-money laundering and counter terrorist financing or where mandated by a court order or regulatory sanction). The service provider, in respect of this specific use of personal data, acts as a data controller.

In exceptional circumstances, we will share your personal data with regulatory, prosecuting and other governmental agencies or departments, and parties to litigation (whether pending or threatened) in any country or territory.

For more information on how we share your personal data, please see our Privacy Notice.

International Transfers of Your Personal Data

Due to the international nature of our business, your personal data may be transferred to jurisdictions that do not offer equivalent protection of personal data as under the Data Protection Legislation. In such cases, we will process personal data or procure that it be processed in accordance with the requirements of the Data Protection Legislation, which may include having appropriate contractual undertakings in legal agreements with service providers who process personal data on our behalf.

Retention and Deletion of Your Personal Data

We will keep your personal data for as long as it is required by us. For example, we may require it for our legitimate business purposes, to perform our contractual obligations, or where law or regulation obliges us to. We will generally retain your personal data in line with our data retention policy. Some personal data will be retained after your relationship with us ends. We expect to delete your personal data (at the latest) once there is no longer any legal or regulatory requirement or legitimate business purpose for retaining your personal data.

Automated Decision-Making

We will not make decisions producing legal effects concerning you, or otherwise significantly affecting you, based solely on automated processing of your personal data, unless we have considered the proposed processing in a particular case and concluded in writing that it meets the applicable requirements under the Data Protection Legislation.

Your Rights

You have certain data protection rights, including the right to:

be informed about the purposes for which your personal data are processed;
access your personal data;
stop direct marketing;
restrict the processing of your personal data;
have incomplete or inaccurate personal data corrected;
ask us to stop processing your personal data;
be informed of a personal data breach (unless the breach is unlikely to be prejudicial to you);
complain to the Data Protection Ombudsman, or the Data Protection Authorities in the European Economic Area or the UK, as appropriate;
complain to our Data Protection Officer ;
to complain to the application Data Protection Authorities empowered to enforce the Data Protection Legislation; and
require us to delete your personal data in some limited circumstances.

You may exercise these rights by contacting us. Call 1 (833) 994-2093 for answers to your questions about this Privacy Notice.

Visible in CMS ONLY.

A rich history underscores purpose, potential, and prosperity

We know you⁠—the depth of what each client really needs

Connecting to our world

We have the opportunity—you bring it to life

Be part of something distinctive

Our team values expertise, experience, and willing collaborators

We’re looking for bright and collaborative students to come grow with us

Leaders shape the future of finance

Deeper understanding leads to better outcomes

Our foundation strong, our values unwavering

Our people define us

Raise capital and invest across assets with confidence

Awards and recognition underscore leadership

Manage cash flow securely and efficiently

Access advanced analysis and smart strategies

Our steadfast promise for a better world

Insights and perspective for our clients

An international network of passionate collaborators

Expect original commentary, deep understanding, and actionable analysis

Cayman Islands, European Union, and United Kingdom Privacy Notice

Cayman Islands, European Union, and United Kingdom Privacy Notice

How can we help?

smbc.contactform.messagetitle