You can find a French version of this Privacy Notice here.
1. Overview
The Bedrock Group (the “Group”) comprises Bedrock Holdings SA and Bedrock SA, headquartered in Switzerland, Bedrock Asset Management (UK) Ltd, headquartered in the United Kingdom, and Bedrock Monaco S.A.M., headquartered in Monaco.
Group contact email: info@bedrockgroup.co.uk
This Privacy Notice describes how the Group collects, uses, transfers and retains the Personal Data when using our website, newsletter, and if client of the Group, how your data are collected.
This Privacy Notice is separate and in addition to any client confidentiality obligations we may owe you. Please refer to our General Terms and Conditions, applicable to your own situation, for further details on our confidentiality obligations.
The Group is committed to protecting and respecting your privacy, and to process your Personal Data lawfully, fairly and in a transparent manner, in accordance with the Swiss Data Protection Act (DPA), the EU General Data Protection Regulation (GDPR) as well as the UK General Data Protection Regulation (UK GDPR).
“Personal Data” means any information about an identified or identifiable individual. This Privacy Notice is intended to help you understand why and how we collect, process and destroy your Personal Data. It sets out the legal basis on which any Personal Data we collect about you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your Personal Data and how we will treat it.
The data protection clauses of any contract concluded with an entity of the Group shall be solely applicable in the event of a contradiction between those clauses and this Privacy Notice.
2. What types of Personal Data do we collect?
We collect information about you when you use our website, opt-in in our newsletters as well as while onboarding you as a client. We also collect information you share with us based on consent by participating in surveys or attending events. The types of Personal Data we may collect and process include:
In appropriate cases and to the extent permitted by law, we may collect and process certain special categories of Personal Data which are more sensitive in nature. Example of some of these cases may arise when undertaking “Know Your Customer” (KYC) on potential clients where potential restrictions may arise from political or religious beliefs; or while collecting information as part of our anti-money laundering (AML) checks, we may come across past criminal conviction offence that you or the directors of any company might have committed.
System logs and maintenance
For operation and maintenance purposes, this website and any third-party services may collect files that record interaction with this website (System logs) or use other Personal Data (such as the IP Address) for this purpose.
3. Identity of the data controllers
Each Group entity may process personal data either as a controller, or as a data processor for another Group entity.
When a Group entity acts as a data processor for another Group entity, it complies with the written instructions of the entity that has delegated the processing to it, as well as with the Personal Data protection contract that binds all Group entities.
4. Contact details of the data controllers
Bedrock Asset Management (UK) Ltd
Bedrock SA
Bedrock Monaco S.A.M.
The Group has no regulatory obligations under the GDPR to appoint a Data Protection Officer (DPO). However, the Group has agreed to name a Responsible Officer, for all matters relating to Personal Data protection, who may be reached on gdpr@bedrockgroup.com.
If you wish to exercise a right with regards to the processing of your Personal Data, or if you have any questions or concerns about such processing or this Privacy Notice, we suggest that you first contact the Responsible Officer. Where necessary, your request will be transmitted to the relevant data controller and/or data processor.
5. Lawful basis for Processing
We rely on the following legal basis for processing your Personal Data:
6. Purpose of Personal Data processed
If you are a client, we may process your personal information, in particular but not exclusively, for the following purposes:
If you are a supplier or business affiliate, we may process your Personal Data for any legitimate reason in connection with the performance of your contract with us or in order to take steps prior to entering into a contract.
If you are a visitor of our website, we collect and process necessary cookies to ensure basic functionalities and security features of the Website.
7. Who we share information with
Each entity of the Group may transfer your Personal Data to other group entities who provide additional or complementary services.
We are required to sometimes pass on Personal Data to:
To efficiently fulfil our contract with you, for our legitimate interests or for legal reasons, we may transfer personal information to:
You may, at any time, request to see the list of processors we use to process your Personal Data.
With your consent, to third party marketing agencies (e.g. if you accept unnecessary cookies on our website).
8. International transfer outside the EEA
Your Personal Data will be processed by us in Switzerland, the Principality of Monaco, the United Kingdom and the European Union.
However, our IT service providers (data processors) may process your Personal Data outside the European Economic Area (EEA), such as the United States. We will only transfer Personal Data outside the EEA if one of the following conditions applies:
The Group may also transfer your personal information outside of the EEA for other legitimate reasons, e.g. to exercise or defend legal claims or to protect your vital interests of those of a third party.
9. Communication Recording
We may monitor, record, store and use any telephone, email or other communication with you in order to maintain a record of any instructions given to us, for training purposes, for crime prevention, for regulatory purposes, and to improve the quality of our customer service.
10. Retention
Unless specified otherwise in this document, Personal Data shall be processed and stored for as long as required by the purpose they have been collected for and we will retain your personal information in accordance with legal and regulatory requirements as set out in our Data retention policy.
The Group may be allowed to retain Personal Data for a longer period whenever the visitor has given consent to such processing, as long as such consent is not withdrawn. Furthermore, the Group may be obliged to retain Personal Data for a longer period whenever required to do so for the performance of a legal obligation or upon order of an authority.
Once the retention period expires, Personal Data shall be deleted. Therefore, the right of access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period.
11. Your rights and your Personal Data
You have a right:
Visitors are also entitled to learn about the legal basis for Data transfers abroad including to any international organization governed by public international law or set up by two or more countries, such as the UN, and about the security measures taken by the Group to safeguard their Data.
Details about the right to object to processing
Where Personal Data is processed for a public interest, in the exercise of an official authority vested in the Group or for the purposes of the legitimate interests pursued by the Group, visitor may object to such processing by providing a ground related to their particular situation to justify the objection.
Visitors must know that, however, should their Personal Data be processed for direct marketing purposes, they can object to that processing at any time, free of charge and without providing any justification. Where the visitor objects to processing for direct marketing purposes, the Personal Data will no longer be processed for such purposes. To learn whether the Group is processing Personal Data for direct marketing purposes, visitors may refer to the relevant sections of this document.
How to exercise these rights
Any requests to exercise visitor’s rights can be directed to the Group through the contact details provided in this Privacy Notice. These requests can be exercised free of charge and will be answered by the Group as early as possible and always within one month, providing visitors with the information required by law. Any rectification or erasure of Personal Data or restriction of processing will be communicated by the Group to each recipient, if any, to whom the Personal Data has been disclosed unless this proves impossible or involves disproportionate effort. At the visitor’ request, the Group will inform them about those recipients
12. Safeguarding measures
We take your privacy seriously and take every reasonable measure and precaution to protect and secure your Personal Data. We work hard to protect you and your information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures in place, including, without limitation, encryptions.
13. Cookie, Analytics and Traffic Data
What are cookies?
Cookies are short text files stored on the hard drive of your device (such as a computer, tablet or smartphone) by a website, which allows the website to recognise your device and store some information (i.e. Personal Data) about your preferences or past actions. Data stored in a cookie is created by the server upon your connection, and contains an ID unique to you and your device. A cookie could be used for the technical functioning of a website, for gathering statistics on the use of the website or for other purposes, such as to provide you with targeted advertising or with a more personalised experience (including, for example, to enable a website to remember your choices regarding the collection and use of your Personal Data).
How can you accept or refuse cookies on our Website?
By default, all cookies are disabled, with the exception of necessary cookies from us.
When you visit our website, you will see a cookie banner at the bottom of the page:
If you consent to the use of all cookies, your Personal Data may be transferred to third-parties incorporated in countries which may have no adequacy decision from the European Commission and processed in such countries, including but not limited to, the United States of America.
By clicking on the link below which is present on the Group’s website at the following URL
– https://www.bedrockgroup.com/.
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All,” you consent to the use of ALL the cookies. However, you may visit “Cookie Settings” to provide a controlled consent.
Cookie Settings Accept All
Do Not Track is a web browser setting that adds a signal to your browser’s header, telling websites that you do not want their tracking cookies. That allows you not to be tracked by websites, although many websites refuse to honour it. Do Not Track options are available in a number of browsers including: Firefox, Internet Explorer, Chrome, Safari, Opera. Note that blocking all cookies means some websites will not perform as well as they should.
You can delete all cookies from all websites you have visited that have been stored on your device by deleting the browsing history of your browser. Note that by doing so, you may also lose some useful information saved in your browser (e.g. preferences or login details for all websites).
Necessary cookies are essential for the Website to function properly. These cookies ensure basic functionalities and security features of the Website. For this reason, they do not require your consent.
The legal basis for the processing of these necessary cookies is to allow you to interact with our Website. If you do not want these cookies to be stored on your device and processed by us, you must stop using the Website. In that case, we will be happy to send you information about Bedrock and our services by other means of communication.
As already mentioned, we also use third-party cookies that help us analyse and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience. The cookies can be session cookies which are temporary bits of information that are erased once you exit your web browser window or otherwise turn your computer off. They can also be persistent cookies which remain on your computer until you delete them or they expire.
If you consent to third-party cookies, your Personal Data may be transferred to third-parties incorporated in countries which may have no adequacy decision from the European Commission and processed in such countries, including but not limited to, the United States of America.
The legal basis for the processing of third-party cookies is your consent. You can withdraw your consent at any time, by clicking on “Manage consent” and then “Cookie Settings”.
“Functional” cookies from third parties
Functional cookies help to perform certain functionalities like sharing the content of the Website on social media platforms, collect feedbacks, and other third-party features.
The legal basis for the processing of Functional cookies is the consent you have given by enabling said cookies in the cookie settings of the Website. You can get more information about Functional cookies and withdraw your consent at any time, by clicking on “Manage consent” and then “Cookie Settings”.
“Performance” cookies from third parties
Performance cookies are used to understand and analyse the key performance indexes of the Website which helps in delivering a better user experience for the visitors.
The legal basis for the processing of Performance cookies is the consent you have given by enabling said cookies in the cookie settings of the Website. You can get more information about Performance cookies and withdraw your consent at any time, by clicking on “Manage consent” and then “Cookie Settings”.
“Analytics” cookies from Google
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics, the number of visitors, bounce rate, traffic source, etc.
The legal basis for the processing of Analytical cookies is the consent you have given by enabling said cookies in the cookie settings of the Website. You can get more information about Analytics cookies and withdraw your consent at any time, by clicking on “Manage consent” and then “Cookie Settings”.
“Advertisement” cookies from third parties
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
The legal basis for the processing of Advertisement cookies is the consent you have given by enabling said cookies in the cookie settings of the Website. You can get more information about Advertisement cookies and withdraw your consent at any time, by clicking on “Manage consent” and then “Cookie Settings”.
Other uncategorized cookies are those that are being analysed and have not been classified into a category as yet.
The legal basis for the processing of other cookies is the consent you have given by enabling said cookies in the cookie settings of the Website. You can get more information about other cookies and withdraw your consent at any time, by clicking on “Manage consent” and then “Cookie Settings.”
14. Changes to our Privacy Policy
The Group reserves the right to make changes to this Privacy Policy at any time by notifying its visitors on this page and possibly by sending a notification to visitors via any contact information available to the Group. Changes that substantially affect your rights will be brought to your attention in an appropriate manner. You are strongly advised to consult this page regularly, referring to the date of the last modification indicated at the bottom of the page.
Leo RegTech Limited (incorporated and registered in England and Wales with company number 04829021) (“Leo”) acting through its Paris branch located at 128 Rue La Boétie, 75008 Paris has been designated as representative of Bedrock Asset Management (UK) Ltd (“Company”), in accordance with art. 27 of the General Data Protection Regulation (the Regulation (EU) 2016/679) (“GDPR”). The Company has mandated Leo to be the European representative of the Company with regards to any communications or enquiry from the Supervisory Authority and/or data subjects on all issues related to the processing of personal data. Please contact Leo on info@eurorep.eu; the postal address is FAO EuroRep, c/o Leo Reg Tech Limited, 128 Rue La Boétie, 75008 Paris. When contacting Leo regarding the Company, please quote the name of the company and the Ref: 0093.
Last updated: 16 August 2023