GDPR & Privacy Policy

Cohen & Company Financial Limited, Cohen & Company Financial (Europe) Limited, Cohen & Compagnie SAS and other members of our group of companies (“Cohen Europe”) are committed to maintaining the privacy and security of any personal data we may collect from time to time about our clients, prospective clients, prospective employees or other third parties or their employees, directors, officers or representatives (any of whom are referred to as “you” in this statement).

This statement explains how we use your personal data (i.e. information which directly or indirectly identifies you). If you are a legal entity or partnership, by engaging in the provision of services with us, you confirm to us that you have provided your employees, directors, officers or representatives with adequate notice including the information set out in this statement or obtained relevant consents, as applicable.

By continuing to engage in the provision of services with us, you authorise us to use and transfer the personal data about your employees, directors, officers or representatives in accordance with this statement as amended from time to time in accordance with the “Notification of changes” section below.

What types of personal data do we collect?

We may control, process and use your “personal data” which may include names, postal addresses, e-mail addresses, telephone numbers or any other personal data that you provide to us.

We may also, in appropriate cases and to the extent permitted by law, control, process and use certain “sensitive personal data” (e.g. when undertaking “Know Your Customer” (KYC) or anti-money laundering (AML) checks, we may collect information about any offences that you or your employees, directors, officers or representatives have committed). For the purposes of the relevant jurisdiction in which we receive your personal data we are respectively the data controller or the data user of your personal data.

Who might we provide your personal data to?

In the course of running our financial services business we may provide your personal data to any of the following recipients or categories of recipients:

  • our employees, board members, partners, officers or representatives;
  • our third party service providers, business associates, distributors, advisors or auditors (including their employees, directors, officers, sub-contractors or representatives);
  • domestic and foreign regulators (Regulators), governments, law prevention, detection, investigation or enforcement authorities, tax, social or labour authorities (Authorities) and any other authorities or official bodies and their representatives;
  • domestic and foreign courts, tribunals, arbitrators, ombudsmen, mediators, other dispute resolution bodies (DR Organisations) and their representatives;
  • any party who are directly relating to any one of these recipients; and
  • any person that you request us or permit us to keep informed. If you no longer wish us to share your personal data with such person(s) or wish to change your preferences in this respect, please inform us (gdpr@cohenandcompany.com) in writing.

When we provide your personal data to any of the above recipients, that recipient may process your personal data on our behalf or for its own purposes. If the recipient processes the personal data for its own purposes, it will be responsible for its compliance with any applicable law with regard to your personal data.

How may we use your personal data?

We may process, use or transfer your personal data for the following purposes connected to our financial services business:

  • administering the provision of services between us including, without limitation, billing, internal reporting and analysis and any other ancillary matters;
  • complying with any present or future law, rule, regulation, guidance, decision or directive (including those concerning antiterrorism, fraud, AML and anti- corruption) and, in appropriate cases, carrying out KYC checks and other procedures that we undertake prior to you becoming a customer/employee of ours;
  • establishing, exercising or defending rights;
  • complying with demands and requests made by, or making voluntary disclosures to Regulators, governments, Authorities or DR Organisations;
  • obtaining advice, receiving services or providing a third party with information about matters that may impact on the Cohen Europe;
  • providing you with marketing information relating to our products or services; and
  • any other purposes that are incidental to or directly connected with the foregoing purposes or otherwise in the course of our legitimate financial services business activity.

The provision of personal data by you is necessary for us to:

  • fulfil our legal obligations;
  • perform our obligations under contract with you; or
  • fulfil our legitimate interests for the performance of the services.

If you do not wish to provide your personal data, in whole or in part, for any of the purposes listed immediately above except for the purpose of providing you with marketing information, we will not be able to provide our financial services to you/ proceed with our recruitment process with you.

Transferring your personal data abroad

Your personal data may be transferred to any of the recipients identified in this statement in connection with our financial services business or in connection with our recruitment process, some of which may be outside the European Economic Area (EEA) including but not limited to United States of America, and may be processed by us and any of these recipients in any country worldwide.

The countries to which your personal data is transferred may not offer an equivalent level of protection for personal data to the laws of relevant country of the Cohen Europe entity you provide your personal data to.

In connection with any transfer of personal data to such a country we may, if appropriate, implement measures to ensure an adequate level of protection for your personal data for instance through standard data protection clauses. For a copy of these or more information please contact us at gdpr@cohenandcompany.com.

By continuing to engage in the provision of services or the recruitment process with us, you consent to the transfer of your personal data to Cohen Europe entities and the other recipients described in this statement that may be located in countries outside of the EEA.

You may withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Updating and retaining your personal data

It is important for us to maintain accurate records of your personal data. Please inform us of any changes to or errors in your personal data as soon as possible and we will update our records accordingly. We will only retain your personal data for as long as, in our reasonable opinion and in line with our data retention policy, is necessary to comply with applicable law or for the purposes for which we process your personal data (as set out in this statement).

Security of your personal data

We will take steps to protect your personal data against loss or theft, as well as from unauthorized access, disclosure, copying, use or modification, regardless of the format in which it is held. Recording of telephone calls

To the extent permitted by and in accordance with applicable law, we may monitor and/or record your telephone calls with us.

Your rights

You have certain rights under data protection laws respectively depending on the country of the Cohen Europe entity to which you provide your personal data or which processes your personal data. If you are based in the EEA this includes a right to: (i) request access to and rectification or erasure of your personal data; (ii) a right to obtain restriction of processing or to object to processing of their personal data; and (iii) the right to data portability.

You also have the right to lodge a complaint about the processing of your personal data with your local data protection regulator. If you require further information in relation to your rights under data protection law, you can visit the website of the relevant data protection regulator or contact us via the contact details below.

Contacting us

If you have any questions or comments on this statement please contact the Cohen Compliance team by writing to us at 5 Harcourt Road, Dublin 2, Ireland, by telephoning us on +353 1 44.20.3540.6000 or emailing us at gdpr@cohenandcompany.com.

Notification of changes

This statement is dated 15th February 2019. From time to time we may amend this statement without notice and an amended statement will be available at www.cohenandcompany.com or by contacting us at gdpr@cohenandcompany.com. This may be for a number of reasons, including changes in law, market practice or our treatment of your personal data.

GDPR Subject Access Request

Cohen Europe has procedures in place to handle SARs in keeping with GDPR rights of access. We will endeavour to provide information on request in a concise, transparent, intelligible and easily accessible form, using clear and plain language.

You have the right to obtain the following information from the firm under a SAR:

  • confirmation of whether, and where, we are processing your personal data;
  • information about the purposes of the processing;
  • information about the categories of data being processed;
  • information about the categories of recipients with whom the data may be shared;
  • information about the period for which the data will be stored (or the criteria used to determine that period);
  • information about the existence of the rights to erasure, to rectification, to restriction of processing and to object to processing;
  • information about the existence of the right to complain to the Data Protection Officer;
  • where the data was not collected from you, information as to the source of the data; and
  • information about the existence of, and an explanation of the logic involved in, any automated processing that has a significant effect on you.

Additionally, you may request a copy of the personal data being processed.

How to make a SAR

A SAR is a request for access to personal data that the firm holds about you. The firm is required to provide the information under GDPR in order to allow you to access their personal data so you’re aware of, and can verify, the lawfulness of the firm’s data processing activities. A SAR can be made by emailing gdpr@cohenandcompany.com or in writing to Data Protection Officer, Cohen & Company Financial (Europe) Limited, 5 Harcourt Road, Dublin 2, Ireland.