Data Protection and Privacy Notice

In this privacy notice, please find information on how Permian collects, processes and shares personal data. We also provide information herein about the rights that individuals have in relation to us as controller and our contact details.

Introduction and about Permian

Permian is a group of companies located in Norway and Sweden, providing fund administration, accounting, depositary, and corporate services.

This privacy notice is issued by Permian AS and applies to Permian AS as well as its direct and indirect subsidiaries. As per the date hereof, this means that the privacy notice applies to the following companies: Permian AS (reg. no. 892176132), Permian Business Partners AS (reg. no. 999226094), Permian Fund Services AS (reg. no. 916467079) Permian AIF Depositary AS (reg. no. 997318250), Permian Administration AB (reg. no. 556872-5666) and Permian AIF Depositary Filial (reg. no. 516411-4836).

The information contained in this privacy notice is aimed at individuals who are the contact person of any of Permian’s clients, for those who seek work with Permian or otherwise individuals contacting Permian and thus share personal information with Permian. 

The “owner” of the personal data, the company to which a person has submitted such information (the data controller), may be Permian or a client of Permian. In the latter case, Permian will act in the role as data processor. We will handle personal data in accordance with an agreement with the data controller.

Personal Data

Permian collects personal data from many sources, both public and private. The collected information may be used by Permian to enhance our service offerings, and otherwise to communicate with our clients and network and to transmit newsletters. Over time, Permian also creates personal data by documenting our interactions with you, from updating your accounts etc. The term personal data typically includes:

• contact details, name, address, email addresses, telephone numbers etc.;
• information required to meet legal and regulatory requirements in respect of anti-money laundering legislation, including details such as date of birth, passport number(s), other government issued number(s), nationality, images of passports and driving licences, signatures, occupation, source of funds and source of wealth;
• information required to meet legal and regulatory requirements relating to the automatic exchange of tax information (e.g. FATCA and CRS), including details of tax residency, tax classification and tax identification numbers;
• financial details, including billing address; bank account numbers; instruction records; transaction details and counterparty details;
• details of meetings and telephone calls with our office and employees; and
• any other information you may provide to us or might be provided to us by our clients, third parties etc.

Permian will normally not hold information which is considered sensitive personal data. This includes information on racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person’s sex life or sexual orientation.

Permian will only disclose personal data to third parties if it is i) specifically agreed between Permian and the relevant individual, ii) necessary within the scope of a specific engagement agreement to safeguard individuals’ rights, iii) necessary for Permian to comply with a legal obligation or decision from a public body/authority or court decision or iv) following signed non-disclosure agreements, to third parties conducting a due diligence process on Permian. Permian is obliged to report suspicions of money-laundering to public authorities (No. Økokrim / Sw. Finanspolisen).

Permian will only store personal data for as long as it is necessary to fulfil a legitimate purpose for which Permian collected it, or as necessary for fulfilling any statutory retention period according to for example anti-money laundering, bookkeeping or accounting legislation. After any statutory retention period, Permian will either delete or destroy the relevant personal data permanently or irreversibly anonymise this information.

Handling personal data – data processing

Permian, Permian’s third-party service providers and Permian’s partners will primarily process your personal data within the EU/EEA. If Permian engages third-party service providers domiciled outside the EU/EEA, such processing is either based on a decision from the EU Commission establishing that the country outside the EEA ensures an adequate level of protection, or other appropriate safeguards that ensure that your rights are preserved. 

If Permian holds any of your personal data, you:

• may request information from Permian on how we process your personal data;
• may request that Permian amends, completes and rectifies your personal data should you believe information is wrong or misleading:
• may request that Permian does not use your personal data for direct marketing;
• may request that Permian disclose designated parts of your personal data to a third party that you instruct;
• may request that Permian deletes personal data. Note however, that Permian may be obligated by law to keep certain information for a certain period of time; and
• have the right to be notified by Permian of a personal data breach which is likely to result in your personal data being available for unwanted third parties.

If you are dissatisfied with Permian’s processing of your personal data you may file a complaint with the Data Supervisory Authority of the country where you live or work, or with those regulating any of Permian’s entities.

Legitimate purpose

Permian is required by law to control the identity of its clients and their ultimate beneficial owners, and from time to time their source of wealth and other related information. This is an example of a legitimate purpose of which there are several. There are a number of legitimate purposes in the operation of Permian’s business:

• financial crime prevention;
• FATCA/CRS reporting;
• client / investor onboarding;
• issuing contractually agreed reports etc. to you;
• legal compliance;
• legal proceedings;
• risk management;
• relationship management; and
• security, work related to securing data, electronic systems etc.

Please note that Permian does not require your consent to process your personal data when there is a legitimate purpose.

Job applications

If you apply for a job position in Permian, the information you submit will not be shared with any third parties unless recruitment is done via an external party. However, we may share information with other companies in the Permian group, to the extent necessary. In addition, we use the information filing system Teamtailor AB. Access to the information will be restricted to the persons involved in the recruitment process. If you are not hired, Permian will delete all personal data after 24 months. 

Miscellaneous

When communicating with Permian, you are responsible for ensuring that the personal data you send is sent securely.

Any questions relating to this privacy notice or requests in respect of information which may identify you as an individual (personal data) processed by Permian should be directed to permian@permian.no. Permian reserves the right to modify or amend this document at any time and an updated version of it will be placed on our website www.permian.no.