Data Retention & Privacy
Personal data collected via our websites will be retained by Prestige for as long as it is necessary (e.g., for the duration of our relationship with the relevant individual). By accessing the Prestige website, you are accepting this Privacy Statement and acknowledging the Data Protection Policy of Prestige (“Statement”). If you do not agree to this Statement, please do not proceed to further web pages of the Prestige website or any associated Prestige company website listed on this site. This Statement may be updated from time to time, and we encourage you to review it regularly.
For our full Company Data Protection Policy, please click here.
Scope and Jurisdictional Applicability
Prestige is committed to complying with applicable Data Privacy and Protection requirements in all jurisdictions in which it operates. Because of differences among these jurisdictions, Prestige has adopted a Data Protection Policy that establishes a common core of values, policies, and procedures designed to achieve consistent compliance, supplemented where necessary with additional local guidance.
This Policy is based upon:
- the UK Data Protection Act 2018 and the General Data Protection Regulation (GDPR), as amended on 1 January 2021 by regulations under the European Union (Withdrawal) Act 2018 to reflect the UK’s status outside the EU;
- the EU Regulation 2016/679 (GDPR), which continues to provide a model for global Data Protection and privacy compliance; and
- for operations based in Malta, the Malta Data Protection Act (Chapter 586 of the Laws of Malta), which supplements the GDPR and governs its national implementation.
Prestige has adopted this Policy for Prestige-affiliated companies, including those operating outside the UK.
This Policy applies to all affiliates, suppliers, and contacts who receive or send Personal Data to and from Prestige, have access to Personal Data collected or processed by Prestige, or who provide information to Prestige, regardless of geographic location.
Prestige will use reasonable efforts to correctly establish its status in all Data Processing activities as either a Data Controller or a Data Processor acting on behalf of another Data Controller.
This Policy also reflects operational resilience requirements applicable to financial entities under Regulation (EU) 2022/2554 (Digital Operational Resilience Act – DORA), particularly where they intersect with data protection controls.