This Privacy Notice explains how each of Cavendish Trust Company Limited and its subsidiaries (hereinafter to be referred to as “CTCL”, “we”, “us”, “our”) use and disclose your personal data, and your rights in relation to the personal data each hold.
In this Privacy Notice, CTCL is the data controller of your personal data and is subject to the EU General Data Protection Regulation 2016/679 (the “GDPR”) and any locally applicable data protection laws, primarily the Data Protection Act 2002 and subsequent in the Isle of Man.
This Privacy Notice supersedes any previous Privacy Notice or equivalent which you may have been provided with or seen prior to the Effective Date stated above.
Cavendish Trust Company Limited – CTCL, any subsidiary of CTCL
Personal Data – any information that can identify, directly or indirectly, a living individual.
Controller – the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. For the purpose of this notice, CTCL are the Data Controller.
Processing – means any operation or set of operations which is performed on personal data or on sets of personal data.
Under the GDPR you have the following rights:
- To obtain access to, and copies of, the personal data that we hold about you;
- To require that we cease processing your personal data if the processing is causing you damage or distress;
- To require us not to send you marketing communications;
- To require us to erase your personal data;
- To require us to restrict our data processing activities;
- To receive from us the personal data we hold about you which you have provided to us, in a reasonable format specified by you, including for the purpose of you transmitting that personal data to another data controller (data portability); and
- To require us to correct the personal data we hold about you if it is incorrect.
- Please note that the above rights are not absolute, and we may be entitled to refuse requests where exceptions apply.
You can find out more about your rights at https://www.inforights.im/
How we collect your data
We collect your personal data in a number of ways, for example:
- From the information you provide to us when you meet us;
- From information about you provided to us by your company or an intermediary;
- When you communicate with us in writing, by telephone, fax, website registration, email or other forms of electronic communication. In this respect, we may monitor, record and store any such communication;
- When you complete (or we complete on your behalf) client on-boarding or application or other forms;
- From other companies affiliated to CTCL;
- From your agents, advisers, intermediaries, and custodians of your assets;
- From publicly available sources or from third parties, most commonly where we need to conduct background checks about you.
The categories of personal data we collect
We collect the following categories of personal data about you:
- Your name and contact information such as your home or business address, job title, email address and telephone number;
- Biographical information which may confirm your identity including your date of birth, tax identification number and your passport number or national identity card details, country of domicile and/or your nationality;
- Information relating to your financial situation such as income, expenditure, assets and liabilities, sources of wealth, as well as your bank account details;
- An understanding of your goals and objectives in procuring our services;
- Information about your employment, education, family or personal circumstances, and interests, where relevant; and
- Information to assess whether you may represent a politically exposed person or money laundering risk.
The basis for processing your personal data (other than with your consent), how we use that personal data and whom we share it with
Under laws which are designed to protect your personal data, we need to have what is a called a lawful basis or ground each time we use, share or otherwise process your personal data.
We may rely on one or more of the following lawful basis:
- performance of a contract
- our legitimate interest in the effective delivery of information and services to you
- legal obligation
- if you have agreed (provided your consent) to us processing your personal data for the relevant purpose
(i) Performance of a contract with you
We process your personal data because it is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract.
In this respect, we use your personal data for the following:
- To prepare a proposal for you regarding the services we offer;
- To provide you with the services as set out in our Engagement Letter and Terms of Business with you or as otherwise agreed with you from time to time;
- To deal with any complaints or feedback you may have;
- For any other purpose for which you provide us with your personal data.
In this respect, we may share your personal data with or transfer it to the following:
- Your agents, advisers, intermediaries, and custodians of your assets who you tell us about;
- Third parties whom we engage to assist in delivering the services to you, including subsidiary companies of CTCL and its affiliates;
- Our professional advisers where it is necessary for us to obtain their advice or assistance, including lawyers, accountants, IT or public relations advisers;
- Debt collection agencies where it is necessary to recover money you owe us;
- Other third parties such as intermediaries who we introduce to you. We will wherever possible tell you who they are before we introduce you;
- Our data storage providers.
(ii) Legitimate interests
We also process your personal data because it is necessary for our legitimate interests, or sometimes where it is necessary for the legitimate interests of another person.
In this respect, we use your personal data for the following:
- For marketing to you. In this respect, see the separate section on Marketing below;
- Training our staff or monitoring their performance;
- For the administration and management of our business, including recovering money you owe to us, and archiving or statistical analysis;
- Seeking advice on our rights and obligations, such as where we require our own legal advice.
- In this respect we will share your personal data with the following:
- Our advisers or agents where it is necessary for us to obtain their advice or assistance;
- With third parties and their advisers where those third parties are acquiring, or considering acquiring, all or part of our business.
(iii) Legal obligations
We also process your personal data for our compliance with a legal obligation which we are under.
In this respect, we will use your personal data for the following:
- To meet our compliance and regulatory obligations, such as compliance with anti-money laundering laws;
- As required by tax authorities or any competent court or legal authority.
- In this respect, we will share your personal data with the following
- Our advisers where it is necessary for us to obtain their advice or assistance;
- Our auditors where it is necessary as part of their auditing functions;
- With third parties who assist us in conducting background checks;
- With relevant regulators or law enforcement agencies where we are required to do so.
We will send you marketing about services we provide which may be of interest to you, as well as other information in the form of alerts, newsletters and invitations to events or functions which we believe might be of interest to you or in order to update you with information (such as legal or commercial news) which we believe may be relevant to you. We will communicate this to you in a number of ways including by post, telephone, email or other digital channels.
If you have given consent and you wish to withdraw it at any time, please contact our Data Protection Officer.
Transfer and processing of your personal data outside the European Union
When we transfer any part of your Personal Data outside the EEA or adequate jurisdictions we will take reasonable steps to ensure that it is treated as securely as it is within the EEA or adequate jurisdictions.
These steps include but are not limited to the following:
- Binding corporate rules;
- Model contracts; or
- US/EU privacy shield
For the avoidance of doubt, CTCL transfers your personal data within its network of subsidiaries and affiliates who are subjected to the General Data Protection Regulation. Any further international transfers will be undertaken either in accordance with our Terms of Business or procurement of express consent, the former not requiring the latter.
Retention of your data
We will only retain your personal data for as long as we have a lawful reason to do so.
- Where we have collected your personal data as required by anti-money laundering legislation, including for identification, screening and reporting, we will retain that personal data for between five and seven years after the termination of our relationship, unless we are required to retain this information by another law or for the purposes of court proceedings; or
- Otherwise, we will in most cases retain your personal data for a minimum period of five years after the termination of our contractual or other relationship with you in case any claims arise out of the provision of our services to you.
This Website creates first party cookies as they are specific to the host site that creates them. All the first-party cookies which are created do not store any personal or sensitive information, or anything that makes you personally identifiable to us. They are used for essential functionality such as security when processing form data or for analytics which helps us use anonymous visitor data to gain a better understanding of how people use our Website. For a list of cookies please see the list at the bottom of this page.
You have the right to access your information
Please email CTCL’s Data Protection Officer at email@example.com if you wish to request a Subject Access Request which shows all information we hold about you. This information will be provided to you within 30 days of your request.
Governing Law & Jurisdiction
If you have any questions about how we use your personal data, or you wish to exercise any of the rights set out above, please contact us as follows:
By post: Data Protection Officer, Cavendish Trust Company Limited, 31-37 North Quay, Douglas, Isle of Man, IM1 4LB
By email: firstname.lastname@example.org
By telephone: +44 (0)117 923 0600
You have the right to complain to the ICO if you feel that CTCL has not responded to your requests to solve a problem. You can find their contact details here: https://www.inforights.im/
Effective Date: 25 May 2018
Cookies used on this website:
|wp-settings-3||WordPress||WordPress settings cookie|
|wp-settings-time-3||WordPress||WordPress settings cookie|
|wordpress_test_cookie||WordPress||A cookie to see if cookies work.|
|__utma||Google Analytics||Used to determine unique visitors.|
|__utmb||Google Analytics||Establish and continue a user session with the site. Expires 30 minutes from set/update|
|__utmc||Google Analytics||Google Analytics (GA) is a free service offered by Google that generates detailed statistics about the visitors to a website.|
|__utmv||Google Analytics||Custom tracking infomation.|
|__utmz||Google Analytics||Tracks referrals from other websites.|
For more information about how to control cookies, please visit: http://www.aboutcookies.org/Default.aspx?page=1