WHO WE ARE
In this Privacy Notice references to “we” or “us” or “Sanctuary” are references to Sanctuary Trust Limited of 24 Athol Street, Douglas, Isle of Man IM1 1JA.
You can contact us by:
Post: 24 Athol Street, Douglas, Isle of Man IM1 1JA
Telephone: 01624 620212
This Privacy Notice describes what personal information we may collect from you and about you and describes how and why we use your personal information. We are committed to ensuring that your data and privacy are protected and the information that we hold is secure and in line with the General Data Protection Regulations 2018.
Sometimes we request and hold personal information because we need it for our own purposes (for example to satisfy our regulatory anti-money laundering requirements), we will be the “data controller” of that personal information. Other times we process personal information on behalf of our clients (for example where we maintain a register of members for a company), we will be the “data processor” of that personal information. As a data controller, we must provide information to you about what we do with your personal information.
The data protection supervisory authority in the Isle of Man is the Isle of Man Information Commissioner, whose website is: www.inforights.im
We have appointed a data protection officer to oversee our handling of personal information. If you have any questions about how we collect, store or use your information, you may contact our Data Protection Officer at the addresses above. If you have any complaints regarding our use of your personal information, you can in the first instance contact our Data Protection Officer, at the above address, who will do his best to resolve the matter. If this fails, you can complain to the Isle of Man Information Commissioner at the website address above or by telephone +44(0)1624 693260.
WHAT DATA WE COLLECT AND WHY
The personal information that we collect will depend on our relationship with you and the services we provide.
We collect personal information that is necessary for us to provide corporate and trust administration services to our clients or otherwise perform the services you have requested from us. We also collect personal information from third parties to allow us to do this. In addition, we may require information from you and from third parties about you to allow us to comply with legislation and regulations that apply to us – examples of this may be for anti-money laundering purposes.
If you provide personal information to us about other people (e.g. officers and members of a company) you must provide them with a copy of this Privacy Notice and obtain their consent as required for the processing of that person’s information in accordance with this Privacy Notice.
To allow us to provide services, we may obtain and hold the following personal information about the persons connected with any services we provide or entity we are to administer, such as officers, members, trustees, settlors, beneficiaries, ultimate beneficial owners and controllers:
1. name, date of birth, address and telephone number;
3. relationship to the company or trust or services provided;
4. identification information such as national insurance number, passport number or driving licence number;
5. job title or other information about that person’s job;
6. information relating to the advice that is requested or the services that we are providing;
7. financial information such as financial history and needs, income, bank details, payment details and information obtained as a result of our credit checks;
8. we may carry out credit and regulatory checks and these may be carried out by third parties on our behalf;
10. technical data including IP address, login data, browser type and setting, and the devices you use to access the website;
11. information captured during telephone calls;
12. marketing preferences.
Special categories of personal data
- Information relating to criminal sanctions (including offences and alleged offences and any caution, court sentence or criminal conviction).
WHEN WE OBTAIN YOUR PERSONAL DATA
We collect personal information from a number of different sources including:
- directly from you or from someone else on your behalf;
- via publicly available sources such as internet search engines and social media sites;
- through customer satisfaction surveys and market research;
- from credit reference agencies and fraud prevention databases and sanctions screening;
- from government agencies including tax agencies and agencies that issue identification documentation.
WHAT IS THE LEGAL BASIS FOR PROCESSING DATE
We will rely on the following legal grounds to process personal information about you:
- the processing is necessary to perform our contract with you;
- where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;
- where we have a legal or regulatory obligation to use such personal information, and it is necessary to process your personal information to comply with such;
- where the use is necessary to establish, exercise or defend our legal rights;
- where you have provided your explicit consent to our use of your personal information.
CHANGE OF PURPOSE
We will only use your personal information for the purposes for which we collect it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal information without your knowledge or consent, where this is required or permitted by law.
HOW WE SHARE YOUR PERSONAL INFORMATION
We may share your personal information with subsidiaries of Sanctuary or with third parties for the following administrative purposes:
- providing you with products and services and notifying you about either important changes or developments to the features and operation of those products and services;
- responding to your enquiries and complaints; and
- IT and hosting services.
Your personal information might be shared for our general business administration purposes or for the prevention and detection of fraud.
We also disclose your information to the third parties listed below for the purposes described in this Privacy Notice. This might include:
- fraud detection agencies and other third parties who operate and maintain fraud detection registers;
- our regulators;
- the police and other third parties or law enforcement agencies where reasonably necessary for the prevention or detection of crime;
- our insurers;
- industry bodies;
- banking and investment accounts;
- debt collection agencies;
- credit reference agencies;
- credit card scheme providers (e.g. Visa or MasterCard);
- our third party services providers such as IT suppliers, auditors, lawyers, accountants, outsourced compliance providers, marketing agencies, document management providers and tax advisers;
- selected third parties in connection with the re-organisation, sale, transfer or disposal of our business.
HOW LONG DO WE KEEP YOUR DATA FOR?
We will only store your personal information for as long as reasonably necessary to fulfil the purposes set out in this Privacy Notice and to comply with our regulatory and/or legal obligations.
We have a detailed retention policy in place setting out the length of time we keep different types of information. If you require further information in relation to this, please contact us at firstname.lastname@example.org.
YOUR DUTY TO INFORM US OF CHANGE
It is important that personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.
ACCESS TO YOUR INFORMATION AND CORRECTION
You have the right to request a copy of the information that we hold about you. If you would like a copy of some or all of your personal information, please email or write to us. We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate.
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have business need to know, they will only process your personal information on our instructions and they are subject to a duty of confidentiality. Details of these measures may be obtained from our Data Protection Officer.
SECURITY OF YOUR DATA
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a breach where we are legally required.
We use firewalls to block unauthorised traffic to the servers and the actual servers are located in a secure location which can only be accessed by authorised personnel. Our internal procedures cover the storage, access and disclosure of your information.
Within Sanctuary, we restrict access to your information as appropriate to those who need to know that information for the purposes set out above.
Our website contains links to other websites. This privacy notice only applies to this website so when you link to their websites you should read their own privacy notices.