Privacy Statement & Disclaimer
lmperium Trust Company Limited
Introduction
At Imperium Trust Company Limited (“Imperium”) we are committed to safeguarding and preserving, as far as we can, the privacy of your personal information. In this document, we explain how and why we use your personal data during and after your relationship with us. We also tell you about your rights and how we can help you exercise those rights if you decide to do so.
To make it easier for you to quickly find the sections we believe are most likely to be your key concerns, we have highlighted those sections in blue.
If you have any questions about this privacy statement or how we use your personal information then please contact our data privacy manager. Our data privacy manager can be reached in person at our office or by emailing Rhona.humphreys@imperiumtrust.com.
This document applies to all current and former clients including beneficial owners of companies, settlors, protectors and beneficiaries of trusts and any other parties on whom we hold data for entity administration purposes (clients).
This statement does not form part of any other contract to provide services.
1. Who decides how we use your information
Imperium Trust Company Limited is a “data controller”. This means that we are responsible for deciding how we use the personal information we have about you. We are required under data protection legislation to notify you of the information contained in this privacy statement. Our address is St Peter’s House, Le Bordage, St Peter Port, Guernsey, GY1 3DS and our telephone number is +44 1481 728380.
2. Data Protection Principles
To understand how and when we can use your personal information, it may help you to know about the data protection principles. We must comply with the principles whenever we use your personal information.
Your personal information must be:
- used lawfully, fairly and in a transparent way;
- collected only for valid purposes that we have clearly explained to you and not used in any way that is compatible with those purposes;
- relevant to the purposes we have told you about and limited only to those purposes;
- accurate and kept up to date;
- kept only as long as necessary for the purposes we have told you about; and
- kept securely.
Not only must we comply with data protection law, we must also be able to demonstrate we do so. You can use your rights (outlined below) to check that we are using your personal information properly.
3. The kind of information we hold about you
When we talk about “personal data” or “personal information”, we mean any information about you from which you can be identified. So it means more than just your name and covers a much wider range of information about you. However it does not include data where the identifying factors have been removed (anonymous data) meaning that you could not be identified any longer from that data.
As a result of us engaging you as a client we are going to know both general information and possibly more sensitive types of information about you. This sensitive personal data (called “special category data”) requires a higher level of protection.
To give you an indication of the type of information about you we collect, store, and use, please see the table below. If we use other types of personal information, we will use that information in accordance with this privacy statement. The information we use about our clients may be:
- Personal contact details such as name, title, addresses, telephone numbers, and personal email addresses
- Date of birth
- Gender
- Marital status and dependents
- Bank account details and tax status information
- Social Security Number/ Tax Number
- Copy passport, Driving Licence and/or any other identity documents
- Personal wealth information including value and how/where earned/obtained
- Copy of Utility Bills or other similar proof of address/residence
- Background checks including open source data or specifically commissioned reports from reputable providers.
We may also collect, store and use the following special categories of more sensitive personal information:
- information about your criminal record (including court proceedings and alleged offences)
4. How we collect your personal information
We collect personal information about our clients through the application process, either directly or sometimes from guardians or third parties. We may sometimes collect additional information from third parties including named referees or background check providers such as Refinitiv, Risk Screen and Compliance Assist.
We may collect additional personal information in the course of client administration which will also be held on these conditions.
5. Your personal information
We need to share some of your personal information among those employed by us, or who help us run our business, in order for our business to function. However we ensure that all of our staff are trained in handling personal data and understand the importance of keeping it appropriately secure.
6. Why we use your personal information and why we are allowed to do so
In general terms, we use your personal information in connection with your engagement of Imperium per the letter of engagement. Often this information is used to allow us to perform our side of the contract for services and to facilitate you liaising with us. As we are a regulated financial services business, some of your personal information will be provided to third party service providers to allow them to provide services to entities we administer on your behalf or with which you have an interest, (i.e. banks/ investment houses) or to the regulator in order to comply with regulatory obligations. We also have to use your information to comply with legal duties required of us, for example in relation to FATCA and or CRS reporting obligations and other requests under local laws.
While we use your personal information, we will only do so when the law allows us to. The legal grounds that allow us to use your personal information are:
- where we need to perform the contract we have entered into with you or a third party representing you;
- where we need to do so in order to exercise our legal rights and powers or where we have to do so in order to comply with a duty imposed on us by law or by a court;
We may also use your personal information in the following situations, which are likely to be rare:
- where we need to protect your interests (or someone else’s interest);
- where it is needed in the public interest.
More information about why and how we use particularly sensitive personal information
Some information we have about you will be more sensitive, being information about your criminal record. We have to tell you exactly which part of the data protection legislation allows us to use this sensitive information and we are doing that here.
We process your sensitive information:
- so that we can exercise our rights or powers given to us by law in connection with your engagement of us;
- so that we perform or comply with any duty on us in connection with your engagement of us;
- where we need to carry out our other legal obligations;
- where we need to do so in order to get legal advice or to establish, exercise or defend our legal rights.
Less commonly, we may process your sensitive information where:
- you have given your explicit written consent to us doing so. This will be rare;
- it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public.
When do we have “legitimate interests”?
As mentioned above, we can, sometimes, use your personal information where this is necessary for our legitimate interests (or those of a third party).
This includes where use of your personal information is necessary to:
- ensure effective administration and management of your engagement of us;
- ensure management of the business and effective business continuity;
- fulfil the contractual obligations we have in relation to our clients and client entities;
- enable third parties (such as banks) to act on our instructions so that client work can be serviced;
- ensure our assets are protected, kept confidential and not used for inappropriate or unlawful purposes.
Do we need your consent?
In nearly all cases, we do not need your consent to use your personal information and this has been provided through our application process. In limited circumstances, we may approach you for your written consent to allow us to process certain data. If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent.
Situations in which we will use your personal information
Set out below is a list of the situations in which we will process your personal information. We have tried to make it as complete as possible but there may be other situations that we have not foreseen. We use your personal information when we are:
- making a decision about your ability to enter into a contract for services with us;
- administering the contract we have entered into with you;
- undertaking business management and planning, including accounting and auditing;
- opening bank accounts or other third party accounts for entities we administer;
- completing tax reporting obligations;
- preventing fraud.
Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information.
If you fail to provide personal information
You are required by law and contract to provide us with information if you wish us to engage with you or someone linked to you, to provide administration services. We do need your information in order to perform the contract we have entered into with you and also to meet legal requirements placed on us under a number of Guernsey laws including the Guernsey regulatory regime applicable to financial service businesses and in connection with the duties imposed on us as a licenced fiduciary. If you fail to provide certain information when requested, we will not be able to perform the contract we have entered into with you and we will terminate our business relationship.
Using your information for different purpose
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal information without your knowledge or consent where this is required or permitted by law.
7. Data Sharing
We may share your data with third parties, including third-party service providers, when we are required by law to do so, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so. We require third parties to respect the security of your data and to treat it in accordance with the law.
The “third party service providers” that we share your personal information with are as follows:
- providers assisting with our compliance obligations including undertaking background checks (including criminal checks) on people who work for Imperium. Currently these providers are Risk Screen, Compliance Assist and from time to time Refinitiv.
- Banks, Investment Houses and other professional organisations whom we engage to undertake work for the entities we administer on your behalf.
All our third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to use your personal data for specified purposes.
We may share your personal information with other third parties, for example in the context of the possible sale or restructuring of the business. We may also need to share your personal information with a regulator or to otherwise comply with the law.
Transfers across borders
We transfer some of your personal information to the UK in order to allow the background check to be undertaken on you (by Compliance Assist and Risk Screen). Guernsey recognises that the UK has data protection laws that are equivalent to those in Guernsey.
Where your role means we transfer your information to banks or third party service providers, those banks or other third parties can be based all over the world; some are in Guernsey, some are in jurisdictions with data protection legislation just as good as Guernsey’s (such as the EU or any country deemed to have adequate data protection laws by the EU) and some are in jurisdictions with weaker data protection legislation meaning your data could not be so well protected there.
To ensure that when we transfer your data outside Guernsey your personal information receives an adequate level of protection, we consider where that data is going and, if it is going to a country with weaker data protection laws, we put appropriate measures in place so that your personal information is treated by those third parties in a way that is consistent with ad which respects the EU or Guernsey laws on data protection. Usually this will mean that our contract with the third party will include certain specific clauses which have been approved by data protection authorities as providing sufficient protection for your data. If you want further information about these protective measures or would like a copy of a relevant part of the safeguarding document, you can request it from the data privacy manager.
8. Data Security
We have put in place measures to protect the security of your information. Details of these measures are available from the data privacy manager. Those security measures include measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
Third parties will only process your personal information where they have agreed to treat the information confidentially and to keep it secure.
We have put in place procedures to deal with any suspected data security beach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
9. How long will we keep your information?
We will only retain your personal information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements. You can find our more details of the retention period by looking at our retention policy that is available from the data privacy manager.
When we decide how long to keep your data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means and the applicable legal requirements.
In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. Once you have ceased to be our client we will retain and securely destroy your personal information in accordance with our data retention policy.
10. Your Rights
You have rights in relation to how we use your data and it is important that you know about them. So we have set them out below and, if you decide to exercise those rights, we will help you to do so.
Your rights of access, correction, erasure and restriction
Under certain circumstances, by law you have the right to:
- request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected;
- request erasure of your personal information. This enabled you to ask us to delete or remove personal information where there is no good reason for us continuing to have it.
You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below);
- object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to using your information on this ground. (You would also have the right to object if we were using your personal information for direct marketing purposes but we do not do so);
- request the restriction of processing of your personal information. This enables you to ask us to suspend the use of personal information about you, for example if you want us to establish its accuracy or the reason for using it.
- request the transfer of your personal information to another party;
- where you have required us to rectify, erase or restrict processing of your personal data, you have a right to receive the following notifications from us:
- where we have disclosed your information to another person we must notify you of the identity and contact details of that other person should you so request; and
- before lifting or otherwise ceasing a restriction on using your information, we must inform you that this is going to happen.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact the data privacy manager in writing.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.
Right to withdraw consent
In the limited circumstances where you may have provided your consent to the use of your personal information for a specific purpose, you have the right to withdraw your consent for that specific use at any time. To withdraw your consent, please contact our data privacy manager. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another lawful basis for doing so.
If the data is held under contract, and we are required to hold it by law in order to fulfill the services, you are not able to withdraw consent.
Right to complain
If you consider that we have breached (or are likely to breach) your data protection rights then you can make a complaint in writing to the Data Protection Authority in Guernsey. The Data Protection
Authority’s website is www.odpa.gg where you can find their phone and email contact as well as their address should you want to write to them or visit them in person. You also have rights to appeal to court if the Data Protection Authority fails to notify you of its investigation or process and you can also appeal against the Data Protection Authority’s determination of your complaint.
Other rights
In addition to the rights referred to above, you also have the right to object to processing undertaken on the grounds of public interest or for historical or scientific purposes. However, we do not undertake such processing.
You have the right not to be subject to decisions based on automatic processing. We do not make decisions based on automatic processing.
11. Data Privacy Manager
Although we do not have a statutory data protection officer, we have appointed a data privacy manager to oversee compliance with this privacy statement. If you have any questions about this privacy statement or how we handle your personal information, please contact the data privacy manager. At the date of this privacy statement the data privacy manager is Rhona Humphreys (email Rhona.humphreys@imperiumtrust.com).
12. Changes to this Privacy Statement
As the way data is used can change, we reserve the right to update this privacy statement at any time. However, we will tell you when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.
If you have any questions about this privacy statement, please contact the data privacy manager.