"we", "our" and/or "us"), our website and services. DFK Chancery values client privacy and is dedicated to protecting personal information and providing clients with notice about what
personally identifiable information we collect and how it is used, what choices clients have regarding the collection, use and distribution of that information, the security procedures
we implement to protect that information and what access clients may have to correct any inaccuracies in the information we have collected. By visiting this website displaying this
subject to the DFK Chancery Services Agreement related to the services provided by DFK Chancery.
What this Privacy Notice covers
We gather, store and process personal data in accordance with EU General Data Protection Regulations as implemented and updated from time to time in the Isle of Man.
This Privacy Notice provides an overview of how we do this in the context of the provision of trust and fiduciary services.
In this Privacy Notice "we" or "DFK Chancery" refers (as applicable) to
- Chancery Trust Company Limited; and
- such other companies that are wholly owned direct subsidiaries of Chancery Trust Company Limited who assist in providing trust and fiduciary services.
This Privacy Notice applies to all clients and prospective clients of DFK Chancery and any person whose Personal Data we hold which has been provided to us in the
course of providing our services ("you").
This Privacy Notice covers Personal Data that is held electronically and also applies to well-structured paper-based filing systems.
Explanation of terms used in this Privacy Notice
Client means director or other officer, shareholder, trustee, beneficial owner, beneficiary, potential beneficiary, signatory, partner,
settlor, protector, and/ or any other individual holding a similar position not necessarily defined above.
Managed Entity means any company, foundation, partnership, estate, trust, association (whether incorporated or unincorporated)
or other person or entity in respect of which we provide our services.
Personal Data means any information about an individual from which that person can be identified. It does not include
data where the identity has been removed (anonymous data).
Special Category Personal Data means information revealing racial or ethnic origin, political opinions, religious or similar beliefs,
trade union membership, physical or mental health conditions, sexual life, sexual orientation, biometric or genetic data.
Examples of "Personal Data" and "Special Category Personal Data"
Personal Data: Your name, address, telephone number, date of birth.
Special Category Personal Data: Details of health conditions, political opinions, religious beliefs.
INFORMATION AND DATA SECURITY
It is our policy to protect your right to privacy. We will take all reasonable steps to ensure that adequate technical and operational security measures,
confidentiality obligations and compliance procedures are in place to prevent inappropriate access to, disclosure, alteration or deletion of, Personal Data.
We operate information security policies and guidelines to better safeguard electronic data and information, which may include Personal Data.
In addition, we limit access to your Personal Data to those employees, agents and contractors who have a business need to know.
Our agents and contractors will only process your Personal Data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are
legally required to do so.
TYPES OF PERSONAL DATA COLLECTED
In the course of providing trust and fiduciary services to you, we may process Personal Data and Special Category Personal Data.
This typically includes the following information relating to you:
Information received from you
- Personal contact details such as name, title, addresses, telephone numbers and personal email addresses.
- Date of birth and place of birth.
- Marital status, dependants (name and age) and relations.
- Copies of identification documents, such as passports, utility bills and driving licences.
- National Insurance number, social security number or other national/tax identifier.
- Nationality, tax residence and country of residence.
- Employment details, income and source of wealth.
- Details of investments and assets owned and liabilities.
- Personal details of any agent or attorney.
- Billing information, such as credit or debit card details.
Information received from third parties
- Publicly available information on business and personal associates and assets owned.
- Information from retiring trustees and fiduciaries, such as the personal details listed above.
Information specific to our trust and fiduciary services
We collect and store certain information generated by your use of our services, which includes:
Special Category Personal Data
- Political opinions or religious beliefs available from public sources of information, such as if you are on the board of a religious foundation.
- Information about criminal convictions and offences, which would include publicly available information and suspicious activity reports.
HOW WE COLLECT YOUR PERSONAL DATA
We collect your Personal Data:
- when you seek, or are provided with, information on our services;
- when you apply for our services; and/or
- throughout your relationship with us.
SOURCES OF PERSONAL DATA
We collect your Personal Data:
- directly from you, e.g. in application forms and through information provided during the onboarding process, including background and reference checks; and
- when it is provided to us by a third party, e.g. providers of enhanced due diligence reports and retiring trustees; and
- when information is created as a result of generally providing trust and fiduciary services to you.
HOW WE USE PERSONAL DATA
We are a data controller which means that we are responsible for deciding how we hold and use Personal Data about you.
We may use your Personal Data before, during and after our relationship with you.
We will only use your Personal Data when the law allows us to. Most commonly, we will use your Personal Data in the following circumstances:
- where we need to perform the contract we have entered into with you; and
- where we need to comply with a legal obligation; and
- where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
We may also use your Personal Data in the following situations, which are likely to be rare:
- where we need to protect your interests (or someone else's interests);
- where it is needed in the public interest; and
- where you have given your consent.
Situations in which we will use your Personal Data
We need all the categories of Personal Data described above primarily to allow us to:
- perform our contract with you;
- enable us to comply with legal obligations; and
- pursue legitimate interests of our own or those of third parties, provided your interests and fundamental rights do not override those interests.
The situations in which we will process your Personal Data are listed below. We have indicated from the above list the principal legal basis on which we are
processing or will process your Personal Data, although please note that some of the grounds for processing will overlap and there may be several grounds which
justify our use of your Personal Data. Where the legal basis of legitimate interests is applicable we explain what these are in square brackets.
to confirm and verify your identity and, where applicable, conduct an appropriateness assessment. This may involve the use of other companies or third parties
acting as our or their agents for screening against publicly available information (including law enforcement agency sanctions list/s). (ii)
- to establish and manage the relationship we have with you or the Managed Entity and to provide our services. (i)
to monitor and analyse the conduct of your or the Managed Entity?s accounts and relationship with us to ensure compliance with
our internal policies and/or procedures and to be able to monitor risks and report on them. (ii)
- to carry out business operational and administrative activities, including record keeping and audits. (i)
- to establish and manage the relationships we have with the Managed Entities agents, advisors, intermediaries and custodians of assets. (i)
to carry out statistical and other analysis (including behavioural analysis). (iii) [In order to manage our business and provide the best services to
you we need to understand and analyse their use by you.]
- to comply with any applicable laws and regulations and/or any voluntary code or industry best practice we reasonably decide to adopt. (ii)
to comply with the request or requirement of any court, tribunal, mediator or arbitrator or any regulatory
or governmental authority or taxation authority in any relevant jurisdiction. (ii)
as is reasonably necessary to trace you (for example, if the contact details you have provided to us are no longer correct) or the Managed Entity,
trace debtors and enforce or seek to obtain settlement of amounts owing to us. (iii) [We need to be able to recover monies that you owe to us which may require additional
processing of your Personal Data if, for example, you have moved house without telling us.]
to carry out the detection, investigation and prevention of fraud, tax evasion, money laundering, bribery, corruption, terrorist financing and other crime or malpractice
and oversee and report on such detection, investigation and prevention activities over such matters by us or other third parties. (ii) [In order to protect us and others from
any crime or malpractice we need to be able to process your Personal Data. This may include conducting call backs to confirm instructions and automated and manual transaction
monitoring to prevent fraud and identity theft].
for use in connection with any legal proceedings or regulatory action (including prospective legal proceedings/regulatory action) and for obtaining legal advice or for establishing,
exercising or defending legal rights. (ii) & (iii) [In order to protect our position in relation to any legal proceedings or regulatory action we may need to analyse records including
your Personal Data and share it with our professional advisors, third parties, the courts and regulators.]
Special Category Personal Data
Data processing may include the processing of Special Category Personal Data about you. Such Special Category Personal Data requires higher levels of protection.
We need to have further justification for collecting, storing and using this type of Personal Data. We may process special categories of Personal Data in the following circumstances:
- in limited circumstances, with your explicit written consent;
- where we need to carry out our legal obligations and in line with our data protection policy; and
- where it is needed in the public interest and in line with our data protection policy.
Less commonly, we may process this type of information where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else?s interests)
and you are not capable of giving your consent, or where you have already made the information public.
The most common processing of Special Category Personal Data by us occurs where we record information from public sources about political opinions and religious beliefs that may be
relevant to our assessment of your application or as part of our ongoing monitoring. For example, this might include information about you being on a board of a religious foundation
or being a member of a political party.
Information about criminal convictions
We may only use information relating to criminal convictions and offences where the law allows us to do so. This will usually be where such processing is necessary to carry out our
obligations and provided we do so in line with our data protection policy.
Less commonly, we may use information relating to criminal convictions where it is necessary in relation to legal claims, where it is necessary to protect your interests
(or someone else?s interests) and you are not capable of giving your consent, or where you have already made the information public.
The most common processing of information about criminal convictions and offences by us occurs when we share it for the purposes of the prevention or detection of
crime and anti-fraud purposes, including the making of suspicious activity reports to the appropriate crime agency. We also collect publicly available information on
criminal convictions and offences as part of our assessment of your application and ongoing monitoring.
If you fail to provide Personal Data
If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you, or we may be prevented from complying
with our legal obligations (such as to complete our "know your client" checks).
Change of purpose
We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is
compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, we will notify you in writing and update this Privacy Notice on our website
at: www.chancerytrust.com and we will explain the legal basis which allows us to do so.
Please note that we may process your Personal Data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
We do not envisage that any decisions will be taken about you using automated means, however we will notify you in writing and update this Privacy Notice on our
website at: www.chancerytrust.com if this position changes.
DISCLOSURE OF PERSONAL DATA BY US
Recipients of Personal Data
We (and those parties to whom Personal Data is disclosed) may disclose Personal Data in the situations described above:
- to any other companies which are at the time of disclosure wholly owned subsidiaries of Chancery Trust Company Limited.
to third parties who provide services to us or that act as our (or such companies') agents (or prospective third-party service providers or prospective agents).
Such service providers and/or agents may also disclose such information to their service providers or agents. We, will take all reasonable steps to ensure that the
service provider or agent is subject to appropriate data processing requirements and that they impose such requirements on any of their service providers or agents;
to third parties in connection with a reorganisation (including investment), amalgamation, merger or transfer or sale of all or part of our business, including to
any insurers and professional advisors, and any third parties to whom we assign, transfer or charge our interest in any service provided to you or the Managed Entity;
- to any court, tribunal, mediator or arbitrator or any regulatory or governmental authority or taxation authority in any relevant jurisdiction;
- if we or any person to whom your information is disclosed have a right or duty to disclose it or are permitted (acting reasonably) or compelled by applicable laws and regulations;
- to debt collection agencies, law enforcement agencies and/or fraud prevention agencies;
to our agents, auditors and professional advisors to enable them to process the information in the situations described above as a data processor on behalf of
DFK Chancery and/or as a data controller and to enable them to perform their obligations;
- to insurers and information providers;
- to agents, advisors, intermediaries, bankers, investment houses and custodians of assets of the Managed Entity where necessary to open and maintain accounts; or
- otherwise if you consent to such disclosure.
We will not sell or transfer your Personal Data to any third party for that party to use for direct marketing purposes without your prior consent.
Transfer and processing of your personal data outside of the European Union
When sharing your personal data with third parties as set out in this Privacy Notice, it may be transferred outside the European Union.
In these circumstances, your personal data will only be transferred on one of the following bases:
- the country that we send the personal data to is approved by the European Commission as providing an adequate level of protection for personal data;
- the transfer is to a recipient in the United States of America who has registered under the EU/US Privacy Shield;
- the recipient has entered into European Commission standard contractual clauses with us; or
- you have explicitly consented to the same.
In relation to our website, the website may use "cookie" technology for such purposes as enhancing navigation through the Website and making certain features work better.
Cookies are text files which are commonly deposited by websites on a user's hard drive when the user visits a website. The file identifies a user's computer and can record
the user's preferences and other data about the user's website visit. We do not extract or retain information users during this process and your web browser may enable you to
disable cookies which may result in certain functions not working correctly without it and your experience on our Website may be hindered.
We do not use third-party advertising companies to serve ads on our behalf across the Internet
We will seek your consent should we wish to invite you to certain events organised by ourselves or our associates.
You have the right to withdraw your consent at any time and can do so by contacting us.
MONITORING AND RECORDING COMMUNICATIONS
Telephone conversations with us may be monitored and/ or recorded without use of a warning tone or message to protect both you and us and to help establish facts.
All telephone recordings and other records will remain our property and may be used to help resolve any disagreements between you and us, and to enable us
to comply with our obligations under applicable laws and regulations.
RETENTION OF PERSONAL DATA
We will retain Personal Data for as long as necessary to fulfil the purpose for which it was collected or to comply with legal, regulatory, accounting,
reporting or internal policy requirements. To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity
of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data
and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymise your Personal Data so that it can no longer be associated with you, in which case we may
use such information without further notice to you.
The majority of client records are kept for a minimum of 6 years from the date of closure of the relationship or from the date of a transaction.
We will retain the recordings of telephone conversations as well as records of such electronic and other communications for a minimum of 6 years.
Transcripts of any such recordings will be available to the relevant regulatory authority and to you on request during the retention period.
Records of prospective clients
We will not retain records of prospective clients who do not become clients
Further information on the retention periods of Personal Data can be requested from the Data Protection Officer whose details are below.
YOUR RIGHTS AND DUTIES
Your duty to inform us of changes
It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your Personal Data changes during your relationship with us.
Your rights in connection with Personal Data
Under certain circumstances, by law you have the right to:
request access to your Personal Data (commonly known as a "data subject access request").This enables you to receive a copy of the Personal Data we hold about you
and to check that we are lawfully processing it;
- request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected;
request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it.
You also have the right to ask us to delete or remove your Personal Data where you have exercised your right to object to processing (see below);
object to processing of your Personal Data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular
situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your Personal Data for direct marketing
purposes by writing to us or using any opt-out facility specified by us in the relevant marketing communication;
request the restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of Personal Data about you, for example if you want
us to establish its accuracy or the reason for processing it; and
- request the transfer of your Personal Data to another party (also known as "data portability").
If you want to request the correction, erasure or restriction of the processing of your Personal Data, object to the processing of your Personal Data, or request that we transfer
a copy of your Personal Data to another party, please write to your usual contact or the Data Protection Officer at the address below. Please note that the above rights are not
absolute and we may be entitled to refuse requests where exceptions apply. The exercise of some of these rights may result in DFK Chancery no longer being able to provide a
service to you.
If you want to access your Personal Data, please contact our Data Protection Officer by writing to:
Data Protection Officer
10A Prospect Hill
Isle of Man
You have the right to make a complaint at any time by writing to the Isle of Man Information Commissioner, P.O. Box 69, Douglas, Isle of Man, IM99 1EQ
No fee usually required
You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly
unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other
rights). This is another appropriate security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it.
CHANGES TO THIS PRIVACY NOTICE
We reserve the right to update this Privacy Notice at any time, and we will notify you either in writing or by updating this Privacy Notice on our website at: www.chancerytrust.com when we make any substantial updates.
We may also notify you in other ways from time to time about the processing of your Personal Data.
DFK Chancery is the trading name of Chancery Trust Company Limited which is licensed by the Isle of Man Financial Services Authority.