What is personal data
Personal data is information which relates to an individual and from which he or she can be identified either directly or indirectly through other data which Glaisdale has or is likely to have in its possession. These individuals are sometimes referred to as “data subjects”.
Glaisdale is the data controller of the personal data we process and is therefore responsible for ensuring that our systems and processes comply with data protection laws in relation to the information we handle.
All Glaisdale personnel must abide by this policy when handling personal data and must take part in data protection training.
Glaisdale has a Data Protection Officer who oversees compliance with data protection laws and this policy and provides guidance and advice to the company and its personnel as required.
In addition, Glaisdale has adopted procedures to ensure compliance with our professional responsibilities and the reporting of any failure to comply with legislative requirements including data protection.
Principles of data protection
Glaisdale has adopted principles to govern the collection, use and disclosure of personal data. The data collected must be:
- processed fairly and lawfully and only to the extent required under local law
- obtained for specific and lawful purposes
- kept accurate and up to date
- adequate, relevant and not excessive in relation to the purposes for which it is used
- processed in accordance with the rights of individuals
- kept secure to prevent unauthorised use, loss, damage or destruction.
Finally, the data must not be transferred to or accessed from another jurisdiction where these principles cannot be met.
Collection, use and disclosure
Glaisdale collects personal data and may create data in relation to the provision of corporate and trust services to its clients. The table below shows how we collect and use personal data and the circumstances in which it may be disclosed.
Types of data
- Information processed for relationship management and file opening procedures such as name, residential and business addresses, email addresses and telephone numbers, information about source of wealth, nationality and tax identification numbers together with documentation which identifies the individual.
- Additional personal data will be processed when individuals upload personal data on to any web-based service which we provide to you and may include registration details and login credentials for the individuals who request access to this service.
- Additional personal data may be obtained from publicly available sources, for example, biographies held on the internet on public sites, details of directors held on public company registration websites, names and addresses of individuals held on electoral registers.
- Relationship management and file opening information is collected from you directly and further information (e.g. verifying your identity) may be collected from third parties such as publicly available sources of information.
- It may also be collected via an intermediary that you have appointed for the provision of this information to us.
- Additional personal data may be collected when supplied to us or created by us through a web-based service you are using (e.g. a document production service) or from servers in relation to your use of our digital platform (if applicable).
- Relationship management and file opening data is used for providing our corporate and trust services, administration and as required by law (e.g. to identify and verify our clients for the purposes of detecting and preventing financial crime; to comply with tax regulations that require us to report the tax status of our clients).
- All other personal data will be used for the purposes of providing our corporate and trust services and to comply with our statutory and regulatory obligations.
- In relation to any web-based services we will monitor and record information relating to the use of the services. This may include how and when the system is accessed and how data is uploaded.
- Personal data may be transferred to service providers who support the operation of our business (e.g. our IT supplier may see personal data when providing software support).
- It may be shared with service providers but limited to that required for providing the service for which we have received instructions and under circumstances where it will be adequately protected.
- Personal data may be disclosed to regulatory bodies and law enforcement authorities when we are required by local laws or regulatory procedures to disclose the information.
Individuals have the following rights (noting that they may not apply in all circumstances and some may only be relevant as from 25 May 2018):
- The right to be informed about processing of your personal information
- The right to have your personal information corrected if it is inaccurate and to have incomplete personal information completed
- The right to object to the processing of personal information
- The right to restrict the processing of your personal information
- The right to have your personal information erased
- The right to request access to your personal information and to obtain information about how we process it
- The right to move, copy or transfer your personal information
In addition, individuals have the right to complain to the Information Commissioner of the Isle of Man who has enforcement powers and can investigate compliance with data protection laws. The Information Commissioner’s contact details are as follows:
Telephone: + 44 (0)1624 693260
Address: First Floor, Prospect House, Douglas, Isle of Man IM1 1ET
Retention and security of personal information
We are obliged to keep your personal information for as long as necessary to fulfil the purposes for which it was collected as described above. Following the termination of our relationship with an individual, we are obliged to retain the personal information for periods of time in order to comply with legal and regulatory requirements and in case of any legal claims arising.
We will continue to look after your personal information securely and your rights set out in this privacy notice remain in place until your personal information is safely deleted from our systems.
Security is a key part of data protection and Glaisdale takes appropriate measures to secure personal data and protect it from loss or unauthorised disclosure or damage.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of it when transferred via the internet and any such transmission is at your own risk.