PRIVACY POLICY – Döhle Group

INTRODUCTION

The Döhle Group respects the privacy of all of its clients, employees and associated parties and is therefore committed to protecting all personal data collected and processed.

We have both a legal and a moral responsibility to ensure that we treat your personal data with the same level of privacy and confidentiality as we expect our own data to be treated and in line with all legal and regulatory requirements.

Although every effort has been made to ensure that this privacy policy is as easy to understand and as ‘jargon’ free as possible, there are times that we must use industry standard wording and if at any point you feel you do not fully understand the contents of this privacy policy or wish to discuss any points with us, please refer to our Glossary (on the right hand side of this page) or you can contact the Döhle Group Data Protection Officer here.

We know that data protection can often be quite a specialist subject and we have tried to make things as simple as possible as part of our obligation to you, to assist you in understanding exactly how and why we process your personal data, furthermore, we must ensure that you are aware of how the Döhle Group holds and processes your personal data.

We believe that the key principles of the data protection regulation are transparency, accountability and security and have therefore worked hard to ensure that all of our processing activities adhere to these principles. For further details on the specific processing activities we carry out as well as the lawful basis under which we process the data, please see the relevant sections of this privacy policy.

For further details on the data processing activities relevant to you, please see the individual privacy pages on the right hand side of this page within the privacy pages section.

Please kindly note that as a business, we process personal data for numerous purposes in order to service the diverse nature of our clients and therefore the processing, collecting, lawful basis of processing, use, disclosure, and retention periods for each purpose may differ.

Who we are

“Döhle Group”, “we, “us” and “our” refers to the Döhle (IOM) Ltd Group of companies and this privacy policy covers all Döhle Group entities, a list of all Döhle Group entities is outlined in our list of Döhle Group data controllers section.

Döhle Corporate and Trust Services Limited is a part of the Döhle Group.

Who you are

When “you” or “your” are used in this privacy policy, we are referring to you as the individual who is the subject of the personal data we hold and process.

DATA SECURITY – TECHNICAL & ORGANISATIONAL MEASURES

Data Security is of the upmost importance to the Döhle Group and to that end, we have put in place appropriate security measures to protect and prevent your personal data from being accidentally lost, used or accessed by any unauthorised parties.

Access to your personal data is limited to authorised employees, insurers, service providers and other third parties who require access for the fulfillment of a contract or agreement or are providing services to you or us.

These third parties will only process your personal data on our instructions and they are subject to a duty of confidentiality and where relevant we ensure that we have legal terms of business and engagements in place between the Döhle Group and these third parties.

YOUR INDIVIDUAL RIGHTS AND HOW TO EXERCISE THEM

You have the legal rights as set out below:

Your right to access personal data

You have the right to request access to your personal data, commonly known as a “data subject access request”. This enables you to submit a request to us for details about all of the personal data we hold about you

To submit a data subject access request, please contact the Data Protection Officer here who can assist and kindly see the data subject access request section below for more information.

Your right to correction / amendment of personal data

You have the right to request correction of any personal data we hold if you believe this personal data is inaccurate or outdated. In those instances we will need to verify the accuracy of the new data you provide to us.

If you wish to correct any data, please contact the Data Protection Officer here who can provide details of what data we currently hold.

Your right to erasure / right to be forgotten

You have the right to request erase of the personal data that we hold about you, commonly referred to as “the right to be forgotten”.  Examples of why you may wish to exercise this right include, but are not limited to;

  • the personal data is no longer necessary in relation to the purposes for which it was originally collected and processed by us;
  • the legal grounds for us processing your data is consent, if you withdraw consent then we have no other lawful basis for the processing;
  • our legal grounds for processing is that the processing is necessary for legitimate interests pursued by us or a third party, you object to our processing and we do not have overriding legitimate grounds;
  • you object to our processing for direct marketing purposes;
  • your personal data have been unlawfully processed; or
  • your personal data must be erased to comply with a legal obligation to which we are subject.

If you wish us to exercise your right to be forgotten, please contact the Data Protection Officer here

However we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request although the most common reasons for this include complying with local or international regulations and requirements in relation to:

  • preventing financial crime, money laundering and the funding of terrorism;
  • identifying politically or commercially exposed persons, or those with a significant exposure to the media;
  • FATCA/CRS (“AEOI”) international tax reporting; and
  • employment law in the relevant jurisdiction.

If you are unsure whether or not we are able to erase your data, please contact the Data Protection Officer here to discuss the matter in greater detail.

Your right to object to processing of personal data

You have the right to object to the processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing.

Please contact the Data Protection Officer here if you wish to discuss this matter in greater detail.

Your right to restrict processing of personal data

You have the right to restrict processing of your personal data which means you are entitled to request suspension of the processing of your personal data in the following scenarios:

(a) if you want us to establish the data’s accuracy;

(b) where our use of the data is unlawful but you do not want us to erase it;

(c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or

(d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

If you wish to exercise this right, please contact the Data Protection Officer here

Your right to data portability

Given the nature of the services that we provide, we currently do not believe that this applies to how we collect and use your personal data, however we are happy to discuss this with you should you feel differently. Please contact the Data Protection Officer here

Your right to withdraw consent

You have the right to withdraw your consent at any time where we are relying on consent to process your personal data.

If you wish to withdraw your consent for any processing please contact the Data Protection Officer here

If you do withdraw consent, please note that this will not affect the lawfulness of any processing carried out before you withdraw your consent.

DATA SUBJECT ACCESS REQUEST

How to make a data subject access request

To make a data subject access request, in the first instance please contact the Data Protection Officer here who can assist you with this process.

You will not have to pay a fee to access your personal data (or to exercise any of your other rights). However, we may charge a reasonable fee if we believe your request is clearly unfounded, repetitive or excessive.

Fees

If we believe that your request is clearly unfounded, repetitive or excessive, we may refuse to comply with your request in these circumstances and will report our reasoning, as well as the details of your request, to the Information Commissioner.

Information we need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Our response

We are required to respond to your request within 30 calendar days of receiving it. We will provide confirmation to you that we have received your request as well as the date we must have to respond by. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and provide you with a reasonable time frame for our response.

Follow up

If you are not happy with our response to your data subject access request you have the right to make a complaint to the Information Commissioner of your relevant jurisdiction. The contact details for the Isle of Man Information Commissioner are detailed below.

CHANGES TO THIS PRIVACY POLICY

From time to time regulations and requirements may change and we may need to update this privacy policy accordingly. To ensure transparency we will always detail when this policy has been updated.

This privacy policy was updated: 01 March 2019

DATA CONTROLLER CONTACT INFORMATION

The contact details for the primary Döhle Group Data Protection Officer are:

Data Protection Officer
Döhle (IOM) Ltd
Fort Anne
South Quay
Douglas
Isle of Man
IM1 5PD

COMPLAINTS TO THE INFORMATION COMMISSIONER

If you are unhappy with our treatment of your personal data, you have the right to make a complaint at any time to the Information Commissioner’s Office in the jurisdiction in which you live or in the jurisdiction in which the data controller operates (if different). The Isle of Man Information Commissioner’s contact details are:

First Floor
Prospect House
Prospect Hill
Douglas
Isle of Man
IM1 1ET

Telephone number: +44 1624 693260

Email address: ask@inforights.im

OTHER INFORMATION COMMISSIONER CONTACT DETAILS

DISCLAIMER

Whilst every effort has been taken to ensure the accuracy of the information on this Website, any and all liability which might arise from your use or reliance on the information or links contained on the Website are excluded.

The content of this privacy policy is provided for general information purposes only, to inform you about the Döhle Group’s data protection activities. It does not constitute legal advice (or any other type of advice) and should not be relied on for this purpose.

This Website contains links to other websites. The Döhle Group does not endorse, and accepts no responsibility or liability for, any material supplied by or contained on any third party website which is linked from or to this Website or any use of personal data by such third party.

This privacy policy is set out primarily in accordance with Isle of Man law in conjunction with the E.U. General Data Protection Regulation.