Collection of personal data
When providing fiduciary services to you, our policy is to collect only the personal data necessary for agreed purposes and as required under the relevant Anti-money laundering regulations. Throughout this data collection process and the course of the business relationship we will only ask you to provide personal data to us where it is strictly needed for these purpose and will only use your personal data when the law allows us to.
Most commonly, we will use hold and process your personal data in the following circumstances:
- providing fiduciary (corporate and trust) services;
- arranging insurance services;
- providing chartering and broker services;
- providing accounting and bookkeeping services;
- providing yacht management services;
- buying, selling and financing of ships/yachts/aircraft or other luxury assets; and
- liaising with other professional service providers or suppliers on your behalf.
Most frequently we will use your personal data to discharge our contractual obligations.
The types of personal data processed by us in relation to the services we provide are usually limited to:
- personal details such as name (including prior or aliases if applicable), age, date of birth, gender, residential address;
- contact details such as email address, contact number, postal address;
- financial details such as bank account, salary, estimation of total net worth, details of your wealth and the source of its origin, tax status and tax reference details;
- languages spoken for contact purposes; and
- job details such as current position, shareholdings and positions within other entities.
Lawful basis: Contractual obligation, legal obligation and legitimate interest
Special categories of personal data
In certain instances we may process special categories of personal data and we believe this would be limited to:
- medical data such as any current or past illness or disability; and
- medical data for the purpose of assisting insurance intermediaries or insurers to process a health insurance claim for crew/passenger of a ship
Lawful basis: Explicit consent
We would only process details of any medical injuries or disabilities in the event of such injuries or disabilities directly impact the services we provide to you your ability to instruct us.
Personal data relating to criminal convictions and offences
As part of the recruitment process we will undertake and process personal data relating to criminal convictions and offences which include background and criminal history.
We carry out criminal records checks for the following purposes:
- to ensure an individual is eligible to work for us and potentially hold the position they are applying for;
- to establish whether an applicant has committed an unlawful act or been involved in dishonesty, malpractice or other seriously improper conduct; and
- to comply with government and public sector clearance requirements.
Lawful basis: Legal obligation and legitimate interest
These checks are carried out to ensure we comply with our legal obligation to ensure an individual is eligible to work in the country and industry and are for our own legitimate interest to ensure any potential employees have no previous convictions or committed any offences.
3rd party intermediaries
When and how we share personal data and who we share it with
The personal data held by us for Corporate and Trust clients are held on a shared system between the following fiduciary service providers within the Döhle Group:
|ISLE OF MAN||Döhle Corporate and Trust Services Ltd|
|MALTA||DCTS (Malta) Ltd | Döhle Services (Malta) Ltd|
The personal data is stored on a centralised system accessible by authorised persons of the fiduciary service providers only. Your personal data is not accessible by any other member of the Döhle Group other than for IT maintenance and support purposes.
Döhle Corporate and Trust Services Ltd is the data controller of all of the data held on the centralised system: ViewPoint.
However throughout the course of business, we may utilise the services of third party agents or service providers to ensure that we are able to fully service you as a client or meet certain regulatory and legal requirements.
As well as third-party services providers, the Döhle Group has a legal obligation to share information with certain public authorities, such as:
- tax and VAT authorities;
- regulatory authorities;
- law enforcement agencies;
- ship, yacht and aircraft registries; and
- company registries.
Lawful basis: Legal obligation
In some cases, your personal information will be shared with organisations outside of the Döhle Group in order to obtain specialist or professional services that are necessary for the services we provide. These include:
- professional advisers, such as accountants, lawyers, agents and brokers;
- banks or other financial institutions;
- due diligence screening agencies; and
- services provided by our external cyber security partner company
Lawful basis: Legitimate interest
All of the external organisations listed above have their own legal obligation to comply with privacy and data protection legislation and may also operate under a professional duty of confidentiality due to the type of service they provide. They have their own privacy policies that provide information about how they use your information.
If you wish to find out more about the organisations your data has been shared with, you can do so by contacting the Data Protection Officer here
To determine the appropriate retention period for personal data, we consider the minimum legal requirement nature, scale and complexity of the personal data we hold and weigh this against the potential risk of harm from unauthorised use or disclosure of your personal data.
Personal data may be held for longer periods where extended retention periods are required by law or regulation and in order to establish, exercise or defend our legal rights.
Please contact the Döhle Group Data Protection Officer if you to discuss our Data retention policy with us here