AT TRILOGY LIMITED, THE PRIVACY AND SECURITY OF OUR CLIENT’S DATA IS OF CRITICAL IMPORTANCE TO US.
Who we are
Data you provide to us
Data collected by our website
Purposes for which we use your data
Retention of personal data
Transfer of data to third parties
1.1. “Personal data” means any information which relates to a living, identifiable person. It can include names, addresses, telephone numbers, email addresses, etc. But it is wider than that and includes any other information relating to that person or a combination of information which, if put together, means that the person can be identified.
1.2. “Processing” covers all activities relating to the use of personal data by an organisation, from its collection through to its storage and disposal and everything in between.
1.3. “Data subject” means the person whose personal data is being processed.
1.4. “Controller” means the person, public authority, agency or other body which determines the purposes and means of the processing of personal data.
1.5. “Processor” means the person, public authority, agency or other body which processes personal data on behalf of the controller.
2. Who we are
Trilogy Limited (‘Trilogy’) together with its associated companies, provides management consulting, tax and accounting services to clients across the world. We operate from the Isle of Man and utilise regulated providers for regulated service provision.
Trilogy is the controller for all personal data processed by Trilogy, staff or other appointed officers. The contact details for our offices can be found. You can also contact our Data Protection Officer, as highlighted in section 10 below.
3. GDPR Principles
Here at Trilogy, we take your privacy very seriously. We will safeguard and utilise any personal data provided to us in accordance with the Principles of General Data Protection Regulation (GDPR, 2018). The six overall principles which apply to the processing of personal data are:
1) Lawfulness, transparency and fairness
2) Purpose limitation:
3) Data minimisation
5) Storage Limitation
6) Integrity and confidentiality
together with the overarching principle of ‘accountability’ which requires us to evidence our compliance with the six principles.
4. Data you provide to us
We collect and process your data for various purposes connected with our services. We collect personal information that is necessary for us to provide contracted services to our clients or otherwise perform the services you have requested from us. We also collect personal information from third parties to allow us to do this. In addition, we may require information from you and from third parties about you to allow us to comply with legal and regulatory compliance obligations.
To allow us to provide our services, we may require the following personal information about the persons connected with any service we provide or entity we provide services to, such as officers, members, trustees, settlors, beneficiaries, beneficial owners and controller. The types of data we collect and process includes:
• Name and Contact details: Information we require for the purposes of managing our relationship, including your name, postal address, email addresses and telephone numbers.
• Due Diligence & Regulatory Details: Information we require to meet our legal and regulatory regulations, particularly anti-money laundering legislation and assessing the risk associated with providing services to you, including:
• Identity information (current and former names, aliases, date of birth, country of birth, place of birth, gender, nationality, copy of your passport and copy of your birth certificate)
• Documents providing proof of your identity and address (e.g. copy of your driving license, government issued documents, bank statements, utility bills, etc).
• Detailed tax status information (your tax domicile, tax identification number, copies of tax returns).
• Proof of the source of your wealth and funds (pension plans, property sales agreements and loan documents).
• Professional background information (including occupation and employment information and details of legal entities you are affiliated with).
• Details of criminal convictions and disqualification, history of bankruptcy and details of investigation by a formal official body.
• Details of involvement in high-risk or high-profile activities.
• Other due diligence information gathered from search engines and social media sites that are available in the public domain.
• Other details: Any other information you provide to us through our relationship.
5. Data collected by our website
5.1 Information collected. To make our Site more useful to you, our servers collect information from you including your IP address (automatically collected), web browser type and version (automatically collected), operating system (automatically collected) and a list of URLs starting with a referring site, your activity on our website and the site you exit to (automatically collected).
5.3 Cookies. ‘Cookies’ are small pieces of information that a website sends to your computer’s hard drive while you are viewing a website. We may use both session Cookies (which expire once you close your web browser) and persistent Cookies (which stay on your computer until you delete them) to improve your experience of using our Site and to ultimately, improve our range of services. Persistent Cookies can be removed by following internet browser help file directions. You may, if you wish, deny consent to the placing of Cookies by amending the privacy settings within your browser; however certain features of our Site may not function fully or as intended.
6. Purposes for which we use your data
When providing services to you, we may use data about you for the following purposes and on the following lawful bases:
Carrying out due diligence and performing risk assessments. Including carrying out standard due diligence, enhanced due diligence, politically exposed person checks and performing risk assessments in relation to your financial standing and eligibility for our services.
Legal and regulatory compliance and compliance with law enforcement requests. Including performing checks and monitoring transactions for the purpose of preventing and detecting crime. Also to comply with laws relating to money laundering, fraud, terrorist financial, bribery, corruption and international sanctions. Also, sharing information with law enforcement and regulatory bodies on suspected financial crimes, fraud and threats.
LAWFUL BASIS FOR PROCESSING
Necessary to comply with legal obligations to which we are subject.Necessary to perform our contract with you.
Our legitimate business interest to assess the risk associated with providing you with our services.Necessary to comply with legal obligations to which we are subject.
Necessary to perform our contract with you.
Managing our business operations
Including maintaining internal records, analysis of financial results, internal audit requirements and receiving professional advice (e.g. legal advice).
Our legitimate business interest to process your personal data in order to manage our business processes. Necessary to perform our contract with you.
Sharing data with entities in our group
Including sharing client records and due diligence.
Our legitimate business interest to utilise existing client records, due diligence and risk assessment information when providing an existing client with alternative services (e.g. tax, accounting, etc).Necessary to perform our contract with you.
Sharing data with other third parties
Including third parties who process data on our behalf. Including, but not limited to, screening service providers, professional advisors, banking, IT service providers and data storage services.
Our legitimate business interest to share your data with trusted third parties who provide us with services relevant to our provision of services to you.
Necessary to perform our contract with you.
Where we process your personal data for a reason not named above, we will ask you for your consent before we process the personal data (these cases will be clear from the consent). Where the legal basis for processing your personal data is that you have provided your consent, you may withdraw your consent at any time. You will not suffer any detriment for withdrawing your consent. If you withdraw consent, this will not make processing which we undertook before you withdraw your consent unlawful.You can withdraw your consent by contacting the Data Protection Officer, whose details are provided in Section 2.
7. Retention of Personal Data
Businesses operating within the Regulated sector and Isle of Man incorporated entities themselves are subject to stringent record keeping obligations under local legislation including the Isle of Man Proceeds of Crime Act 2008 which applies to regulated businesses, VAT legislation and relevant Companies Acts.Furthermore, in order to ensure that the rights and freedoms of our clients, our staff, our business and its Members are safeguarded, we may hold certain information connected to client entities for longer time periods. This is on the basis that it may be required to assist with the mitigation of any future tax or regulatory query into the transactions/affairs undertaken by an entity to which we have provided services.
8. Transfer of data to third parties
We will not share your data with third parties except in specific circumstances. Generally, these circumstances will be to enable us to perform our contract with you (for instance, if you ask us to open a bank account for a legal entity or if you ask us to arrange an incorporation of an entity) or to comply with legal or regulatory obligations.Legal and regulatory obligations include, but are not limited to, completion of the Isle of Man Beneficial Ownership database, completion and filing of a corporate annual return, FATCA / CRS disclosure purposes and registering companies for data protection compliance.Trilogy uses Microsoft to provide certain IT services including Office 365 platform for email and other cloud services. As a result, Microsoft acts as a processor of personal data on our behalf. These services are provided under the data processing agreement and having made due enquiry, we are satisfied that the services provided are GDPR compliant.
9. Your rights
Under GDPR you have the right to expect us to handle your data sensitively, in accordance with the Principles set out in Article 5 of the Regulations which can be found at.Details of your rights under GDPR are detailed in Chapter 3 – Articles 12-23 which can be found at https://gdpr-info.eu/chapter-3/.
Right of access
You have the right of access to your personal data and can request copies of it and information about our processing of it.Right of rectification. If the personal data we hold about you is incorrect or incomplete, you can ask us to rectify or add to it.
Right of Erasure
You have the right to ask us to erase your personal information in certain circumstances, for example where you withdraw your consent or where the personal information we collected is no longer necessary for the original purpose. This will need to be balanced against other factors however. For example, we may have regulatory and/or legal obligations which mean we cannot comply with your request.
Where we are using your personal data with your consent, you can withdraw your consent at any time.Right to restrict. You can ask us to restrict the use of your personal data if:
* It is not accurate.
* It has been used unlawfully but you do not want us to delete it.
* We do not need it any more but you want us to keep it for another use.
* You have already asked us to stop using your data but you are waiting to receive confirmation from us as to whether we can comply with your request.
If you wish to exercise your rights, please contact the Data Protection Officer.
If you wish to make a formal complaint concerning our conduct then you should contact the Isle of Man Information Commissioner, whose contact details are below:
Isle of Man Information Commissioner
First Floor, Prospect HouseDouglas, Isle of ManIM1 1ET
Tel: +44 1624 693260
We would, however, appreciate the chance to deal with your concerns before you approach the Isle of Man Information Commissioner so please contact us in the first instance.
10. Contact us
If you are unsure about any aspect of this notice, have any questions or wish to exercise your right, please contact our Data Protection Officer (DPO) using the details below.Data Protection Officer email firstname.lastname@example.org
We may update this notice (and any supplemental privacy notice) from time to time. We will notify you of the changes where required by applicable law to do so.
By Chris NichollsDownload