The personal data we collect or receive include the following as applicable:
- Contact details (includes names, addresses, email, phone and other contact details)
- Information required for legal and regulatory requirements including but not limited to anti-money laundering regulation (Date of birth, Passport / Identity card, utility bills, other proof of residential address, sources of funds, sources of wealth)
- Information provided during the provision of audit, accounting, tax and advisory services (Bank details, Social insurance numbers, tax numbers and other tax related information, contracts, transaction data, title deeds, supplier and customer details, invoices, payroll information, employee details). Please note this list is not exhaustive.
- Any other information you may provide to us
We may obtain your personal data from the following sources (please note that this list is not exhaustive):
- You (e.g. a Curriculum Vitae, email, in-person meeting)
- An associate (e.g. lawyers, administrator service providers)
- Existing clients
- The public domain
- Conversations on the telephone or video conferencing
- Notes following a conversation or meeting
- Our contact form on our website
If we have obtained your personal data from a third party such as an associate, it is our policy to advise you of the source when we first communicate with you.
How we will use your personal data:
The processing of your personal information may include:
- Collecting and storing your personal data, whether in manual or electronic files
- Processing and storing of your data in accordance with Anti Money Laundering (AML) requirements, Know Your Client (KYC) and Customer Due Diligence (CDD) requirements and other relevant legal and statutory requirements for a minimum of 6 years even after our client relationship ends
- Submission on your behalf of tax returns, VAT returns and other regulatory, legal or statutory requirements
- Providing information to your bankers, tax authorities, regulatory authorities or statutory bodies, and legal or other professional advisers
- To remind you of important tax and other deadline reminders
- Retaining a record of our correspondence
- For the purposes of backing up information on our computer systems
Why we process your personal data:
- Entering into and performing a contract with you:
In order to provide our Services, we may enter into a contract with you and/or a third party. In order to enter into a contract, we will need certain information, for example your name and address and contact details. A contract will also contain obligations on both your part and our part and we shall process your data as is necessary for the purpose of those obligations. For example, in order to process post accounting entries with regards to payments your bank statement and other supporting evidence such as invoices, supplier lists will be required. To process payroll entries, social insurance numbers and bank details will be required.
- Compliance with legal obligations (regulatory and statutory obligations)
We must comply with a number of statutory, legal and regulatory provisions when providing our Services, which necessitate obtaining and processing of personal data. These include the Companies Law Cap. 113, The Auditors Law of 2017 (L.53(I)/2017), Prevention and Suppression of Money Laundering Activities Law, the EU 4th Anti Money Laundering Directive which amongst other things requires us to obtain, process, review and store personal data for prospective, existing and past clients for a specified period of 5 to 6 years.
We are also required to comply with statutory and regulatory obligations relating to business generally, for example tax, bribery and fraud/crime prevention legislation, and co-operating with regulatory authorities such as the Registrar of Companies and ICPAC.
- Our legitimate interests (carrying on the commercial activity of our Services):
In providing our Services, we will carry out some processing of personal data which is necessary for the purpose of our legitimate interests, which include:
- Using your personal data:
- to contact you regarding our Services (only with your explicit consent)
- to create a risk profile for compliance with applicable anti-money laundering legislation
- to continually improve our services offered to you
- as otherwise necessary to provide our Services and
- to personalise your experience and our offering, whether via our website or otherwise
- Retaining records of our dealings and where applicable, use such records for the purposes of:
- establishing compliance with regulatory, legal and statutory obligations
- addressing any query or dispute that may arise including establishing, exercising or defending any legal claims
- protecting our reputation
- maintaining a backup of our system, solely for the purpose of being able to restore the system to a particular point in the event of a system failure or security breach
- evaluating quality and compliance including compliance with this Privacy Notice
- determining staff training and system requirements
- For our commercial viability and to pursue these legitimate interests, we may continue to process your personal information for as long as we consider reasonably appropriate for these purposes.
We may process your personal data on the basis that you have consented to us doing so for a specific purpose, for example, if you have provided your contact details in order that we may use these to provide you with details of our services you may have consented to our processing of the data for that purpose. In other cases, you may have provided your written or verbal consent to the use of your data for a specific reason, for example provide information to your personal banker.
You may withdraw your consent to our processing of your personal data for a particular purpose at any stage. However, please note that we may continue to retain, or otherwise use your personal information thereafter where we have a legitimate interest or a legal or contractual obligation to do so. Our processing in that respect will be limited to what is necessary in furtherance of those interests or obligations. Withdrawal of consent will not have any effect on the lawfulness of any processing based on consent before its withdrawal.
What if we obtain your personal data from a third party?
Part of our business activity involves researching information for the purposes of Know Your Customer and Anti Money Laundering procedures. This may include obtaining personal data from various sources including AML databases, some information being publicly available but others being from sites or providers to which we may subscribe to. We might also obtain information about you from our associates as part of our relevant anti-money laundering procedures and for the provision of our services.
Where information from third party sources is of no use to us we shall discard it, however we may maintain a limited record in order to avoid the duplication of process. Where we consider that information may be of use to us in pursuance of the provision of our Services, any processing will be in accordance with this Privacy Notice. You do have the right to object to processing, please see Section 4 ‘Your rights’.
Sensitive Personal Data (SPD)
Sensitive personal data is information which is intensely personal to you and is usually irrelevant to our dealings with you in respect of our Services. Examples of SPD include information which reveals your political, religious or philosophical beliefs, sexual orientation, race or ethnic origin, or information relating to your health.
Regardless of the basis for your dealings with us, we request that you do not provide us with any sensitive personal data unless absolutely necessary. We do not hold or process sensitive personal data, however, to the extent that you do provide us with any sensitive personal data, such as data which you choose to share with us in conversation, we shall only use that personal data for the purposes of our relationship with you or for the provision of our Services.
Who we share personal data with:
We shall not share your personal data unless we are entitled or authorised to do so. The categories of persons with whom we may share your personal information include:
- Your personal banker, lawyers and other third parties necessary for the provision of our Services
- Any regulatory authority or statutory body pursuant to a request for information or any legal obligation which applies to us
- Parties who may process data on our behalf, which may include
- associates involved in provision of our Services
- IT support
- software vendors for technical support
- storage service providers including cloud providers
- Legal and professional advisers