This policy summarises the key points about how TSN collects, uses and discloses your personal data.
More information can be provided upon request from our Data Protection Officer. Defined words are in the Appendix at the end of this policy.
WHAT IS PERSONAL DATA?
Personal data is information (including opinions) which relates to an individual and from which he or she can be identified either directly or indirectly through other data which the firm has or is likely to have in its possession. These individuals are sometimes referred to as data subjects.
The firm is the data controller of the personal data we process and therefore is responsible for ensuring our systems, processes, suppliers and TSN Members comply with data protection laws in relation to the information we handle.
All TSN Members must abide by this policy when handling personal data and must take part in any required data protection training. Any breach will be taken seriously and may result in disciplinary action.
We have a Data Protection Officer who oversees compliance with data protection laws and this policy and provides guidance and advice to the firm and TSN Members as required.
COLLECTION, USE AND DISCLOSURE
We collect personal data to provide you with our services. When we require certain personal data from clients it is because we are required by law to collect this information or it is relevant for specified purposes. Any information you provide to us that is not required is voluntary. You are free to choose whether to provide us with the types of personal data requested, but we may not be able to serve you as effectively or offer you all of our services when you do choose not to share certain information with us.
For example, we collect personal data which is required under the law to comply with anti-money laundering regulations. We also collect personal data when you use or request information about our services or subscribe to marketing communications. We may also collect personal data from you offline, such as when you attend one of our events, or when you contact the firm. We may use this information in combination with other information we collect about you as set forth in this Policy.
Data Protection law says that we are allowed to use personal data only if we have a proper reason to do so. The law says we must have one or more of these reasons:
- To fulfil a contract we have with you (i.e. to provide you with our legal and other services), or
- When it is our legal duty, or
- When it is in our legitimate interest, or
- When you consent to it.
When we have a business or commercial reason of our own to use your information, this is called a ‘legitimate interest’. We will tell you what that is, if we are going to rely on it as the reason for using your data. Even then, it must not unfairly go against your interests.
The law and other regulations treat some types of sensitive personal data as special. This includes information about racial or ethnic origin, sexual orientation, religious beliefs, trade union membership, health data, and criminal records. We will not collect or use these types of data without your consent unless the law allows us to do so. If we do, it will only be when it is necessary
HOW YOUR PERSONAL DATA IS USED
Our primary purpose in collecting personal data is to provide you with a secure, smooth, efficient level of service. In general, we use personal data to deliver and improve our services and for anti-fraud purposes. We may use this information in the following ways:
To maintain legal and regulatory compliance
The provision of our services are subject to laws and regulations requiring us to collect and use your personal identification information, formal identification information, financial information, transaction information, employment information, online identifiers, and/or usage data in certain ways. For example, TSN must identify and verify clients using our services in order to comply with anti-money laundering and terrorist financing laws. In addition, we use third parties to verify your identity by comparing the personal data you provided against third-party databases and public records. The consequences of not processing your personal data for such purposes is the termination of your engagement as we cannot perform the services in accordance with legal and regulatory requirements.
To provide TSN’s services
We process your personal data in order to provide the services to you. For example, we require certain information such as your identification, contact information, and payment information. In addition, we may need to provide your personal data to third parties such as banks, estate agents, accountants and other service providers (see transfer to third parties below). We cannot provide you with our services without processing such information.
To provide service communications
We send administrative or account-related information to you to keep you updated about our services, inform you of relevant issues or updates, or provide other transaction-related information. Without such communications, you may not be aware of important developments that may affect how you can use our services.
To provide client care service
We process your personal data when you contact us to resolve any questions, disputes, collect fees, or to troubleshoot problems. Without processing your personal data for such purposes, we cannot respond to your requests and ensure your uninterrupted use of the services.
To ensure quality control
We process your personal data for quality control and staff training to make sure we continue to provide you with accurate information. Our basis for such processing is based on the necessity of performing our contractual obligations with you.
To ensure network and information security
We process your personal data in order to enhance security, monitor and verify identity or service access, combat spam or other malware or security risks and to comply with applicable security laws and regulations. Without processing your personal data, we may not be able to ensure the security of our services and we process this personal data to satisfy our legal obligations.
To engage in marketing activities
Subject to your consent, we may send you marketing communications to inform you about our events or our partner events or to deliver targeted marketing. We use information about your usage of our services and your contact information to provide marketing communications. You can opt-out of our marketing communications at any time.
We will not use your personal data for purposes other than those purposes we have disclosed to you, without your permission. You may opt out of having your personal data shared with third parties, or allowing us to use your personal data for any purpose that is incompatible with the purposes for which we originally collected it or subsequently obtained your authorisation. If you choose to so limit the use of your personal data the provision of our services may not be available to you.
TRANSFER OF DATA TO THIRD PARTIES
We will not share your information with anyone outside TSN except: a) where we have your permission; b) where required to provide you with our services; c) where we are required by law and by law enforcement agencies, judicial bodies, government entities, tax authorities or regulatory bodies around the world; d) with third parties providing services to us, such as professional and expert advisors, insurers, managing agents, estate agents, accountants, or legal professionals in other jurisdictions e) with debt collection agencies; f) with credit reference and fraud prevention agencies; g) where required for a proposed sale, reorganisation, transfer, financial arrangement, asset disposal or other transaction relating to our business and/or assets held by our business; or h) where permitted by law, it is necessary for our legitimate interests or those of a third party, and it is not inconsistent with the purposes listed above.
SENDING DATA OUTSIDE OF THE EEA
We will only send your data outside of the European Economic Area (‘EEA’) to:
- Follow your instructions
- Comply with a legal duty
- Work with our suppliers and partners who help us to provide our services
If we do transfer your personal data outside the EEA to our suppliers and partners, we will make sure that it is protected to the same extent as in the EEA. We’ll use one of these safeguards:
- Transfer it to a non-EEA country with privacy laws that give the same protection as the EEA. Learn more on the European Commission Justice website.
- Put in place a contract with the recipient that means they must protect it to the same standards as the EEA. Read more about this here on the European Commission Justice website.
- Transfer it to organisations that are part of Privacy Shield. This is a framework that sets privacy standards for data sent between the US and EU countries. It makes sure those standards are similar to what is used within the EEA. You can find out more about data protection on the European Commission Justice website.
HOW LONG WE KEEP YOUR PERSONAL DATA
We will keep your personal data for as long as you are a client of TSN. We may keep your data for up to 7 years after you stop being a client. The reasons we may do this are:
- To respond to a question or complaint, or to show whether we gave you fair treatment
- To study client data as part of our own internal research
- To obey rules that apply to us about keeping records
We may also keep your data for longer than 7 years if we cannot delete it for legal, regulatory or technical reasons.
We may on exception retain your information for longer periods, particularly where we need to withhold destruction or disposal based on an order from the courts or an investigation by law enforcement agencies or our regulators. In addition, we may retain your information for a longer period where we view that this may assist in providing you with our services in the future (for example, we may retain copies of title deeds to assist in any property matter in the future) or where we believe that this is required in order to assist in any potential legal action as a result of any extended limitation period for action as provided in the Limitation Act. This is intended to make sure that TSN may be able to produce records as evidence, if they’re needed.
Personal data must be processed in line with individuals’ rights, including the right to:
- access to the personal data we hold about you;
- request that any inaccurate personal data is corrected;
- request that personal data is deleted and destroyed. You may request that we delete your personal data if you believe that: – we no longer need to process your information for the purposes for which it was provided; – we have requested your permission to process your personal data and you wish to withdraw your consent; or – we are not using your information in a lawful manner. Please note that if you request us to delete your information, we may have to suspend the services we provide to you.;
- restrict the processing of your personal data. You may request us to restrict processing your personal data if you believe that: – any of the information that we hold about you is inaccurate; – we no longer need to process your information for the purposes for which it was provided, but you require the information to establish, exercise or defend legal claims; or – we are not using your information in a lawful manner. Please note that if you request us to restrict processing your information, we may have to suspend the services we provide to you;
- data portability. Where we have requested your permission to process your personal data or you have provided us with information for the purposes of entering into a contract with us, you have a right to receive the personal data you provided to us in a portable format. You may also request us to provide it directly to a third party, if technically feasible. We are not responsible for any such third party’s use of your account information, which will be governed by their agreement with you and any privacy statement they provide to you. If you would like to request the personal data you provided to us in a portable format, please contact the Data Protection Officer;
- object to the processing of your personal data. You have a right to object to us processing your personal data (and to request us to restrict processing) unless we can demonstrate compelling and legitimate grounds for the processing, which may override your own interests or where we need to process your information to investigate and protect us or others from legal claims. Depending on the circumstances, we may need to restrict or cease processing your personal data altogether, or, where requested, delete your information. Please note that if you object to us processing your information, we may have to suspend the services we provide to you.
- object at any time to processing of your personal data for direct marketing purposes, including profiling you for the purposes of direct marketing;
- withdraw your consent. Where we rely on your permission to process your personal data, you have a right to withdraw your consent at any time. We will always make it clear where we need your permission to undertake specific processing activities; and
- lodge a complaint with the regulator. If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer who will investigate the matter. We hope that we can address any concerns you may have, but you can always contact the relevant data protection authority. For more information please visit: www.gra.gi.
Should you wish to make a request in line with your rights as an individual, please forward it to the Data Protection Officer email@example.com.
TSN Members must notify or inform the Data Protection Officer immediately if they receive a request in relation to personal data which the firm processes.
If we choose not to action your request we will explain to you the reasons for our refusal.
Information security is a key element of data protection. The firm takes appropriate measures to secure personal data and protect it from loss or unauthorised disclosure or damage.
As effective as modern security practices are, no physical or electronic security system is entirely secure and we cannot ensure that all of your personally identifiable information provided will never be accessed. However, we will use industry standard security measures to ensure that such information is kept as secure as possible.
HOW TO MAKE A COMPLAINT
You should direct all complaints relating to how the firm has processed your personal data to the Data Protection Officer at firstname.lastname@example.org. TSN Members must inform the Data Protection Officer immediately if they receive a complaint relating to how the firm has processed personal data so the firm’s complaints procedure can be followed.
Data Protection Officer, Burns House, 19 Town Range, Gibraltar GX11 1AA
In this Policy, the following terms have the following meanings:-
|“client”||any person or organisation to whom the firm provides a service and who is identified as a client on the firm’s practice management system, regardless of whether time is recorded or a fee is charged;|
|“contact”||an individual who is a contact of the firm, including any client, any potential or former client, any supplier, any consultant, or any another professional advisor and any other contact of the firm;|
|“data”||recorded information whether stored electronically, on a computer, or in hard copy;|
|“data controller”||a person who, or, organisation which, determines how personal data is processed and for what purposes;|
|“Data Protection Officer”||the person designated as the Data Protection Officer of the firm from time to time who can be contacted at Data Protection Officer email@example.com;|
|“individual” or “you”||the person whose personal data is being collected, held or processed;|
|“personal data”||please see the what is personal data section of this policy;|
|“process” or “processing”||any activity that involves use of personal data. It includes obtaining, recording or holding the personal data, or carrying out any operation or set of operations on the data including organising, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transferring personal data to third parties as a result of those third parties having access to it.|
|“TSN Members”||means partners, members, consultants, employees, temporary workers and those on work placements providing services to/working for the firm;|