Privacy Policy

In this Privacy Policy references to “we” or “us” or “Boston” are references to Boston Limited of 2nd Floor, St Marys Court, 20 Hill Street, Douglas, Isle of Man IM1 1EU and/or Boston Trust Limited of Regent House, 52, 5th Floor, Bisazza Street, Sliema, SLM1640. “Boston Group” means the group of companies, partnerships, subsidiaries and other entities carrying on business under the name “Boston” (or such other names as may be adopted from time to time).

You can contact us by:

Post: 2nd Floor, St Marys Court, 20 Hill Street, Douglas, Isle of Man IM1 1EU (Isle of Man) or Regent House, 52, 5th Floor, Bisazza Street, Sliema, SLM1640 (Malta).

Telephone: 01624 692930 (Isle of Man) or 00356 2226 0003 (Malta).

Isle of Man office: compliance@bostonmfo.com

Malta office: maltadpo@bostonmfo.com

This Privacy Policy describes what personal information we may collect from you and about you and describes how and why we use your personal information.

Sometimes we request and hold personal information because we need it for our own purposes (for example to satisfy our regulatory anti-money laundering requirements), we will be the “data controller” of that personal information. Other times we process personal information on behalf of our clients (for example where we maintain a registers of members for a company), we will be the “data processor” of that personal information. As a data controller, we must provide information to you about what we do with your personal information.

The data protection supervisory authority in the Isle of Man is the Isle of Man Information Commissioner, whose website is: www.inforights.im. The data protection supervisory authority in Malta is the Information and Data Protection Commissioner, whose website is: www.dataprotection.gov.mt.

We have appointed a data protection officer to oversee our handling of personal information. If you have any questions about how we collect, store or use your information, you may contact our data protection officer at one of the addresses above. If you have any complaints regarding our use of your personal information, you can contact our data protection officer at the address above or the Isle of Man Information Commissioner at the website address above or by telephone +44(0)1624 693260 or the Malta Information Commissioner at the website above or by telephone +356 2328 7100.

The personal information that we collect will depend on our relationship with you and the services we provide.

We collect personal information that is necessary for us to provide corporate and trust administration services to our clients or otherwise perform the services you have requested from us. We also collect personal information from third parties to allow us to do this. In addition, we may require information from you and from third parties about you to allow us to comply with legislation and regulations that apply to us – examples of this may be for anti-money laundering purposes.

If you provide personal information to us about other people (e.g. officers and members of a company) you must provide them with a copy of this Privacy Policy. We may need to request specific information from you to help is confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

Personal information

To allow us to provide services, we may require the following personal information about the persons connected with any services we provide or entity we are to administer, such as officers, members, trustees, settlors, beneficiaries, ultimate beneficial owners and controllers:

1. name, date of birth, address and telephone number;
2. gender;
3. relationship to the company or trust or services provided;
4. identification information such as national insurance number, passport number or driving licence number;
5. job title or other information about that person’s job;
6. information relating to the advice that is requested or the services that we are providing;
7. financial information such as financial history and needs, income, bank details, payment details and information obtained as a result of our credit checks;
8. we may carry out credit and regulatory checks and these may be carried out by third parties on our behalf;
9. information obtained through our use of cookies. Please see below for more information;
10. technical data including IP address, login data, browser type and setting, and the devices you use to access the website;
11. information captured during telephone calls;
12. marketing preferences.

Special categories of personal data

• information relating to criminal sanctions (including offences and alleged offences and any caution, court sentence or criminal conviction).

We collect personal information from a number of different sources including:

• directly from you or from someone else on your behalf;
• via publicly available sources such as internet search engines and social media sites;
• from other companies within the Boston Group;
• through customer satisfaction surveys and market research;
• from credit reference agencies and fraud prevention databases and sanctions screening;
• from government agencies including tax agencies and agencies that issue identification documentation.

We will rely on the following legal grounds to process personal information about you:

• the processing is necessary to perform our contract with you;
• Legitimate interests – we may use your personal information where it is necessary for our legitimate interests (or those of a third party) to provide fiduciary and other relevant services and/or to promote or improve our services. This could exceed beyond the basic level of information that you provide to the Boston Group. This could include information that we obtain from our own research or through screening facilities such as information about criminal sanctions, political exposures or adverse media information. This information is considered necessary for us to provide fiduciary services and to comply with screening obligations for anti-money laundering purposes;
• where we have a legal or regulatory obligation to use such personal information, and it is necessary to process your personal information to comply with such;
• where the use is necessary to establish, exercise or defend our legal rights;
• where you have provided your explicit consent to our use of your personal information.

You will find further details of our legal grounds for each of our processing purposes below:

1. To set up a new client relationship including carrying out anti-money laundering checks, to provide services on an ongoing basis and to administer the contract we have with you

In these instances our processing of your personal information is:

1. necessary to perform a contract with you;
2. necessary for us to comply with law and our regulatory obligations;
3. Legitimate interests – we may use your personal information where it is necessary for our legitimate interests (or those of a third party) to provide fiduciary and other relevant services and/or to promote or improve our services. This could exceed beyond the basic level of information that you provide to the Boston Group. This could include information that we obtain from our own research or through screening facilities such as information about criminal sanctions, political exposures or adverse media information. This information is considered necessary for us to provide fiduciary services and to comply with screening obligations for anti-money laundering purposes.

Additional legal ground for special categories of personal data

1. The use of information about criminal sanctions is in the substantial public interest and is necessary for us to comply with screening obligations for anti-money laundering purposes.
2. Managing our business operations such as maintaining accounting records, analysis of financial results, internal audit requirements, receiving professional advice (e.g. tax or legal advice)

• Legitimate interests – we may use your personal information where it is necessary for our legitimate interests (or those of a third party) to provide fiduciary and other relevant services and/or to promote or improve our services. This could exceed beyond the basic level of information that you provide to the Boston Group. This could include information that we obtain from our own research or through screening facilities such as information about criminal sanctions, political exposures or adverse media information. This information is considered necessary for us to provide fiduciary services and to comply with screening obligations for anti-money laundering purposes.

3. Provide marketing information to you

• Legitimate interests – we may use your personal information where it is necessary for our legitimate interests (or those of a third party) to provide fiduciary and other relevant services and/or to promote or improve our services. This could exceed beyond the basic level of information that you provide to the Boston Group. This could include information that we obtain from our own research or through screening facilities such as information about criminal sanctions, political exposures or adverse media information. This information is considered necessary for us to provide fiduciary services and to comply with screening obligations for anti-money laundering purposes.

4. Monitoring usage of any of the Boston websites

• Legitimate interests – we may use your personal information where it is necessary for our legitimate interests (or those of a third party) to provide fiduciary and other relevant services and/or to promote or improve our services. This could exceed beyond the basic level of information that you provide to the Boston Group. This could include information that we obtain from our own research or through screening facilities such as information about criminal sanctions, political exposures or adverse media information. This information is considered necessary for us to provide fiduciary services and to comply with screening obligations for anti-money laundering purposes.

We will only use your personal information for the purposes for which we collect it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal information without your knowledge or consent, where this is required or permitted by law.

We may share your personal information with others members in the Boston Group or with third parties for the following administrative purposes:

• providing you with products and services and notifying you about either important changes or developments to the features and operation of those products and services;
• responding to your enquiries and complaints; and
• IT and hosting services.

If you would like further information regarding the disclosures of your personal information, please see section 1 for our contact details.

In order to provide our services your personal information is shared with other entities in the Boston Group. Your personal information might be shared for our general business administration purposes or for the prevention and detection of fraud.

We also disclose your information to the third parties listed below for the purposes described in this Privacy Policy. This might include:

• fraud detection agencies and other third parties who operate and maintain fraud detection registers;
• our regulators;
• the police and other third parties or law enforcement agencies where reasonably necessary for the prevention or detection of crime;
• our insurers;
• industry bodies;
• debt collection agencies;
• credit reference agencies;
• credit card scheme providers (e.g. Visa or MasterCard);
• our third party services providers such as IT suppliers, auditors, lawyers, outsourced compliance providers, marketing agencies, document management providers and tax advisers;
• selected third parties in connection with the re-organisation, sale, transfer or disposal of our business.

We (or third parties acting on our behalf) may store or process information that we collect about you in countries outside the Isle of Man and the European Union (EU). Where we make a transfer of your personal information outside of the Isle of Man and EU we will take the required steps to ensure that your personal information is protected. In the event that your data is transferred to a country outside the EU and which does not have an adequacy decision by the European Commission, we shall ensure that a contract is entered in to by the recipient third party under the terms of which, the recipient agrees to take such measures as we deem appropriate and necessary to ensure the security of your data.

We may from time to time provide you with information about our products or services or those of our partners or those of the Boston Group.

An “unsubscribe” link appears in all our marketing emails. To unsubscribe from marketing emails sent by us, simply click on the link at any time. Alternatively, you can contact us to update your preferences by contacting the Data Protection Officer. If you decide to unsubscribe we will continue where necessary to send you (non-marketing) service related communications.

We will only store your personal information for as long as reasonably necessary to fulfil the purposes set out in this Privacy Policy and to comply with our regulatory and/or legal obligations.

We have a detailed retention policy in place setting out the length of time we keep different types of information. If you require further information in relation to this please contact us at compliance@bostonmfo.com.

It is important that personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.

Under data protection law you have the right to make certain requests in relation to the personal information that we hold about you. We will not usually make a charge for dealing with these requests. If you wish to exercise these rights at any time please contact us using the details set out in section 1.

There may be cases where we may not be able to comply with your request (such as where this would conflict with our obligation to comply with other regulatory and/or legal requirements). However, if we cannot comply with your request, we will tell you the reason provided we are allowed to do so by law, and we will always respond to any request you make.

There may also be circumstances where exercising some of these rights (such as the right to erasure, the right to restriction of processing and the right to withdraw consent) will mean we can no longer provide you with services and may therefore result in cancellation of the related contract.

Your rights include:

1. The right to access your personal information

You are entitled to a copy of the personal information we hold about you and certain details of how we use it.

We will usually provide you with your information in writing, unless you request otherwise, or where you have made the request using electronic means, in which case the information will, where possible, be provided to you by electronic means.

2. The right to rectification

We take reasonable steps to ensure that information we hold about you is accurate and complete. However, you can ask us to amend or update it if you do not believe this is the case.

3. The right to erasure

You have the right to ask us to erase your personal information in certain circumstances, for example where you withdraw your consent or where the personal information we collected is no longer necessary for the original purpose. This will need to be balanced against other factors however. For example, we may have regulatory and/or legal obligations which mean we cannot comply with your request.

4. The right to restriction of processing

In certain circumstances, you are entitled to ask us to stop using your personal information, for example where you think that we no longer need to use your personal information or where you think that the personal information we hold about you may be inaccurate.

5. The right to data portability

You have the right, under certain circumstances, to ask that we transfer personal information that you have provided to us to another third party of your choice.

6. The right to object to marketing

You can ask us to stop sending you marketing messages at any time. You can do this either by clicking on the “unsubscribe” link which is contained in any email that we send to you or you can use the details set out in section 1 to contact us. If you opt out of receiving marketing messages, we may still send you (non-marketing) service related communications where necessary.

7. Rights relating to automated decision-making

You have the right to review any automated decision where you disagree with the outcome. However, Boston does not automate any of its decision making therefore this would not apply.

8. The right to withdraw consent

We may ask for your consent for certain uses of your personal information. Where we do this, you have the right to withdraw your consent to further use of your personal information.

9. The right to complain to the Isle of Man or Malta Information Commissioner

You have a right to complain if you believe that any use of your personal information by us is in breach of applicable data protection laws and/or regulations. More information can be found on the Isle of Man Information Commissioner’s website: www.inforights.im or the Malta Information and Data Protection Commissioner’s website: https://idpc.org.mt/en/Pages/contact/complaints.aspx.

This will not affect any other legal rights or remedies that you have.

We are committed to ensuring that appropriate security measures are in place to prevent your personal data from accidentally being lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. Any party processing your data on behalf of the data controller will only process your personal information on the data controller’s instructions and all processors will be subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected data breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

You may contact our data protection officer if you have any questions about how we collect, store or use your personal information:

Isle of Man:Post: FAO The Data Protection Officer, Boston Limited, 2nd Floor, St Marys Court, 20 Hill Street, Douglas, Isle of Man IM1 1EU

Telephone: 01624 692930

Email: compliance@bostonmfo.com

Malta:Post: FAO The Data Protection Officer, Boston Trust Limited, Regent House, 52, 5th Floor, Bisazza Street, Sliema, SLM1640.

Telephone: 00 356 2226 0003

Email: maltadpo@bostonmfo.com

We reserve the right to make changes to this Privacy Policy, for example, as the result of government regulation, new technologies, or other developments in data protection law or privacy generally. You should check our website from time to time to view the most up-to-date Privacy Policy.

This Privacy Policy was last updated on: 7^th February 2023.