Privacy Policy

This Privacy Policy sets out details of the personal information that we may collect from you and how we may use that information. We are committed to ensuring that your data and privacy are protected and the information that we hold is secure and in line with internationally recognised standards.

Please take your time to read this Privacy Policy carefully. Where you are providing us with personal data concerning another person, you should provide them with a copy of this Privacy Policy.

This Privacy Policy is divided into the following sections:

WHO WE ARE AND HOW TO CONTACT US

In this Privacy Policy references to “we” or “us” or “Boston” are references to Boston Limited of 2nd Floor, St Marys Court, 20 Hill Street, Douglas, Isle of Man IM1 1EU and/or Boston Trust Limited of Regent House, 52, 5th Floor, Bisazza Street, Sliema, SLM1640. “Boston Group” means the group of companies, partnerships, subsidiaries and other entities carrying on business under the name “Boston” (or such other names as may be adopted from time to time).

You can contact us by:

Post: 2nd Floor, St Marys Court, 20 Hill Street, Douglas, Isle of Man IM1 1EU (Isle of Man) or Regent House, 52, 5th Floor, Bisazza Street, Sliema, SLM1640 (Malta).

Telephone: 01624 692930 (Isle of Man) or 00356 2226 0003 (Malta).

Email: compliance@bostonmfo.com

This Privacy Policy describes what personal information we may collect from you and about you and describes how and why we use your personal information.

Sometimes we request and hold personal information because we need it for our own purposes (for example to satisfy our regulatory anti-money laundering requirements), we will be the “data controller” of that personal information. Other times we process personal information on behalf of our clients (for example where we maintain a registers of members for a company), we will be the “data processor” of that personal information. As a data controller, we must provide information to you about what we do with your personal information.

The data protection supervisory authority in the Isle of Man is the Isle of Man Information Commissioner, whose website is: www.inforights.im. The data protection supervisory authority in Malta is the Information and Data Protection Commissioner, whose website is: www.dataprotection.gov.mt.

We have appointed a data protection officer to oversee our handling of personal information. If you have any questions about how we collect, store or use your information, you may contact our data protection officer at one of the addresses above. If you have any complaints regarding our use of your personal information, you can contact our data protection officer at the address above or the Isle of Man Information Commissioner at the website address above or by telephone +44(0)1624 693260 or the Malta Information Commissioner at the website above or by telephone +356 2328 7100.

WHAT PERSONAL INFORMATION WE COLLECT AND WHY WE COLLECT IT

The personal information that we collect will depend on our relationship with you and the services we provide.

We collect personal information that is necessary for us to provide corporate and trust administration services to our clients or otherwise perform the services you have requested from us. We also collect personal information from third parties to allow us to do this. In addition, we may require information from you and from third parties about you to allow us to comply with legislation and regulations that apply to us – examples of this may be for anti-money laundering purposes.

If you provide personal information to us about other people (e.g. officers and members of a company) you must provide them with a copy of this Privacy Policy and obtain their consent as required for the processing of that person’s information in accordance with this Privacy Policy.

Personal information

To allow us to provide services, we may require the following personal information about the persons connected with any services we provide or entity we are to administer, such as officers, members, trustees, settlors, beneficiaries, ultimate beneficial owners and controllers:

  1. name, date of birth, address and telephone number;
  2. gender;
  3. relationship to the company or trust or services provided;
  4. identification information such as national insurance number, passport number or driving licence number;
  5. job title or other information about that person’s job;
  6. information relating to the advice that is requested or the services that we are providing;
  7. financial information such as financial history and needs, income, bank details, payment details and information obtained as a result of our credit checks;
  8. we may carry out credit and regulatory checks and these may be carried out by third parties on our behalf;
  9. information obtained through our use of cookies. Please see below for more information;
  10. technical data including IP address, login data, browser type and setting, and the devices you use to access the website;
  11. information captured during telephone calls;
  12. marketing preferences.

Special categories of personal data

  • information relating to criminal sanctions (including offences and alleged offences and any caution, court sentence or criminal conviction).
WHEN WE OBTAIN YOUR PERSONAL INFORMATION

We collect personal information from a number of different sources including:

  • directly from you or from someone else on your behalf;
  • via publicly available sources such as internet search engines and social media sites;
  • from other companies within the Boston Group;
  • through customer satisfaction surveys and market research;
  • from credit reference agencies and fraud prevention databases and sanctions screening;
  • from government agencies including tax agencies and agencies that issue identification documentation.
THE PURPOSES FOR WHICH YOUR PERSONAL INFORMATION IS USED

We will rely on the following legal grounds to process personal information about you:

  • the processing is necessary to perform our contract with you;
  • where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;
  • where we have a legal or regulatory obligation to use such personal information, and it is necessary to process your personal information to comply with such;
  • where the use is necessary to establish, exercise or defend our legal rights;
  • where you have provided your explicit consent to our use of your personal information.

You will find further details of our legal grounds for each of our processing purposes below:

  1. To set up a new client relationship including carrying out anti-money laundering checks, to provide services on an ongoing basis and to administer the contract we have with you

    In these instances our processing of your personal information is:

    • necessary to perform a contract with you;
    • necessary for us to comply with law and our regulatory obligations;
    • where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

    Additional legal ground for special categories of personal data

    • The use of information about criminal sanctions is in the substantial public interest and is necessary for us to comply with screening obligations for anti-money laundering purposes.
  2. Managing our business operations such as maintaining accounting records, analysis of financial results, internal audit requirements, receiving professional advice (e.g. tax or legal advice)

    • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  3. Provide marketing information to you

    • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  4. Monitoring usage of any of the Boston websites

    • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
CHANGE OF PURPOSE

We will only use your personal information for the purposes for which we collect it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal information without your knowledge or consent, where this is required or permitted by law.

HOW WE SHARE YOUR PERSONAL INFORMATION

We may share your personal information with others members in the Boston Group or with third parties for the following administrative purposes:

  • providing you with products and services and notifying you about either important changes or developments to the features and operation of those products and services;
  • responding to your enquiries and complaints; and
  • IT and hosting services.

If you would like further information regarding the disclosures of your personal information, please see section 1 for our contact details.

In order to provide our services your personal information is shared with other entities in the Boston Group. Your personal information might be shared for our general business administration purposes or for the prevention and detection of fraud.

We also disclose your information to the third parties listed below for the purposes described in this Privacy Policy. This might include:

  • fraud detection agencies and other third parties who operate and maintain fraud detection registers;
  • our regulators;
  • the police and other third parties or law enforcement agencies where reasonably necessary for the prevention or detection of crime;
  • our insurers;
  • industry bodies;
  • debt collection agencies;
  • credit reference agencies;
  • credit card scheme providers (e.g. Visa or MasterCard);
  • our third party services providers such as IT suppliers, auditors, lawyers, outsourced compliance providers, marketing agencies, document management providers and tax advisers;
  • selected third parties in connection with the re-organisation, sale, transfer or disposal of our business.
SENDING INFORMATION OVERSEAS

We (or third parties acting on our behalf) may store or process information that we collect about you in countries outside the Isle of Man and the European Union (EU). Where we make a transfer of your personal information outside of the Isle of Man and EU we will take the required steps to ensure that your personal information is protected. Such steps may include placing the party we are transferring information to under contractual obligations to protect it to adequate standards. If you would like further information regarding the steps we take to safeguard your personal information, please contact [us] using the details set out in section 1.

WHAT MARKETING ACTIVITIES DO WE CARRY OUT?

We may from time to time provide you with information about our products or services or those of our partners or those of the Boston Group.

An “unsubscribe” link appears in all our marketing emails. To unsubscribe from marketing emails sent by us, simply click on the link at any time. Alternatively, you can contact us to update your preferences by contacting the Data Protection Officer. If you decide to unsubscribe we will continue where necessary to send you (non-marketing) service related communications.

COOKIES

Our website uses cookies. Cookies are files containing small amounts of information which are downloaded to the device you use when you visit a website. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognises that cookie. Cookies do lots of different and useful jobs, such as remembering your preferences, and generally improving your online experience.

You may refuse the use of cookies by selecting the appropriate settings in your browser, however, if cookies are disabled you may not be able fully utilise our website.

Our full cookie policy can be found on our website under ‘Cookies’.

HOW LONG DO WE KEEP PERSONAL INFORMATION FOR?

We will only store your personal information for as long as reasonably necessary to fulfil the purposes set out in this Privacy Policy and to comply with our regulatory and/or legal obligations.

We have a detailed retention policy in place setting out the length of time we keep different types of information. If you require further information in relation to this please contact us at compliance@bostonmfo.com.

YOUR DUTY TO INFORM US OF CHANGES

It is important that personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.

YOUR RIGHTS

Under data protection law you have the right to make certain requests in relation to the personal information that we hold about you. We will not usually make a charge for dealing with these requests. If you wish to exercise these rights at any time please contact us using the details set out in section 1.

There may be cases where we may not be able to comply with your request (such as where this would conflict with our obligation to comply with other regulatory and/or legal requirements). However, if we cannot comply with your request, we will tell you the reason provided we are allowed to do so by law, and we will always respond to any request you make.

There may also be circumstances where exercising some of these rights (such as the right to erasure, the right to restriction of processing and the right to withdraw consent) will mean we can no longer provide you with services and may therefore result in cancellation of the related contract.

Your rights include:

  1. The right to access your personal information

    You are entitled to a copy of the personal information we hold about you and certain details of how we use it.

    We will usually provide you with your information in writing, unless you request otherwise, or where you have made the request using electronic means, in which case the information will, where possible, be provided to you by electronic means.

  2. The right to rectification

    We take reasonable steps to ensure that information we hold about you is accurate and complete. However, you can ask us to amend or update it if you do not believe this is the case.

  3. The right to erasure

    You have the right to ask us to erase your personal information in certain circumstances, for example where you withdraw your consent or where the personal information we collected is no longer necessary for the original purpose. This will need to be balanced against other factors however. For example, we may have regulatory and/or legal obligations which mean we cannot comply with your request.

  4. The right to restriction of processing

    In certain circumstances, you are entitled to ask us to stop using your personal information, for example where you think that we no longer need to use your personal information or where you think that the personal information we hold about you may be inaccurate.

  5. The right to data portability

    You have the right, under certain circumstances, to ask that we transfer personal information that you have provided to us to another third party of your choice.

  6. The right to object to marketing

    You can ask us to stop sending you marketing messages at any time. You can do this either by clicking on the “unsubscribe” link which is contained in any email that we send to you or you can use the details set out in section 1 to contact us. If you opt out of receiving marketing messages, we may still send you (non-marketing) service related communications where necessary.

  7. Rights relating to automated decision-making

    You can contact us using the details set out in section 1 and ask us to review a decision if you have been subject to an automated decision and do not agree with the outcome.

  8. The right to withdraw consent

    We may ask for your consent for certain uses of your personal information. Where we do this, you have the right to withdraw your consent to further use of your personal information.

  9. The right to complain to the Isle of Man or Malta Information Commissioner

    You have a right to complain if you believe that any use of your personal information by us is in breach of applicable data protection laws and/or regulations. More information can be found on the Isle of Man Information Commissioner’s website: www.inforights.im or the Malta Information and Data Protection Commissioner’s website: https://idpc.org.mt/en/Pages/contact/complaints.aspx.

    This will not affect any other legal rights or remedies that you have.

HOW WE PROTECT YOUR INFORMATION

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have business need to know, they will only process your personal information on our instructions and they are subject to a duty of confidentiality. Details of these measures may be obtained from our data protection officer.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a breach where we are legally required.

To protect your information we use a range of organisational and technical security measures including Data Loss Prevention Technology.

We use firewalls to block unauthorised traffic to the servers and the actual servers are located in a secure location which can only be accessed by authorised personnel. Our internal procedures cover the storage, access and disclosure of your information.

Where we have given you (or you have chosen) a password, you are responsible for keeping this password confidential. Please do not share your password with anyone.

Within the Boston Group, we restrict access to your information as appropriate to those who need to know that information for the purposes set out above.

WHAT WE MAY NEED FROM YOU

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is to ensure that personal information is not disclosed to any person who has no right to receive it.

CONTACTING OUR DATA PROTECTION OFFICER

You may contact our data protection officer if you have any questions about how we collect, store or use your personal information:

Isle of Man:

Post: FAO The Data Protection Officer, Boston Limited, 2nd Floor, St Marys Court, 20 Hill Street, Douglas, Isle of Man IM1 1EU

Telephone: 01624 692930

Email: compliance@bostonmfo.com

Malta:

Post: FAO The Data Protection Officer, Boston Trust Limited, Regent House, 52, 5th Floor, Bisazza Street, Sliema, SLM1640.

Telephone: 00 356 2226 0003

Email: compliance@bostonmfo.com

UPDATES TO THIS PRIVACY POLICY

We reserve the right to make changes to this Privacy Policy, for example, as the result of government regulation, new technologies, or other developments in data protection law or privacy generally. You should check our website from time to time to view the most up-to-date Privacy Policy.

This Privacy Policy was last updated on: 14th May 2018.