The Privacy Notice sets out how Dominion group deals with your personal data which we may collect and how we collect and use. It also sets out the rights you have in relation to the Personal Data. We take privacy and security of your information seriously and will only use such personal information as set out in the Privacy Notice and in ways which are reasonably ancillary for the purposes of providing financial services. Personal data is data which by itself, or with other data available to us, can be used to identify a person. Each company in the Dominion group is a data processor and sometimes a data controller depending on the circumstances. The Dominion group of companies processes data for the purposes of providing regulated financial services products to our customers including trust and company services. This notice relates to the use of personal data provided to us by our clients and related parties such as settlors and beneficiaries
You can contact Dominion in relation to data protection via email at firstname.lastname@example.org
The types of personal data we collect and use
The personal data we collect may include:
- Identification information (which may include your name, ID card and passport numbers, nationality, place and date of birth, gender, photograph and/or IP address and personal data relating to claims, court cases and convictions, politically exposed person (PEP) status, personal data available in the public domain and such other information as may be necessary for Dominion to provide its services and to complete its CDD process and discharge its AML/CFT obligations);
- Contact details (which may include postal address and e-mail address and your home and mobile telephone number);
- Financial details (which may include assets, sources of wealth, salary and details of other income, and details of bank accounts); and Professional and employment details/employment status (which may include your level of education and professional qualifications, your employment, employer’s name and details of directorships and other offices which you may hold);
- Tax status information (which may include your tax residency, tax IS and or tax status.); and
- Your family relationships (which may include your marital status, the identity of your spouse and the number of children that you have.
Monitoring of communications
Subject to applicable laws, we will monitor and record calls; emails; and other communications relating to clients and related parties dealings with us. We will do this for regulatory compliance, self-regulatory practices, crime prevention and detection, to protect the security of the communications systems and procedures, for quality control and staff training, and for record keeping. This is justified by our legitimate interests or our legal obligations.
Using personal data: the lawful basis and purposes
When providing services, we may process your personal data for the following purposes and on the following lawful bases:
As necessary in order to carry out financial services, and acting on behalf of the managed entity for clients and related parties including:
- To take steps at a client’s request prior to entering into the contract for services;
- To decide whether to enter into a contract for services with prospective clients;
- To be responsible for the management of entities whether trust, company or other structures;
- To arrange for the setting up of bank accounts and discretionary mandates for investment managers;
- To prepare details of assets held by the client and related parties;
- To update clients and related parties’ records; and
- To trace clients’ and related parties whereabouts to contact them about the distribution of assets and to make payments.
Purpose: As necessary for our client’s own legitimate interests or those of other related parties and organisations:
- For good governance, accounting, and managing and auditing business operations;
- To monitor emails, calls, and other communications with clients and relevant parties; and
- For market research, analysis and developing statistics.
Purpose: As necessary to comply with a legal obligation:
- When a client exercises their rights under data protection law and make requests;
- For compliance with legal and regulatory requirements and related disclosures;
- For establishment and defence of legal rights;
- For activities relating to the prevention, detection and investigation of crime; and
- To verify clients’ identity, make fraud prevention and anti-money laundering checks.
Purpose: Based on consent:
- When clients or related parties request that Dominion disclose personal data to other people or organisations such as an audit or accountancy firm handling a tax return, or otherwise agree to disclosures; and
- To send clients or related parties communications where they have agreed to this.
We do not generally process any special categories of personal data (e.g. racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning clients’ health, sex life or sexual orientation).
If we are provided with a copy of a passport which contains information of racial or ethnic origin the data subject is deemed to consent to us holding and processing such data.
Sharing of personal data
Subject to applicable data protection law we may share clients and related parties personal data with:
- Our group of companies and related or representative companies which have shareholdings and employees, officers, agents or professional advisors of these companies;
- Sub-contractors and other persons who help us provide our products and services;
- Companies and other persons providing services to clients and related parties;
- Legal and other professional advisors, including auditors;
- Government bodies and agencies in Jersey, Malta and Switzerland and overseas (e.g. the Jersey, Maltese, or Swiss Tax Authorities who may in turn share it with relevant overseas tax authorities and with regulators or data protection authorities in other jurisdictions);
- Courts, to comply with legal requirements, and for the administration of justice;
- Other parties where necessary in an emergency or to otherwise protect clients and related parties vital interests;
- Other parties connected with the managed entities and our clients e.g. directors, shareholders, beneficial owners, beneficiaries, trustees or any named official;
- Other parties if there is a restructure or selling of assets or in the case of a merger or re-organisation;
- Payment systems (e.g. Visa or MasterCard), and who may transfer personal data to others as necessary to operate the accounts and for regulatory purposes; to process transactions; resolve disputes; and for statistical purposes, including sending personal data overseas; and
- Anyone else where the clients or related parties consent is given or as required by law. We require all third parties to respect the security of personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with the data subjects’ instructions.
Personal data will be transferred to the Dominion group of companies It may be necessary to send your Personal Data outside the country or territory of which it was collected if to provide you with our services. Some countries have equivalent protections in place for personal data under their applicable laws, in other countries steps will be necessary to ensure appropriate safeguards apply. These include imposing contractual obligations of adequacy in line with the data protection legislation. Where this is not possible Dominion will rely on the client’s explicit consent to provide such information to entities in these jurisdictions which is considered to be obtained on the basis of the client’s instructions to us.
Criteria used to determine retention periods
The following criteria are used to determine data retention periods for personal data:
- Retention in case of queries. We will retain personal data as long as necessary to deal with queries (e.g. an application to acquire our services is unsuccessful);
- Retention in case of claims. We will retain personal data for as long as a client or a data subject might legally bring claims against us; and
- Retention in accordance with legal and regulatory requirements. We will retain personal data after the services provided have come to an end based on our legal and regulatory requirements.
My rights under applicable data protection law
You have the following rights (which may be exercisable depending on the circumstances) in respect of the personal information about you that we process • The right to have personal data corrected if it’s inaccurate;
- The right to object to processing of personal data;
- The right to restrict processing of personal data;
- The right to request personal data is erased (the “right to be forgotten”);
- The right to request access to personal data and information about how we process it; and
Clients and related persons have the right to complain to the Office of the Information Commissioner in Jersey at www.oicjersey.org, the Office of the Information and Data Protection Commissioner in Malta at www.idpc.org.mt and the Geneva Cantonal Officer for Data Protection and Transparency at www.ge.ch/ppdt respectively. These parties have enforcement powers and can investigate compliance with data protection law. For more details on all the above clients and related persons can contact email@example.com
The Dominion group of companies are as follows:
Jersey: Dominion Fiduciary Services Limited (and its regulated participating members);
Malta: Dominion Fiduciary Services (Malta) Limited, Dominion Corporate Services (Malta) Limited;
Cayman: Dominion Corporate Services (Cayman) Limited;
Abu Dhabi: Dominion Fiduciary Services (Middle East) Limited;
London: Dominion Fiduciary Services UK Limited; and
Switzerland: Dominion Fiduciary Services (Switzerland) SA, OAK International Fiduciary SA and Wealth Planning Services SA.
Means the interests of our business in conducting and managing our business to enable us to ensure that the best services are provided. We will make sure that we consider and balance any potential impact on clients and related persons (both positive and negative) and their rights before we process personal data for our legitimate interests. We do not use personal data for activities where such person’s interests are overridden by the impact on them (unless we have their consent or are otherwise required or permitted to by law). Clients and related persons can obtain further information about how we assess legitimate interests against any potential impact in respect of specific activities by contacting us at firstname.lastname@example.org
Performance of Contract
Means processing your data where it is necessary for the performance of a contract to which we are a party or to take steps at a client’s request before entering into such a contract.
Comply with a legal or regulatory obligation
Means processing personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.