Privacy notice

This Privacy Notice explains how Theseus Trustees (IOM) Limited collects, uses and discloses your personal data, and your rights in relation to the personal data it holds. Theseus Trustees (IOM) Limited is a member of the Stonehage Fleming Group of companies (Group).

In this Privacy Notice, “us”, “we” and “our” refers to Theseus Trustees (IOM) Limited.

As a result of contracting with Theseus Trustees (IOM) Limited your personal data will be processed in the Isle of Man and is subject to the Data Protection Act 2018 and related instruments. If you are a natural person connected to an entity which is contracting with Theseus Trustees (IOM) Limited then this notice may apply to you.

If you are a natural person resident in the European Union contracting and/or connected to an entity with Theseus Trustees (IOM) Limited this notice may apply to you and our processing may be subject to the General Data Protection Regulation (GDPR) and local privacy laws.

If you are a natural person resident in the United Kingdom contracting and/or connected to an entity with Theseus Trustees (IOM) Limited this notice may apply to you and our processing may be subject to the UK GDPR and local privacy laws.

Please refer to this Privacy Notice to understand our processing of your personal data. This Privacy Notice supersedes any previous version of this notice with which you may have been provided or had sight of before the date stated at the end of this document.

Personal data is information relating to a living individual who can be identified from that data or data that makes you identifiable. Settlors, Protectors, Beneficiaries (minors and adults), Directors, Trustees, Protectors, Politically Exposed Persons and their families and associates, Controlling Persons of Entities, Business contacts, Staff (current and former), Suppliers, and associates, employees and consultants of client entities are all included where they are natural living persons.

When we collect, store, use in any way for any purpose or delete your personal data we are processing it.

Personal data includes, among other data, your name(s), address(es), email address(es), telephone number(s), bank account number(s) and passport number(s).

Theseus Trustees (IOM) Limited is the Data Controller of your personal data. The Data Controller is responsible for ensuring that your personal data is processed in compliance with data protection laws and to provide you with this privacy notice. If you have any questions or concerns about personal data or this privacy notice or you wish to make a complaint about how we have processed your personal data, or you wish to exercise any of your rights as a data subject, please contact the Data Protection Officer using the following email address: isleofmandataprotectionofficer@stonehagefleming.com or contact us by post at the following address:

Data Protection Officer
Theseus Trustees (IOM) Limited
Falcon Cliff
Palace Road
Douglas
Isle of Man
IM2 4LB

Alternatively, please feel free to discuss with your Account Manager.

If you are a natural person who is a client of the Group, directly or indirectly – for example as a shareholder or a director or officer of a corporate entity to which we provide regulated services in the Isle of Man or a Trustee, a Protector or Beneficiary of a Trust for which we provide services or a related party or advisor then we will collect and use your data to enable us to meet our contractual obligations.

We also have regulatory obligations, including compliance with anti-money laundering regulations which necessitate processing of your personal data.

We may also process your personal data because it is necessary for our legitimate interests, such as growing our business.

Depending on the services you require of us we process your personal data:

  • To perform due diligence and comply with legal / regulatory obligations (including anti money laundering legislation);
  • To incorporate companies (e.g. where you are a member or director);
  • To perform our client take on process and client reviews;
  • To establish and register a trust;
  • To administer a trust generally (the activities we undertake can be very broad and range from property and/or staff management to regulatory filings);
  • To appoint and distribute funds to beneficiaries;
  • To keep documents (e.g. wills) in safe custody;
  • To make payments and investments;
  • In the creation of loan agreements;
  • To raise and send invoices;
  • At termination of any relationship involving a data subject;
  • To conduct internal reviews and compile internal reports;
  • For internal administration such as time recording against the client name or scanning and saving of documentation;
  • For record keeping purposes;
  • To generate reports for you (including risk reports);
  • In compliance with any request from an auditor, or a regulatory or supervisory body;
  • To generate and distribute trust correspondence;
  • To complete tax returns;
  • To apply for citizenship;
  • In the establishment of bank accounts and interaction with banks;
  • In the administration of deceased estates;
  • To provide information to our investors, banks or other financing institution or in the event of any merger, acquisition or divestment in accordance with Theseus Trustees (IOM) Limited’s legitimate business interests;
  • To otherwise fulfil your instructions, provide the advice and assistance that we are engaged to provide, service the trust or company, or comply with our obligations.

For the avoidance of doubt, you may refuse to provide us with your personal data. In that case, we would likely not be able to provide you with our services.

We may process items of data such as: your name, address, place and date of birth, photograph/ID card/proof of identity, proof of address, Tax identification numbers, bank details, signature, contact information, social security details, ID/passports and FATCA/CRS details. This may be provided directly by you or by your representative such as a lawyer, accountant or financial intermediary. We may also collate and hold data found from the results of Google or other internet searches and other sources in the public domain as well as third party service providers in the course of our client due diligence and client review process, and in providing the services that we are engaged to provide. We generate an internal number specific to you and our accounting software will also produce a reference number for you.

We process the following documents and information that may also contain your personal data: Trust Deeds, employment history, bank references, register of members, register of directors, financial statements, controlling persons list, authorised signatories list, minutes and resolutions. Information regarding source of funds and source of wealth may also contain your personal data. We may also undertake sanction screening, credit and fraud checks with third parties and checks to ascertain any convictions, court cases, criminal records or proceedings of any person connected with our client. In the course of your dealings with us you may provide further information to us, where we seek additional information, all of this information will be kept securely by Theseus Trustees (IOM) Limited and the Group.

The Group’s business and the services you request of us require transfers to many third parties, often at your request, and at other times transferring data to a third party is necessary to perform our contract with you (for example if you ask us to open a bank account for a legal entity or where other advisors or service providers are engaged) or for Legal/Regulatory reasons, such as completion of a corporate annual return of a Company. A non-exhaustive list of potential transfers include:

  • Collecting and sending documents for external audits of client entities;
  • Collecting and sending documents for external audits of Group entities;
  • Publications onto the public record, such as companies registries or beneficial ownership registers;
  • Publications with regulators;
  • FATCA/CRS filings onto approved external platforms;
  • Sending information to external parties such as notaries and other advisors or service providers on behalf of serviced clients;
  • For legitimate business purposes your personal data may be shared with any investor, potential investor, acquirer, bank or financial institution investing in or considering investing in Theseus Trustees (IOM) Limited or any of the Group companies

Brokers, Banks, Custodians, Advisors, Auditors and Portfolio Managers may require information on you for their own due diligence to comply with regulations. We share the information you provide to us with them for this purpose.

The Isle of Man is not in the European Union however the European Commission has determined the Isle of Man to have equivalent protections for personal data and therefore has granted the Isle of Man (together with Guernsey among others) adequacy status. As a result of contracting with Theseus Trustees (IOM) Limited your personal data will be processed in the Isle of Man and is subject to the Data Protection Act 2018 and related instruments. In addition, as an entity which may offer services into the European Union and United Kingdom, where we process personal data of data subjects’ resident in the European Union and United Kingdom, the GDPR and UK GDPR may apply respectively with local privacy laws. Your personal data may be processed by any of the Group’s offices, inside and outside the Isle of Man, the European Union or the United Kingdom.

In sharing your personal data for the reasons set out elsewhere in this Privacy Notice, we may need to transfer it to other Group companies located in Switzerland, Israel, Jersey, Luxembourg, Guernsey, Malta, the Isle of Man, the United Kingdom or Canada, which are countries which provide the same or a similarly adequate level of protection for your personal data as provided within the Isle of Man. We may also share your personal data with Group companies located in the United States of America, South Africa, Monaco and Mauritius, which do not provide the same level of protection to your personal data as provided within the Isle of Man. We will use Standard Contractual Clauses, as a safeguard, when making transfers to these countries or will do so with your explicit consent.

Additionally your data may be entered into our accounting and/or billing systems, and our document management systems and your data may be processed by our sub-processors including our retail investment technology and third party administration solution providers or outsourcing technology companies, including cloud services providers. In such cases, where data is processed in a third country, an appropriate safeguard is used. Your data may also be provided externally to banks, regulators, auditors, advisors (including, but not limited to, legal advisors), supervisory or governmental bodies as well as those appointed as directors, shareholders, and/or beneficiaries, settlors or protectors to a trust.

Your personal data will be kept securely by Theseus Trustees (IOM) Limited and the Group. This information will be held in accordance with our Record Retention Policy and applicable laws, after which it will be securely destroyed. We may keep it longer where:

  • There is litigation or an investigation;
  • It may be required to assist with the mitigation of any future tax or regulatory query into the transactions or other affairs undertaken by an entity or trust to which we provide regulated services. This ensures that the rights and freedoms of our clients, our staff as well as the Group and its Members are safeguarded.

You have the following data protection rights:

  • To obtain access to, and copies of, the personal data that we hold about you;
  • To require that we cease processing your personal data if the processing is causing you damage or distress;
  • To require us not to send you marketing communications;
  • To require us to correct the personal data we hold about you if it is incorrect;
  • To require us to erase your personal data;
  • To require us to restrict our data processing activities;
  • To receive from us the personal data we hold about you which you have provided to us, in a reasonable format specified by you, including for the purpose of you transmitting that personal data to another data controller.

Please note that the above rights are not absolute, and we may be entitled to refuse requests where exceptions apply.

If you have any questions about how we use your personal data, or you wish to exercise any of the rights set out above, please contact us using the following email address: isleofmandataprotectionofficer@stonehagefleming.com

If you are not satisfied with how we are processing your personal data, you can make a complaint to the Isle of Man Information Commissioner (https://inforights.im) or where applicable, the relevant Supervisory Authority if you reside outside of the Isle of Man.

Version: 6 September 2022