Privacy Statement
In the normal course of carrying out our business, we will have to obtain personal information about individuals. However, in doing so we are bound by certain legislation. The Isle of Man is committed to adopting the principles and objectives of the EU General Data Protection Regulation (GDPR). As such, DBC Limited will be bound by these requirements.
GDPR requires us to ensure as far as possible, personal information privacy, and to provide you with a full explanation covering:
- Why the personal data is processed;
- Whose personal data is processed;
- What personal data is processed;
- When personal data is processed; and
- Where personal data is processed; GDPR also provides individuals with certain rights:
- Access to an individual’s data, in a commonly used electronic format (data portability);
- Have inaccuracies corrected;
- Have information erased;
- Prevent direct marketing;
- Prevent automated decision-making and profiling;
We must also advise you of how to make a complaint.
Why do we collect personal data?
The personal data we collect from you will be used in providing serviced office facilities and associated services to you as part of the contractual terms of the agreement. Our ability to offer/provide services to clients and prospective clients is dependent on having access to personal information.
Whose personal data is processed?
To enable us to provide our professional services as efficiently as possible, we will process personal data in respect of:
- Clients – current, former and potential
- Business Contacts
- Suppliers
- Complainants
- Associates, Employees, Consultants of Clients
What personal data is processed?
The GDPR requires us to advise you what type of personal information will be processed:
• Name, address, telephone number, e-mail, nationality, date of birth, place of birth, internet searches (such as screening providers like World Check), social media and third-party introducers. This is required to verify your identity for security purposes and to perform the contractual requirements of the license agreement.
• Know Your Client (KYC) and Client Due Diligence (CDD) information, comprising such things as passport, utility bill, driving licence, source of wealth, source of funds, and bank account details may be requested. These are generally sourced from individuals themselves. This is required to perform the contractual requirements of the license agreement.
• CCTV is in operation at the external entrances to Britannia House for the prevention, reduction, detection and investigation of crime and other incidents and to provide a safe and secure environment for its staff, clients and visitors. The CCTV does not record sound.
When is personal data processed?
The information we require from you is used to provide information to you about the services and also manage the licensee/licensor relationship.
The processing activities include:
- To provide relevant information on the services we offer in response to an enquiry from you.
- To perform the contractual terms within the license agreement.
Unless we receive written consent from yourself, we will not release any information about you to third parties. However, there are some exceptions to this where we are obliged to or may provide private information:
- On receipt of a Court Order
- To comply with an authorised request from a regulatory or financial investigative authority
- To other members of the Dixcart group of companies including but not limited to its subsidiaries and its associated companies
- CCTV will only be viewed when necessary (e.g. to detect or prevent a crime), the footage is stored for a period of time after which it is recorded over.
We will retain your private information only for as long as is appropriate. These vary dependent on certain factors, and we would be happy to discuss these if you require.
At the end of the designated retention period, all private information held on whatever medium is destroyed.
Where is personal data processed?
All current manual records are held at our registered office address, 4th Floor, 64
Athol Street, Douglas, Isle of Man, IM1 1JD.
Archived manual records are maintained by a 3rd party provider within the Isle of Man.
Electronic records take the form of any of the Microsoft Office suite together with Adobe Acrobat and those held in our company secretarial software package. These are held on individual IT infrastructure situated at the registered office address.
Where electronic records are utilised, the systems/services used comprise:
- Servers based in the Isle of Man
- Replica (Business Continuity) servers based in the Isle of Man
- Messaging archive solution by a hosted provider
To assist with the protection of personal information DBC Limited utilises firewalls, and additionally software to protect against malware and unauthorised access to the information systems. We are also required to regularly monitor technological developments and cybercrime to maintain the confidentiality and integrity of the data held.
Your rights
Access Requests
You are entitled to ask for details of any personal information that we hold. This will be provided as quickly as possible, but in any event, no later than 30 days after receipt of the request. We will not charge for accessing and providing you with the information.
At the same time, we will remind you of your rights which are to:
- Have your data provided in a commonly used electronic format (data portability);
- Have inaccuracies corrected;
- Have information erased;
- Prevent direct marketing;
- Prevent automated decision-making and profiling;
You may be asked to provide supporting documents to verify your identity before we are able to release the data to you.
Privacy breaches
Should a privacy breach occur we will notify you directly as soon as possible following identification of the breach. This notification will include:
- Date of the Breach
- Description of the Breach comprising a general description of what happened
- Description of the information inappropriately accessed, collected, used or disclosed
- The steps taken so far to control or reduce the harm
- Future steps planned to prevent further privacy breaches
- Steps you might consider taking
- Contact details of the Information Commissioner
- Our contact details
Complaints
Should you feel it necessary to make a complaint, in the first instance this should be made in writing explaining the reasons for the complaint to:
Data Protection Officer
DBC Limited
4th Floor, 64 Athol Street
Douglas
Isle of Man
IM1 1JD
You will receive an acknowledgement of this within 7 working days. After the first week we will keep you informed of our progress until your complaint has been resolved. In exceptional circumstances where your complaint is particularly complex you will appreciate that matters may take longer to resolve. We will fully investigate the circumstances surrounding your complaint and notify you of the outcome of our investigation and of any action taken within 8 weeks.
If you feel that your complaint has not been satisfactorily resolved, you may complain directly to the Information Commissioner:
Mr I McDonald
Information Commissioner
PO Box 69,
Douglas
Isle of Man
IM99 1EQ
T: +44(0)1624 693260
DBC Limited Privacy Statement v2.0
February 2022