Privacy Policy

This privacy policy sets out how Equiom will use your personal information. This includes why we collect your information, how we use it, your privacy rights and choices and how the law protects you and the steps we take to keep it secure and confidential.

We keep our privacy policy under review to make sure we are being transparent about how we use your personal information and we recommend you check it regularly.  This privacy policy was last updated in November 2023.

To view our privacy policy in French click here.

This privacy policy covers:

Who are we and who is the Data Controller?

Where we refer to Equiom in this policy we mean Equiom Bidco Limited and its wholly owned subsidiary companies. You can find details of the Equiom companies who are data controllers in each jurisdiction and their contact details here. Whilst the term “Data Controller” is commonly used in data protection law, you should note that some jurisdictions in which we operate use different terms, such as “Controller” or “Processor”, or simply “Organisation” (as in Singapore) or Data User (in Hong Kong).

What information do we gather and how do we collect it?

What types of information do we collect about you?

The type of information we collect about you depends on the nature of your interactions with us. Depending on the circumstances, we may receive or collect personal information about you; for example by doing any of the following:

Data you give to us:

  • When you apply for our products and services
  • When you talk to us on the phone or in our offices
  • When we are “out on the road”, for example at conferences or seminars
  • When you use our websites or any mobile device apps
  • In emails and letters
  • In customer surveys
  • When you apply for a job with the Equiom Group

Data we collect when you use our services: 

  • Payment and transaction data
  • Profile and usage data. This includes the profile you create to identify yourself when you connect to our internet or any mobile and telephone services. It also includes other data about how you use those services. We gather this data from devices you use to connect to those services, such as computers and mobile phones, using cookies and other internet tracking software

Data from third parties we may work with:

  • Companies or individuals that introduce you to us
  • Insurers
  • Fraud prevention agencies
  • Employers / Recruitment consultants
  • Public information sources (e.g. UK Companies House, IOM Companies Registry or the Guernsey registry)
  • Banks
  • Market researchers
  • Government and law enforcement agencies

Personal information about others

We may collect information from you about others, such as the beneficiaries of a trust that we administer.  If you give us information about another person it is your responsibility to ensure and confirm that:

  • You have either told the individual who we are and how we use personal information, as set out in this Privacy Policy; and have permission from the individual to provide that personal information (including any sensitive personal data) to us and for us to process it, as set out in this Privacy Policy; or
  • You are otherwise satisfied that you are not in breach of data protection law by providing the information to us

When do we need to collect your sensitive information?

In certain circumstances, we will collect information that is deemed sensitive. This is most likely to include: 

  • Information about health (for example if you provide details to us concerning a crew member if we provide yachting services to you); and/or
  • Information about any criminal record an individual may have (e.g. for a crew member where we provide yacht services)

We seek to limit any sensitive personal data that we collect and, unless we have other specific lawful reasons to use this information (such as in an emergency situation), we will ask for your consent to collect it.

How the law protects you

Your privacy is protected by law. Data protection law states that we are only allowed to use personal information if we have a proper reason to do so. This includes sharing it outside of the Equiom Group. The law states that we must have one or more of the following reasons to process your data:

  • When you consent to it; or
  • To fulfil a contract we have with you, or
  • When it is our legal duty, or
  • When it is in our legitimate interest to do so

A legitimate interest is when we have a business or commercial reason to use your information. But even then, it must not unfairly go against what is best or right for you. If we rely on our legitimate interest, we will tell you what that is. The section below (“How We Use Your Personal Data”) contains a list of the ways in which we may use your personal information, and the reasons we rely on to do so. This is also where we tell you what our legitimate interests are.

How we use your personal data

We will only use your personal data fairly and where we have a lawful reason to do so. We are allowed to use your personal data if we have your consent or another legally permitted reason applies. These include to fulfil a contract we have with you, when we have a legal duty that we have to comply with, or when it is in our legitimate business interest to use your personal data. We can only rely on our legitimate business interest if it is fair and reasonable to do so. We may use information to:

TABLE 1

Uses of personal data Our lawful basis for using your personal data
  • To manage and administer our business relationships, including to communicate with our clients, their representatives or any employees they may have, to administer client billing and payments, to collect and recover money that is owed to us and to keep records.
To fulfil our contracts with our client(s) and to comply with legal and regulatory obligations including accounting, tax and data protection.
  • To undertake due diligence on new clients and suppliers.
  • To help us identify, investigate, report and seek to prevent financial crime.
  • To comply with laws and regulations that apply to us.
To comply with our legal and regulatory obligations including compliance with anti-money laundering legislation, crime prevention and fraud.
  • To provide information services to clients, potential clients and contacts, including by email updates and newsletters; and to invite clients and/or contacts to events that we may organise from time to time.  This may include surveys to obtain feedback from clients and contacts.
  • To identify products which may be of interest to you and provide you with information about those products.

Where you have consented and expressed a preference to receive marketing communications; or if we feel it is appropriate and relevant to our business relationship with you.

On the basis of our legitimate interests in the proper and efficient operation of our business.

  • To run our business in an efficient and proper way (e.g. undertaking audits, managing our business capability, managing risk for us and our clients, managing our finances, planning, communications with service providers, corporate governance, responding to complaints and seeking to resolve them).
On the basis of our legitimate interests in operating our business in a proper and efficient manner or where we have a legal obligation to do so.
  • To maintain lists to ensure that you do not receive communications from us where you have objected to this or have unsubscribed.
To safeguard your rights and comply with our legal obligations.
  • To optimise our website. To collate information on how you interact with us and our services so that we can improve this if felt necessary.
Where we have consent from you or on the basis of our legitimate interests in operating and presenting an effective and convenient website to our website users.
  • To exercise our rights contained in agreements or contracts, or our website terms of use and other terms and conditions of business. This may include complying with our terms of business and agreements with our consultants and other service providers/suppliers.
Fulfilling contracts or to protect our legal interests.
  • To ensure security and protect our business interests (including by the use of CCTV at some of our offices), to keep visitors and staff safe, to protect against, investigate and deter fraud, unauthorised or illegal activities, systems testing, maintenance and development.
On the basis of our legitimate interests to operate a safe and lawful business or where we have a legal obligation to do so.
  • Sharing personal data if we decide to sell or transfer part of all of our business.
When needed to comply with our legal obligations and to facilitate the transaction.
  • For other purposes that we have identified when we collect the information (such as processing a job application whether directly or via an agent or recruiter, or preparing and submitting visa and work permit applications).
Where we have your consent or on the basis of our legitimate interest to recruit new employees or contractors.

Groups of personal information

We collect and use lots of different types of personal data. Personal data is any information that relates to you and that identifies you either directly from that information or indirectly, by reference to other information that we have access to. The personal data that we collect, and how we collect it, depends upon how you interact with us. Categories of personal data that we may collect include:

Contact Such as your name, email address and telephone number.
Socio-Demographic This includes details about your work or profession, nationality and education.
Contractual Details about the products or services we provide to you.
Locational Data we get about where you are, such as may come from your mobile phone or the address where you connect a computer to the internet.
Behavioural Details about how you use our products and services.
Communications What we learn about you from letters, emails, conversations between us, feedback and survey responses.
Open data and public records Details about you that are in public records such as a company registry (e.g. UK Companies House, the UK Electoral Register), and information about you that is openly available on the internet.
Usage data Other data about how you use our products and services.
Documentary data Details about you that are stored in documents in different formats, or copies of them. This could include things like your passport or driver’s licence.
Special types of data The law and other regulations treat some types of personal information as special. We will only collect and use these types of data if the law allows us to do so and we have a proper reason:
  • Racial or ethnic origin
  • Religious or philosophical beliefs
  • Trade union membership
  • Genetic and bio-metric data
  • Health data including gender
  • Criminal convictions and offences
Consents Any permissions, consents, or preferences that you give us. This includes things like how you want us to contact you.
Financial Billing and financial information such as billing address and bank statements.
National identifier A number or code given to you by a government to identify who you are, such as a National Insurance number.

Sharing your information within the Equiom Group

We share your information with other Equiom companies where it is necessary in order for us to provide you with services or to allow the boards of our various companies to have full oversight of Group operations where required.  

To enable Equiom to operate on a global scale, some of our business functions have been amalgamated at group level to provide centres of excellence, allowing our expert staff to provide a high quality, streamlined service.  These specialist functions are concerned with client administration services and include, but are not limited to Client Accounting, Group Risk Management, Data Protection, Finance, Marketing and Corporate Communications.  In addition, some specialist services that support our business are also centralised, such as IT, Project Management, and Internal Audit.

Wherever possible, information provided for Group functions is anonymised, for example, where statistical information is shared to meet group reporting and governance requirements.  There are, however, times where we cannot provide the relevant services without using some personal information. In these cases access is only granted to employees who need it in order to provide those services, and the amount of information shared is limited to the minimum that will allow them to fulfil their functions.

Sharing your information outside of the Equiom Group

In the usual course of our business, we use third party organisations to support the essential delivery of our services. The type of services that these organisations provide may include:

  • providing and supporting the IT systems in which your information is stored
  • transportation and storage of information and confidential destruction
  • preparation of company accounts and financial statements
  • translation of documents
  • managing events arranged by Equiom; and
  • administering bulk email campaigns for information or marketing purposes
  • the provision of specialist or professional services that are necessary for the services we provide such as accountants, lawyers, agents, architects
  • banking or other financial services (e.g. investment managers and advisers)
  • the provision of credit reference services to assist us in meeting our customer due diligence obligations

Your information may also be disclosed when we believe in good faith that the disclosure is:

  • required by law or regulation
  • to protect the safety of our employees, the public or our property
  • required to comply with a judicial proceeding, court order or legal process; or
  • in the event of a merger, asset sale, or other related transaction; or
  • for the prevention or detection of crime (including fraud)

We may also share your personal data when you have consented to us doing so.

All of these external organisations have a legal obligation to comply with privacy and data protection law and may also operate under a professional duty of confidentiality due to the type of service they provide.  They have their own privacy policies that provide information about how they use your information.  

Where we do share your information with third parties, we will wherever possible require them to maintain appropriate security to protect your information from unauthorised access or processing.

If you choose not to give personal information

We may need to collect personal information by law, or under the terms of a contract we have with you. If you choose not to give us this personal information, it may delay or prevent us from meeting our obligations.

Any data collection that is optional would be made clear at the point of collection.

Transferring your information to other countries

When may share your information with organisations that are located in different jurisdictions, including other Equiom companies, we will only do so under the following circumstances: 

  • where the transfer is to a country or other territory which has been assessed by the European Commission, or by an equivalent UK body, or by the regulatory body responsible for data protection in your jurisdiction, as ensuring an adequate level of protection for personal data
  • with your consent or
  • on the basis that the transfer is compliant with the applicable data protection laws

Marketing

When you’ll hear from us

We may from time to time provide you with updates and information about the products and services that you have asked us to provide via marketing tailored to you, whether through online services or by direct marketing (e.g. phone, e-mail, text, post), and use information we hold about you to help us identify, tailor and package products and services that we think may be of interest to you.  We will only do this if you have indicated that you are happy to receive marketing communications from us – that is, if you have either:

  • purchased products and/or services from us and did not opt out of receiving marketing messages from us; or 
  • signed up to receive marketing communications from us and have not later told us that you don’t want to hear from us

We may also send you emails containing newsletters and articles, information about additional products or services provided by Equiom, or invitations to events we are organising, attending or sponsoring.  

Opting out of or withdrawing your consent in relation to marketing

If you no longer want to hear from us, you can opt-out of receiving these messages by contacting us here or by clicking on the unsubscribe link in any marketing communications that you receive from us or alternatively, by contacting us on the details given below headed “How to contact us”. We never sell or lease your personal information or share it with other organisations outside Equiom for marketing purposes.

Third parties and marketing

We might rely on third parties to help us manage our marketing communications, but we won’t share your information with any third parties for their marketing purposes unless you agree to our doing so.

Storing and deleting your information

We do not keep your personal data for any longer than is necessary to fulfil the purpose for which we collected it, or if we need to keep it to comply with any legal, regulatory or reporting obligations or to assert or defend against legal claims. We will, however, generally keep your data for six years for one of these reasons:

  • To enable us to comply with our legal obligations
  • To respond to any questions or complaints that we may receive
  • To show that we treated you fairly
  • To maintain records according to rules and regulations that apply to us

We may keep your data for longer than six years if we cannot delete it for legal or technical reasons. We may also keep it for research or statistical purposes. If we do, we will make sure that your privacy is protected and only use it for those purposes. Full details of our retention periods are set in the Group Data Retention Policy.  

Keeping your information secure

We take the security of personal information and confidential documents extremely seriously. Equiom complies with data protection law in the jurisdictions in which it operates and we have put in place appropriate safeguards to prevent unauthorised access or unlawful use of confidential information. 

We restrict access to personal information to Equiom employees, contractors and agents who need to know that information in order to process it for us. They are subject to strict contractual confidentiality obligations and they may be disciplined or their contract terminated if they fail to meet these obligations.

Equiom’s Information Security Management System in many of its offices is ISO27001 (a leading international standard focused on information security) accredited, and we employ a wide variety of technical and organisational security measures to safeguard the confidentiality, integrity and availability of your information.

Your rights

Under data protection law you have various rights in respect of the personal information that we hold about you, including: 

  • you can require us to update or correct any inaccurate personal data, or to complete any incomplete personal data concerning you. If you do, we will take reasonable steps to check the accuracy of and correct the information. Please let us know if any of your information changes so that we can keep it accurate and up to date
  • you can require us to stop processing your information for direct marketing purposes; if you withdraw your consent, we may not be able to provide certain products or services to you; and
  • you have the right to object to our use of your personal data more generally

You may also have the right to:

  • be provided with a copy of any personal data that we hold about you, with certain related information. There are exceptions to this right; for example where information is legally privileged or if providing you with the information would reveal personal data about another person
  • to require us, without undue delay, to delete your personal data
  • to "restrict” our use of your information, so that it can only continue subject to restrictions 
  • to require personal data which you have provided to us, and which is processed by using automated means based on your consent or the performance of a contract with you, to be provided to you in machine readable format so that they can be "ported" to a replacement service provider

Please note that we reserve the right to retain certain information for our own record-keeping (for example, to ensure that you do not receive marketing communications that you have opted-out of receiving), where are required to retain information to comply with legal or regulatory obligations, and to defend ourselves against any legal claims. We may also need to send you service-related communications relating to the services that we provide to you even when you have requested not to receive marketing communications. 

How to exercise your rights

  • You can exercise your rights by contacting the Equiom Group Data Protection Team at dataprotection@equiomgroup.com or by ticking the applicable boxes on forms that we use to collect your information to tell us that you don’t want to participate in marketing
  • If you wish to remove your information from our marketing circulation lists, which include receiving marketing emails, you can unsubscribe by scrolling to the bottom of the email and clicking the ‘unsubscribe’ link
  • We will comply with your requests unless we have a lawful reason not to do so
  • We may need you to provide satisfactory proof of your identity. This is to ensure that your personal data is disclosed only to you

Social media

Equiom uses a number of social media sites including Facebook, Twitter and LinkedIn.  We receive some information about you from these sites when you interact with us or access our social media content. The amount of information we receive is governed by your social media account privacy settings and the policies and procedures of each social media platform. You can access the privacy/data policies of these sites by clicking on the following link here for LinkedIn, Facebook and Twitter.

Links to external sites

The Equiom website may from time to time contain links to other websites which are not controlled by Equiom and which are operated by third parties.  We are not responsible for the privacy of those sites or the cookies that such third parties operate, and we encourage you to review the privacy policies and terms of use of each one when you visit external sites so that you understand how those other organisations are using your personal information.

Our site and cookies

As you may already know, most websites collect certain information automatically about the way in which you interact with them. This might include your IP address, geographical location, device information (such as your hardware model, mobile network information, unique device identifiers) browser type, referral source, length of visit to the site, number of page views, the search queries you make, and similar information.

This information will be collected by us or by a third party site analytics service provider and will be collected using cookies. 

A cookie is a file which is sent to your computer or other access device when you visit a website. The Equiom website uses cookies to analyse user activities which helps us to develop it and initiate improvements aimed at making your visits more simple and relevant. The cookies we use do not collect personal information and they are not used to identify individuals.

For full details of the cookies used by Equiom, please see our Cookies Policy.

Queries and complaints

This privacy policy aims to give you an overview of the ways in which we process your personal information. If you would like more detail or have any queries or concerns, please contact us so that we can try to assist you. We take any complaints that we receive about the way we process your information very seriously. Please refer to the section headed “How to contact us” at the bottom of this policy for our contact details.

However, if you remain dissatisfied with our response, you also have the right to make a complaint to the data protection supervisory authority in the country in which the Equiom company which collected your information is located.  

How to contact us

If you have any questions about this privacy policy or any other data protection issues please contact:

Equiom Group Data Protection Officer
Jubilee Buildings
Victoria Street, Douglas
ISLE OF MAN
IM1 2SH
Phone: +44 1624 699000
Email: dataprotection@equiomgroup.com

Additional information

You can also view additional information using the following links

Contact the Equiom Group Data Protection Team: dataprotection@equiomgroup.com  

Equiom get in touch

 

Get in touch

If you have any questions, or would like to learn more about taking the next steps with Equiom, please select one of the options below.

Choose a location and contact the team Use our website form

 

Get in touch