Please read this policy carefully as it contains important information on why we collect, use, process, store and disclose your personal information, what personal information we collect, use, process, store and disclose, your rights in relation to your personal information, and how to contact us if you have a complaint.
We aim to protect the privacy of our clients as far as possible. Information privacy is an ongoing responsibility and so from time to time we will update the policy, and where we do so, we will bring it to your attention by publishing it on our website at www.capricornmalta.com. We urge you to check our website for any updates from time to time.
If there is a change in your circumstances which may cause the personal information we have collected to be inaccurate or incorrect, you must advise us of such change and provide us with updated personal information within 30 days of such change.
When this policy mentions:
- “you”, or “your”, it refers to you and any other natural person named in the Client Application Form or any other natural person associated with you or the structure in respect of which our services are provided, such as a shareholder, director, settlor, protector, beneficiary, or ultimate beneficial owner, or any other natural person exercising ultimate control, of any structure that you are associated with.
- “services”, it refers to the administration and/or management of the Trust or the Company or other structure in respect of which the service is provided and any related account on an on-going basis.
INFORMATION WE COLLECT
We ask for and collect the following personal information about you when you use our services that helps us identify you and manage our relationship with you. This information is necessary for the adequate fulfilment of our service to you under our contractual arrangements, and to enable us to comply with our legal obligations.
Without your personal information, we may not be able to provide our services.
Personal information is information which identifies an individual person or from which an individual person is identifiable. We will typically collect, use, process, store and disclose:
- Contact Information:When you request a service, we require your contact information such as your names, (and any previous names), home and business addresses, telephone numbers, email addresses, and other contact information we may reasonably require.
- Other Personal Information: We also collect personal information about you, such as your date of and place of birth, marital status, gender, dependents, occupation, nationality, country of domicile, country of tax residence, tax information, financial information (like your bank account), your occupation and employment history, business interests and family background, your source of wealth and the source of funds used to establish the structure or funds paid, and other personal information that we may reasonably require.
- Identity Verification Information:To help create and maintain a trusted environment and conduct “know your client” checks, we collect identity verification information (such as your government issued ID, passport, national ID card, or driving license, as permitted by applicable laws) or other verification information.
- Special Sensitive PersonalIn limited cases, we also collect special categories of information. Our money laundering, financial crime and fraud prevention checks sometimes result in us obtaining sensitive information relating to political opinion or exposures, actual or alleged criminal convictions and offences and the like.
- Other Information. Wealso collect other information that you provide to us in the course of your dealings with us or which we require to provide you with our services.
The personal information mentioned above is an indicative list only and is not exhaustive.
HOW WE OBTAIN YOUR INFORMATOIN
In the course of providing services to you, we collect information that personally identifies you and other persons or entities that are connected to you or the structure, from different sources. The personal information we collect about you (or your directors, officers, employees, settlors, beneficiaries, protectors, beneficial owners and other controlling persons) comes from:
- application forms or other materials you submit to us during the course of your relationship with us;
- your interactions with us, transactions and use of our products and services; and
- your business dealings with us, including via email, telephone or as stated in our contracts with you; and
- depending on the products or services you require, third parties (including for anti-money laundering checks, among other things) such as professional advisors, referees, reports from public records, police or background check, fraud detection and identity verification services and the like; and
- recording and monitoring tools that we may use for compliance or security purposes.
HOW WE USE PERSONAL INFORMATION WE COLLECT
As a client of ours, we collect, use, process, store and disclose your personal information primarily for two broad purposes:
- to ensure we comply with any applicable anti-money laundering or other relevant laws (for example, as a registered entity with the Malta Financial Services Authority, trust and corporate services regulations, banking, investment and/or tax reporting laws such as FACTA in the US and CRS (common reporting standards) in other countries, laws relating to registers of beneficial ownership, and laws relating to the sharing of personal information about you and the structure) that we are subject to; and
- where you are enquiring, or applying to become, or are already one of our existing clients or are associated with or connected to any structure, then as is necessary for the adequate performance of our contract, or to take steps on your behalf and at your request to enter you into a contract that you are, or will be, a party to.
We collect, use, process, store and disclose your personal information for the following purposes:
- the provision of the services which are necessary for the adequate performance of our contract with you;
- in connection with our internal management and reporting, and to update and maintain records;
- to facilitate our internal business operations, including assessing and managing risk and fulfilling our legal and regulatory requirements;
- to monitor electronic communications in order to: process verification of instructions; investigate and prevent fraud prevention; fulfill our responsibilities in regard to crime detection, prevention, investigation and prosecution; enforce or defend our rights, or our affiliates’ rights, ourselves or through third parties to whom they delegate such on us; to pursue our legitimate interests in relation to such matters; or to process such because it is in the public interest;
- in order to carry out anti-money laundering (AML) checks and related actions which we consider appropriate to meet any legal obligations imposed on us relating to, or the processing in the public interest, or to pursue our legitimate interests in relation to, the prevention of fraud, money laundering, terrorist financing, bribery, corruption, tax evasion and to prevent the provision of financial and other services to persons who may be subject to economic or trade sanctions, on an on-going basis, in accordance with the our AML procedures;
- to disclose personal information to other third parties such as our affiliates, service providers, auditors, regulatory authorities and technology providers in order to comply with any legal obligation imposed on us;
- to retain AML and other records of individuals to assist with subsequent screening.
We collect, use process, store and disclose your personal informationfor the purposes described above which are necessary:
- for the adequate performance of our contract with you;
- for the adequate performance of a contract between us and another service provider to us;
- to fulfill and comply with our legal obligations.
In circumstances where we process “special categories” of personal information, we do so because we are required by law to do so, or because the processing is necessary for the establishment, exercise or defense of a legal claim.
HOW WE SHARE AND DISCLOSE YOUR PERSONAL INFORMATION
Your personal information may be disclosed during the application process and, if applicable, periodically thereafter.
We share and disclose your personal information for the purposes described above, to our service providers, to our affiliates, and to competent authorities (such as the courts, law enforcement or governmental authorities, or authorized third parties, tax authorities and other bodies) as required by law or when responding to legal requests.
- Service Providers: We use a variety of third party service providers to help us provide our services. Service providers may be located inside or outside of the European Economic Area (“EEA”). In particular, our service providers are based in the United Kingdom, the Channel Islands, Europe, Switzerland, the British Virgin Islands and the Caribbean generally, Panama, North America and South Africa.
- Affiliates: We may share your personal information within our group of companies (both financial and non-financial entities) that are related by common ownership or control, and our associates.
- Competent authorities: We may disclose your personal information to competent authorities as set out above, which may involve the transfer of such personal information to other jurisdictions outside Malta and the EEA in accordance with GDPR as amended from time to time, and other law. In particular, jurisdictions include those referred to in clause 1 above. These jurisdictions may have the same or similar data protection laws, and others will have lower standards of data protection as Malta and the EEA, or the jurisdiction where you live. Some jurisdictions may not be regarded by the EEA as having adequate standards of data protection. Where we transfer your personal information outside the EEA we will ensure that such personal information is subject to contractual safeguards.
As required in accordance with law, we may share personal information with a competent authority, such as your full name and contact details, residential address, passport number, and tax identification number, value of the assets held and payments processed.
We may also share aggregated personal information (information about our clients that we combine together so that it no longer identifies or references an individual client) and other anonymized information for regulatory compliance, industry and market analysis, and other business purposes.
HOW LONG WE RETAIN YOUR INFROMATION
We retain your personal information for varying periods depending on your status with us as a client. Generally, we will need to keep your information for a minimum period of 5 years, in order to:
- adequately perform the services of our contract;
- undertake investigations, depending upon the legal basis for which the data was collected;
- comply with legal and/or regulatory obligations that require us to retain your personal information.
You may exercise any of the rights described in this section before us by sending an email.Please note that we may ask you to verify your identity before taking further action on your request and to provide information that helps us to understand your request better. If we do not comply with your request, we will explain why.
You may have the following rights under the GDPR and other applicable laws:
- You have theright to request details and a copy of your personal information held by us.
- You have the right to take action to rectifyinaccurate or incomplete personal information. Note that you are responsible for keeping your personal information up-to-date.
- In certain cases, you have the right to restrict the processing of certain personal information, and that your personal information is only used for restricted purposes.
- In certain cases, you have the right to object to the use of your personal information, including the right to object to marketing.
- You have a right to seek compensation for any material or non-material damage caused by a breach of our statutory obligations to look after your personal information;
- You have a right to lodge a complaint with Office of the Information and Data Protection Commissioner in Malta;
- You have a right to an effective judicial remedy against us.
Your rights listed above are not absolute, and they may not always apply, and exemptions may apply.
To exercise any of these rights, or if you have any other questions about our use of your personal information, please contact us at the details set out in the “Contact Us” section below.
HOW WE KEEP YOUR PERSONAL INFORMATION SECURE
We have appropriate administrative, technical, and physical security measures to secure your personal information and to protect it against unauthorized access, loss, destruction, or alteration. We limit access to your personal information to those who have a valid business need to know it. All staff within our offices are subject to our standard take on and vetting processes and have contracts obliging them to keep your information confidential and process your information in an authorised manner.
If you know or have reason to believe that your credentials have been lost, stolen, misappropriated, or otherwise compromised or in case of any actual or suspected unauthorized use of your personal information, please contact us following the instructions in the “Contact Us” section below.
LODGING A COMPLAINT
You have the right to lodge a complaint about the data processing activities carried out by us before the competent data protection authorities, if you are unhappy with the way we have handled your personal information. You have the right to file a complaint with the supervisory authority in Malta, the Office of the Information and Data Protection Commissioner.