Privacy Policy
Privacy Notice
Your information
This notice applies to personal information held by Cayman National Isle of Man (CNIOM). CNIOM collectively refers to Cayman National Bank (Isle of Man) Limited (CNBIOM) and Cayman National Trust Company (Isle of Man) Limited (CNTIOM), each a Data Controller in its own right.
"We" refers to CNIOM, the underlying entities of CNBIOM and CNTIOM, each acting as a Data Controller.
"Information" refers to any personal data about you that you or third parties provide to us.
"You" refers to you in your capacity as a Customer, connected party or controller of any bank account, relationship, entity or trust structure we operate.
This privacy notice should be read alongside the Terms and Conditions provided to you as they also contain sections relating to the use and disclosure of your information. To the extent that there is any conflict between the provisions of this Privacy Notice and any other Terms and Conditions, this Privacy Notice governs.
CNIOM has appointed the same Data Protection Officer (DPO) for each of CNBIOM & CNTIOM.
The DPO can be contacted at:
Data Protection Officer
Cayman National Bank (Isle of Man) Limited OR Cayman National Trust Company (Isle of Man) Limited
Cayman National House
4-8 Hope Street
Douglas
IM1 1AQ
Email: dpo@caymannational.im
Phone: (0044) 1624 646900
If you have any queries regarding this Privacy Notice or how we process your information, please contact the DPO using the details noted above or by arranging an appointment to discuss your query in person.
Why we collect information
The type of information collected by CNIOM will differ depending on the services being provided. In general, the information will be used for the following purposes:
- the provision of financial services and to enable CNIOM to enter into an agreement with you;
- fulfilling our legitimate interests, such as in the managing of risk;
- carrying out your instructions – e.g. payment requests, banking services, trust and company administration services;
- creation and ongoing administration of a product or structure;
- the administration of investments;
- investigation and resolution of complaints;
- provision of online services;
- carrying out checks in relation to your creditworthiness;
- corresponding with solicitors, surveyors, valuers, conveyancers or other third parties for the provision of our services to you;
- recover debts owed to CNIOM;
- defence of our legal rights;
- complying with the regulatory requirements in relation to anti-money laundering, countering terrorist financing and anti-bribery & corruption in verifying you and your identity and assessing your suitability for our services and products;
- detecting and preventing crime, such as fraud;
- improving our services to you;
- the provision of information to relevant tax authorities as and when required;
- the provision of information to other external regulatory bodies to which we are legally required to provide information to.
We will use your information where we have your consent or where another lawful reason exists such as the provision of a contract, in our legitimate interests, where we believe it is in the public interest, in defence of our legal rights or to comply with a legal requirement.
What we will collect about you
The type of information we will collect includes:
- personal details such as name, former names, date of birth, gender and place of birth;
- contact details such as address, previous addresses, email addresses and phone numbers;
- information about your marital status, dependents and social circumstances;
- tax reporting information including country of domicile, national insurance number or tax identification number;
- employment details, education, qualifications and positions held;
- confirmation of your right to act in relation to a company or structure or entity;
- information about your identity including passport copies, driving licence copies, other photographic identification documents, proof of address verification such as utility bills or bank statements or otherwise as provided;
- other information you provide relating to your financial standing, your personal wealth, assets and liabilities and the source of funds in order to verify the source of wealth for the arrangements you have with CNIOM;
- we may also require details relating to your ability to cover a debt, repay a loan and your overall financial standing may also be applicable;
- where permitted by law, information about criminal convictions or offences or alleged offences or claims made against you or entities associated with you, for specific and limited activities such as completing our due diligence requirements;
- details of disqualifications or other relevant notices which are available in the public domain;
- details of any prominent or politically exposed position held, or close associations held to individuals holding such positions.
The information you provide will only be used for the purposes of the provision of financial services.
Some of the information we collect will come direct from you, other information will come from third parties or from publicly available sources. CNIOM will use third party sourced data to carry out due diligence checks, sanctions and anti-money laundering checks. This is information we need to support our regulatory obligations. The information listed above may relate to you as our Customer, but also to persons that are associated with any entity or structure with you, such as a trust or managed company.
If you fail to complete our full "Know Your Customer" due diligence requirements, we will not be able to facilitate or offer to provide any product or service to you.
We may also collect information on third parties or family members through the documentation you provide to us. We will only use the necessary information to meet our compliance obligations, to comply with laws and regulations that CNIOM is subject to.
Information we generate about you
We will generate information about you in the course of our relationship, which may include:
- your financial information such as other firms you deal with, other arrangements you have in place, how you manage your finances and credit, who you make payments to and receive funds from, salary and ad-hoc payments received;
- your identification information, signature, online banking log ins and voice recordings;
- CCTV images;
- records of any meetings, advice or recommendations given to you;
- tracking information – see note below;
- geographic information from card payments;
- records of correspondence received and processed by email, letter, voicemail etc.;
We may also analyse your transaction information and payment flows to enable us to identify improvements to our services and online offering.
Tracking
We may monitor or record any communication between you and CNIOM including telephone calls, face to face meetings, letters, emails and any other kind of communication. We may use these recordings to check your instructions to us, to assess and improve our service to you, train staff, manage risk and to prevent and detect crimes such as fraud. For security and to prevent and detect crime we may collect recordings, images and sound using CCTV in and around our premises.
When you visit our website, we may collect information about you which is useful in improving the operation of the website or used for essential functionality such as security when processing form data. The collection of the information is through the traffic data on the site and through the creation of a number of cookies, details of which can be found in our Cookies Policy.
Where we may transfer your information
Your information may be shared or transferred where it is lawful to do so, depending on the type of service we are providing, with the following:
- other joint account holders, trustees, beneficiaries, controllers, administrators or executors;
- individuals who give guarantees for any debt owed to CNIOM;
- other parties involved in a dispute including disputed transactions;
- other financial services providers,
- lenders and credit reference agencies in relation to credit arrangements;
- other financial services providers for the provision of transactions;
- beneficiaries of payments or remitters of transactions;
- fund managers, brokers, asset managers or agents who deal on your behalf;
- beneficiaries, intermediaries, clearing houses, clearing or settlement systems, counterparties or any company where securities are held and traded through us;
- intermediaries or introducers who have an interest in the business introduced to CNIOM;
- anyone who is instructed to act on your behalf, power of attorney, solicitors, accountants, etc.;
- credit card processing providers such as those facilitated by Cayman National Corporation Ltd group of companies;
- entities or individuals in connection with a potential or actual corporate restructure, merger, acquisition or sale, including the transfer or potential transfer of any of our rights or duties under our agreement with you;
- internal and external auditors operating within the Cayman National Corporation Ltd group of companies;
- auditors or parties appointed to carry out investigations or audits of our activities;
- law enforcement, courts, dispute resolution and regulators as required by law;
- Government agencies in the provision of tax reporting, as required by law;any other individual or entity with whom, we've been instructed to share your information with by you, either jointly, solely or as a controller.
Overseas transfer of your information
We may need to transfer your information outside of the Isle of Man and the EEA (European Economic Area), where the same level of protection is not offered. Where your information is being transferred to third parties or third countries CNIOM will ensure there is a contract in place, that there is an appropriate level of security and a legal basis for transferring.
We will only share your information with those that have a right to see it, where there is an obligation to remit the information, where it is in our legitimate interest or where it is a requirement in order to facilitate a contract with you. For example, should you request a card to operate a bank account held with CNBIOM, we will transfer information relating to you, your account, company or structure outside of the EEA to other companies in the Cayman National Corporation Ltd group of companies. In accepting the terms and conditions governing the provision of services to you, you acknowledge that your information will be processed in this manner.
Your rights
You have a number of rights in relation to the information we obtain and hold about you, such as:
- The right to access your personal data. You have the right to access the information we hold about you. You can address your request to the DPO at the contact details provided in the first section of this notice;
- The right to rectification. If the information we hold about you is inaccurate or incomplete you have the right to have this data rectified. If your request involves the restricting of how we process your information it may affect the services we provide to you;
- The right to have information deleted. If the data we hold about you is no longer being processed for the purpose it was collected for, if it is being unlawfully processed or if you have withdrawn your consent to process your information you may request, that we delete your information. Please note we are obliged to retain information as required by law. If we delete your information it may affect the services we provide or the operation of any contract we have with you;
- The right to have the processing of your information restricted. If the accuracy of the data is contested, the processing of the information is unlawful or we no longer require the data for the purpose it was provided but you require them for the establishment, exercise or defence of legal claims you have the right to request we restrict processing of your personal information;
- The right to data portability. Where we hold information provided by you for the purpose of entering into a contract with us you have the right to receive that personal information in a portable format. You may request that the information is provided direct to a third party, their use of such information is outside of our control and is under the remit of any agreement you have in place directly with them;
- The right to object to processing. You have the right to object to our processing of your information unless there are legitimate grounds for the processing including, but not limited to legal or regulatory requirements. You can object at any time to processing of your personal data for direct marketing purposes including profiling for marketing purposes. Where we have relied on your permission to process your data you can withdraw your consent at any time;
- The right to complain. You have the right to lodge a complaint with CNIOM in relation to the processing of your personal information. If the matter has not been resolved satisfactorily you can complain to the Information Commissioner, whose contact details are noted below.
Where you complain about our processing of your information the DPO will investigate on your behalf. If you wish to contact the data protection authority the Information Commissioner for the Isle of Man to escalate a matter please use the below contact details:
The Information Commissioner
First Floor
Prospect House
Prospect Hill
Douglas
Isle of Man
IM1 1ET
Email: ask@inforights.im
Phone: (0044) 1624 693260
Web: www.inforights.im
Retention of information
Your information will be retained in line with the requirements of relevant legislation that governs CNIOM, including those relating to banking services, trust and company administration, anti-money laundering and countering terrorist financing. The retention period is determined based on the type of record, the nature of the activity and the product and service offered. Detail of our retention timeframes is contained within our retention policy which may be updated from time to time as overriding legislation changes.
Once your information is no longer required we will destroy, delete or anonymise the data and can confirm that no further decisions will be made about you based on this deleted information.
We may need to retain your information outside of the prescribed timeframes, where an ongoing investigation is being undertaken by a Police force, other investigative agency or regulatory body, or where a dispute has arisen and is being investigated or whereby legal proceedings are taking place. In these instances, your information will be retained for as long as deemed necessary. Destruction of such data will be completed as soon as practicable thereafter.
If you would like any further information on our retention policy please contact the DPO.
Security of information
We take the security of your information very seriously. We have in place a framework of policies and procedures governing the control and protection of your information. We use a range of measures to safeguard your information including:
- encryption;
- penetration testing;
- IT security arrangements;
- business continuity planning;
- ongoing testing and monitoring;
- training and awareness amongst staff.
Where we work with third parties in the provision of our IT and security arrangements we require compliance with specified standards covering the protection, storage and transferring of your information. Contracts are in place detailing the appropriate measures required to protect your information.
Marketing
Where there is a legitimate business interest we may use your information to provide you with information about our products and services.
In certain instances, we will rely on your consent to provide you with marketing information about CNIOM's group of companies. You can withdraw your consent at any time using your normal method of communication with us.
We will not provide your information to external third parties for the provision of marketing.
Your obligations
We request that you ensure the information we hold about you is accurate and up to date. Please notify us as soon as possible if your circumstances change. We are obliged to send certain mandatory communications to you and therefore need to have accurate contact information for you.