Privacy Policy

Bridgewater (IOM) Limited is the controller of all personal information (personal data) processed by Bridgewaters and our staff. We are registered as a Controller and Processor with the Isle of Man Information Commissioner, Registration No. R002377.

Where we refer to “Bridgewaters” and/or “We” it is meant as Bridgewater (IOM) Limited and its wholly owned group companies.

When it comes to your personal data, we want you to be confident that it is safe and secure. We respect an individual’s fundamental right to privacy, and process personal data in accordance with the Isle of Man Data Protection Act 2018.

This Policy covers:

  • Why we collect your personal data
  • Special categories of personal data
  • Sharing your information within Bridgewaters
  • Sharing your information with other organisations
  • Transferring your information to other countries
  • Using your contact details
  • Storing and deleting your information
  • How we keep your information secure
  • Links to external websites
  • Cookies
  • Your rights
  • Further information, enquiries and complaints

We monitor this Policy, regularly review it and update it, as necessary. The last time it was updated was 2 December 2020. We recommend that you check it regularly.

Why we collect your personal data

We offer a wide range of services and the amount and type of information we collect, hold and process will be dependent upon the services we provide. We only collect the information we need to provide our services and will explain why we need any additional information we ask you to provide. 

You are not obliged to provide any of the information we ask you for. If you decide not to provide any requested information, be aware that we may not be able to provide you with the services you require or respond to your queries.

When you enquire about our services, we collect your personal data to take steps prior to entering a contract with you, including:

  • Respond to enquiries
  • Assessing the services that are right for you
  • Negotiating and agreeing terms of business

When you engage us to provide services, we collect your personal data to administer those services, including, but not limited to:

  • Communicating with you about the services you have asked us to provide and informing you of changes that affect those services
  • Providing fiduciary services
  • Setting up and administering trusts, companies and collective investment schemes
  • Tax registrations, calculations and submission of tax returns
  • VAT registrations, calculations and submission of VAT returns
  • Buying, selling and financing of yachts, aircraft and property
  • Providing fund administration services
  • Preparation of management accounts and financial statements
  • Supervision of audits, where applicable

In some circumstances, we are required to collect your personal data to comply with our legal or regulatory obligations, such as:

  • Carrying out checks to ensure we comply with laws relating to the prevention of financial crime, tax evasion and the funding of terrorism
  • Identifying individuals who are politically or commercially exposed persons
  • FATCA and CRS reporting

There are occasions where it is in our legitimate interest to collect and process your information, for example:

  • CCTV monitoring of our shared office spaces helps to keep our staff and visitors safe and protects your personal information from unauthorised access – such personal information and images may be given to law enforcement agencies as evidence if we think an offence has been committed
  • When you ask us to provide services, we need to assess the risks associated with providing that service. This may involve processing your information through background checks and credit reference agencies. This evaluates the risks to you, to us and to any organisations whose products or services we are providing for you
  • Analysing details of the number of visits to our website and the pages visitors viewed. This allows us to refine the website and make your visits to our website more informative
  • To make you aware of additional or new services that we think could be of benefit to you and will complement the services we already provide

In addition to collecting personal information about individuals linked to our clients, we also collect and use information that can identify:

  • Intermediaries who are linked to our client structures
  • Individuals employed by or linked to our service providers and sub-processors

The examples in this section are only an overview of the types of processing we carry out.  If you would like a more in-depth list of our processing activities and our legal basis for processing, please contact our Data Protection Officer.

Special categories of personal data

Bridgewaters only processes special categories of personal data where we are expressly required to, to comply with relevant laws and regulations or where we need it to provide services you have requested. Data protection law lists the following types of personal data as special categories:

  • racial or ethnic origin
  • age
  • disability
  • gender reassignment
  • sex and sexual orientation
  • pregnancy and maternity
  • marriage and civil partnership
  • political opinions
  • religious beliefs or beliefs of a similar nature
  • trade union membership
  • physical or mental condition

If we ask you to provide such personal information, we will fully explain your options before we ask you to provide it and it will be held as strictly confidential. 

Sharing your information within Bridgewaters

We share your information with other Bridgewaters companies where it is necessary for us to provide you with services or to allow our company boards to have full oversight of our operations. Whenever possible, statistical information shared to meet reporting and governance purposes will be anonymised.

There are, however, times where we cannot provide the relevant services without using some personal information. In these cases, access is only granted to staff who need it in order to provide those services and the amount of information shared is limited to the minimum level that will allow them to fulfil their functions.

Sharing your information with other organisations

In the usual course of our business, we use third-party organisations to support the essential delivery of our services. Under these circumstances, we remain responsible for the security and privacy of your information and we regularly review all third parties’ security measures to ensure they meet the same standards you expect from us. All third-party organisations operate under contracts that restrict their use of your personal information to providing the services we have engaged them for.

The services they provide include:

  • Providing and supporting the IT systems in which your information is stored
  • Transportation and storage of information and confidential destruction
  • Preparation of company accounts and financial statements
  • Translation of documents

We may also have an obligation to share some of your personal information with public authorities, such as:

  • Tax and VAT authorities
  • Regulatory authorities
  • Law enforcement agencies
  • Yacht and aircraft registries

In some cases, your personal information will be shared with organisations outside Bridgewaters to obtain specialist or professional services that are necessary for the services we provide. These include:

  • Your professional advisers, such as accountants, lawyers, agents, architects
  • Banks or other financial institutions
  • Credit reference agencies who assist us in meeting our customer due diligence obligations

These external organisations have a legal obligation to comply with privacy and data protection legislation and may also operate under a professional duty of confidentiality due to the type of service they provide. They have their own privacy policies that provide information about how they use your information. You can find out more about the organisations your information has been shared with by contacting our Data Protection Officer.

Transferring your information to other countries

When we share your information with organisations that are in different jurisdictions, we ensure they apply equivalent levels of protection.

Countries in the European Economic Area and those that are recognised as providing adequate protection by the European Commission provide an equivalent level of protection as the Isle of Man. Personal information can flow freely between these countries because their laws give you the same rights and protections in relation to your personal information.

For other international transfers, we put data sharing contracts in place to ensure you retain the same rights and protections in the recipient country as you have in the country where your information was originally collected. This ensures that such transfers are legal and gives you, and us, the reassurance of knowing that your privacy rights remain the same wherever your information is being processed.

If you would like information on the countries that your personal information has been transferred to, please contact our Data Protection Officer.

Using your contact details

From time to time, we will send you important notices about the products or services you have asked us to provide, changes to our policies and/or terms of business, or changes to laws or regulations that could affect the service we provide.  This is important information that keeps you informed about the products or services you have asked us to provide.

We may also send you emails containing newsletters and articles, information about additional products or services provided by us or invitations to events we are organising, attending or sponsoring.  You can opt-out of receiving these messages by contacting us here or by clicking on the unsubscribe link in those emails.

We never sell or lease your personal information or share it with other organisations outside Bridgewaters for marketing purposes.

Storing and deleting your information

The amount of time we keep your personal information will vary depending on your relationship with us. In some circumstances, there is a legal or regulatory requirement to keep information for a specific amount of time, although this will be extended if there is ongoing legal action that overrides the normal retention period. Where there is no regulatory or legal requirement, we assess how long we reasonably need to keep your information to deal with ongoing queries.

When our relationship with you ends, there will be information we cannot delete immediately. Such information is stored in our physical and electronic archives until we no longer have an obligation to keep them. At that point, the information will be permanently deleted.

How we keep your information secure

We take the security of your personal information and confidential documents extremely seriously. We comply with data protection legislation and have put in place appropriate safeguards to prevent unauthorised access or unlawful use of personal and confidential information.

We employ a wide variety of technical and organisational security measures to safeguard the confidentiality, integrity and availability of your personal information.

We restrict access to personal information to Bridgewaters workers who need to know that information to process it for us. They are subject to strict confidentiality obligations and they may be disciplined or their contract terminated if they fail to meet these obligations.

Links to external websites

Our website may contain links to other websites that are not controlled by us. We are not responsible for the privacy of those sites and we encourage you to review the privacy policies of each one when you visit external sites so that you understand how those other organisations are using your personal information.

Cookies

For full details of the cookies used by Bridgewaters, please see our Cookies Policy here.

Your rights

Bridgewaters has processes in place that enable you to exercise your rights as outlined in the Isle of Man Data Protection Act 2018. Subject to some exceptions, you have the right to:

  • Know whether Bridgewaters is processing your personal information
  • Request a copy of the personal information Bridgewaters holds about you
  • Have any inaccuracies corrected or have incomplete personal information completed
  • Have your personal information erased if it is no longer needed
  • Ask Bridgewaters to restrict processing of your personal information
  • Object to Bridgewaters processing your personal information
  • Ask for your personal information to be transferred to a new service provider
  • Object to processing that is carried out in Bridgewaters legitimate interests
  • Not be subject to a decision based solely on automated processing if it produces legal effects or similarly affects you
  • Make a complaint to a data protection supervisory authority or regulator if your rights have been infringed due to our non-compliance with data protection laws.

To exercise any of your rights, please contact DataProtection@brigewaters.co.im

Further information, enquiries and complaints

If you have any questions about this Policy, wish to exercise any of your rights or would like to discuss other data protection matters, please contact:

Data Protection Officer
Bridgewater (IOM) Limited
4th Floor, Queen Victoria House
41-43 Victoria Street
Douglas
Isle of Man
IM1 2LF

Phone: +44 1624 676716
Email: DataProtection@bridgewaters.co.im

If you think that our collection and/or use of your personal data is unfair, misleading or inappropriate, please contact us to discuss your concerns. We take any complaints we receive about the way we process your information very seriously and we would like to hear from you if you have any concerns.  

If you feel our processing of your personal information infringes data protection laws, you have the right to make a complaint to:

Isle of Man Information Commissioner
P.O. Box 69
Douglas
Isle of Man
IM99 1EQ

Telephone: +44 1624 693260
Email: ask@inforights.im

Alternatively, if you are in an EU Member State you can complain to the data protection supervisory authority in your location; their contact details can be found on their individual websites.