Bentley Trust (Malta) Limited – EU Data Privacy Notice

21st May 2019

Bentley Trust (Malta) Limited (“BTM”) is committed to protecting your personal data. This notice contains important information about what personal details we collect, what we do with the information and your rights when it comes to personal information you have given us.

We may need to make changes to this Data Privacy Notice, so please check the Bentley Reid website at www.bentleyreid.com for updates from time to time. If there are important changes regarding how we use your data, we will contact you to let you know.

Your personal data – what is it?

Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation 2016/679 (‘GDPR’).

Who are we?

BTM is the data controller. This means it decides how your personal data is processed and for what purposes. We can be contacted at the following address;

The Trust Manager
Level 7, Portomaso Business Tower
St Julians, STJ 4011
Malta

Where we collect your personal information

BTM collects your personal data either directly from you or from a variety of sources including:

  • Bentley Capital Limited
  • Bentley Reid & Co (UK) Limited
  • Emails and letters
  • Telephone conversations

How we protect personal information

BTM takes information security seriously and strives to comply with our obligations at all times. Any personal information collected will have appropriate safeguards applied in line with data protection obligations.

Your information is protected by controls designed to minimise loss or damage through accident, negligence or deliberate actions. This includes protecting sensitive information when storing or transmitting electronically.

How do we process your personal data?

BTM complies with its obligations under the GDPR to process data in a lawful manner by;

  • Keeping personal information up to date
  • Storing and destroying it securely
  • Not collecting or retaining excessive amounts of data
  • Protecting personal data from loss, misuse, unauthorised access and disclosure
  • Ensuring that appropriate technical measures are in place to protect personal data

What we do with your personal data?

We require your personal data for the administration of the trust and / or company (collectively referred to as “Entity”) of which you are a related party, along with meeting regulatory requirements in respect of ‘Customer Due Diligence’ and international tax obligations. Examples of how your data may be used are;

Verifying your identity

Reporting on the financial status of the Entity
Assisting on opening accounts for the Entity and the ongoing operation
Regulatory reporting and disclosures

What is the legal basis for processing your personal data?

The processing of data will be performed as part of the fiduciary obligations of BTM in the administering of the Entity of which you are a related party, in addition to the legal and regulatory obligations that fall upon BTM.

If personal data is obtained from a professional business to business relationship with BTM, the processing of data will be performed under the basis of legitimate interests of both parties.

Where there is no lawful basis to process your data, we will look to obtain your consent to ensure your rights are protected under the GDPR. This will only be required once, and will enable us to maintain a relationship where we can update you on our latest service and product offerings.

Sharing your personal data

Your personal data will be treated as strictly confidential and will be shared only with professional bodies related to the administration of the Entity.

These third parties may include;

  • BTM regulator and supervisory authorities (e.g. Malta Financial Services Authority)
  • Tax authorities as required under international tax laws (e.g. FATCA, CRS)
  • Companies we have chosen to support us in the delivery of services we offer you (e.g. consultancy or technology companies)
  • Investment companies and banks where the Entity holds an asset
  • Credit and identity check agencies to verify identities under AML regulation
  • Law enforcement for the prevention and detection of crime

We will never sell your details to someone else. Whenever we share your information, we do so in line with our obligations to keep your information safe and secure.

How long do we keep your personal data?

We will only keep your information for as long as it is required to be retained. The retention period is either dictated by legal or regulatory obligations, or by our discretion with a minimum of 10 years. Once your information is no longer needed it will be securely and confidentially destroyed.

Your rights and your personal data

Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data;

  • The right to request a copy of your personal data which BTM holds about you
  • The right to request that BTM corrects any personal data if it is found to be inaccurate or out of date
  • The right to request your personal data is erased where it is no longer necessary for BTM to retain such data
  • The right to withdraw your consent to the processing at any time
  • The right to request that BTM provide the data subject with their personal data and where possible, to transmit that data directly to another data controller
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing
  • The right to object to the processing of personal data
  • The right to lodge a complaint with the Information and Data Protection Commissioner

Transfer of data outside of the EU

Where personal data is intended to be transferred outside of the EU, the GDPR imposes restrictions to ensure the protection of individuals is not undermined. BTM will ensure that any transfers within the Bentley Reid Group provide for adequate safeguards as enforced by the Information and Data Protection Commissioner.

Further processing

If we wish to use your personal data for a new purpose, not covered by this Data Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing. 4

How to make a complaint

BTM will always strive to collect, use and safeguard your personal information in line with data protection laws. If you do not believe we have handled your information as set out in this Data Privacy Notice, please contact us immediately to put things right.

If you believe the matter is still unresolved you can make a complaint to the Information and Data Protection Commissioner.