Privacy Policy

This Privacy Policy sets out details of the personal information that we may collect from you and how we may use that information. We are committed to ensuring that your data and privacy are protected and the information that we hold is secure.
Please read this Privacy Policy carefully. Where you are providing us with personal data concerning another person, you should provide them with a copy of this Privacy Policy.
1. WHO WE ARE AND HOW TO CONTACT US
In this Privacy Policy references to “we” or “us” or “Celtic” are references to Celtic Associates Limited.   For the purposes of the General Data Protection Regulation (“GDPR”) and relevant Isle of Man Data Protection Legislation, Celtic Associates Limited is the Data Controller.  You can contact us at The Red House, One The Parade, Castletown, Isle of Man, IM9 1LG. Telephone: +44(0)1624 822022 Email: email@celt.im.
Data Protection Officer
Celtic have appointed Mr Iain Wood as our data protection officer to oversee our handling of personal information. If you have any questions about how we collect, store or use your information, you may contact our data protection officer at the address above or by email on iain.wood@celt.im.
This Privacy Policy describes what personal information we may collect from you and about you and describes how and why we use your personal information.
The data protection supervisory authority in the Isle of Man is the IOM ICO (“IOM ICO”), whose website is: www.inforights.im.
If you have any complaints regarding our use of your personal information, you can contact our data protection officer or the IOM ICO at the website address above or by telephone +44(0)1624 693260, We would, however, appreciate the opportunity to deal with your concerns before you approach the IOM ICO so please contact us in the first instance.
 
2. WHAT PERSONAL INFORMATION WE COLLECT AND WHY WE COLLECT IT
The personal information that we collect will depend on our relationship with you and the services we provide.
We collect personal information that is necessary for us to provide corporate and trust administration services and also accountancy and personal tax services to our clients or otherwise perform the services you have requested from us. We also collect personal information from third parties to allow us to do this. In addition, we may require information from you and from third parties about you to allow us to comply with legislation and regulations that apply to us – examples of this may be for anti-money laundering purposes.
If you provide personal information to us about other people you must provide them with a copy of this Privacy Policy.
Personal information
To allow us to provide services, we may require the following personal information about the persons connected with any services we provide or entity we are to administer, such as officers, members, trustees, settlors, beneficiaries, ultimate beneficial owners and controllers:
• Photographic identification and documents to verify both your identity and residential address in order to satisfy anti-money laundering regulations; failure to provide these may mean that we are unable to establish or continue in a business relationship with you or an entity connected to you.
• Your contact details, including but not limited to, telephone numbers, address and email address in order to communicate with you.
• Your relationship to the company or trust or services provided so we can provide you with the relevant information.
• Your jurisdictions of tax residence and tax identification number and any other information required in order to report under International tax information exchange requirements (e.g. CRS and FATCA).
• Background information such as source of wealth and funds in order to satisfy anti-money laundering regulations.
• We may conduct criminal background checks and screen for sanctions and negative press as part of our anti-money laundering screening process to comply with anti-money laundering legislation at or around the time we take on a client and periodically thereafter.
• Where, as part of our services to you, we are remitting funds we will take your bank details. Similarly, if you provide services to Celtic we may hold your VAT registration number, bank details and payment details for you.
• Where we collect additional personal data, you will be informed of that at the time we collect it, together with the reasons why.
• Where we later need to process your personal data for reasons not already communicated to you, we will notify you in advance.
• We usually collect personal information about you from you directly but in certain circumstances we may collect personal data on you from other sources such as third parties, your advisors, or from publicly or privately available records.
3. WHEN WE OBTAIN YOUR PERSONAL INFORMATION
• We collect personal information from a number of different sources including:
• directly from you or from someone else on your behalf;
• via publicly available sources such as internet search engines and social media sites;
• from credit reference agencies and fraud prevention databases and sanctions screening;
• from government agencies including tax agencies and agencies that issue identification documentation.
4. THE PURPOSES FOR WHICH YOUR PERSONAL INFORMATION IS USED
• To meet a legal or regulatory requirement.
• To communicate with you regarding the services we provide to you (for example any changes).
• To advise you of changes that may affect you that we feel are in your best interests.
• For reasonable administrative and accounting purposes in the performance of our contract or potential contract with you.
• If we believe that we have a legitimate interest or;
• we believe that you have a legitimate interest and to not use your personal data could have a negative impact on you
5. CHANGE OF PURPOSE
We will only use your personal information for the purposes for which we collect it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal information without your knowledge or consent, where this is required or permitted by law.
6. HOW WE SHARE YOUR PERSONAL INFORMATION
We may share your personal information with third parties for the purposes listed above, as follows:
• IT and hosting services
• screening and credit check agencies
• Regulator authorities
• banks or other financial institutions
• Tax and VAT Authorities
• Company Registries
• The police and other third parties or law enforcement agencies where reasonably necessary for the prevention or detection of crime
• Our insurers
• Credit card scheme providers (e.g. Visa or MasterCard)
• Our third-party services providers such as auditors, lawyers, contractors, document storage providers and tax advisers
• Selected third parties in connection with the re-organisation, sale, transfer or disposal of our business.
7. SPECIAL CATEGORY DATA
We do not normally process Special Category Data for clients but if we do, we will obtain your explicit consent before collecting the data.  In the event that we are sent Special Category Data without requesting it, we will redact this data.
8. CRIMINAL OFFENCE DATA
We will only process criminal data where we have a legal or regulatory obligation to do so.
9. CHILDREN’S DATA
If we are required to process Children’s Data, we will obtain the explicit consent of a parent or legal guardian.
10. SENDING INFORMATION OVERSEAS
We (or third parties acting on our behalf) may store or process information that we collect about you in countries outside the Isle of Man and the European Union (EU). Where we make a transfer of your personal information outside of the Isle of Man and EU we will take the required steps to ensure that your personal information is protected. Such steps may include placing the party we are transferring information to under contractual obligations to protect it to adequate standards.
11. WHAT MARKETING ACTIVITIES DO WE CARRY OUT?
Celtic does not carry out any marketing activities.
 
12. OUR WEBSITE
Our website provides an enquiry form which asks for your name, email address and telephone number so that we may contact you in response to their enquiry.   We will only use your personal data when the law allows us to.  Most commonly, we will use your personal data in the following circumstances:
• Where we need to perform the contract, we are about to enter into.
• Where it is necessary for our legitimate interests (or those of a third party) and your interests
• Where we need to comply with a legal or regulatory obligation.
Our Website records no visitor analysis or website usage statistics.
13. HOW LONG DO WE KEEP PERSONAL INFORMATION FOR?
We will only store your personal information for as long as reasonably necessary to fulfil the purposes set out in this Privacy Policy and to comply with our regulatory and/or legal obligations.
We have a detailed retention policy in place setting out the length of time we keep different types of information.
14. YOUR DUTY TO INFORM US OF CHANGES
It is important that personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.
15. YOUR RIGHTS
Under data protection law you have the right to make certain requests in relation to the personal information that we hold about you. We will not usually make a charge for dealing with these requests unless you make several requests or the request is particularly complicated.  If you wish to exercise these rights at any time please contact us using the details set out in section 1.
There may be cases where we may not be able to comply with your request (such as where this would conflict with our obligation to comply with other regulatory and/or legal requirements). However, if we cannot comply with your request, we will tell you the reason provided we are allowed to do so by law, and we will always respond to any request you make.
There may also be circumstances where exercising some of these rights (such as the right to erasure, the right to restriction of processing and the right to withdraw consent) will mean we can no longer provide you with services and may therefore result in cancellation of the related contract.
Your rights include:
(a) The right to access your personal information
You are entitled to a copy of the personal information we hold about you and certain details of how we use it.  We will usually provide you with your information in writing, unless you request otherwise, or where you have made the request using electronic means, in which case the information will, where possible, be provided to you by electronic means.
(b) The right to rectification
We take reasonable steps to ensure that information we hold about you is accurate and complete. However, you can ask us to amend or update it if you do not believe this is the case.
(c) The right to erasure
You have the right to ask us to erase your personal information in certain circumstances, for example where you withdraw your consent or where the personal information we collected is no longer necessary for the original purpose. This will need to be balanced against other factors however. For example, we may have regulatory and/or legal obligations which mean we cannot comply with your request.
(d) The right to restriction of processing
In certain circumstances, you are entitled to ask us to stop using your personal information, for example where you think that we no longer need to use your personal information or where you think that the personal information we hold about you may be inaccurate.
(e) The right to data portability
You have the right to request us to transfer your personal information to another Data Controller.
(f) The right to withdraw consent
We may ask for your consent for certain uses of your personal information. Where we do this, you have the right to withdraw your consent to further use of your personal information.
(g) The right to complain to the IOM ICO
You have a right to complain if you believe that any use of your personal information by us is in breach of applicable data protection laws and/or regulations. More information can be found on the IOM ICO’s website: www.inforights.im. This will not affect any other legal rights or remedies that you have.
16. HOW WE PROTECT YOUR INFORMATION
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed, details of which may be obtained from our data protection officer.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a breach where we are legally required.
To protect your information, we use a range of organisational and technical security measures.  We use a Cloud server for our systems and we have firewalls in place to block unauthorised traffic to the servers.  Our internal procedures cover the storage, access and disclosure of your information.
17. WHAT WE MAY NEED FROM YOU
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is to ensure that personal information is not disclosed to any person who has no right to receive it.
18. UPDATES TO THIS PRIVACY POLICY
We reserve the right to make changes to this Privacy Policy, for example, as the result of government regulation, new technologies, or other developments in data protection law or privacy generally. You should check our website from time to time to view the most up-to-date Privacy Policy.