This Privacy Notice describes how Meritus Trust Company Limited (“Meritus”) collects, uses and shares the information you provide to us and the information we collect in the course of operating our trust and corporate service provider business. We are committed to protecting your privacy and processing the information you provide to us in a safe and secure manner.
The Information We Collect
In the course of our business relationships, we may collect and process various types of personal data about you, including:
- Name, address, email address, telephone number and other contact information;
- Date and place of birth;
- Copies of identity documents (such as passport, national ID card, driver’s license, employee identification numbers);
- Utility bills and/or bank statements;
- Source of wealth;
- Tax residency and tax identification number;
- Details of shareholdings and other assets which are legally or beneficially owned by you;
- Details of directorships and information required to be held under applicable companies legislation;
- Your personal identification information (which may include your name and passport information, personal data relating to claims, court cases and legal representations, politically exposed person (PEP) status, personal information available in the public domain and other such information as may be necessary for Meritus to provide services and complete its CDD process and discharge its anti-money and combatting the financing of terrorism obligations;
- Your family relationships (which may include your marital status, the identity of family members);
- Any other personal information that you may provide to us;
- We may also collect and process personal data regarding people connected to you, either by way of professional (or other) association or by way of family relationship;
- If you apply for employment with us, we may collect personal information relating to your past employment;
- Professional qualifications and education, your nationality and immigration/residential status, opinions from third parties about you (such as references) and other details about you which may be gathered during the recruitment process. We may also review publicly available information about you on your social media accounts.
Please note this list is not exhaustive and that we may also collect and process other personal data to the extent that it is useful or necessary in the provision of our services.
Where We Obtain Your Personal Information
We collect your personal information from the following sources:
- Personal information which you give to us directly:
- As part of such other forms and documents as we may request that are completed in relation to the provision of any of our services;
- Information gathered through the processing of client due diligence (e.g., passports and proof of address etc.) carried out as part of our compliance with regulatory requirements;
- Financial crime, sanctions or other due diligence databases for the purposes of complying with our regulatory requirements;
- Information that is publicly available from the internet;
- Personal information received in the course of dealing with advisors, regulators, official authorities and service providers with whom or by whom you are employed or engaged or for whom you act.
How We Use Your Information
At Meritus we are committed to protecting and respecting your privacy. We provide trustee, corporate and other professional services to our clients and we use your personal data for those purposes. We may hold and process your personal data on the following lawful grounds:
- To perform a contract which we may have with you;
- To comply with our legal and regulatory obligations;
- For our legitimate business purposes.
Your personal information may be processed for the following purposes:
- To conduct administrative, compliance or operational processes within our business and/or our service providers;
- To communicate with you as necessary in connection with our services;
- To provide you with personalised information;
- To provide and improve our trust and corporate services;
- To establish, exercise or defend the legal rights of Meritus or for the purpose of legal proceedings;
- To process and respond to requests, enquiries or complaints received from you or someone connected to you;
- To comply with legal or regulatory obligations imposed on us (including but not limited to AML/ATF/CFT and Sanctions obligations);
- Collecting, processing, transferring and storing customer due diligence, source of funds information and verification data under applicable anti-money laundering and terrorist financing laws and regulations; and
- Liaising with or reporting to any regulatory authority (including tax authorities) with who we are either required to cooperate or report to, or with whom we decide or deem it is appropriate to cooperate in relation to the services we provide.
Why We Share Your Information
Meritus provides trust and corporate service provider business in Bermuda. The personal information we collect from you is required to discharge our regulatory obligations and provide you with the trust and corporate administration services you require. In addition to using the information in our ordinary dealings with you, your family and your business, it may also be necessary for us to use or provide certain personal information to third parties in the following circumstances:
- To respond to customer due diligence requests from third party service providers which provide professional or financial services to the trusts or businesses for which we provide trust and corporate services (including banks, investment advisors, fund administrators, asset managers, lawyers, accountants, brokers, real estate agents and dealers in high value goods);
- To comply with requests for information from regulatory authorities, law enforcement agencies or government officials;
- To comply with our legal obligations to exchange account and taxpayer identification information under tax information exchange agreements to which Bermuda, the Cayman Islands, the British Virgin Islands and the Bahamas are party from time to time, the Common Reporting Standard (CRS) and the Foreign Account Tax Compliance Act (FATCA); and,
- To such third-party agents, suppliers, or contractors as are required in connection with our operations (such as IT and communications services providers, external auditors, accountants and external legal advisors which may be instructed from time to time).
Retention of Personal Information
Meritus has measures in place to prevent the unauthorised or unlawful access to your personal information. In the event of a security breach leading to unauthorised access or disclosure of your personal information, we will inform you about the breach as reasonable practicable after determining the nature and extent of the breach.
We are obliged to hold your personal information for no less than the time period stipulated by Bermuda law.
Access to and Control of your Personal Information
Subject to any legal or regulatory obligations we may have, you are entitled to ask for a copy of the personal information retained about you by Meritus and request that inaccuracies or errors to be corrected as soon as is reasonably practical.
We are prevented by law to disclose your personal information in the following circumstances:
- The personal information is protected by legal privilege;
- The disclosure of the personal information would reveal confidential information about Meritus or about a third party that is of a commercial nature;
- The disclosure of the personal information could reasonably be expected to threaten the life or security of an individual;
- The personal information would reveal personal information about another individual; and
- The personal information would reveal the identity of an individual who has in confidence provided an opinion about another individual and the individual providing the opinion does not consent to disclosure of his identity.
Subject to any and all laws of Bermuda which requires us to retain your personal information for specified purposes and for periods of time, you may request that we destroy copies of your personal information in our possession.