Table of Contents

1. Revision History

2. Introduction

This Privacy Notice (“Notice”) – together with any other privacy information we may provide on specific occasions – applies to the processing of personal data by us in the course of providing company management and trust services and carrying out our business operations. The Notice sets out the types of personal data we collect, explains how we collect and process that data, who we share it with and certain rights and options that you have in this respect.

We recognise that information privacy is an ongoing responsibility, and so we will from time to time update this Privacy Notice as we undertake new personal data practices or adopt new privacy policies.

3. About Us

When we refer to “Acquarius” or “we” in this Notice we mean Acquarius Trust Company Limited, a company incorporated in Gibraltar with registration number 64486 and registered address at Suite 3, Second Floor, Icom House, 1/5 Irish Town, Gibraltar, GX11 1AA.

4. How we collect and use (process) personal information

We collect and process personal data for the following categories of data subjects:

4.1 Job Applicants

All of the information you provide during the application process will only be used for the purpose of progressing your application or to fulfil legal or regulatory requirements if necessary.

Information processed by us includes:

We will not share any of the information you provide during the recruitment process with any third parties for marketing purposes or store any of your information outside of the European Union. The information you provide will be held securely by us whether the information is in electronic or physical format.

We will use the contact details you provide to us to contact you to progress your application. We will use the other information you provide to assess your suitability for the role you have applied for.

We do not collect more information than we need to fulfil our stated purposes and will not retain it for longer than is necessary.

If you are unsuccessful at any stage of the process, the information you have provided until that point will be retained for 6 months from our last communication with you.

If you are successful in your application, we will retain your information in accordance with our Privacy Notice for Employees, Workers and Contractors. A copy of this Notice will be provided to you with your offer letter.

4.2 Clients/Customers

We collect personal information about our clients to provide them with our services. We hold the following information about customers:

We may receive personal information from our clients about other individuals, e.g., their employees, while providing our services. Any such information provided to us is used solely for providing our services and is handled strictly as per client instructions. Specific information received by us for purpose of payroll processing includes:

We may also receive personal information from third parties including other customers, partners, agencies, or 3rd parties that we have run partnerships, competitions, and events with. Any such information provided to us is used solely for providing our services and is handled strictly as per our data protection procedures.

4.3 Business Contacts

If you are a supplier, service provider, advisor, or consultant, we may process the following data about you:

We use this information to enter into and fulfil a contract with you, to administer and manage our relationship with you including accounting, payment processing activities.

We may also receive personal information from third parties including other customers, partners, agencies, or 3rd parties that we have run partnerships, competitions, and events with. Any such information provided to us is used solely for providing our services and is handled strictly as per our data protection procedures.

4.4 Visitors

4.4.1 Website

Like many other websites, our website [www.acquarius.gi] use cookies (including Google Analytics cookies to obtain an overall view of visitor habits and visitor volumes to our website). ‘Cookies’ are small pieces of information sent to your computer or device and stored on its hard drive to allow our websites to recognise you when you visit. The information is only processed in a way which does not identify any individual.

Details about the cookies used by us is displayed when you visit our website for the first time at a banner display at the bottom of your browser. From here you can either accept all cookies, reject or view more details by clicking on settings. It is possible to switch off cookies using our cookies banner or by setting your browser preferences, if you have accepted once.

When you email us using the links on our website, we will use the information provided by you only for the purpose of providing you with an appropriate response.

4.4.2 Social Media Platforms

We may also collect any personal information which you allow to be shared that is part of your public profile or third-party social network, including type and version, time zone setting, browser plug-in types and versions, operating system and platform.

4.4.3 Visitors to Office

We may retain information about your visit, for example, time of visit and exit, purpose of visit, vehicle registration numbers. This may be collected by reception staff whether employed by us or otherwise. Our landlords may record CCTV images as well as physical access logs. These details may be shared with us from time to time.

4.5 Marketing Data

We hold name and contact details of individuals who have expressed interest in hearing from us about our services or relevant legal updates. All marketing activities shall comply with relevant privacy and regulatory requirements.

4.5.1 How is your Data Collected?

You may give us your personal data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:

4.5.2 What Personal Data we Receive from Other Sources?

Apart from receiving personal data directly from you when you engage us to provide services, we may receive personal data from other customers, partners, or agencies. We only collect the information that’s necessary to carry out our business, provide the particular service you’ve requested and keep you up to date about our news.

5. How Do We Use Your Personal Data?

The purposes for which we use your information and the legal basis under data protection laws on which we rely to do this are explained below.

5.1.1 Where you have provided consent

Your data will only be used for the purposes you have provided consent. We will always request your explicit consent before using any sensitive information about you such as your health data.

You may withdraw your consent for us to use your information in any of these ways at any time. Please see Section 11: Data Subject Rights for further details.

5.1.2 Where it is in your Vital Interests

We may use your personal information to contact you if there are any urgent safety notices to communicate to you or where we otherwise reasonably believe that the processing of your personal information will prevent or reduce any potential harm to you. It is in your vital interests for us to use your personal information in this way.

5.1.3 Where there is Legitimate Interest

We may use and process your personal information where it is necessary for us to pursue our legitimate interests as a business, or that of a third party, for the following purposes:

5.1.4 Where there is a Legal Requirement

We will use your personal information to comply with our legal obligations:  

5.1.5 Where it is Required to Complete a Contract

We may use and process your personal information where we have supplied you (or continue to supply you) with any services, where we have arranged for the supply of another company’s services to you, or where you are in discussions with us about any new service. We will use this information in connection with the contract for the supply of services when it is needed to carry out that contract with you or for you to enter into it.

6. When and How Do We Share Your Personal Data

We may share your personal data:

We do not sell personal information to anyone and only share it with third parties who are facilitating the delivery of our services and communications.

7. Transfers of personal data outside the EEA

There may be occasions where we will need to share your data with entities in third countries, such as when we are using cloud software providers or outsourced contractors which enable us to provide you with the services. We verify that any data transfer outside of the EEA is subject to EU adequacy requirements, Standard Contractual Clauses or other transfer tools which comply with data protection legislation.

8. Automated Decision-Making

We do not use automated decision-making in relation to your personal data.

10. Data Storage and Retention

Your personal data is stored by Acquarius on the servers of the cloud-based services we engage, as well as in physical forms in our office and at backup and archival facilities. We retain data as per our data retention policy and regulatory data retention requirements.

The length of time we retain your personal data is determined by a number of factors including the purpose for which we use that information and our obligations under other laws. We do not retain personal information in an identifiable format for longer than is necessary.

For more information on where and how long your personal data is stored, and for more information on your rights of erasure and portability, please contact us at info@acquarius.gi.

11. Data Subject Rights

This Privacy Notice is intended to provide you with information about what personal data Acquarius collects about you and how it is used. If you have any questions, please contact us at info@acquarius.gi.

You have a number of rights in relation to your personal information under data protection law. In relation to certain rights, we may ask you for information to confirm your identity and, where applicable, to help us to search for your personal information. Except in rare cases, we will respond to you within one month from either (i) the date that we have confirmed your identity or receive further details we may request from you or (ii) where we do not need to do this because we already have this information, from the date we received your request.

Your rights include:

We are obliged to honour such requests as per our regulatory requirements. Where you have requested us to stop processing your data, we may continue to process your data if we are legally permitted to do so, for example for our legal commitments, to protect the rights of another individual or company or in connection with legal proceedings. If you'd like more information or would like to make such a request or are unhappy about how we process your personal information, please contact us at info@acquarius.gi.

11.1.1 Withdrawing your Consent

Where we rely on your consent as the legal basis for processing your personal information, as set out under 5. How we use your personal information, you may withdraw your consent at any time by contacting us using the details at the end of this policy.  If you would like to withdraw your consent to receiving any direct marketing to which you previously opted-in, you can do so using our unsubscribe tool. If you withdraw your consent, our use of your personal information before you withdraw is still lawful.

11.1.2 Making a Complaint

If you think your data rights have been breached, and if we have failed to address your concerns to your satisfaction, you are able to raise a complaint with the Information Commissioner (ICO). Before contacting the ICO directly, please contact us to give us a chance to address your queries.

If you are still unsatisfied, you can contact the ICO at https://www.gra.gi/data-protection/complaints.