Legals

Privacy Policy

Privacy Notice

Your information

This notice applies to personal information held by Cayman National Isle of Man (CNIOM). CNIOM collectively refers to Cayman National Bank (Isle of Man) Limited (CNBIOM) and Cayman National Trust Company (Isle of Man) Limited (CNTIOM), each a Data Controller in its own right.

"We" refers to CNIOM, the underlying entities of CNBIOM and CNTIOM, each acting as a Data Controller.

"Information" refers to any personal data about you that you or third parties provide to us.

"You" refers to you in your capacity as a Customer, connected party or controller of any bank account, relationship, entity or trust structure we operate.

This privacy notice should be read alongside the Terms and Conditions provided to you as they also contain sections relating to the use and disclosure of your information.  To the extent that there is any conflict between the provisions of this Privacy Notice and any other Terms and Conditions, this Privacy Notice governs.

Data Protection Officer

CNIOM has appointed the same Data Protection Officer (DPO) for each of CNBIOM & CNTIOM. The DPO has oversight of data protection matters and can be contacted at:

Data Protection Officer
Cayman National Bank (Isle of Man) Limited OR Cayman National Trust Company (Isle of Man) Limited
Cayman National House
4-8 Hope Street
Douglas
IM1 1AQ
Email: dpo@caymannational.im
Phone: (0044) 1624 646900

If you have any queries regarding this Privacy Notice or how we process your information, please contact the DPO using the details provided above, or by arranging an appointment to discuss them in person.

Why we collect information

The type of information collected by CNIOM will differ depending on the services being provided. In general, the information will be used for the following purposes:

• the provision of financial services and to enable CNIOM to enter into an agreement with you
• fulfilling our legitimate interests, such as in the managing of risk
• carrying out your instructions – e.g., payment requests, banking services, trust and company administration services, etc.
• creation and ongoing administration of a product or structure
• the administration of investments
• the investigation and resolution of complaints
• the provision of online services
• carrying out checks in relation to your creditworthiness
• corresponding with solicitors, surveyors, valuers, conveyancers or other third parties for the provision of our services to you
• the recovery of debts owed to CNIOM
• the defence of our legal rights
• complying with the necessary regulatory requirements in relation to anti-bribery & corruption, anti-money laundering, countering terrorist financing, and            countering proliferation financing   
• verifying your identity and assessing your suitability for our services and products
• the detection and prevention of crimes such as fraud
• improving our services to you
• the provision of information to relevant tax authorities as and when required
• the provision of information to other external regulatory bodies to which we are legally required to provide information to
• contact tracing – as may be required.

We will process your Information where we have your consent or where another lawful reason to do so, exists, such as for the provision of a contract, in our legitimate interests, where we believe it is in the public interest, in the defence of our legal rights, or to comply with a legal requirement.

What we will collect about you

The type of information we will collect includes:

• personal details such as name, former names, date of birth, gender, and place of birth
• contact details such as address, previous addresses, email addresses, and phone numbers
• information about your marital status, dependents, and social circumstances
• tax reporting information including country of domicile, national insurance number or tax identification number
• employment details, education, qualifications, and positions held
• confirmation of your right to act in relation to a company or structure or entity
• information about your identity including passport copies, driving licence copies, other photographic identification documents, proof of address                         verification such as utility bills or bank statements, or as otherwise provided        
• other information you provide relating to your financial standing, your personal wealth, assets and liabilities, and the source of funds to verify the source of      wealth for the arrangements you have with us    
• we may also require details relating to your ability to cover a debt, repay a loan and your overall financial standing where applicable
• where permitted by law, information about criminal convictions or offences or alleged offences or claims made against you or entities associated with you,        for specific and limited activities such as completing our due diligence requirements     
• details of disqualifications or other relevant notices which are available in the public domain
• details of any prominent or politically exposed position held or close associations held to individuals holding such positions.

The Information you provide will only normally be used for the purposes of the provision of financial services. If we need to use it for any other unrelated purpose, we will notify you and explain the legal basis which allows us to do so or request your consent, where required.

Some of the Information we collect will come direct from you, other Information will come from third parties or from publicly available sources. CNIOM will use third-party sourced data to carry out due diligence checks, sanction screening, and anti-money laundering/control of the financing of terrorism/proliferation financing checks. This is Information we need to support our regulatory obligations. The Information listed above may relate to you as our customer, but also to persons that are associated with any entity or structure connected to you, such as a trust or managed company.

If you fail to complete our full “Know Your Customer” due diligence requirements, we will not be able to facilitate a business relationship with you or offer to provide to you any product or services.

We may also collect Information on third-parties or family members through the documentation you provide to us. We will only use the necessary Information to meet our compliance obligations, and to comply with the laws and regulations that CNIOM is subject to.

Information we generate about you

We will generate information about you in the course of our relationship, which may include:

  • your financial information such as other firms you deal with, other arrangements you have in place, how you manage your finances and credit, who you make payments to and receive funds from, salary and ad-hoc payments received;
  • your identification information, signature, online banking log ins and voice recordings;
  • records of any meetings, advice or recommendations given to you;
  • tracking information – see note below;
  • geographic information from card payments;
  • records of correspondence received and processed by email, letter, voicemail, etc.

We may also analyse your transaction information and payment flows to enable us to identify improvements to our services and online offering.

Tracking

We may monitor or record any communication between you and CNIOM including telephone calls, face to face meetings, letters, emails and any other kind of communication. We may use these recordings to check your instructions to us, to assess and improve our service to you, train staff, manage risk and to prevent and detect crimes such as fraud. For security, and to prevent and detect crime, we may collect recordings, images and sound using CCTV in and around our premises.

When you visit our website, we may collect Information about you which is useful in improving the operation of the website or used for essential functionality such as security when processing form data. The collection of the Information is through the traffic data on the site and through the creation of cookies, details of which can be found in our Cookies Policy (a copy of which is published on our website).

Where we may transfer your information

Your information may be shared or transferred where it is lawful to do so, depending on the type of service we are providing, with the following:

  • other joint account holders, trustees, beneficiaries, controllers, administrators or executors;
  • individuals who give guarantees for any debt owed to CNIOM;
  • other parties involved in a dispute including disputed transactions;
  • other financial services providers,
  • lenders and credit reference agencies in relation to credit arrangements;
  • other financial services providers for the provision of transactions;
  • beneficiaries of payments or remitters of transactions;
  • fund managers, brokers, asset managers or agents who deal on your behalf;
  • beneficiaries, intermediaries, clearing houses, clearing or settlement systems, counterparties or any company where securities are held and traded through us;
  • intermediaries or introducers who have an interest in the business introduced to CNIOM;
  • anyone who is instructed to act on your behalf, power of attorney, solicitors, accountants, etc.;
  • credit card processing providers such as those facilitated by Cayman National Corporation Ltd group of companies;
  • entities or individuals in connection with a potential or actual corporate restructure, merger, acquisition or sale, including the transfer or potential transfer of any of our rights or duties under our agreement with you;
  • internal and external auditors operating within the Cayman National Corporation Ltd group of companies;
  • auditors or parties appointed to carry out investigations or audits of our activities;
  • law enforcement, courts, dispute resolution and regulators as required by law;
  • Government agencies in the provision of tax reporting, as required by law;any other individual or entity with whom, we've been instructed to share your information with by you, either jointly, solely or as a controller.

Overseas transfer of your information

We will only share your Information with those that have a right to see it, where there is an obligation to remit the Information, where it is in our legitimate interest, or where it is a requirement to facilitate a contract with you. This may include:

• audit firms working for us and/or our parent company
• suppliers who support our provision of services to you, e.g. technology and anti-money laundering platforms
• third parties to whom you have authorised that your data can be disclosed

We will not disclose/share information relating to you outside of the Isle of Man, UK or EEA.

In accepting the terms and conditions governing the provision of services to you, you acknowledge that your Information will be processed in this manner.

Your rights

You have several rights in relation to the Information we obtain and hold about you, such as the right to:

• access your personal data - you have the right to access the Information we hold about you. You can address your request to the DPO at the contact details    provided in this Privacy Notice   
• rectification - if the Information we hold about you is inaccurate or incomplete you have the right to have this data rectified. If your request involves the              restricting of how we process your information, it may affect the services we provide to you     
• have Information deleted - if the data we hold about you is no longer being processed for the purpose it was collected for, is being unlawfully processed, or      you have withdrawn your consent to process your Information you may request that we delete your Information. Please note we are obliged to retain                information as required by law and, if we delete your Information, it may affect the services we provide or the operation of any contract we have with you  
• have the processing of your information restricted - if the accuracy of the data is contested, the processing of the information is unlawful, or we no longer        require the data for the purpose it was provided (but you require it for the establishment, exercise or defence of legal claims) you have the right to request        we restrict processing of your personal Information;             
• data portability - where we hold Information provided by you for the purpose of entering into a contract with us you have the right to receive that personal        Information in a portable format. You may request that the information is provided direct to a third-party, in which case their use of such Information is              outside of our control and is under the remit of any agreement you have in place directly with them                 
• object to processing - you have the right to object to our processing of your Information unless there are legitimate grounds for the processing including, but    not limited to, legal or regulatory requirements. You can object at any time to processing of your personal data for direct marketing purposes including              profiling for marketing purposes. Where we have relied on your permission to process your data you can withdraw your consent at any time    

• complain - you have the right to lodge a complaint with CNIOM in relation to the processing of your personal Information. If the matter has not been resolved satisfactorily you can complain to the Information Commissioner, whose contact details are provided below.

Any request to exercise these rights should be addressed in the first instance to CNIOM’s DPO at dpo@caymannational.im

Where you complain about our processing of your Information the DPO will investigate on your behalf. If you wish to contact the Isle of Man Information Commissioner to escalate a matter, please use the below contact details:

Address: The Information Commissioner, First Floor, Prospect House, Prospect Hill, Douglas, Isle of Man, IM1 1ET
Email: ask@inforights.im
Phone: 01624 693260, or +44 1624 693260 if dialling from overseas
Web: www.inforights.im

Subject access rights
Under the Isle of Man’s data protection laws you have the right to access your personal data held by CNIOM (known as a Data Subject Access Request). You may make a Data Subject Access Request to receive your own data, or a third-party may do so with your express permission. We will only release Information personal to you under a Data Subject Access Request and may request specific Information from you to confirm your identity. This is a security measure
to ensure we do not release your Information to anyone not entitled to receive it. We may also contact you for further Information relating to your request to enable us to respond more quickly.

Retention of information

Your Information will be retained in line with the requirements of relevant legislation that governs CNIOM, including those relating to banking services, trust and company administration, anti-money laundering and countering terrorist and proliferation financing. The retention period is determined based on the type of record, the nature of the activity, and the product and service offered. Details of our retention timeframes are contained within our Retention Policy which may be updated from time to time as overriding legislation changes.

Once your Information is no longer required, we will destroy, delete, or anonymise the data and can confirm that no further decisions will be made about you based on this deleted Information.

We may need to retain your Information outside of the prescribed timeframes, where an ongoing investigation is being undertaken by a Police force, other investigative agency or regulatory body, or where a dispute has arisen and is being investigated, or where legal proceedings are taking place.

In these instances, your Information will be retained for as long as deemed necessary. Destruction of such data will be completed as soon as practicable thereafter. 

If you would like any further information on our retention policy, please contact the DPO.

Security of information

We take the security of your information very seriously. We have in place a framework of policies and procedures governing the control and protection of your information. We use a range of measures to safeguard your information including:

  • encryption;
  • penetration testing;
  • IT security arrangements;
  • business continuity planning;
  • ongoing testing and monitoring;
  • training and awareness amongst staff.

Where we work with third parties in the provision of our IT and security arrangements, we require compliance with specified standards covering the protection, storage and transferring of your information. Contracts are in place detailing the appropriate measures required to protect your information.

Marketing

Where there is a legitimate business interest we may use your information to provide you with information about our products and services.

In certain instances, we will rely on your consent to provide you with marketing information about CNIOM's group of companies. You can withdraw your consent at any time using your normal method of communication with us.

We will not provide your information to external third parties for the provision of marketing.

Your obligations

We request that you ensure the information we hold about you is accurate and up to date. Please notify us as soon as possible if your circumstances change. We are obliged to send certain mandatory communications to you and therefore need to have accurate contact information for you.

Changes to this Privacy Policy

We may make changes to this Privacy Policy from time to time. Such changes will be posted online at www.caymannational.im

Where the changes made are more material we may notify you direct, typically by email, in writing, or via your CNBIOM online banking service, where applicable.

December 2024

The best way to learn more about how we can help is by calling us.
Change Cookie Preferences