Privacy Notice

Privacy and the TrustQore Group 

The TrustQore Group is committed to protecting your Personal Data and understands the importance of maintaining your privacy.    

Please read this Privacy Notice carefully as it contains important information on who we are and how and why we collect, store, use and share your Personal Data. It also explains your rights in relation to your Personal Data and how to contact us or appropriate supervisory authorities in the event you have a complaint. 

This Privacy Notice is legally binding on you from the moment you log in the website, regardless of which device you use. By using the website and providing your Personal Data, you acknowledge that you have read and agreed to abide by our Privacy Policy. 

Who are we?

The TrustQore Group provides fiduciary and administration services in 4 jurisdictions: Switzerland, Mauritius, South Africa and the British Virgin Islands. This Privacy Notice is issued on behalf of each member of the TrustQore Group and consequently references to “we”, “us” or “our” in this Privacy Notice should be read as references to the relevant company in the TrustQore Group responsible for Processing your data. 

References to the TrustQore Group means TrustQore Ltd, a company duly incorporated in accordance with the laws of the British Virgin Islands with company number 2082977 and whose registered office is at Geneva Place, 2nd Floor P.O Box 3339, Road Town, Tortola, British Virgin Islands and its subsidiaries and any corporate entity managed or controlled by those entities. 

The primary entities within the TrustQore Group can be accessed <here>:

The TrustQore Group of Companies has elected to conform with the European General Data Protection Registration (EU GDPR). Irrespective of whether the TrustQore Group of Companies are bound by the EU GDPR, when it comes to the transfer and sharing of Personal Data across borders between the TrustQore Group of Companies, we shall conform with the requirements of the data protection legislation presiding in the respective jurisdictions.

In the event you have any queries in respect of this Privacy Notice, including how to exercise your legal rights, please contact our Data Protection Officer using the contact details stipulated in our How to Contact Us below

Collection of Personal Data and what we collect about you

Personal Data comprises of any information relating to an identified or identifiable individual. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Under data protection law, we can only use your Personal Data if we have a proper reason, e.g.,:

    • where you have given consent;
    • to comply with our legal and regulatory obligations;
    • for the performance of a contract with you or to take steps at your request before entering into a contract; or
    • for our legitimate interests or those of a third party.

A legitimate interest is when we have a business or commercial reason to use your Personal Data, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our interests against your own.

The Personal Data we collect about you depends on the particular services we may provide and depends on your particular relationship with us. We have set out below in the first table the types of Personal Data we collect in the course of the provision of our fiduciary and administration services and in the second table the data type likely to be Processed for each of:

    • our existing and potential clients; 
    • existing and potential employees;
    • legal and beneficial owners of entities;
    • settlors, existing and potential beneficiaries and protectors of trust structures; 
    • our intermediaries (accountants, bankers, legal and tax advisers, investment managers, introducers); and 
    • other third parties.   

 

Table 1 – Types Of Data

Types of Personal Data

Details

Financial Data

Financial history, bank account name, bank account number, payment details, financial standing and investment objectives.

Identity and Contact Data

First name, surname, gender, nationality, birth, postal address, physical address, billing address, shipment address, email address, office phone numbers,  mobile phone numbers, fax number, age, language, education, marital status, skype ID, LinkedIn ID, employment history, private correspondence sent by you, views or opinions of another about you, information relating to you and your personal opinions, view or preferences, identification numbers issued by government bodies or agencies such as your passport number and identity card number.

Legal and Regulatory Data

Source of wealth, source of funds, family wealth and assets held, background and professional relationship data, information regarding family members and your/their tax status/residence. Information relating to sanctions and criminal offences, professional conduct and information received from due diligence databases relating to you to include information.

Service Data

Data provided in the course of the provision of our services including transaction data relating to assets and services acquired and disposed of by client related entities and any disputes or proceedings.

Special Category Personal Data

Personal Data revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership
Genetic and biometric data (when Processed to uniquely identify an individual)
Data concerning health, sex life or sexual orientation.

Technical Data

Data relating to your internet protocol address (IP address), login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you used to access the TrustQore website), information on how you use our website and other personal information including location and employer by reference to your IP address. 

Telephone Call recording

TrustQore Group of companies may have the legal obligation to record telephone calls in certain circumstances, such as the security call to verify the identity of a member, and use a secure telephone software to record, store and archive those telephone calls. 

Table 2 – Data Type By Individual/Group

Group

Data Collected

Existing and potential clients

Financial Data, Identity and Contact Data, Legal and Regulatory Data, Service Data and any other information provided during the course of our interactions 

Legal and beneficial owners of entities;

Financial Data, Identity and Contact Data, Legal and Regulatory Data, Service Data and any other information provided during the course of our interactions.

Existing and potential employees

Identity and Contact Data, Financial Data, Legal and Regulatory Data, Special Categories of Personal Data any other information provided during the course of our interactions to include equal opportunities information.

Settlors, existing and potential beneficiaries and protectors of trust structures

Financial Data, Identity and Contact Data, Legal and Regulatory Data, Service Data and any other information provided during the course of our interactions.

Intermediaries (accountants, bankers, legal and tax advisers, investment managers, introducers);

Identity and Contact Data, Legal and Regulatory Data, Financial Data and any other information provided during the course of our interactions

Third Parties

Identity and Contact Data, Legal and Regulatory Data and Financial Data and any other information provided during the course of our interactions

Website Users

Technical Data and Identity and Contact Data and any other information provided during the course of our interactions through our website

If you do not provide Personal Data we ask for, it may delay or in certain circumstances result in us being unable to provide services to you. If this occurs, we will notify you that this has happened. 

Please note that occasionally, TrustQore Processes Special Category Personal Data. 

Where we Process Special Category Personal Data, we will also ensure we are permitted to do so under data protection laws, e.g., that:

    • we have your explicit consent
    • the Processing is necessary to protect your (or someone else’s) vital interests where you are physically or legally incapable of giving consent; or
    • the Processing is necessary to establish, exercise or defend legal claims.

How is your Personal Data collected?

TrustQore uses a variety of methods to collect data including (but not limited to):

    • Direct communication with you (through correspondence with you, video-calls, in person meetings, telephone and WhatsApp calls, post or otherwise);
    • Direct communication with intermediaries (lawyers, tax advisers, introducers) who are acting on behalf of clients and other Data Subjects and with related third parties (e.g. any other service provider engaged by the Data Subject – banks, other financial services companies and trusted partners; 
    • Open-source information (whether this be a simple Google search, information held on company registries, through risk management applications or risk management providers); and
    • Automated technologies or interactions. 

The purpose for which TrustQore uses your Personal Data

TrustQore will only use your Personal Data where it is permitted to do so by applicable data protection law. An indicative list of the circumstances in which we use your Personal Data are set out below:

  • To establish and maintain client relationships;
  • To provide fiduciary, administration, family office and fund services to you or to someone to whom you are connected;
  • To comply with our legal and regulatory duties (including but not limited to our need to):
        • comply with regulations dealing with prevention of money-laundering and financing of terrorism; 
        • comply with regulations relating to sanctions and embargos; 
        • fight against tax fraud and fulfilment of tax control and notification obligations; 
        • set up security measures in order to prevent abuse and fraud (e.g., by recording telephone conversations); 
        • detect transactions which deviate from normal patterns; 
        • record, when necessary, our interactions (e.g., our meetings, calls, chats, emails, phone conversations); and 
        • reply to an official request from an administrative or judicial authority.
  • To perform a contract with you or to take measures at your request before entering into a contract including but not limited to: 
        • providing you with information regarding our services; 
        • assisting you and answering your requests; and 
        • evaluating if we can offer you a service and under which conditions. 
  • To fulfil our legitimate interests (including the management or client and intermediary relationships, marketing, business development, risk management, debt management) and for the purposes of generating internal management information including but not limited to;
        • proving transactions; 
        • preventing fraud; 
        • managing our IT infrastructure; ; 
        • personalizing our offering of services to you; 
        • improving the quality of our services;  
        • advertising services that match with your circumstances and profile; and
        • providing for internal training, know-how and knowledge management.
  • To provide wealth structuring solutions that meet your or your contact’s needs.  

Sharing of Personal Data

We may share Personal Data with: 

    • If we have received your consent to disclose your Personal Data to the parties in need of the same;
    • other members of the TrustQore Group (including the directors, employees and officers of each member);
    • third parties we use to help deliver our services to you, e.g., service providers acting as Processors who provide IT and system administration services;
    • Professional advisers including lawyers, bankers, investment managers, auditors, property managers and insurers providing legal, banking, investment, accounting, property management, insurance and  other services to the TrustQore Group or to any legal person under its administration where disclosure is required for the purposes set out above;
    • Business partners, suppliers, agents, delegates, service providers and/or sub-contractors of the TrustQore Group; and
    • Courts, regulators which includes the supervisory bodies and public authorities, to whom the TrustQore Group has reporting obligations.

Where Personal Data is shared by other members of the TrustQore Group, this Privacy Notice will apply to its Processing by the relevant TrustQore entity. We require all third parties with whom we enter into an engagement to respect the security of your Personal Data and to treat it in accordance with the law. We use our best endeavours not to allow our third-party service providers to use your Personal Data for their own purposes and only permit them to Process your Personal Data for specified purposes and in accordance with our instructions.

We only allow those organisations to handle your Personal Data if we are satisfied they take appropriate measures to protect your Personal Data. Whenever we transfer your Personal Data to third parties out of the EEA, we will ensure a similar degree of protection is afforded to it by satisfying ourselves prior to carrying out such a transfer that:

    • the country to which the data is to be transferred has been deemed to provide an adequate level of protection for Personal Data by the European Commission;
    • where we use certain service providers, we may contract with the transferee that it will provide the data with the same protection as in the EEA;
    • where we use providers based in the US, the recipient is part of the Privacy Shield which requires them to provide similar protection to Personal Data shared between the Europe and the US; and/or
    • the transfer is necessary for one of the other permitted reasons set out in the GDPR including the performance of a contract between TrustQore and the Data Subject, reasons of public interest and the vital interests of the Data Subject.

Retention of your Personal Data

Where we collect Personal Data for a specific purpose, we will not keep it for longer than is necessary to fulfil that purpose, unless we have to keep it for legitimate business or legal reasons.  In order to protect data from accidental or malicious destruction, when we delete certain data as required,however, we may not immediately delete residual copies from our servers or remove data from our backup systems.

Personal Data Security 

We are legally obliged to provide adequate protection for the Personal Data we hold and to stop unauthorised access and use of Personal Data. We will, on an on-going basis, continue to review our security controls and related processes to ensure that your Personal Data is secure. We have appropriate security measures to prevent Personal Data from being accidentally lost, or used or accessed unlawfully. We limit access to your Personal Data to those who have a genuine business need to access it. Those processing your Personal Data will do so only in an authorised manner and are subject to a duty of confidentiality

Our security policies and procedures cover: 

    • Acceptable usage of Personal Data; 
    • Access to Personal Data; 
    • Computer and network security; 
    • Governance and regulatory issues; 
    • Investigating and reacting to security incidents. 
    • Monitoring access and usage of Personal Data; 
    • Physical security; 
    • Retention and disposal of data; 
    • Secure communications; 
    • Security in contracting out activities or functions.

When we contract with third parties, we impose appropriate security, privacy and confidentiality obligations on them to ensure that Personal Data that we remain responsible for, is kept secure. We have put in place procedures to deal with any suspected Personal Data breach and will notify you and the applicable regulator of a breach where we are legally required to do so. 

Access to your Personal Data 

You have the following rights, which you can exercise free of charge:

Access

The right to be provided with a copy of your Personal Data

Rectification

The right to require us to correct any mistakes in your Personal Data

Erasure (also known as the right to be forgotten)

The right to require us to delete your Personal Data—in certain situations

Restriction of Processing

The right to require us to restrict Processing of your Personal Data in certain circumstances, e.g. if you contest the accuracy of the data

Data portability

The right to receive the Personal Data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations

To object

The right to object:

—at any time to your Personal Data being Processed for direct marketing (including profiling);

—in certain other situations to our continued Processing of your Personal Data, e.g., Processing carried out for the purpose of our legitimate interests unless there are compelling legitimate grounds for the Processing to continue or the Processing is required for the establishment, exercise or defence of legal claims

Not to be subject to automated individual decision making

The right not to be subject to a decision based solely on automated Processing (including profiling) that produces legal effects concerning you or similarly significantly affects you

The right to withdraw consents

If you have provided us with a consent to use your Personal Data you have a right to withdraw that consent easily at any time
You may withdraw consents by contacting [email protected]
Withdrawing a consent will not affect the lawfulness of our use of your Personal Data in reliance on that consent before it was withdrawn

How to contact us 

We have appointed a Data Protection Officer to oversee compliance with and questions relating to this Notice. If you have any questions about this Notice, including any requests to exercise your legal rights, please contact our Data Protection Officer using the details set out below:

Data Protection Officer
TrustQore (Mauritius) Ltd
19th Floor Newton Tower
Sir William Newton Street
11328 Port Louis
Mauritius

Email: [email protected] 

If a request is not satisfactorily resolved, the Data Subject may refer the request to the data protection authority in the relevant jurisdiction in which the relevant services are provide as follows:-

Switzerland: Office of the Federal Data Protection and Information Commissioner FDPIC, Feldeggweg 1, CH – 3003 Berne.  Website: https://www.edoeb.admin.ch/edoeb/de/home.html

Mauritius: Data Protection Office. 5th Floor, SICOM Tower, Wall Street, Ebene, Mauritius.  Website: http://dataprotection.govmu.org

South Africa: The Information Regulator JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001. P.O Box 31533, Braamfontein, Johannesburg, 2017 [email protected]

Changes To This Notice

TrustQore reserves the right to amend the terms of this Privacy Notice from time to time to reflect changes in our practices with respect to the Processing/Collection of Personal Data, or changes in applicable law. Updates will be posted on our website at https://trustqore.com which you should review from time to time. 

This Privacy Notice was last updated on 28 April 2022.

Glossary

Data Controller: the person or organisation that determines when, why and how to Process Personal Data

Data Subject:  a living, identified or identifiable individual about whom we hold Personal Data

EEA:  the 28 countries in the EU, and Iceland, Liechtenstein and Norway

General Data Protection Regulation (GDPR):  the General Data Protection Regulation ((EU) 2016/679

Personal Data:  any information identifying a Data Subject or information relating to a Data Subject that we can identify (directly or indirectly) from that data alone or in combination with other identifiers we possess or can reasonably access.  Personal Data can be factual (for example, a name, email address, location or date of birth) or an opinion about that person’s actions or behaviour.

Processing, Process(ed):  any activity that involves the use of Personal Data. It includes obtaining, recording or holding the data, or carrying out any operation or set of operations on the data including organising, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transmitting or transferring Personal Data to third parties.

Third-Party: a natural or legal person, public authority, agency or body other than the Data Subject, Controller, Processor and persons who, under the direct authority of the Controller or Processor, are authorised to process Personal Data.

Consent: any freely given, specific, informed, unambiguous indication of the Data Subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of Personal Data relating to him or her.