Privacy Policy

INTRODUCTION

The Döhle Group respects the privacy of all of its clients, employees and associated parties and is therefore committed to protecting all personal data collected and processed.

We ensure that we treat your personal data with the same level of privacy and confidentiality as we expect our own data to be treated and in line with all legal and regulatory requirements.

We have attempted to make the wording of this Privacy Notice clear and as ‘jargon’ free as possible. However, there are some terms used which come from the legislation directly and/or which have a specific technical meaning which are included for reasons of accuracy. If there is any part of this Privacy Notice in respect of which you require clarification or if you wish to discuss any points with us, please contact the Döhle Corporate and Trust Services Limited (“DCTS”) Data Protection Officer.

This Privacy Notice explains how and why we process your personal data, both in terms of the direct contractual relationship and how DCTS the wider Döhle Group holds and processes your personal data to enable efficiency in the ways we deliver services and administer the client relationship.

The key principles of the data protection requirements include transparency, accountability and security and we have therefore worked hard to ensure that all of our processing activities adhere to these principles. For further details on the specific processing activities we carry out as well as the lawful basis under which we process the data, please see the relevant sections of this Privacy Notice.

Please note that as a business, we process personal data for numerous purposes in order to service the diverse needs of our clients and therefore the processing, collecting, lawful basis of processing, use, disclosure, and retention periods for each purpose may differ.

WHO WE ARE

In this Privacy Notice, “Döhle Group”, “we, “us” and “our” refers to the group of companies operating under the “Döhle” brand including  Döhle (IOM) Limited Group of companies, Döhle Corporate and Trust Services Limited, Döhle (Malta) Limited and Döhle Yachts (IOM) Limited together with our, and the mentioned companies’, subsidiaries and associated companies from time to time.

WHO YOU ARE

When “you” or “your” are used in this Privacy Notice, we are referring to you as the individual who is the subject of the personal data we hold and process.

DATA SECURITY – TECHNICAL AND ORGANISATIONAL MEASURES

Data Security is of the upmost importance to the Döhle Group and to that end, we have put in place appropriate security measures to protect and prevent your personal data from being accidentally lost, used or accessed by any unauthorised parties.

Access to your personal data is limited to authorised employees, insurers, service providers and other third parties who require access for the fulfillment of a contract or agreement or are providing services to you or us.

These third parties will only process your personal data on our instructions and they are subject to a duty of confidentiality and where relevant we ensure that we have legal terms of business and engagements in place between the Döhle Group and these third parties.

COLLECTION OF PERSONAL DATA

When providing Administration Services to you, our policy is to collect only the personal data necessary for agreed purposes and as required under the relevant AML regulations. Throughout this data collection process and the course of the business relationship we will only ask you to provide personal data to us where it is strictly needed for these purposes and will only use your personal data when the law allows us to.

Most commonly, we will use, hold and process your personal data in the following circumstances:

• providing corporate and trust Administration Services;
• arranging insurance services;
• providing chartering and broker services;
• providing accounting and bookkeeping services;
• providing yacht management services;
• buying, selling and financing of ships/yachts/aircraft or other luxury assets; and
• liaising with other professional service providers or suppliers on your behalf.

Most frequently, we will use your personal data to discharge our contractual obligations.

Personal data

The types of personal data processed by us in relation to the services we provide are usually limited to:

• personal details such as name (including prior or aliases if applicable), age, date of birth, gender, residential address;
• contact details such as email address, contact number, postal address;
• financial details such as bank account, estimation of total net worth, details of your wealth and the source of its origin;
• tax status and tax reference details;
• languages spoken for contact purposes; and
• employment status such as current position, shareholdings and positions held within other entities.  

Lawful basis: Contractual obligation, legal obligation and legitimate interest

Special categories of personal data

In certain instances, we may process special categories of personal data and we believe this would be limited to:

• medical data such as any current or past illness or disability; and
• medical data for the purpose of assisting insurance intermediaries or insurers to process a health insurance claim for crew/passenger of a ship

Lawful basis: Explicit consent

We would only process details of any medical injuries or disabilities in the event that such injuries or disabilities have a direct impact on the services that we provide to you or your ability to instruct us.

3rd party intermediaries

Where your personal data has been provided to us by an intermediary we will request they provide a copy of this Privacy Notice to you, as required by the data protection regulations.

When and how we share personal data and who we share it with

Your personal data is stored on a centralised system accessible by authorised personnel of the Döhle Group. In the course of providing you with Administration Services and for connected purposes, your personal data may be shared between, or accessed by, different members of the Döhle Group. This will be pursuant to group data sharing standards and only as necessary to give effect to your requirements for services from time to time plus our reasonable ancillary purposes including compliance with legal and regulatory obligations.

Throughout the course of business we may also utilise the services of third-party agents or service providers to allow us to provide comprehensive and/or complementary services or meet certain regulatory and legal requirements. 

In some cases, for example, your personal information will be shared with organisations outside the Döhle Group in order to obtain specialist or professional services that are necessary for the services we provide.  These include:

• professional advisers, such as accountants, lawyers, agents and brokers;
• banks or other financial institutions;
• due diligence screening agencies; and
• services provided by our external cyber security partner company.

Lawful basis: Legitimate interest

As well as third-party services providers, the Döhle Group has certain legal obligations to share information with public authorities, such as:

• tax and VAT authorities;
• regulatory authorities;
• law enforcement agencies;
• ship, yacht and aircraft registries; and
• company registries.

Lawful basis: Legal obligation

A number of the external organisations with whom we share or to whom we provide personal data have their own legal obligation to comply with privacy and data protection legislation and may also operate under a professional duty of confidentiality due to the type of service they provide. In that case, they will have their own Privacy Notices that provide information about how they use your information. In other instances, where we use a data processor undertaking processing on our behalf, they will act only on our instructions and under a documented arrangement providing certain safeguards for the processing and protection of your rights as a data subject.

If you wish to find out more about the organisations with whom your data has been shared, you can do so by contacting the Data Protection Officer whose contact details are listed below.

DATA RETENTION

To determine the appropriate retention period for personal data, we consider any minimum legal retention period taking into account the nature, scale and complexity of the personal data we hold and weigh this against the potential risk of harm from unauthorised use or disclosure of your personal data.

Personal data may be held for longer periods where extended retention periods are required by law or regulation and in order to establish, exercise or defend our legal rights.

Please contact the DCTS Data Protection Officer if you wish to discuss our data retention policy with us.

Your individual rights and how to exercise them

You have the legal rights set out below:

Your right to access personal data

You have the right to request access to your personal data, commonly known as a “data subject access request”. This enables you to submit a request to us for details of the personal data we hold about you.

To submit a data subject access request, please contact the Data Protection Officer who can assist, there are more details contained in the data subject access request section below.

Your right to correction / amendment of personal data

You have the right to request correction of any personal data we hold if you believe this personal data is inaccurate or incomplete. In those instances we will need to verify the accuracy of the new data you provide to us.

If you wish to correct any data, please contact the Data Protection Officer who can provide details of the data we currently hold.

Your right to erasure / right to be forgotten

You have the right to request erasure of the personal data that we hold about you, commonly referred to as “the right to be forgotten”.  Examples of why you may wish to exercise this right include, but are not limited to:

• the personal data is no longer necessary in relation to the purposes for which it was originally collected and processed by us;
• the legal ground for us processing your data is consent and you withdraw that consent in circumstances where we have no other lawful basis for the processing;
• our legal ground for processing is that the processing is necessary for legitimate interests pursued by us or a third party, but in circumstances where you object to our processing, and we do not have overriding legitimate grounds;
• you object to our processing for direct marketing purposes;
• your personal data has been unlawfully processed; or
• your personal data must be erased to comply with a legal obligation to which we are subject.

If you wish to exercise your right to be forgotten, please contact the Data Protection Officer whose details are below.

We may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request. The most common reasons for this include compliance with local or international regulations and requirements in relation to:

• preventing financial crime, money laundering and the funding of terrorism;
• identifying politically or commercially exposed persons, or those with a significant exposure to the media;
• FATCA/CRS (“AEOI”) international tax reporting; and
• employment law in the relevant jurisdiction.

If you are unsure whether or not we are able to erase your data, please contact the Data Protection Officer to discuss the matter in greater detail.

Your right to object to processing of personal data

In some circumstances, you have the right to object to the processing of your personal data where we are relying on a legitimate interest (or that of a third party). This is a qualified right, however, and depends on the circumstances of the particular processing as to whether we can comply with your request. You can always opt out of (i.e. object) to processing of your personal data for marketing purposes.

Please contact the Data Protection Officer if you wish to discuss this matter in greater detail.

Your right to restrict processing of personal data

You have the right to restrict processing of your personal data which means you are entitled to request suspension of the processing of your personal data in the following scenarios:

1. if you want us to establish the accuracy of the data;
2. where you consider that our use of the data is unlawful, but you do not want us to erase it;
3. where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
4. where you have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.

If you wish to exercise this right, please contact the Data Protection Officer.

Your right to data portability

Given the nature of the services that we provide, we currently do not believe that this applies to how we collect and use your personal data; however, we are happy to discuss this with you should you have a different opinion, in which case please contact the Data Protection Officer.

Your right to withdraw consent

You have the right to withdraw your consent at any time where we are relying on consent to process your personal data.

If you do withdraw consent, please note that this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you wish to withdraw your consent for any processing please contact the Data Protection Officer.

DATA SUBJECT ACCESS REQUEST

How to make a data subject access request

To make a data subject access request, in the first instance please contact the Data Protection Officer who can assist you with this process.

Fees

You will not have to pay a fee to access your personal data (or to exercise any of your other rights). However, we may charge a reasonable fee if we believe your request is clearly unfounded, repetitive or excessive.

Alternatively, at our option, we may decline to comply with a data subject access request if we believe it to be clearly unfounded, repetitive or excessive. We will endeavour always, however, to adopt a transparent and facilitative approach to the exercise of data subjects’ rights as a matter of best practice.

Information we need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to accelerate our response.

Our response

We are required to respond to your request promptly and, in any event, within one month of receiving it. We will provide confirmation to you that we have received your request as well as the date by which we must respond. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and provide you with a reasonable time frame for our response (as per the applicable legislation).

Follow up

If you are not happy with our response to your data subject access request, you have the right to make a complaint to the Information Commissioner. The contact details for the Isle of Man Information Commissioner are detailed below.

CHANGES TO THIS PRIVACY STATEMENT

From time to time regulations and requirements may change and we may need to update this Privacy Notice accordingly. To ensure transparency we will always detail when this policy has been updated.

This privacy policy was last updated: 5^th September 2024

DATA CONTROLLER CONTACT INFORMATION

The contact details for the primary DCTS Data Protection Officer are:

Data Protection Officer
Döhle Corporate and Trust Services Limited
Fort Anne
South Quay
Douglas
Isle of Man
IM1 5PD

Email address: dataprotection@dcts-iom.com

COMPLAINTS TO THE INFORMATION COMMISSIONER

If you are unhappy with our treatment of your personal data, you have the right to make a complaint at any time to the Information Commissioner in the jurisdiction in which you live or in the jurisdiction in which the data controller operates (if different). The contact details for the Isle of Man Information Commissioner are:

First Floor
Prospect House
Prospect Hill
Douglas
Isle of Man
IM1 1ET

Telephone number: +44 1624 693260

Email address: ask@inforights.im

DISCLAIMER

Whilst every effort has been taken to ensure the accuracy of the information in this Privacy Notice, any and all liability which might arise from your use or reliance on the information is excluded.

The content of this Privacy Notice is provided for general information purposes only, to inform you about the Döhle Group’s data protection activities. It does not constitute legal advice (or any other type of advice) and should not be relied on for this purpose.

COLLECTION OF PERSONAL DATA

We do not collect any personal data from this website.

We do collect, store and use information in relation to the frequency of page visits, return visits, browser types and platform. We also obtain anonymised IP’s which are collected by region and therefore cannot be used to identify you, even in conjunction with any other analytical data obtained.

We do not collect any special category data about you via this website (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data).

Nor do we collect any information about criminal convictions and offences.

MINORS / CHILDREN

This website is not intended for children and we do not knowingly collect data relating to children on this website.

DATA RETENTION

Since we do not collect personal data from this website, this section is currently not applicable.

If personal data is requested in specific circumstances, we will determine the appropriate retention period for personal data by considering any minimum legal retention period, the nature, scale and complexity of the personal data we hold, and the potential risk of harm from unauthorised use or disclosure of your personal data.

Personal data may be held for longer periods where extended retention periods are required by law or regulation and in order to establish, exercise or defend our legal rights.

Please contact the Data Protection Officer if you wish to discuss our data retention policy with us.

COOKIES

Our website uses cookies to store data on our visitors’ devices.

To find out how to control and delete cookies created on your device, or for more information about managing cookies, please see this page.

• COOKIES CREATED BY THIS WEBSITE

This website creates a number of cookies, which are referred to as first-party cookies as they are specific to the host site that created them. All the first-party cookies which are created do not store any personal or sensitive information, or anything that makes you personally identifiable to us. They are used for essential functionality such as security when processing form data or for analytics which helps us use anonymous visitor data to gain a better understanding of how people use our website.

Session IDs

Our web server may create an essential session cookie called PHPSESSID, which is essential for your use of some of the interactive elements of the website, such as contact forms. The cookie contains a session ID which is a mechanism for distinguishing your visit to our website from any other visitors that may be using the website at the same time. This cookie expires when you leave our website.

Analytics

We use Google Analytics, which creates a number of first-party cookies, all prefixed __utm:

__utma contains a unique and anonymous identifying ID, which allows us to ensure that subsequent visits to our website are recorded as belonging to the same (unique) visitor. This cookie expires after two years.

__utmb used to establish and continue a unique user session. Each time you request another page from the website the cookie is updated to expire after 30minutes.

__utmc works with __utmb to determine when to create a new session for a website visitor. This is a session cookie and expires when you exit the browser.

__utmz tracks how you found us and is used to calculate traffic and navigation within the website.

__utmv You may also sometimes find this cookie is created which relates to custom reporting segments, a feature which we occasionally use on Google Analytics.

Full details about the types of Google cookies used and how Google uses cookies can be found in How Google uses cookies – Privacy & Terms – Google. You can also read Google’s Privacy Policy.

We don’t share the data that Google Analytics collects, and we don’t believe that our use of Google Analytics is privacy intrusive. We use the data that is collected in the following ways:

• to report, in aggregate, how our visitors find and use our website;
• to understand overall visitor behaviour; and
• to inform how we update and improve our website.

To opt out of our use of Google Analytics you may wish to consider using the Google Analytics Opt-out Browser Add-on.

PrivacyCookie

The PrivacyCookie records the acceptance of the Privacy Statement, the sole function of which is to prevent the pop-up from appearing on subsequent pages.

Paid Search Marketing

In some situations, we might use Google Adwords as a means of advertising our website. If you click on a sponsored advert on Google, information about the ad and keywords that brought you to our website is stored in the __utmz cookie mentioned above. This helps us track visits from Google Adwords that led to an enquiry, so that we can determine the return on investment of our advertising spend. No personally identifiable information is stored in this cookie, however we may be able to associate a contact form you have submitted, with analytics data stored in the __utmz cookie. This information is used to determine which ads and keywords led to an enquiry, so that we can optimise the Adwords campaign accordingly.

• COOKIES CREATED BY EXTERNAL SERVICES

In addition to our first-party cookies, you may be served one or more third-party cookies during your visit to our website. By using our website we’ll assume that you are happy to receive all cookies on our website, but we have provided information at the top of this page on how you can set your browser to prevent cookies being created.

Third party cookies are cookies created by an external service when you use a page on our website. These cookies are specific to the third-party’s domain and accordingly the data held in them can be seen and managed by the third party and not by us. We control whether we use the third-party service with our website, and how it is integrated and presented on our website. We do not have control over the cookies themselves. We carefully select third party services to use on our website; ones that are not likely to abuse your privacy according to the terms of their privacy policies.

Google Maps

We may use Google Maps on our Contact Us page to provide detailed information on how to locate our offices. Google Maps stores up to four cookies: khcookie, NID, SNID and PREF. We use Google’s interactive maps because we believe they provide a helpful way for our visitors to identify how best to travel to us. We use the Google Maps tools on the basis that Google adheres to its privacy policy and its terms of service for Google Maps.

• OTHER COOKIES

From time to time, we may use additional external services on our website which may create cookies on your device. As we add new services or make changes that use cookies, we will update this cookie policy with the details.

If you have any concerns about the cookies we create or the way we aim to attain consent from you, please contact us and we’ll be happy to answer your questions.

This cookies policy was last updated: 1^st May 2025