CW Consulting Limited (“CW”, “we”, “us”, or “our”) controls and processes personal data for numerous purposes related to our business.
The means of collection, basis of processing, use, disclosure, and retention periods of personal data for each business purpose may differ.
This policy applies to personal data provided to us, both by individuals themselves or by others.
Personal data is any information relating to an identified or identifiable living person.
The General Data Protection Regulation (GDPR) seeks to protect and enhance the rights of data subjects. These rights cover the safeguarding of personal data, protection against the unlawful processing of personal data and the movement of personal data within the European Union (“EU”).
GDPR does not apply to information already in the public domain.
We have a framework of policies, procedures and training in place covering data protection, confidentiality and security, and we review the appropriateness of these measures annually to ensure that we keep all of the data that we hold safe and secure.
CW is the data controller and data processor of personal data provided or obtained through our relationship with third parties including our clients and employees.
Personal data includes names and addresses, telephone numbers and email addresses. It may also include tax identification numbers, passport information and bank account details.
We will only control and process personal data where we have a business need to do so related to any of the following:
(i) providing and improving our services;
(ii) client identification and vetting;
(iii) anti-money laundering and countering the financing of terrorism;
(iv) billing and administration;
(v) financial management;
(vi) statistical analysis;
(vii) disaster recovery;
(viii) marketing our business.
We do not share personal data with others unless we are legally obliged to do so, and /or we have a business reason for doing so.
Before we share personal data with others, we risk assess and ensure that appropriate arrangements are put in place to protect the data concerned and to ensure that we comply with our data protection, confidentiality and security standards/obligations.
We use third parties to support us in providing our services and to help provide, run and manage our IT systems. All of our third-party vendors (for example, providers of information technology, cloud-based software, identity management, website hosting and management, security and storage services) are carefully selected by us and have in place high standards of data security. Our servers are located in the Isle of Man.
Disclosure to Third Parties
Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data, such as to check that we are complying with applicable law and regulation. We will only fulfill requests for personal data where we are obliged to do so in accordance with applicable law or regulation.
Transfer outside of the EU
Occasionally, we may need to transfer personal data to countries other than those where we and/or our clients are located. This may include countries outside of the EU. Where we have reason to transfer personal data outside the EU, we will assess the risk and ensure that any transfer of personal data will only be done pursuant to an agreement which covers the EU requirements for the transfer of personal data outside the EU, such as European Commission approved standard contractual clauses.
Sensitive Personal Data
We appreciate that personal data may include sensitive information as to racial or ethnic origin, political opinions, religious beliefs, trade union membership, physical or mental health or conditions, sexual life, the commission or alleged commission of any offence, proceedings or the disposal of proceedings for any such offence or any sentence of a court for such proceedings.
It is our policy NOT to control or process such sensitive personal data unless there is a specific business need.
Data Controller and contact information
The data controller is CW Consulting Limited (the company registered in the Isle of Man with company number 129596C and its registered office is at Bank Chambers 15 – 19 Athol Street, Douglas, Isle of Man IM1 1LB).
Mr Gordon Wilson
Data Protection Officer
CW Consulting Limited
Third Floor, Bank Chambers
15 – 19 Athol Street
Douglas, Isle of Man
Telephone: 01624 638598
Individual’s rights and how to exercise them
At any point whilst CW is in possession of or processing personal data, all data subjects have the following rights:
- Right of access – the right to request a copy of the information that we hold
- Right of rectification – the right to correct data that we hold that is inaccurate or incomplete
- Right to be forgotten – in certain circumstances data we hold may be erased from our records
- Right to restriction of processing – where certain conditions apply we may restrict the processing
- Right of portability – data may be transferred to another organisation
- Right to object – the right to object to certain types of processing such as direct marketing
- Right to object to automated processing, including profiling – the right not to be subject to the legal effects of automated processing or profiling.
In the event that we refuse a request under rights of access, we will provide a reason as to why, which may be legally challenged.
The following is available on request:
- Copies of personal data that we control and/or process
- Details of how we determined why to control and/or process personal data
- The purpose of the processing as well as the legal basis for processing
- Recipient(s) or categories of recipients that the personal data is/will be disclosed to
- How long the personal data will be processed
- Details of rights to correct, erase, restrict or object to such processing
- Information about consent or withdrawal of consent
- How to lodge a complaint with the supervisory authority
- Whether the control or processing of personal data is a statutory or contractual requirement
- The source of personal data if it wasn’t collected directly from the individual concerned
- Any details and information of automated decision making, such as profiling, the logic involved, as well as the significance and expected consequences of such processing.
To access personal data, identification will be required
CW will accept the following forms of ID when information on personal data is requested:
- Driving license
- Birth certificate
- Utility bill not older than three months
A minimum of one piece of photographic ID listed above and a supporting document is required. If CW is dissatisfied, further information may be sought before personal data can be released.
All requests should be made to Gordon Wilson.
In the event that you wish to make a complaint about how your personal data is being processed and/or controlled by CW, you have the right to complain to Gordon Wilson. If you do not get a response within 30 days, you can complain to the Isle of Man Information Commissioner.
The details for each are:
Third Floor, Bank Chambers
15 – 19 Athol Street
Isle of Man
Isle of Man Information Commissioner
P.O. Box 69
Isle of Man
Telephone: +44 1624 693260
Through our significant professional experience, both in the Isle of Man and internationally, we aim to offer personalised, differentiated services to clients in Reorganisation and Insolvency; Regulatory Intervention; Business Analytics and Strategic Advice.