Privacy Statement

1. Introduction and Scope

This Privacy Statement sets out how TMF Group uses your Personal Data in connection with any services provided to you ("Services”). For purposes of this Privacy Statement, "Personal Data" means any information through which we can identify you as an individual, as further described below under paragraph 3 (Personal Data we collect).

This Privacy Statement only applies to the usage of Personal Data of (prospective) clients for which TMF Group entity is responsible and qualifies as Controller under the General Data Protection Regulation (2016/679/EU) ("GDPR"), as further described in this Privacy Statement. This type of Personal Data is collected through various channels, such as in a sales process, via telephone calls, via forms you submit to us, via email or via business events. This Privacy Statement does not apply to corporate company information if no personal data from individuals can be derived from such corporate information.

For our usage of Personal Data in our capacity as Processor under the GDPR, we have a separate Personal Data Protection Policy. We also have a separate Website Privacy Statement which sets out how we use your personal data when you visit our website.

2. Who we are

When we refer to ourselves as "TMF Group" or "we", we mean each TMF Group entity that is responsible for using your Personal Data. This will depend on the TMF Group entity(/ies) that you intend to or have entered into a contract with for the provision of Services. An overview of the locations TMF Group entities operate in can be found here.

3. Personal Data we collect

The Personal Data we collect about you when you use our Services include the following:

  • Your contact details. Your name, address, telephone number, email address and any other contact details you provide to us.
  • Your personal characteristics. Including your gender, profession, job title, marital status (if shown on national identification cards) or other personal characteristics that are requested to identify you as a client or client representative.
  • Recording of video footage. When you enter our buildings or premises, you are recorded by our video surveillance systems (CCTV). You can also be recorded on video footage during events, such as seminars, that we host.
  • Your communication data. Your requests, any complaints you may have and any other data that we receive if we communicate with you via email, telephone or otherwise.
  • Any other personal data. This includes any personal data that you disclose to us during the course of your contractual relationship with us, either voluntarily or upon request.
  • KYC information. TMF Group is required by law to conduct "know your client" identification procedures. To comply with our legal obligation, we also collect the following information from the Ultimate Beneficial Owners (UBOs) of our clients: first and family name, copy of ID, nationalities, tax residence, private/residential address, phone number, email address, date of birth, marital status, profession and actual function, range of annual income, range of estimated wealth, the source of wealth and (where applicable) an U.S. or other Taxpayer Identification Number.

4. Purposes for which we use your Personal Data

TMF Group collects and uses your Personal Data for the purposes below and on a lawful basis. Insofar we already hold information about you, we may use that information for the same purposes.

  • For the performance of our agreement with you: We use your Personal Data in order to carry out our obligations arising from any agreements entered into between you and us, and to provide you with the information and services that you request, including managing and handling your requests, inquiries or complaints.
  • Use of information based on your consent: If you are a prospective client: we use your Personal Data to send you marketing communications (such as newsletters, promotions, news or service updates) via email or other electronic means or via telephone, but we will only do so after we have received your explicit consent to do so. You can withdraw your consent at any time; see paragraph 9 (Your rights) below.
  • To comply with our legal obligations: Any information referred to above under Paragraph 3 (Personal Data we collect) may be used to comply with a legal obligation to which we are subject, such as maintaining appropriate business records, conducting Know Your Client identification procedures, complying with lawful requests by governmental agencies and public authorities and to comply with applicable laws and regulations or as otherwise required by law.
  • For our legitimate commercial interests:
    • If you are an existing client: we use your Personal Data (both on aggregated and on individual basis), such as your contact details and your electronic identification data for the purpose of advertising our Services that may be of interest to you (based on the Services you previously used), making contact with you for marketing or other commercial purposes.
    • We use your Personal Data for client administration purposes, such as client Services agreements administration, internal administration of work done under client Services agreements;
    • We use your Personal Data for analysing and improving the quality of our Services and to understand you as a customer (customer optimization). This enables us to assess what may interest you, to measure or understand the effectiveness of advertising we serve to you and others and to deliver relevant advertising. In addition, based on your historical use of our Services we may target you with advertisement or other marketing materials that are customized to your personal preferences and experiences.
    • In addition, we use your Personal Data for our other legitimate commercial interests such as, to operate and expand our business activities, to develop and improve or modify our Services, to generate aggregated statistics about the users of our Services; to assist in security and fraud prevention; to administer our website and for internal operations, including troubleshooting, data analysis, testing, research, and statistical purposes.
    • We also use your Personal Data for system integrity purposes (for example the prevention of hacking, spamming etc.); to facilitate our business operations, to operate company policies and procedures; to enable us to make corporate transactions, such as any merger, sale, reorganization, transfer of TMF Group’ assets or businesses, acquisition, bankruptcy, or similar event; or for other legitimate business purposes permitted by applicable law.

5. How we share your Personal Data

We share your Personal Data with the following parties:

  • Data controllers within TMF Group. Your Personal Data will be shared between the TMF Group entities that may use your Personal Data as described in this Privacy Statement for internal administrative purposes, management purposes, analytical purposes and other business-related purposes. Your Personal Data will only be used by TMF Group companies for marketing purposes if you have given your explicit consent thereto and/or where we have legitimate interest to do so. An overview of the locations TMF Group entities operate in can be found here.
  •  Service Providers and Processors. We engage third party vendors to provide Services on our behalf, which may have access to your Personal Data, including:
    • Business partners (such as law, tax and audit firms or finance providers), including subcontractors which are engaged to perform (part of) the Services under client services agreements;
    • Suppliers (such as IT service providers);
    • Marketing and advertising companies that carry out marketing activities on our behalf;
    • Analytics and search engine providers that assist us in the improvement and optimisation of our website, such as Google Analytics.

In providing their services, they will access, receive, maintain or otherwise process Personal Data on our behalf. Our agreements with these service providers do not permit use of your Personal Data for their own (marketing) purposes. Consistent with applicable legal requirements, we take commercially reasonable steps to require third parties to adequately safeguard your Personal Data and only process it in accordance with our instructions.

  • Third parties in case of legal requirement. We will disclose your Personal Data if disclosure is required by law or in the context of an investigation, regulatory requirement, judicial proceeding, court order or legal process served on us, or to protect the rights or safety of the website, us or our affiliated companies.
  • Corporate transaction. In addition, information about our clients, including Personal Data, may be disclosed as part of any merger, sale, transfer of TMF Group’s assets, acquisition, bankruptcy, or similar event.
  • With consent. We also disclose information about you, including Personal Data to any other third party, where you have consented or requested that we do so.

6. International Transfers of your Personal Data

Due to the global presence of our business operations, TMF Group transfers Personal Data you provide to us to countries other than your country of residence. The laws of these countries may not provide the same level of protection to your Personal Data. TMF Group or third parties we use will therefore seek to ensure that all adequate safeguards are in place and that all applicable laws and regulations are complied with in connection with such transfer, in particular for Personal Data transferred to countries outside the European Economic Area (EEA).

Intra-group data transfers within TMF Group take place on the basis of our Binding Corporate Rules, which can be found on the TMF Group website. For data that is transferred to third parties outside the EEA, we enter into legally required agreements with these third parties, including standard contractual clauses as approved by the European Commission or other supervisory authority where required. You are entitled to receive a copy of any documentation showing the suitable safeguards that have been taken by making a request via the local TMF Group entity which collected your data or dataprotection@tmf-group.com.

7. Security

TMF Group will take reasonable steps to ensure that your Personal Data are properly secured using appropriate technical, physical, and organizational measures, so that they are protected against unauthorised or unlawful use, alteration, unauthorised access or disclosure, accidental or wrongful destruction, and loss.

We take steps to limit access to your Personal Data to those persons who need to have access to it for one of the purposes listed in this Privacy Statement. Furthermore, we contractually ensure that any third party processing your Personal Data equally provide for confidentiality and integrity of your data in a secure way.

8. Data Retention

We retain your Personal Data for as long as required to satisfy the purpose for which they were collected and used (for example, for the time necessary for us to provide you with client Services) unless a longer period is necessary for our legal obligations or to defend a legal claim. The Personal Data that we collect of ultimate beneficial owners is retained for ten (10) years to cover the different requirements under national legislation of the countries where such data is collected.

9. Your Rights

Subject to the conditions set forth in the applicable law, you have the right to request, review, correct, update, suppress, restrict or delete Personal Data that you have provided to us or if you would like to request to receive an electronic copy of such personal data for purposes of transmitting it to another company, by sending an email to the local TMF Group entity which collected your data or dataprotection@tmf-group.com specifying your request. We will respond to your request consistent with applicable law.

In your request, please tell us what Personal Data you would like to have changed, whether you would like to have it suppressed from our database, or otherwise let us know what limitations you would like to put on our use of it. We will try to comply with your request as soon as reasonably practicable.

Please note that we may need to retain certain Personal Data for recordkeeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion.

In the event your personal data is processed on the basis of your consent, you can withdraw your consent at any time by sending an email to the local TMF Group entity which collected your data or dataprotection@tmf-group.com specifying your request, without affecting the lawfulness of processing based on consent before its withdrawal.

You may lodge a complaint with a supervisory authority, in particular in your Member State of residence, if you consider that the collection and use of your Personal Data infringes this Privacy Statement or applicable law.

10. Changes to this Privacy Statement

This Privacy Statement may be revised from time to time. If a fundamental change to the nature of the use of your personal data is involved or if the change is in any other manner relevant to you, we will ensure that information is provided to you well in advance of the change actually taking effect.

11. Contact Us

If you have any queries about this Privacy Statement or our handling of your Personal Data in general, or if you want to exercise your rights, please email us at dataprotection@tmf-group.com and be sure to indicate the nature of your query.

Privacy Statement – TMF Group | June 2018 | Version 1.0