Privacy Statement

1. Introduction and Scope

This Privacy Statement sets out how TMF Group uses your Personal Data in connection with:

  • services provided to or by you ("Services”); 
  • other (pre) contractual relationship between you and TMF Group, except for employment or similar relationship (“Relations”);
  • Services provided to or by an entity that you represent or work for (“your entity”) or Relations that your entity has with TMF Group.

For purposes of this Privacy Statement, “Personal Data” means any information through which we can identify you, as further described below under paragraph 3 (Personal Data we process).

This Privacy Statement only applies to the usage of Personal Data of (prospective) clients, vendors or other business partners (individuals) for which TMF Group entity is responsible and qualifies as a controller in the meaning of the General Data Protection Regulation (2016/679/EU) ("GDPR") or similar qualification under other data protection laws, whereby TMF Group entity determines the purpose and the means of the processing of such Personal Data.

Your Personal Data can be collected through various channels, such as in a sales process, via telephone calls, via forms you or your entity submit(s) to us, via email or other communication channels or tools, as well as during business events.

We can collect your Personal Data directly from you or indirectly from your entity.

This Privacy Statement does not apply to corporate company information if no Personal Data from individuals can be derived from such corporate information, unless it is considered Personal Data in accordance with applicable local laws.

For our usage of Personal Data in our capacity as a processor under the relevant data protection laws, Personal Data Protection Policy applies. We also have a separate Website Privacy Statement which applies and sets out how we use your Personal Data when you visit our website.

2. Who we are

When we refer to ourselves as "TMF Group" or "we", we mean each TMF Group entity that is responsible for using your Personal Data. This will depend on the TMF Group entity(/ies) that you intend to or have entered into a contract with for the provision of Services or with regard to Relations. An overview of the locations where TMF Group entities operate in and TMF Group entities as such can be found here.

3. Personal Data we process

The Personal Data we process about you in connection with providing Services or Relations include the following:

  • Your contact details. Your name, address, telephone number, email address and any other contact details you provide to us.
  • Your personal characteristics. Including your gender, profession, job title, name of your entity, marital status (if shown on national identification cards) or other personal characteristics that are requested to identify you as a client, a vendor or a business partner, or their representative or employee, including information disclosed in commercial registers if it is considered Personal Data in accordance with the applicable local laws.
  • Recording of video footage. When you enter our buildings or premises, you are recorded by our video surveillance systems (CCTV). You can also be recorded on video footage during events, such as seminars, that we host.
  • Your communication data. Your requests, any complaints you may have, or any requests or complaints submitted for you or on your behalf, and any other data that we receive if we communicate with you via email, telephone, in person or otherwise.
  • KYC information. TMF Group is required by law to conduct "know your client" identification procedures. To comply with our legal obligation, we also collect the following information from the Ultimate Beneficial Owners (UBOs) or executives (e.g. managing directors or board members) of our clients: first and family name, nationalities, your Personal Data disclosed in a copy of ID (including its number, issuance and expiry dates, issuing authority, photo of individual), tax residence, private/residential address, phone number, email address, date of birth, place of birth, marital status, profession and actual function, range of annual income, range of estimated wealth, the source of wealth and (where applicable) an U.S. or other Taxpayer Identification Number.

If you are a party to contract with us then providing Personal Data which allow us to identify you is a condition to concluding a contract. The contract cannot be concluded without Personal Data allowing to identify you as a party to the contract.

Providing Personal Data concerning the KYC process is necessary for us to be able to comply with legal requirements on anti-money laundering. If the Personal Data is not provided then conducting required verification can be significantly hindered, and as a consequence we may not be able to conclude a contract with you or your company, or already concluded contract may be terminated.

Providing Personal Data for the purpose of contact or communication is voluntary. However, lack of such Personal Data may significantly impede providing Services, maintaining Relations or answering your requests or complaints.

Providing Personal Data only for marketing purposes is voluntary. Failure to provide the Personal Data has no consequences.

4. Purposes for which we use your Personal Data

TMF Group collects, uses or otherwise processes your Personal Data for the purposes below and on a lawful basis. Insofar we already hold information about you, we may use that information for the same purposes.

  • For the performance of our agreement with you: We use your Personal Data in order to carry out our obligations arising from any agreements entered into between you and us, and to provide you with the information or Services that you request, including managing and handling your requests, inquiries or complaints.
  • Use of information based on your consent: If you are a prospective client: we use your Personal Data to send you marketing communications (such as newsletters, promotions, news or service updates) via email or other electronic means or via telephone, but we will only do so after we have received your explicit consent to do so. You can withdraw your consent at any time; see paragraph 9 (Your rights) below.
  • To comply with our legal obligations: Any information referred to above under paragraph 3 (Personal Data we process) may be used to comply with a legal obligation to which we are subject, such as maintaining appropriate business records, conducting Know Your Client identification procedures, complying with lawful requests by governmental agencies and public authorities and to comply with applicable laws and regulations or as otherwise required by law.
  • For our legitimate commercial interests:
    • If you are an existing client, vendor or business partner, their representative or employee: we use your Personal Data (both on aggregated and on individual basis), such as your contact details and your electronic identification data for the purpose of advertising our Services that may be of interest to you (based on the Services you or your entity previously used), making contact with you for marketing or other commercial purposes.
    • We use your Personal Data for client administration purposes, such as administration of Services agreements or other agreements, as relevant, internal administration of work done under such agreements.
    • We use your Personal Data for analysing and improving the quality of our Services and to understand you or your entity as a customer (customer optimization). This enables us to assess what may interest you, to measure or understand the effectiveness of advertising we serve to you and others and to deliver relevant advertising. In addition, based on your historical use of our Services we may target you with advertisement or other marketing materials that are customized to your personal preferences and experiences.
    • In addition, we use your Personal Data for our other legitimate commercial interests such as, to operate and expand our business activities, to develop and improve or modify our Services, to generate aggregated statistics about the users of our Services; to assist in security and fraud prevention; to administer our website and for internal operations, including troubleshooting, data analysis, testing, research, and statistical purposes.
    • We also use your Personal Data for system integrity purposes (for example the prevention of hacking, spamming etc.); to facilitate our business operations, to operate company policies and procedures; to enable us to make corporate transactions, such as any merger, sale, reorganization, transfer of TMF Group’ assets or businesses, acquisition, bankruptcy, or similar event; or for other legitimate business purposes permitted by applicable law.

5. How we share your Personal Data

We share your Personal Data with the following parties:

  • Data controllers within TMF Group. Your Personal Data will be shared between the TMF Group entities that may use your Personal Data as described in this Privacy Statement for internal administrative purposes, management purposes, analytical purposes and other business-related purposes. Your Personal Data will only be used by TMF Group companies for marketing purposes if you have given your explicit consent thereto and/or where we have legitimate interest to do so. An overview of the locations TMF Group entities operate and TMF Group entities as such can be found here.
  • Service Providers and Processors. We engage third party vendors to provide Services for us or on our behalf, which may have access to your Personal Data, including:
    • Business partners (such as law, tax and audit firms or finance providers), including subcontractors which are engaged to perform (part of) the Services under Services agreements;
    • Suppliers (such as IT service providers);
    • Marketing and advertising companies that carry out marketing activities on our behalf;
    • Analytics and search engine providers that assist us in the improvement and optimisation of our website, such as Google Analytics.

In providing their services, they will access, receive, maintain or otherwise process Personal Data on our behalf. Our agreements with these service providers do not permit use of your Personal Data for their own (marketing) purposes. Consistent with applicable legal requirements, we take commercially reasonable steps to require third parties to adequately safeguard your Personal Data and only process it in accordance with our instructions.

  • Third parties in case of legal requirement. We will disclose your Personal Data if disclosure is required by law or in the context of an investigation, regulatory requirement, judicial proceeding, court order or legal process served on us, or to protect the rights or safety of the website, us or our affiliated companies.
  • Corporate transaction. In addition, information about our clients, including Personal Data, may be disclosed as part of any merger, sale, transfer of TMF Group’s assets, acquisition, bankruptcy, or similar event.
  • With consent. We also disclose information about you, including Personal Data to any other third party, where you have consented or requested that we do so.

6. International Transfers of your Personal Data

Due to the global presence of our business operations, TMF Group transfers Personal Data you provide to us to countries other than your country of residence. The laws of these countries may not provide the same level of protection to your Personal Data. TMF Group or third parties we use will therefore seek to ensure that all adequate safeguards are in place and that all applicable laws and regulations are complied with in connection with such transfer, in particular for Personal Data transferred to countries outside the European Economic Area (“EEA”).

Intra-group data transfers within TMF Group take place on the basis of our Binding Corporate Rules, which can be found on the TMF Group website (https://www.tmf-group.com/en/legal/data-protection/binding-corporate-rules/).

For Personal Data that is transferred to third parties outside the EEA, we enter into legally required agreements with these third parties, including the most recent version of the standard contractual clauses as approved by the European Commission or other supervisory authority where required.

You are entitled to receive a copy of any documentation showing the suitable safeguards that have been taken by making a request via the local TMF Group entity which collected your Personal Data or dataprotection@tmf-group.com.

7. Security

TMF Group will take reasonable steps to ensure that your Personal Data are properly secured using appropriate technical, physical, and organizational measures, so that they are protected against unauthorised or unlawful use, alteration, unauthorised access or disclosure, accidental or wrongful destruction, and loss.

We take steps to limit access to your Personal Data to those persons who need to have access to it for one of the purposes listed in this Privacy Statement. Furthermore, we contractually ensure that any third party processing your Personal Data equally provide for confidentiality and integrity of your data in a secure way.

8. Data Retention

We retain your Personal Data for as long as required to satisfy the purpose for which they were collected and used (for example, for the time necessary for us to provide you with client Services) unless a longer period is necessary for our legal obligations or to defend a legal claim.

We apply data retention terms as required under the applicable laws of the country(/ies) where your data is being processed and further in accordance with TMF Group Data Retention Policy. Where this policy or the applicable laws do not determine otherwise, data retention term of ten (10) years is applied.

9. Your Rights

Subject to the conditions set forth in the applicable law, you have the right to request access to or rectification or erasure of your Personal Data and to restrict or object processing of your personal data, as well as the right to data portability. If you would like to exercise any of those rights please send an email to the local TMF Group entity which collected your Personal Data or dataprotection@tmf-group.com specifying your request. You can also contact us via the contact form available here: the TMF Group Data Subject Request Form. We will respond to your request consistent with applicable law.

In your request, please tell us which right you would like to exercise, including what Personal Data you would like to have changed, whether you would like to have it erased from our database, or otherwise let us know what limitations you would like to put on our use of it. We will try to comply with your request as soon as reasonably practicable.

Please note that we may need to retain certain Personal Data for recordkeeping purposes and/or to complete any transactions that began prior to your request on exercising your rights mentioned above.

In the event your Personal Data is processed on the basis of your consent, you can withdraw your consent at any time by sending an email to the local TMF Group entity which collected your Personal Data or dataprotection@tmf-group.com specifying your request, without affecting the lawfulness of processing based on consent before its withdrawal.

You may lodge a complaint with a supervisory authority, in particular in your Member State of residence, if you consider that the collection and use of your Personal Data infringes this Privacy Statement or applicable law.

10. Changes to this Privacy Statement

This Privacy Statement may be revised from time to time. If a fundamental change to the nature of the use of your Personal Data is involved or if the change is in any other manner relevant to you, we will ensure that information is provided to you well in advance of the change actually taking effect.

11. Contact Us

If you have any queries about this Privacy Statement or our handling of your Personal Data in general, or if you want to exercise your rights, please email us at dataprotection@tmf-group.com and be sure to indicate the nature of your query.

You can also exercise your rights via the contact form included here.

Privacy Statement – TMF Group | June 2018 | Version 1.0

Privacy Statement – TMF Group | September 2022 | Version 2.0