We, Abacus Financial Services Limited (and its group companies, together “Abacus”) are routinely required to collect and use certain types of information, or personal data, about our clients, suppliers and business partners in order to carry on our work. We may also need to deal with personal data relating to existing, former or potential clients, contacts, and business partners.
This personal information must be collected and dealt with appropriately whether it is collected on paper, stored in a computer database, or recorded on other material and there are safeguards to ensure this under the current Data Protection Act 2004 (the “DPA”) and also under the General Data Protection Regulation (“GDPR”) which comes into force on 25th May 2018.
Abacus is the Data Controller under the DPA and GDPR, which means that it determines what purposes personal information held, will be used for. It is also responsible for notifying the Data Protection Commissioner of the data it holds or is likely to hold, and the general purposes that this data will be used for.
Abacus has designated a Data Protection Officer with specific responsibility for ensuring compliance with Data Protection. The Data Protection Officer may be contacted at firstname.lastname@example.org
Abacus complies with the DPA/GDPR requirement for the firm to register the fact that it collects and uses particular categories of personal data. The Gibraltar Regulatory Authority maintains a register (“the Register”) of processing operations in respect of all organisations registered to handle personal data. The Register is a public document.
Details of Abacus’s Gibraltar registration is published on the Gibraltar Regulatory Authority’s website (http://www.gra.gi) under the following registration number: DP002888.
On the basis of these principles, therefore, we will:
5.1 Ensure that we have in place a robust data protection policy that accords with all the principles of the Act and of GDPR. When directly collecting personal data, where reasonably practicable we will provide data subjects with notice about the types of information collected and the intended uses of this information together with any other information that may be necessary to ensure the processing is fair. This information need not be provided where the effort involved would be disproportionate to the value to the individual of being informed.
5.2 Only collect and use confidential information and personal data for legitimate regulatory, client service and Abacus business purposes and only disclose this information to Abacus personnel or a third party that need to have access to the information for the purposes outlined above.
5.3 Collect only confidential information and personal data that is adequate, relevant and not excessive for the intended purposes.
5.4 Keep confidential information and personal data up to date for the intended purposes and take reasonable steps to ensure the information is up to date by periodically asking data subjects whether there have been any changes. We will promptly correct any errors upon discovery or notification by the data subject. Individuals may request that Abacus corrects the personal data it holds about them. Abacus will comply with a reasonable request for correction and if it does not agree that the personal data is incorrect, it will record the fact that the individual believes the information is incorrect. In the event of a dispute, a complaints procedure is in place.
5.5 Retain confidential information and personal data no longer than necessary for the intended purposes, unless a longer period is required for legal or regulatory reasons. Once the data is not required for its intended purposes or under any statutory provision, it will be disposed of appropriately.
5.6 Upon request or when required, we will explain to our clients and other data subjects what confidential information or personal data of theirs is shared with other third parties locally or across country borders, where and with whom and for what purpose; and we will at all times respect any confidential and/or data protection obligations which may be in the client engagement contract. We will only share confidential information and personal data with the consent of the party to whom the information or data belongs.
5.7 We take all appropriate technical and organisational security measures against any unauthorised disclosure or access, alteration, accidental loss, destruction or damage to confidential information and/or personal data.
5.8 When transferring or receiving confidential information or personal data across country borders, we will comply with any relevant legal, professional or contractual requirements. Personal data shall not be transferred to countries outside the EE Area unless certain conditions are met. We will keep on our database details of any legal and professional requirements for certain territories, as we become aware of them.
6.1 All individuals in respect of whom we hold personal data have rights when it comes to how we handle their data. These include rights to:
6.2 Any individual who wishes to access their personal data should make a request in writing to the Data Protection Officer. Upon any request by a data subject to obtain details of personal data being held by Abacus, documentary proof of identity and proof of address of the person requesting the information (such as an I.D. card or passport and utility bill) will be obtained prior to disclosure. Where practicable, the person requesting the information will be asked to come into the offices in person to collect the data. Any data sent by post as a result of such a request will only be sent to the address we have in our records for the subject.
6.3 Abacus will abide by any request from any individual not to use their personal data for direct marketing purposes by endeavouring to ensure that the individual’s details are suppressed.
Data subjects have the right to complain to the supervisory authority, the Data Protection Commissioner, if they are not satisfied that their rights under the legislation are being respected. The Data Protection Commissioner is the Gibraltar Regulatory Authority, of 2nd Floor, Eurotowers 4, 1 Europort Road, Gibraltar. Telephone: (+350) 20074636 Fax: (+350) 20072166 email: email@example.com
Last updated: May 2018