Privacy Policy

Data Protection and Privacy Policy

Welcome to our dedicated personal information page which sets out the Data Protection and Privacy Policy for Stuart Smalley & Co LLC (‘SSC’) and SSC’s subsidiary Corporate Services Provider Douglas Trustees Limited (‘DTL’).  Both SSC and DTL take the privacy and security of your personal information seriously.

As a client of a SSC and/or DTL we collect, use and share your information to ensure we comply with any applicable legislation to which we are subject and to assist with the provision of legal and/or fiduciary services. Below you will find information about how we collect, store and use your data. 

Privacy Policy                                       

This is an overview of how we collect, use and keep your personal information secure. It also details to whom we disclose your personal information and for how long we keep your information.   

Here at SSC we take your privacy seriously. We will safeguard and utilise any personal data which you provide us with in accordance with the Principles set out in the EU General Data Protection Regulation (GDPR).

You can find more information about the GDPR at the Information Commissioners Office ( including its guiding principles, your rights as a data subject, and our obligations as a business holding it. You can also read the underlying Regulations here.

If you have any questions about this Notice or the way in which we treat your data then you should contact the Office Manager by email at or by telephone on +44 (0) 1624 626557.

Why does SSC hold personal data?

If you are a natural person who is a client of SSC or DTL, directly or indirectly – for example as a shareholder or a director of a corporate entity to which DTL provides regulated services in the Isle of Man or a Trustee, a Protector or Beneficiary of a Trust to which DTL provides services then we will collect and use your data to enable us to meet our contractual obligations.

Please also note that we are legally required to hold your personal data in accordance with Isle of Man Anti-Money Laundering and Financial Services legislation.

If you are a natural person, who has contacted us by telephone or email to ask about our services whether or not you have engaged us to act for you, as a regulated person in the Isle of Man, we have an obligation to maintain any information resulting from your enquiry for at least 5 years from the date you contacted us.

What type of personal data do we hold about you?

As well as copy passports, proofs of address and contact information, the information is likely to include general information about your professional background which has been provided by you or your professional intermediary. We may also collate and hold data found from the results of internet searches and other sources in the public domain including social media sites.

How will we hold the data?

This information will be held in organised paper files, as PDF copies on our file server, in database form within our company secretarial system and attached to relevant emails within our secure email system.

Transfer of data to third parties

We will not share your data with third parties except in specific limited circumstances. Generally, these circumstances will be to enable us to perform our contract with you (say if you ask us to open a bank account for an entity) or for legal/regulatory reasons.  We may undertake credit checks using UK based agencies.  Your data may be used for the provision of legal services, internal administration and training and it may be necessary for us to share your data with external service providers.

Legal and Regulatory reasons would include – completion of the Isle of Man beneficial ownership database, the completion and filing of a corporate annual return of a Company or for FATCA / CRS disclosure purposes.

How long will we hold your data?

SSC holds files for between six and twelve years depending on the nature of the work. Corporate service providers and Isle of Man incorporated entities themselves are subject to stringent record keeping obligations under local legislation including the Isle of Man Financial Services Rule Book which applies to corporate and trust service providers, VAT legislation and relevant Companies Acts.

For example, in respect of 2006 Act incorporated companies, Financial Services Rule Book 2016 Rule 6.66 requires that CSPs retain all company records (M&As, minutes, correspondence, original financial statements, title deeds, contracts etc.) for a period of 18 years following dissolution of the entity.

Further, in order to ensure that rights and freedoms of our clients, our staff as well as SSC are safeguarded, we may hold certain information connected to client entities for longer time periods on the basis that it may be required to assist with the mitigation of any future tax or regulatory query into the transactions or other affairs undertaken by an entity or trust to which we provide regulated services.

SSC and DTL have a Disposal Policy to ensure that records are not maintained for a greater period than is required.

Details of your rights under GDPR

Under GDPR you have the right to expect us to deal with your data in accordance with the Principles set out in Article 5 of the Regulations.  Accordingly we treat all personal data in the following manner:-

  1. processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);
  2. collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes (‘purpose limitation’);
  3. adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed (‘data minimisation’);
  4. accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data which is inaccurate, having regard to the purposes for which it is processed, are erased or rectified without delay (‘accuracy’);
  5. kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (‘storage limitation’);
  6. processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).

Right of Access to the Data

In accordance with Article 15 (3) upon your request, we will provide you with a copy of your personal data.  This can be done by contacting

Right to Rectification

In accordance with Article 16 we will correct any inaccuracy in the personal data we hold concerning you.

How to make a Complaint

If you are unsure about any aspect of this Notice or our Policies then, in the first instance, we suggest you contact the Office Manager to seek clarification, by email at or by telephone on +44 (0) 1624 626557.

If you wish to make a formal complaint concerning our conduct then you should contact the Isle of Man Information Commissioner whose contact details are shown below:, P.O. Box 69, Douglas, Isle of Man, IM99 1EQ Telephone: +44 1624 693260 e-mail:

23 May 2018


  1. In this policy ‘we’ includes both SSC and DTL