Privacy Policy
IMS GROUP – DATA PROTECTION PRIVACY NOTICE
International Management Services Ltd. (IMS) is a limited liability company incorporated under the laws of the Cayman Islands. References in this Privacy Policy to “we”, “us” or “IMS Group” are references to IMS and certain affiliated entities through which we provide our services in the Cayman Islands. IMS is committed to protecting your privacy and maintaining the confidentiality and security of your personal information. Any personal information processed by us is controlled by us and we are the data controller of your personal information.
Reference in this Privacy Notice to “personal data” means any information that identifies, or could reasonably be used to identify, a living individual, either on its own or together with other information.
How we obtain your personal data
As a provider of corporate services, we regularly receive personal data to enable us to provide our services and to comply with various regulatory requirements, particularly in relation to anti-money laundering and combatting of terrorist financing etc. We also collect and hold personal data in respect of individuals employed by us.
We may collect your personal data:
-
As part of our business take-on procedures;
-
When you seek employment from us;
-
When you or your organization offer or provide services as our vendor;
-
When contact us via the ‘contact us’ page of our website;
-
When you email us or provide such data to us in other circumstances, such as when you request details about our services or attend a firm sponsored event or provide a business card to one of our employees.
In some cases, we may collect data about you from a third party source, such as an information or service provider or from public records.
Where your details are provided to us as a consequence of our appointment to provide services to you or to an entity with which you are connected, we may process your personal information or, if you are an entity, we may collect and process personal information of (i) your beneficial owner(s), you’re your employees, and (iii) your directors, officers, trustees, general partners, managers, or other persons serving in a similar capacity (the foregoing collectively as your “personal information”).
The personal data we collect and process
The personal information that we collect and process may include:
-
Identification and background information provided by you or collected by us as part of our business acceptance procedures;
-
Basic information, such as your name, your employer, your title or position and your relationship to a person or entity;
-
Contact information, such as your physical address, email address and phone/fax number(s);
-
Financial information, such as bank account details;
-
Information you provide to us for the purposes of travel/attending meetings and events;
-
Personal information provided to us by or on behalf of our clients, partners and employees or generated by us in the course or providing services and employment, which may include special categories of data (such as sickness records for employees or past employees);
-
Details of your visits to our offices; and
-
Any other information relating to you which you may provide to us.
How we use your personal information
Whether we receive your personal information directly from you or from a third party source, we will only use your personal information in connection with our ordinary business activities (including the fulfilment of our legal or regulatory obligations).
These “Permitted Uses” may include:
-
Providing services to our clients, which includes notifying you of legal or regulatory developments and requirements which it is necessary to inform you of to ensure that the entities and persons to which we provide services to continue to be in compliance with relevant laws and regulations;
-
Managing our business relationship with you or your organization, whether in connection with the provision or procurement of goods and services or as your employer or former employer, including processing payments, accounting, auditing, billing and collection and related support services;
-
Acting in compliance with our legal obligations, including (but not limited to) anti-money laundering and sanctions checks;
-
Managing and securing the access to our offices and systems;
-
Complying with court orders and other legal and regulatory requirements;
-
Processing that is necessary for purposes of the legitimate interest of the IMS Group or third parties provided that such interests are not overridden by your interests or your fundamental rights and freedoms; and
-
For any purpose related to the foregoing or for any purpose for which you provided the personal data to the IMS Group.
If we require your consent (and you have given us your consent), we may process your personal data for additional purposes. You may withdraw your consent for such additional processing at any time. Such additional purposes may include:
-
Communicating with you with respect to announcements, events and IMS Group products and services which may be of interest to you;
-
Distributing surveys or marketing materials; or
-
Any other purpose for which you have given consent.
How we share your personal information
Your personal information may be shared among all the entities within the IMS Group (we currently only operate in the Cayman Islands). Our policies require us to ensure a level of data protection as required by Cayman Islands Law.
We may also need to transfer personal data to third parties, including third parties based in or outside the European Economic Area, for example (but not limited to) sub-contractors, legal counsel, providers of risk intelligence data for AML/due diligence purposes, regulators, company registries, accountants and third parties involved in your matters.
Our backup and disaster recover/business continuity servers are currently located in the EU (Dublin, Ireland), meaning that all of our data is replicated (and encrypted) in Ireland (a jurisdiction directly subject to the GDPR).
Where we share or transfer your personal information, we will do this in accordance with applicable data protection laws and will take appropriate safeguards to ensure its integrity and protection.
Keeping your personal information secure
We take appropriate measures against unauthorized or unlawful processing of your personal information and against accidental loss or destruction of, or damage to, your personal information in accordance with our procedures regarding its storage, access and destruction. Information may be stored by us or our vendors and sub-contractors either electronically or in paper files or a combination of both.
Retaining your personal information
We will delete your personal information when it is no longer reasonably required by us in connection with the provision of our products or services or you withdraw your consent (if applicable), provided that we are not required by law or regulatory requirements to continue to hold such information.
Additionally, we may retain your personal information for an additional period to the extent deletion would require us to overwrite our automated disaster recovery backup systems or to the extent we deem it necessary to assert or defend legal claims during any relevant retention period.
Our current policy is, under normal circumstances, to retain information for a period of 6 years after the termination of our relationship with a client.
Rights of data subjects
Data subjects in the European Union (or any jurisdiction with equivalent legislation to the European Union General Data Protection Regulation) have certain rights in respect of their personal data.
Any such data subject wishing to exercise any rights under applicable data protection laws (including the right to withdraw any consent to processing previously given; the right of access to data; or to have data corrected, updated, rectified or erased; or for access to data to be restricted or provided to any third party; or to object to any particular processing) should send the request in the first instance to data-protection@ims.ky
In any case in which a data subject chooses not to provide any personal data or where any of the rights set out above are exercised to limit the processing of personal data, we may be unable to provide services, or there may be a restriction on the services which can be provided or your rights may be limited by legislation or regulation applicable to our business.
Updates
This Privacy Notice was updated in August, 2018. We reserve the right to amend this Privacy Notice from time to time to reflect changing legal requirements or our processing practices. Any such changes will be posted on this website and will be effective upon posting.
Your acceptance of these terms
By using this site, you signify your acceptance of this policy and terms of service. If you do not agree to this policy, please do not use our site. Your continued use of the site following the posting of changes to this policy will be deemed your acceptance of those changes.