RECEIVE OUR INVESTMENT NEWSLETTER IN YOUR INBOX
Special Topic: The best countries to register a yacht or corporate maritime asset.
- It came as a big surprise to many economists when it became clear in late July that the US economy was already in recession, being two quarters of economic contraction in a row. In both the second quarter (-0.9% year-on-year) and first quarter (-1.6% year-on-year) the economy growth was negative.
- So far, the contribution of consumption to US economic growth is still positive. However, the real disposable income of households has been under severe pressure for some time. It therefore seems only a matter of time before unemployment starts to rise and the contribution of consumption to economic growth becomes negative.
- Inflation dropping in the second half of 2022 and 2023, the Fed cutting interest rates again in 2023 and Central Banks ensuring that capital market interest rates do not rise too far, lead us to assume that the recession in the US has started and certainly is not over yet, but will most likely resemble the relatively mild recessions of 1948, 1960 and 1990 in depth and duration.
- It seems only a matter of time before the UK and the Eurozone also end up in recession.
- Should inflation peak soon and capital market rates fall further, an ongoing recovery in equity markets seems possible.
- In our view, the outlook for bonds remains positive for the time being. The Citigroup Economic Surprise Index also indicates that there is room for a further decline in capital market rates.
- Our conclusion remains that the rally in Commodities has come to an end for the time being as the economy moves into recession and inflation looks set to ease soon.
- If house prices do not, or hardly, rise in the coming years while wages do, affordability will improve over time without this leading to a new financial and economic crisis.
Our maritime team specializes in the management and administration of structures related to leasing and financing in the maritime sector.
Summer is in full swing so let’s push the boat out and have a closer look at what makes Malta, the United Kingdom and Singapore such desired jurisdictions for yacht registrations and marine services.
Malta is long been a popular choice for the registration of yachts and corporate maritime assets* due to its strategic location, strong legal and regulatory framework and favorable tax regime.
The Maltese Flag ranked first in Europe plus sixth worldwide in terms of registered tonnage (a ship's total internal volume). It is recognized as being both reputable and reliable. This means that owners can be assured of a high level of service and support from the Maltese authorities.
*Corporate maritime assets are vessels, barges, boats and other watercraft, and any equipment, consumables, ships stores or other related assets that are maintained or stored on the vessel or on land owned by a company.
Additionally, the Maltese government has put in place a number of incentives to encourage owners to register their vessels in Malta. These include a number of tax breaks and duty-free importation of yachts into Malta. A key feature of the Maltese taxation system in relation to yachts is the tonnage tax regime, whereby income resulting from the operation of (qualifying) yachts is exempt.
The Maltese Islands offer a stunning cruising ground, with something to suit everyone. It is blessed with deep natural harbors, has invested heavily in state-of-the-art superyacht marinas and encouraged the creation of a number of onshore service providers, such as yacht management companies and refitting and repair facilities. Whether you are looking for sheltered coves and bays in which to anchor, or wide-open spaces for sailing, Malta has it all.
The Red Ensign Group is a collection of countries which offer some of the lowest registration fees in the world for yachts. The United Kingdom is a member of this group, making it an attractive option for those looking to register their yacht. In addition to low fees, the UK offers a number of other benefits that make it an ideal choice for yacht registration. These include:
- The UK has a long history of marine support and infrastructure, making it easy to find the services you need to maintain your yacht.
- The UK is home to some of the world's leading maritime lawyers, meaning you can get expert advice on any legal issues relating to your yacht.
- The UK is a signatory to a number of important maritime treaties, including the UN Convention on the Law of the Sea (UNCLOS), which gives you extra protection and peace of mind when sailing in international waters.
If you're looking for a jurisdiction that offers low fees, a wealth of experience and infrastructure, and strong legal protection, the UK is an excellent choice for yacht registration.
Singapore is the ideal Asian gateway for global leaders in shipping finance, shipbroking, risk management and marine insurance. When it comes to yacht registration, Singapore offers a number of advantages that are hard to ignore.
For starters, Singapore has a very favorable tax regime for yacht owners and provides various tax incentives for shipowners / operators and shipping-related support service providers. There is no sales tax or value-added tax on yachts, and import duties are low. This makes Singapore an attractive option for those looking to purchase a yacht. Also, Singapore is a safe and stable country with a strong legal system. This provides peace of mind for yacht owners, knowing that their investment is well protected.
If you’re looking for a hassle-free yacht registration process, competitive taxes, and a safe and stable environment, then Singapore should be at the top of your list.
If you are thinking of registering your maritime asset, we can help. Adopting the boutique approach that underpins all our services, our global maritime team offers an in-depth understanding of the maritime sector in your chosen jurisdiction. We support companies in all aspects of yachting, shipping, leasing of commercial vessels and corporate maritime assets as well as private and commercially registered yachts.
Further information about our maritime services can be found here or contact us today discuss your how we can help you.
In recent months we wrote that we were surprised how few economists assumed a recession in the US was imminent. In our opinion, the US was already in a recession. Many economic models indicated that the chance of a recession was small for the time being. The economic model of Capital Economics even indicated in mid-July that the probability of a recession in the US was close to 0%.
Many economists were therefore surprised when it was announced at the end of July that the economy in the US was already in recession, being two consecutive quarters of economic contraction. In the second quarter (-0.9% annualized), the economy shrank, just like in the first quarter (-1.6% annualized). In the first quarter, the economic contraction was downplayed by economists because it was mainly caused by the deteriorated trade balance. In the second quarter, however, this contribution was positive, and the contraction was downplayed by economists due to the decline in inventories. The fact that the US has now contracted for two quarters and is therefore in a recession is also downplayed by economists because employment is still good. We continue to find these “statements” strange. Inventory reduction is usually a result of companies seeing a decline in demand and/or an increase in financing costs. So, it's clearly a signal that the Fed's rate hikes are starting to take effect. In addition, the statement that there is no recession because employment is still so good is almost ridiculous in our view. In the Western world we speak of growth if, for instance, more is produced by the same amount of people. The proposition that it is not a recession if more people produce less, fits better in a communist world than in our western capitalist world. Moreover, it seems almost inevitable that the US economy will contract more often in the coming quarters and that unemployment will soon also rise.
So far, the contribution of consumption to US economic growth is still positive. However, the real disposable income of US households has been under severe pressure for some time as a result of high inflation and lagging wage growth. This can also be clearly seen in the two graphs below.
Household disposable income is still rising in nominal terms, but not in real terms for some time now. In other words, consumption still increases in value because products and services become more expensive but decreases in volume. It is only logical for companies to hold less inventory and it seems only a matter of time before unemployment starts to rise and the contribution of consumption to economic growth becomes negative. It is also interesting to see the magnitude and duration of the recessions that have taken place since 1945 in the two charts below. Leaving aside the 2020 Covid-19 recession because it had a unique cause.
Four of the six worst recessions ('57, '73, '80, '81) since 1948 were caused by the fact that the FED, forced by inflation, kept raising interest rates while the economy already was in a recession. In the five mildest recessions ('48, '60, '69, '90, '01), the FED cut interest rates as soon as the recession started. The FED also did this during the deepest recession ('07), but that was still too late to prevent a financial crisis. It is also noteworthy that the two recessions of 1957 and 1980, although short-lived, were very severe, while the three recessions of 1973, 1981 and 2007) were less severe but relatively long. The question is where we should place the current recession of 2022. The situation seems comparable to 1957, 1973, 1980 and 1981. As then, the FED has so far been forced to raise interest rates further even though the recession has already started. There are also similarities with 2007. Just like then, the financial economy is many times larger than the real economy. If the FED goes ahead with its plans to aggressively shorten its balance sheet (QT) from September, capital market rates will rise again and a real estate crisis with far-reaching consequences for the real economy and the financial system seems inevitable. However, the most likely scenario seems to us that inflation will soon fall, the FED will not or barely reduce its balance sheet and will cut interest rates again in 2023. Our expectation that inflation will fall soon is based on the following factors: As a result of the economic recession, the demand for raw materials, goods and services will decline. The Brent Crude Oil price has already fallen from $123 in early March to $94.5 in early August and the ISM mfg Prices Paid Index shows that the largest price increases are over. In addition, the decline in the Baltic Dry Index from $5500 in October to $1731 in early August and the ISM Services Supplier Delivery Times Index also show that the bottlenecks in the economy are gradually disappearing.
Also, according to the Cleveland FED and the financial markets, inflation has now peaked and is expected to fall significantly in 2022H2, 2023 and 2024, which is positive for household purchasing power.
Furthermore, today's economies are characterized by record high debt as a percentage of GDP. If central banks raise short-term interest rates, this will inevitably lead to a recession, as is the case now. However, if central banks also shorten their balance sheet (QT) and thus allow capital market interest rates to rise, this will inevitably lead to a new debt crisis, also for governments.
Particularly because of the latter, Central Banks also look at the capital market interest rate in everything they currently do, and both the FED and ECB immediately adjust their policy if it rises too much. The FED announced in July that it would implement a "data-dependent policy" from now on as a recession has started, and the ECB introduced a new "Transmission Purchase Program" to prevent spread increases between countries such as Germany on the one hand and Italy on the other too much. All in all, we consider it likely that the FED will cut interest rates again in 2023 and that the ECB, even more so than the FED, will allow policy to be partly determined by developments in the capital market.
Declining inflation numbers in the second half of 2022 and 2023, the FED cutting interest rates again in 2023 and central banks guarding against capital market rates rising too far lead us to assume that the recession in the US has already started, and certainly is not yet over, but will most closely resemble the recessions of 1948, 1960 and 1990 in depth and duration. Furthermore, it seems only a matter of time before the UK and the Eurozone also fall into recession.
Although the FED continued to raise interest rates and the US economy turned out to be in recession, July was an excellent month for equities. The S&P 500's rise of more than 9% (in USD) was entirely due to an increase in the P/E and therefore appears to be mainly due to the sharp fall in capital market interest rates in July. Earnings expectations for the next 12 months have been revised downwards by 1.5%.
It was also positive that the recovery in the equity markets was broad-based. I.e., the returns of all sectors and factors were positive.
Globally, the recovery in the equity markets was also broad-based. China was the biggest negative exception.
While the recession in the US is far from over and has yet to start in the UK and the Eurozone, equity markets already seem to be looking ahead to economic recovery and lower inflation in 2023. In the first half of 2022, equity markets appear to have gone through a typical bad news “triple waterfall”. Goldman Sachs also remains optimistic about the outlook for corporate earnings in 2022 and 2023 and expects the recovery in equity markets to continue in the coming months.
While many this year have looked at the similarities and differences between inflation and central bank policies in the late 1970s and now, it might also be interesting to look at the stock market performance then and now. At the time, the FED, led by Governor Paul Volcker, aggressively raised interest rates to combat inflation, causing the S&P 500 to fall by 27% between November 28th 1980, and August 12th 1982. When it subsequently became clear that inflation was going to fall and the FED would end its aggressive policy, the S&P 500 had already made up the entire loss four months later. Whether the current upcoming peak in inflation and Governor Powell’s recent announcement to make policies more "data dependent" will have the same effect remains to be seen, but the start in July looks promising. Also on the positive side, most stocks are above their 50-day moving average, which is usually followed by higher prices.
Should inflation indeed peak soon and capital market interest rates fall further, an ongoing recovery in the equity markets seems possible. With the exception of the so-called “Big Cap”, equities don't seem expensive. It is also notable that the profits of US companies are currently revised downwards significantly more often than the profits of European and Japanese companies. This appears to be mainly due to the opposite effect that the strong USD appreciation is having on the profits of companies operating internationally.
July was also a good month for bonds. Capital market interest rates fell almost everywhere in the world.
July was also a particularly good month for Distressed Bonds (BDC) and High Yield bonds, whose underlying yields declined as well as risk spreads. The probability of imminent bankruptcies was therefore clearly estimated to be lower. On the one hand, this is remarkable given that the recession in the US has only just started, but on the other hand a result of the better outlook for inflation and monetary policy in 2023. The lower capital market interest rates were mainly due to investors accepting a lower real interest rate. While inflation expectations for the next two years fell, they rose for the longer term.
In our view, the outlook for bonds remains positive for the time being. Inflation is expected to peak soon and then fall again. In addition, it is positive that the amount of negative yielding bonds has fallen from $18.4 trillion in December 2020 to $2.4 trillion in July 2022. Furthermore, the Citigroup Economic Surprise Index seems to indicate that there is room for a further decline in the capital market rate.
The Bloomberg Commodity Index recovered somewhat in July from the significant drop in June. However, if you zoom in a little more on the underlying details, you will see that the increase was almost entirely due to a rise in the gas price. This was because it is becoming increasingly clear that Russia, in response to Western sanctions, is continuing to reduce gas supplies to Europe and that there is a risk of gas shortages in Europe next winter.
If we look at Commodities in general, the conclusion can only be that the prospects are not good now that economic growth is declining rapidly, and more and more countries will enter into a recession. A good example of this is the recent drop in oil prices to its lowest level since Russia's invasion of Ukraine.
Our conclusion therefore remains that the rally in Commodities has come to an end for the time being as the economy is heading for recession and inflation looks set to ease soon.
Finally, some charts and comments about the housing market. The prospects for the (American) housing market remain poor. According to the Goldman Sachs Affordability Index, houses have not been this expensive since 2007. This is a result of both the sharp rise in house prices and the rise in mortgage rates. Not surprisingly, the National Association of Home Builders Index has fallen sharply recently.
In most (G7) countries, house prices have risen enormously in real terms, i.e. adjusted for inflation, over the past 20 years. This price increase is largely due to the sharp fall in mortgage rates and only to a limited extent to an increase in wages.
As it seems unlikely that capital market and mortgage rates will fall again to the levels we saw during the Covid-19 crisis and the fact that it is undesirable for house prices to fall by 30%, time seems to be the best solution to improve the affordability of houses. If house prices do not or hardly rise in the coming years while wages do, affordability improves over time without this leading to a new financial and economic crisis.
Disclaimer:
While the information contained in the document has been formulated with all due care, it is provided by Trustmoore for information purposes only and does not constitute an offer, invitation or inducement to contract. The information herein does not constitute legal, tax, regulatory, accounting or other professional advice and therefore we would encourage you to seek appropriate professional advice before considering a transaction as described in this document.
No liability is accepted whatsoever for any direct or consequential loss arising from the use of this document.
The text of this disclaimer is not exhaustive, further details can be found here.
RECEIVE OUR INVESTMENT NEWSLETTER IN YOUR INBOX
Effective Date:
18-06-2021 Version: 1
20-05-2021 Version: 2
Main change: The Cookie Policy is not an annex of this policy, but a separate policy. List of sub-processors is not an annex of this policy, but a separate list.
KEY PRINCIPLES
The protection of privacy and security of Personal Data is very important to Trustmoore. Any processing of Personal Data relating to identified or identifiable natural person will only be processed in accordance with this Policy.
1. Definitions
| Board | Trustmoore’s highest decision-making and executive body deciding on all matters that have impact on Trustmoore. |
| Client | Natural person or company with which TM enters into a business relationship or for which a trust service is performed. |
| Controller[1] | The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of processing of Personal Data; |
| Consent | It is any freely given, specific, informed and unambiguous indication of the data subject by which he or she agrees with the processing of their Personal Data. |
| Data Breach | A breach exists in case of accidental or intended unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise processed. |
| Data Protection Laws | The legislation regarding data privacy which may be applicable, based on the location of the TM service provider and of the Data Subject, such as the EU General Data Protection Regulation 2016/679 ("GDPR") or any other applicable data protection, privacy laws or privacy regulations. |
| Data Subject | A natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, account number, information about payments made from the bank account, among others. |
| Joint Controllers | Entities that jointly determine the “means and purposes” of the processing of Personal Data. |
| Personal data | Means any information relating to a Data Subject. |
| Processing of Personal Data | Personal data processing is a broad concept that encompasses everything that can be done with personal data. For example, “using”, “destroying” and “providing” are forms of processing. This Policy refers to any operation or set of operations which may be performed on Personal Data or on sets of Personal Data. |
| Processor | Processor is a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the controller. |
| Recipient | Recipient is a natural or legal person, public authority, agency or another body, to which the Personal Data are disclosed, whether a Third Party or not. |
| Sub Processor | The legal or natural person appointed by the processor to process Personal Data on behalf of the Controller. |
| Third Party | An individual or a company (i.e. consultants, agents, intermediaries, representatives, subcontractors, suppliers) that performs work, provides a service or sells goods to TM. |
Terms that are capitalized, but not defined in this Policy have the same meaning as in Trustmoore Compliance Charter and Framework.
2. Background, Scope & Purpose
TM recognizes the expectations of its Clients and Employees, and the inherent risk that has the privacy, confidentiality and security of their personal data when it resides within TM.
This Personal Data Protection Policy (hereinafter referred as the “Policy") describes the privacy practice standards of TM for mitigating the risk, regarding the processing of personal data: what type of personal data TM collects, why and how TM collects, uses and stores it; the legal basis for processing it; and TM’s rights and obligations in relation to such processing.
TM globally applies this Policy as a minimum standard for protecting Personal Data of its Clients and Employees around the world. Furthermore, each TM service provider is also in charge of ensuring the application of local regulations [2].
3. Types of Personal Data
The Personal Data that TM collects and processes may depend on the type and scope of the services provided:
| Services | Types of personal data |
| Corporate Services |
First name and family name, address, telephone, email, nationality, date of birth, place of birth, gender, Tax / Social / National identification number, compensation and benefits financials, user account details, job title, Client ID, signature, bank account details. |
| Human Resources and Payroll |
First name and family name, address, telephone, email, nationality, date of birth, place of birth, gender, marital status, Tax / Social / National identification number, compensation and benefits financials, user account details, job title, employee ID, Client ID, signature, bank account details, health status related data. |
4. Mitigating measures regarding the risk of processing Personal Data:
4.1 Use of personal data
TM shall not process, transfer, modify, amend or alter the personal data or disclose or permit the disclosure of the personal data to any Third Party other than:
- As necessary to process Personal Data to provide the Services and/or otherwise in accordance with the documented instructions of the Client (e.g. contractual provisions), or
- As required to comply with Data Protection Laws or other laws (e.g. tax regulatons) to which TM is subject, in which case TM shall (to the extent permitted by law) inform the Client of that legal requirement before processing the Personal Data.
It is important to highlight that sometimes it may be necessary to conclude a contract, which includes Personal Data that must be subsequently processed by TM. The Data Subject is, for example, obliged to provide TM with specific Personal Data when our company signs a contract with him or her. The non-provision of Personal Data would have the consequence that the contract with the Data Subject could not be concluded.
However, before the Data Subject provides its Personal Data to TM, he or she may contact a TM employee in order to clarify the scope and purpose of this collection. The employee clarifies to the Data Subject whether the provision of Personal Data is required by law or is necessary for the conclusion of the contract, and also the consequences of non-provision of the personal data.
4.2 Storage of personal data
Personal data will be kept for the duration of the business relationship with Trustmoore and the years stipulated on local regulations for complying with all legal, regulatory and internal policy purposes. After expiration of this retention period, the corresponding data is routinely deleted.
Personal Data can be stored on Trustmoore systems, or third-party systems to which TM has been provided access to for the provision of Services. Personal data in hard copy files will be stored in locked cabinets, that can only be accessed if an employee of Trustmoore is present in that space.
4.3 Lawfulness of Processing
As a minimum legal standard, all processing of Personal Data must comply with the following general data quality principles, therefore Personal Data must be: (i) processed fairly and lawfully; (ii) collected for specific, explicit and legitimate purposes and not processed in a manner incompatible with those purposes; (iii) adequate, relevant and not excessive; (iv) accurate and, where necessary, up to date; (v) kept in an identifiable form for no longer than necessary; and (vi) kept secure.
Further, TM may only process Personal Data when either of the following legitimate purposes apply:
- Consent: The Data Subject has given consent to the Processing of his or her Personal Data for one or more specific purposes.
- Performance of Contract: Processing of Personal Data is necessary for the performance of a contract to which the Data Subject is party, or in order to take steps at the request of the Data Subject prior to entering into a contract;
- Legal Obligation: Processing of Personal Data is required for complying with a legal or regulatory obligation (including the laws of the financial sector, anti-money laundering and tax laws) to which TM is subject;
- Vital interest of the Data Subject: Processing of Personal Data is necessary for protecting the vital interests of the data subject or of another natural person;
- Task carried out in the public interest: Processing of Personal Data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority.
- Legitimate interests: Processing of Personal Data is necessary for the purposes of the legitimate interests pursued by TM, except where such interests are overridden by the interests or fundamental rights and freedoms of the Data Subject which require protection of Personal Data, in particular where the Data Subject is a child.
It is Trustmoore’s obligation to identify the appropriate basis for processing, and to document it accordingly using the form ‘Record of Processing Activities’ [3].
TM must provide Data Subjects with a privacy notice setting out how the employees or client’s Personal Data will be processed [4].
4.3 Subprocessing
TM may be required to appoint certain Third Parties to provide part of the services to its Client and Employee, or assist with providing technical support, such as I.T. service providers or other suppliers. By signing the Contract or Service Agreement, depending on the case, the Employee or the Client authorises TM to subcontract the Processing their Personal Data to Subprocessors.
Subprocessors are in each case subject to the terms and conditions laid down by TM, which are no less protective than those set out in this Policy and Contract or the Service Agreement. TM will inform the Client or Employee of the details of such Subprocessor(s) upon written request from the Data Subject. TM will inform the Client or Employee in advance of any intended changes concerning the addition or replacement of Subprocessors and thereby give the Data Subject the opportunity to object to such changes. If the Client or Employee does not object in writing within five (5) days of receipt of the notice, the Data subject is deemed to have accepted the new Subprocessor. If the Client or Employee does object in writing within five (5) days of receipt of the notice, TM and the Client or Employee will discuss possible resolutions.
4.4 Joint Controller
In case Trustmoore acts as a Director of the object company, it will act as a Joint Controller[5] and will sign the Record of Processing Activities. Since Trustmoore determines the purpose and means of the processing of Personal Data of the object company, its role as a Joint Controller together with the Client is justified. In all other cases in which Trusmoore will provide services to the Client, it will act as a Processor, within the meaning of the Processor definition.
4.5 Rights of Data Subjects
TM takes appopriate measures to comply with Data protection laws in order to ensure Data Subjects rights. In case Data Subjects have any questions, requests or complaints regarding their rights, they are encouraged to contact TM via [email protected]. A written question, request or complaint should have a clear subject related to the rights of the Data Subjects, that are listed in the Annex IV ‘Right of Data Subjects’ of this Policy.
4.6 Personal Data Breach
A breach exists in case of accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise processed. For the avoidance of doubt, even in cases where it is not certain whether any Personal Data was actually accessed, the existence of the (possibility to) access the data in question qualifies as a breach. This means that any possible access to encrypted devices of Trustmoore accompanied with an unauthorised disclosure of passwords will qualify as a data breach, unless there are security reasons justifying the access to encrypted devices. Below is a list of examples of Data Breaches:
- A USB drive with unencrypted documents containing personal data is left/lost/stolen in a public environment;
- A corporate email account is hacked or otherwise (presumably) accessed by anyone not granted access by the IT manager;
- (desktop) computers and/or servers containing personal data are stolen from (outside) the office.
4.7 Management of a Data Breach
All Data Breaches discovered or caused by employees of Trustmoore will be notified to the IT-Manager immediately and in any case within 24 hours. Where applicable an assessment will be made of the need to inform the local supervisory authority [6] .
If notification is required, it must be done not later than 72 hours after having become aware of it. The notification is not required in case there is no risk to the rights and freedom of natural persons. Where the notification to the supervisory authority is not made within 72 hours, it shall be accompanied by reasons for the delay. Assessment whether in case of a Data Breach there was a risk to the rights and freedom of natural persons is to be done by Data Privacy Officer in collaboration with a Compliance Officer. The data breach notification obligation reflects a risk based approach. When assessing the impact of the breach the following must be taken into account:
- Type of breach;
- Nature, sensitivity, and volume of personal data;
- Ease of identification of individuals;
- Severity of consequences for individuals;
- Special characteristics of the individual;
- Special characteristics of the data controller;
- The number of affected individuals.
All the above factors need to be carefully assessed each one separate or in combination with the others to indicate the level of the risks to the individuals.
In cases where the Data Breach is likely to be deemed high risk to the rights and freedom of natural persons, Trustmoore shall also notify the Data Subject regarding the Data Breach without undue delay. The notification must at least describe the nature of the Data Breach, the categories and approximate number of Data Subjects and records concerned, details of the contact point, the likely consequences and the measures proposed to be taken. In case Trustmoore has taken subsequent measures which ensure that the high risk to the rights and freedoms of Data Subjects is no longer likely to materialize, no notification is required.
Alternatively, whenever TM is acting as Data Processor only any Data Breach must be notified to the Data Controller - Information Security Policy.
All Data Breaches discovered or caused by employees of Trustmoore will be notified to the I.T.-Manager immediately and in any case within 24 hours.
4.8 Confidentiality and Security
TM keeps the Personal Data confidential and will ensure its staff and Sub-processors are bound by the same confidentiality obligation. TM implements appropriate technical and organisational measures to protect Personal Data; preventing unauthorized or unlawful access to it. - Information Security Policy.
4.9 Training and Awareness
Local Statutory Board supported by the CF should ensure a proper level of awareness of this Policy by means of providing trainings and awareness sessions. Each Trustmoore employee must adhere to and comply with this Policy and raise any questions and concerns with respect to this Policy to the CF.
4.10 Reporting and Escalation
Employees must report instances of non-compliance with this Policy to their line manager who reports to Local Statutory Board. Material issues must also be reported to the Global Risk and Compliance Board. Local authorities together with the regulator should be informed in accordance with local rules.
In case hierarchical reporting is not possible or appropriate, Trustmoore employees may report a (suspected) incident or a concern via the whistleblowing channel in accordance with Trustmoore Whistleblowing Policy.
5. Website
This Policy also applies to the collection of Personal Data through our website. With regard to the collection of Personal Data through Cookies.
6. Roles and Responsibilities
- The Board - approves this Policy and oversees its implementation on Trustmoore level.
- Local Statutory Board - responsible for the proper implementation of this Policy at the local level, proper level of awareness and for ensuring that personal data privacy is adequately addressed by means of allocating appropriate resources for the day-to-day management of Personal Data.
- Employees - responsible for ensuring personal data privacy in his/her daily work and for complying with this Policy by following the rules, attending compliance training and awareness sessions.
- Compliance Function (the “CF”) - responsible for providing an oversight, guidance and monitoring with regards to the rules and requirements of this Policy in accordance with the Compliance Charter.
- Audit Function – responsible for providing an independent review of the activities performed by the 1st and 2nd lines of defence in connection with this Policy.
7. Governance
This Policy is a Level I Policy that provides a global de-minimis norm that will be adopted by and implemented in all entities of the Trustmoore Group. Variations in accordance with local procedures are permitted in a Level II policy in accordance with the Group Corporate Governance Policy to the extent that they process Personal Data.
The CF is responsible for amending this Pesonal Data Protection Policy in order to remain compliant with any changes in law and/or to reflect how our business processes personal data. This version was created on 18 March 2020. The most recent version is available at TM.com, as well as on the local Trustmoore websites in each country where we operate.
[1] Controller, Joint Controller and Processor are terms based on the GDPR, which will be only used for Curaçao in those cases where GDPR is applicable.
[3] For TM entities outside the EU, the Record of Processing Activities will be only mandatory in those cases where GDPR is applicable.
[4] For TM entities outside the EU, the application of this varies depending on their local regulation.
[6] This section shall not apply to TM entities with no relevant local regulation regarding data breach notification obligation and data authorities. In the aforementioned TM locations, all Data Breaches discovered or caused by employees of TM will be notified to the Local Statutory Board and CF immediately, and in any case within 24 hours. Where applicable, an assessment will be made of the need to inform the local supervisory authority.
[2]
ANNEX I: Data protection authorities and legislation
| Data protection authorities and legislation | |||
| Countries | Authority | Website | Legislation |
| Bulgaria | Commission for Personal Data Protection | https://www.autoriteitpersoonsgegevens.nl/ | https://www.cpdp.bg/en/index.php?p=rubric&aid=2
|
| Curacao | Data Protection Board (College Bescherming Persoonsgegevens)-not yet appointed | https://irp-cdn.multiscreensite.com/9e98b338/files/uploaded/Landsverordening-bescherming-persoonsgegevens-Curacao-4-9-2010.pdf
|
|
| Cyprus | Office of the Commissioner for Personal Data Protection | http://www.dataprotection.gov.cy/ | http://www.dataprotection.gov.cy/dataprotection/dataprotection.nsf/page3b_en/page3b_en?opendocument |
| Gibraltar | Gibraltar Regulatory Authority | https://www.gra.gi | https://www.gra.gi/data-protection/legislation |
| Hong Kong | Privacy Commissioner for Personal Data | https://www.pcpd.org.hk/ | https://www.elegislation.gov.hk/hk/cap486!en-zh-Hant-HK.pdf?FROMCAPINDEX=Y |
| Ireland | Data Protection Commission (DPC) | https://www.dataprotection.ie/ | https://www.dataprotection.ie/en/legal/data-protection-legislation
|
| Luxemburg | Commission Nationale pour la Protection des Données | https://cnpd.public.lu/en.html | https://cnpd.public.lu/en/legislation/droit-lux.html |
| Malta | Office of the Information and Data Protection Commissioner | https://idpc.org.mt/ | https://idpc.org.mt/en/Pages/dp/legislation.aspx |
| Netherlands | Authoriteit Persoonsgegevens | https://www.autoriteitpersoonsgegevens.nl/ | https://wetten.overheid.nl/BWBR0040940/2018-05-25 |
| United Kingdom | Information Commissioner’s Office (ICO) | https://ico.org.uk/ | https://www.gov.uk/data-protection |
| Singapore | Personal Data Protection Commission Singapore | https://www.pdpc.gov.sg/ | https://www.pdpc.gov.sg/Legislation-and-Guidelines/Legislation |
ANNEX II: Right of the Data Subjects
a) The right to be informed: Data Subjects have the right to be informed about the collection and use of their personal data. In case they have question, a request or a complaint regarding their rights, they are encouraged to contact TM via [email protected].
b) The right of access: Data subjects will have a right to access copies of their personal data by making a written request to the controller. The initial request is free, though a charge can be made for subsequent requests. Controllers can refuse the request if it is manifestly unfounded or excessive. The response must be provided within a month, though this can be extended by two months if the request is complex.
c) The right to rectification: Data Subjects have the right to obtain from the controller the rectification of inaccurate personal data concerning him or her.
d) The right to erasure (right to be forgotten): Data Subject can ask that their data be deleted in certain circumstances. However, those circumstances are relatively limited, for example where the processing is based on consent, that consent is withdrawn and there are no other grounds for processing. Even where the right does arise, there are range of exemptions, for example where there is a legal obligation to retain the data.
e) The right to restrict processing: Data Subjects have the right to request the restriction or suppression of their Personal Data in certain circumstances/
f) The right to data portability: Data subjects will also have a right to data portability where the condition for processing Personal Data is consent or the performance of a contract. It entitles individuals to obtain any personal data they have “provided” to the controller in a machine-readable format. Individuals can also ask for the data to be transferred directly from one controller to another.
g) Right to object: A Data Subject can object to their Personal Data being processed for direct marketing purposes at any time. This includes the processing of their personal data for profiling purposes.
h) Rights in relation to automated decision making and profiling: TM can only carry out this type of decision-making where the decision is:
i. necessary for the entry into or performance of a contract;
ii. authorized by Union or Member state law applicable to the controller;
iii. or based on the individual’s explicit consent.
© 2020 TRUSTMOORE
ISAE3402 CERTIFIED