Privacy Notice

Merkur Management Limited (MML); including Merkur Services Ltd, Merkur Secretaries Ltd & Merkur Trustees Ltd; as Trust & Company Managers, only collect data from clients and potential clients in accordance with the legal and administrative needs to effectively carrying out their clients requirements.

The data collected is only used in order to comply with the legal and administrative requirements necessary to effectively carry out our duties as Trust and Company Managers, on behalf of our clients and potential clients.

In line with these duties data may be shared with other legitimate parties who require the data in order to comply with legal obligations and/or require the data in order to undertake the work required to service our client's needs (for example; Gibraltar Government Departments, relevant Banks, GFSC, Companies House).

  • Retention

    We will retain your information for the period necessary to fulfill the Purposes for which it was collected, as outlined above, and as otherwise needed to comply with applicable law and internal company policies. At the termination of a contract or business relationship, data will normally be retained for a period of 5 years.

  • Relevant Gibraltar Laws & EU Regulations

    The General Data Protection Regulation (GDPR) (EU) 2016/679 (GDPR)

    The Data Protection Act 2004 ("DPA")

    The Companies Act 2014

    The Income Tax Act 2010

    Gibraltar Financial Services Commission
  • Your Rights

    1. Right to be informed

      The Right to be informed encompasses the obligation for MML to inform individuals about who they are, what they are going to use their data for, and how they will use it.

      It emphasises the need for transparency over how we use personal data. This information is typically provided through a "privacy notice", which must be:

      • Concise, transparent, intelligible and easily accessible.
      • Provided free of charge.
      • Written in clear and plain language, particularly if addressed to a child.
    2. Right of access

      Individuals have the Right to request access to their personal data and supplementary information. This Right allows individuals to be aware of and verify the lawfulness of the processing.

      Under the GDPR, individuals have the Right to obtain:

      • Confirmation that their data is being processed.
      • Access to their personal data.
      • Other supplementary information, as provided in a privacy notice.

      A response to an individual exercising this Right must be provided within one month and free of charge. However, an organisation can charge a reasonable fee when the request is manifestly unfounded or excessive, particularly if it is repetitive.

    3. Right to rectification

      Individuals have the Right to have their personal data rectified if it is inaccurate or incomplete.

      Organisations should respond to requests for rectification within one month. However, this period can be extended to two months where the request is complex.

      Should an organisation refuse to action the request for rectification, the organisation must explain the reasons why to the individual. The individual has the right to complain to the Data Protection Commissioner, (+350) 200 74636.

    4. Right to erasure

      The Right to erasure is also known as "the right to be forgotten".

      Under this Right, an individual can request the deletion or removal of personal data where there is no compelling reason for its continued processing.

      This Right can apply in specific circumstances, such as:

      • Where the individual withdraws consent.
      • The personal data was unlawfully processed.
      • The personal data is no longer necessary in relation to the purpose for which it was originally collected/processed.
    5. Right to restrict processing

      Individuals have the Right to 'block' or suppress the processing of personal data, for example when:

      • An individual contests the accuracy of the personal data being processed.
      • Processing is unlawful, but the individual opposes erasure and request restriction instead.

      Individuals must be informed when organisations lift a restriction on processing.

    6. Right to data portability

      Data portability provides an individual with the Right to:

      • Obtain copies (in a 'reusable format') of data about them, which is held electronically by an organisation.
      • Request for the data to be copied or transferred to another organisation.

      The Right to data portability only applies:

      • To personal data an individual has provided to an organisation.
      • Where the processing is based on the individual's consent or for the performance of a contract.

      An organisation must respond within one month and the information must be provided free of charge.

    7. Right to object

      Individuals have the Right to object to:

      • Pprocessing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling).
      • Direct marketing (including profiling).
      • Processing for purposes of scientific/historical research and statistics.

      Organisations must inform individuals of their Right to object "at the point of first communication" in their Privacy Notice.

    8. Rights related to automated decision making

      Individuals have the Right not to be the subject to a decision when it is based solely on automated means without any human intervention.

      Individuals must be able to:

      • Express their point of view.
      • Obtain human intervention.
      • Obtain an explanation of the decision and challenge it.

      This Right applies to all automated decision making, including profiling.