Privacy Notices

Central Registry – Companies Registry

This notice sets out how we handle your personal data and how we comply with the requirements of the General Data Protection Regulation (GDPR).

Visit our website

If we do want to collect personally identifiable information through our website, /categories/business-and-industries/companies-registry/, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it; it will be kept securely, and the only people who have access to personal information are those who have a legitimate need to.

The Companies Registry website is part of the Isle of Man Government website, www.gov.im, which is owned by the Cabinet Office. Their Privacy Notice in relation to how you use www.gov.im and the use of cookies, can be found at the top of each page next to the Terms and Conditions or following this link: /about-this-site/privacy-notice/

Contact us by email, in person, by post or over the phone

If you contact us to make an enquiry about our services you will need to provide us with your name, contact details and any other information necessary to enable us to help you. We process this information to answer your enquiry.  

Details of any financial transaction will be retained within our daily accounting records for 6 years. Only Central Registry team members can access the information; other correspondence may be retained for a minimum of 6 years and a maximum of 25 years, depending on the subject and the retention periods defined by the retention schedule. 

How will we securely process personal data?

All personal information is kept with the highest standards and safeguards in place. This includes technical security, preventing unauthorised access, undertaking audits and maintaining backups:

  • Emails - Email communications are stored on our Isle of Man Government email system, Microsoft Outlook for the duration of your enquiry/request. Email mailboxes are accessed by the team responsible for that service/product. Such emails will only be shared in order to address your enquiry or request.

We encrypt and protect all our emails in line with government standards. If your email service does not support this encryption, you should be aware that any emails we send or receive may not be protected in transit. We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.

  • Isle of Man Government Secure Network – There are strict access controls in place meaning that only  those that have a business need to do so; the Central Registry team and senior managers have access to  documents and information on the network. The administration of the IOMG Secure Network is undertaken by Government Technology Services in the Cabinet Office; however, they are unable to access the content of any records and so will not be able to access your personal information
  • Manual records – If we need to hold your personal information manually, we will hold it on site in our own secure, restricted access storage areas.

If a member of the Central Registry team believes your communication identifies criminal or other illegal activity they may notify the Police or other regulators on the Isle of Man. They will not seek your consent for this disclosure.   /about-the-government/statutory-boards/financial-intelligence-unit/suspicious-activity-reports/

If you are an officer of a company or other corporate entity

This section of the privacy notice sets out how the Registrar General  (“the registrar”) handles the personal data of officers of companies and other corporate entities, and sets out how the registrar ensures that the public register of companies (“the register”) complies with the requirements of the General Data Protection Regulation (GDPR).

As a registration authority, we have a statutory obligation to compile and maintain public registers, and to make these registers available for public inspection. This is essential to ensure the information is transparent and readily available by placing certain information in the public domain.

The Companies Registry is responsible for maintaining the following registers:

  • Industrial societies under the Industrial & Building Societies Acts 1892 to 1979
  • Limited partnerships under the Partnership Act 1909
  • Business names under the Registration of Business Names Acts 1918 & 1954
  • Companies in terms of the Companies Acts 1931 to 2004
  • LLC in terms of the Limited Liability Companies Act 1996
  • Companies under the Companies Act 2006
  • Foundations established under the Foundations Act 2011
  • Foreign companies in terms of Foreign Companies Act 2014

The term ‘company’ is used in this document to include all the above.

To compile these registers we collect information that is prescribed within the appropriate acts of Tynwald. We collect this information via an application form, usually sent to us by the responsible person identified within the appropriate Act. It is also possible for an authorised person to submit information electronically through the Isle of Man Government’s on-line portal.

Once processed, this information is entered on the public register and is available for public inspection. We keep this data permanently as part of our statutory obligations.

The Department is also responsible for maintaining the Isle of Man Register of Beneficial Ownership in terms of the Beneficial Ownership Act 2017. Access to information on this register is restricted.

Identity of controller and Data Protection Officer (DPO)

The Registrar General (The registrar) is the controller of your personal data. This means it is the registrar who decides how and why your personal data is processed. The registrar does this by referring to the statutory provisions within the Acts that establish the respective registers.

Department for Enterprise Data Protection Officer:

St George’s Court, 
Upper Church, Street,
Douglas, 
Isle of Man, IM1 1EX

Tel: - +44 1624 686733

Email: DPO-DfE@gov.im

Isle of Man Information Commissioner:

Isle of Man Information Commissioner, 
P.O. Box 69, 
Douglas, 
Isle of Man, IM99 1EQ

Tel: +44 1624 693260 
Email:  ask@inforights.im  Web - inforights.im

Purpose for processing

Personal data featuring on the public registers maintained by the registrar is processed for the purpose of making data available for public inspection under a statutory obligation. The registrar’s legal basis for processing is described in more detail in the attached schedule.

Lawful basis for processing

The registrar is required by provisions with the following Acts to receive and make information, including personal data, publicly available:

  • Industrial & Building Societies Acts 1892 to 1979
  • Partnership Act 1909
  • Registration of Business Names Acts 1918 & 1954
  • Companies Acts 1931 to 2004
  • Limited Liability Companies Act 1996
  • Companies Act 2006
  • Foundations Act 2011
  • Foreign Companies Act 2014
  • Company Officers (Disqualification) Act 2009

The Data Protection Act 2018 introduces some domestic exemptions. In the GDPR and LED Implementing Regulation (Schedule 9, Part 1, Para 6) Information required to be disclosed by law etc. or in connection with legal proceedings. 

Certain provisions of the GDPR do not apply to personal data consisting of information that the controller has a legal obligation to make available to the public, to the extent that the application of those provisions would prevent the controller from complying with that obligation. Since the registrar is required to make information available to the public, the registrar is entitled to rely on this exemption. Therefore, the registrar has an exemption from some elements of the GDPR, including: 

  • the requirement to provide ‘privacy notices’ to individuals
  • the requirement to provide personal data in response to subject access requests
  • the requirement to rectify personal data when it is inaccurate
  • the requirement to comply with requests to be ‘forgotten’ 

This means it is unlikely the registrar will be required, or able, to comply with any exercise of these GDPR rights in respect of personal data appearing on the public register. For example, the registrar will be unable to comply with any request for an individual to be ‘forgotten’ from the public register where there is a legal obligation on the registrar to continue to make this personal data available.

The registrar is also under no obligation to provide information free of charge if a statutory fee is prescribed to provide the information. The information will be provided upon payment of the prescribed statutory fee.

The registers maintained by the registrar are available through the Isle of Man Government online services website which is owned by the Cabinet Office:

https://services.gov.im/

If you have any queries or concerns about this, please contact the DPO at:

Email- DPO-DfE@gov.im

Presenters’ details

If you file a paper form, you have the option to include certain contact details for the presenter of the form. If you include these presenter details, they will be placed onto the public record in the same way as all other information contained within the filing.

What we do with your data

Before becoming an officer of a company or other entity, it is important that you are familiar with the legal implications. As a company officer, we are required by law to publish some of your personal data on the register. The register is publicly available and accessible by anyone.

Commercial organisations sometimes use data from the register to create their own online products. These organisations then become controllers of your personal data. These organisations must establish how they comply with the data protection law as set out in the GDPR. If you have any concerns about company data on third party products and websites, please contact the organisation directly. We are not able to advise other organisations on GDPR compliance, and we cannot advise you on whether other organisations are complying with the law. 

Non-public data

In the case of the Beneficial Ownership Act 2017, access to the database is restricted to competent authorities defined by the Act (see sections 3(1) and 15(3) of the Beneficial Ownership Act 2017).

If you apply to reserve a new company name or to change the name of an existing company your name, address, telephone number and e-mail address (if provided) will be held electronically. This information is only available to staff within the Companies Registry.

Data processors

Since the registrar is a controller for personal data appearing on the register, the registrar is not acting as a data processor (as defined by the GDPR) when maintaining a public register. Individuals, companies, agents and other representatives provide personal data for the public register because they are required to by law, and not for the registrar to process personal data on their behalf.

Overseas transfers

The registers maintained by the Companies Registry are freely accessible and available to the public, including overseas. Article 15(1)(g) of the GDPR states that a transfer of personal data overseas can take place in the absence of specific safeguards where the transfer is made from a register intended to provide information to the public. This means we do not need to consider the adequacy of data protection regimes in all countries before making the public register freely available online.

Retention of personal data

Data that has always been a matter of public record may be retained if the registrar considers it is necessary to fulfil a public function and/or crime prevention of money laundering or fraud. The data may also be retained permanently for historical research and statistical purposes under provisions within the Public Records Act 1999.  This includes records of dissolved companies as following dissolution of a company, legal rights and relations do continue to exist i.e. for restoration, bringing proceedings against former directors.

Complaints

If you have a complaint about the way we are managing your personal data, you can let us know in the first instance by writing to: DPO-DfE@gov.im

If you are still dissatisfied, you can raise your concerns with:

Isle of Man Information Commissioner, 
P.O. Box 69, 
Douglas, 
Isle of Man, IM99 1EQ

Tel - +44 1624 693260 
Email - ask@inforights.im  
Web -  www.inforights.im

If you have contacted us with a complaint or enquiry

You may have written to us, or contacted us by phone, because you have a complaint, or to ask a question. This section of the privacy notice sets out how we comply with GDPR in handling your correspondence.

If you contact us by phone or in writing, we have no control over the personal data you include in your correspondence, or that you tell us about. We would always advise you to limit the amount of personal data you include in your correspondence, as much as possible. Once received, your personal data will be handled in line with the following privacy notice. This also applies to the personal data of any third-parties that can be identified from your correspondence.

Identity of controller and Data Protection Officer (DPO-DFE)

The registrar is the controller of your personal data. This means it is the registrar who decides how and why your personal data is processed. As the registrar is responsible for operating the register, they are also responsible for handling complaints and queries about the register.

Purpose for processing

When you write to us or call us with a complaint or enquiry, your personal data will only be used for the purpose of handling, investigating and resolving your issue. We will use the contact details provided to respond to your correspondence. If you have made a complaint about a third-party, we may use the contact details you have provided for them to investigate your issue.

Call recording

Telephone calls are not recorded by the Central Registry. An answer phone is used during busy periods and any recording is deleted as soon as the enquiry is dealt with.

Lawful basis for processing

Our core public function is to provide a public register that are available for anyone to inspect. We consider the handling of complaints and enquiries about the public register a necessary process for this public function.

Retention of personal data

The Registrar general retains written correspondence from customers but does not make this information available to the public. Correspondence will be associated with the appropriate company file but in a private folder that is only available to Central Registry staff.  Other correspondence may be retained for a minimum of 6 years and a maximum of 25 years, depending on the subject and the retention periods defined by the retention schedule. 

Individual rights

The GDPR provides certain rights that individuals may exercise in respect of their own personal data. If you want to exercise any of these rights, you can contact the DPO-DFE.

There may be some circumstances in which we cannot comply with your request. Such as, if we have a legal duty to keep data, or to process it in a particular way. We will handle all requests to exercise GDPR rights on a case-by-case basis.

Complaints

If you have a complaint about the way we are managing your personal data, you can let us know in the first instance by writing to DPO-DfE@gov.im

If you are still dissatisfied, you can raise your concerns with:

Isle of Man Information Commissioner, 
P.O. Box 69, 
Douglas,
Isle of Man, IM99 1EQ

Tel - +44 1624 693260 
Email - ask@inforights.im 
Web -  www.inforights.im 

If you are a subscriber to our web services, or conduct searches of the public register

All searches and web services are conducted through the Isle of Man Government online services website which is owned by the Cabinet Office. The privacy notice for this service is available here:

https://services.gov.im/terms-and-conditions/privacy-notice

If you have any questions on this Privacy Notice please email the Cabinet Office Data Protection Officer. Email: DPO-CabOff@gov.im   

In respect of payment for services supplied to you by the Companies Registry - either to debit the account maintained by you with the search / transaction fees incurred by you, or to debit your debit/credit card if you opt to use same to pay for those services. Companies Registry policy is to retain the minimum amount of information necessary to be able to deal with any subsequent queries regarding the transaction. 

Register of Limited Partnerships - privacy information

Register of Limited Partnerships - privacy information

How will we collect it?

Limited partnerships under the Partnership Act 1909 – section 58

There are provisions within the above Act that requires information to be provided to DFE.

Information may be submitted manually on paper or (if available) to the Companies Registry electronically through online services.

What will we collect?

Full name and address of each partner / limited partner / director.

Name and address of person appointed to accept service.

Address of principal place of business which may or may not be residential address of a partner.

The name and address of the nominated officer – Beneficial Ownership Act 2017 – section 7

Sensitive data?

-

Why we will process it?

There is a statutory obligation on DFE to issue a certificate of registration to establish the limited partnership as well as recording other defined transactions; to act as a repository for all statutory documents and to make them available to the public.

There are extensive statutory obligations on the DFE within the following:

Partnership Act 1909

How will we store it?

All statutory forms are checked for compliance with the Acts and if accepted are electronically scanned and the image is indexed and stored on a server within GTS. The paper record is stored within a secure unit maintained by DFE.

Who will have access to it?

DFE maintains and hold the register for the public (not Government per se).

Any person can ask to see and obtain a copy of any document submitted to the DFE under the Act.

Public access prescribed in the Partnership Act 1909 – section 58.
Access is through Government's Online Services Portal.

Who will we share it with?

DFE maintains and hold the register for the public (not Government).

The information is available on the Companies Registry system COREGSIS on the Government network and the Income Tax Division receive a direct feed rather than re-key information into their IT System.

How will it be kept secure?

The information held by DFE is a matter of public record. The electronic information is held by GTS within their secure system. Paper records are maintained within a secure storage unit.

COREGSIS is hosted within a tier 3, resilient data centre which in turn is managed by an accredited, on Island datacentre provided.

The system and changes are processed by GTS, an ISO27001, Cyber Essentials organisation.

How long will we keep it for?

Partnership Act 1909, Section 60 – DFE may at any time after 12 years dispose of documents that are not of sufficient value to retain them.

Or **

These records will be subject to the Public Records Act 1999.

**Data that has always been a matter of public record may be retained if it is considered necessary to fulfil a public function and/or crime prevention of money laundering or fraud. The data may also be retained for historical research and statistical purposes. Following dissolution of a company, legal rights and relations do continue to exist i.e. for restoration, bringing proceedings against former directors.

Register of Industrial Societies - privacy information

Register of Industrial Societies - privacy information

How will we collect it?

Industrial societies under the Industrial & Building Societies Acts 1892 to 1979

There are provisions within the above Act that requires information to be provided to DFE.

Information may be submitted manually on paper or (if available) to the Companies Registry electronically through online services.

What will we collect?

The names of the Management Committee and officers including President, Treasurer, Secretary

Name of the directors
Optional-Name and address of members and number of shares held. Mostly historic information.

Sensitive data?

-

Why we will process it?

There is a statutory obligation on DFE to issue a certificate of incorporation to establish the company as well as recording other defined transactions; to act as a repository for all statutory documents and to make them available to the public.

There are extensive statutory obligations on the DFE within the following:
The Industrial & Building Societies Acts 1892 to 1979.

How will we store it?

All statutory forms are checked for compliance with the Acts and if accepted are electronically scanned and the image is indexed and stored on a server within GTS. The paper record is stored within a secure unit maintained by DFE.

Who will have access to it?

DFE maintains and hold the register for the public (not Government per se).

Any person can ask to see and obtain a copy of any document submitted to the DFE under the Act.

Public access prescribed in the Industrial & Building Societies Acts 1892 section 15
Access is through Government's Online Services Portal.

Who will we share it with?

DFE maintains and hold the register for the public (not Government).

The information is available on the Companies Registry system COREGSIS on the Government network and the Income Tax Division receive a direct feed rather than re-key information into their IT System.

How will it be kept secure?

The information held by DFE is a matter of public record. The electronic information is held by GTS within their secure system. Paper records are maintained within a secure storage unit.

COREGSIS is hosted within a tier 3, resilient data centre which in turn is managed by an accredited, on Island datacentre provided.

The system and changes are processed by GTS, an ISO27001, Cyber Essentials organisation.

How long will we keep it for?

Industrial & Building Societies Act, Section 24A – DFE may at any time after 12 years dispose of documents that are not of sufficient value to retain them.

Or **

These records will be subject to the Public Records Act 1999.

**Data that has always been a matter of public record may be retained if it is considered necessary to fulfil a public function and/or crime prevention of money laundering or fraud. The data may also be retained for historical research and statistical purposes. Following dissolution of a company, legal rights and relations do continue to exist i.e. for restoration, bringing proceedings against former directors.

Registration of Business Names - privacy information

Registration of Business Names - privacy information

How will we collect it?

Business names under the Registration of Business Names Acts 1918 & 1954 – section 18

There are provisions within the above Act that requires information to be provided to DFE.

Information may be submitted manually on paper or (if available) to the Companies Registry electronically through online services.

What will we collect?

The present first name and surname, any former first name or surname, the

usual residence, of each of the individuals who are partners, and the corporate name and registered or principal office of every corporation which is partner

Sensitive data?

-

Why we will process it?

There is a statutory obligation on DFE to issue a certificate of registration as well as recording other defined transactions; to act as a repository for all statutory documents and to make them available to the public.

There are extensive statutory obligations on the DFE within the following:
Registration of Business Names Acts 1918 & 1954

How will we store it?

All statutory forms are checked for compliance with the Acts and if accepted are electronically scanned and the image is indexed and stored on a server within GTS. The paper record is stored within a secure unit maintained by DFE.

Who will have access to it?

DFE maintains and hold the register for the public (not Government per se).

Any person can ask to see and obtain a copy of any document submitted to the DFE under the Act.

Public access is prescribed in the Registration of Business Names Acts 1918 - section 18

Access is through Government's Online Services Portal.

Who will we share it with?

DFE maintains and hold the register for the public (not Government).

The information is available on the Companies Registry system COREGSIS on the Government network and the Income Tax Division receive a direct feed rather than re-key information into their IT System.

How will it be kept secure?

The information held by DFE is a matter of public record. The electronic information is held by GTS within their secure system. Paper records are maintained within a secure storage unit.

COREGSIS is hosted within a tier 3, resilient data centre which in turn is managed by an accredited, on Island datacentre provided.

The system and changes are processed by GTS, an ISO27001, Cyber Essentials organisation.

How long will we keep it for?

Registration of Business names Acts 1918 & 1954 – there is no statutory provision to dispose of documents.

**

Business name records are of particular interest to social historians as they contain a unique record of early businesses on the IOM.
These records will be subject to the Public Records Act 1999.

**Data that has always been a matter of public record may be retained if it is considered necessary to fulfil a public function and/or crime prevention of money laundering or fraud. The data may also be retained for historical research and statistical purposes. Following dissolution of a company, legal rights and relations do continue to exist i.e. for restoration, bringing proceedings against former directors.

Register of Companies 1931 to 2004 - privacy information

Register of Companies 1931 to 2004 - privacy information

How will we collect it?

Companies in terms of the Companies Acts 1931 to 2004

There are provisions within the above Act that requires information to be provided to DFE.

Information may be submitted manually on paper or (if available) to the Companies Registry electronically through online services.

What will we collect?

The name and address of the subscribers.

The name and address of the presenter.

The name, occupation and residential address of anyone appointed to act as a director or secretary.

The name and address of shareholders. The number of shares held by a shareholder, when purchased and when disposed of.

The name and address of the nominated officer – Beneficial Ownership Act 2017 – section 7

The name and address of a manager if appointed.

Sensitive data?

-

Why we will process it?

There is a statutory obligation on DFE to issue a certificate of incorporation to establish the company as well as other defined transactions; to act as a repository for all statutory documents and to make them available to the public.

There are extensive statutory obligations on the DFE within the following:

  • Companies Act 1931
  • Companies Act 1961
  • Companies Act 1968
  • Companies Act 1974
  • Companies Act 1982
  • Companies Act 1986
  • Companies Act 1992
  • Single Member Companies Act 1993
  • Protected Cell Companies Act 2004

How will we store it?

All statutory forms are checked for compliance with the Acts and if accepted are electronically scanned and the image is indexed and stored on a server within GTS. The paper record is stored within a secure unit maintained by DFE.

Who will have access to it?

DFE maintains and hold the register for the public (not Government per se).

Any person can ask to see and obtain a copy of any document submitted to the DFE under the Act.

Public access is prescribed in the Companies Acts 1931 – section 284A
Access is through Government's Online Services Portal.

Who will we share it with?

DFE maintains and hold the register for the public (not Government).

The information is available on the Companies Registry system COREGSIS on the Government network and the Income Tax Division receive a direct feed rather than re-key information into their IT System.

How will it be kept secure?

The information held by DFE is a matter of public record. The electronic information is held by GTS within their secure system. Paper records are maintained within a secure storage unit.

COREGSIS is hosted within a tier 3, resilient data centre which in turn is managed by an accredited, on Island datacentre provided.

The system and changes are processed by GTS, an ISO27001, Cyber Essentials organisation.

How long will we keep it for?

Companies Act 1931 to 2004.

Set out in the Companies Act 1961, section 2(1) – may at any time after 12 years dispose of documents that are not of sufficient value to retain them.

**

These records will be subject to the Public Records Act 1999.

**Data that has always been a matter of public record may be retained if it is considered necessary to fulfil a public function and/or crime prevention of money laundering or fraud. The data may also be retained for historical research and statistical purposes. Following dissolution of a company, legal rights and relations do continue to exist i.e. for restoration, bringing proceedings against former directors.

Register of 2006 Act Companies - privacy information (4)

Register of 2006 Act Companies
The Companies Act 2006 - privacy information

How will we collect it?

Companies under the Companies Act 2006

There are provisions within the above Act that requires information to be provided to DFE.

Information may be submitted manually on paper or (if available) to the Companies Registry electronically through online services.

What will we collect?

The name and address of the subscribers

The name and address of directors (residential or business address).

The name and address of shareholders

The name and address of the nominated officer – Beneficial Ownership Act 2017 – section 7

The name and address of the registered agent

Sensitive data?

-

Why we will process it?

There is a statutory obligation on DFE to issue a certificate of incorporation to establish the company as well as other defined transactions; to act as a repository for all statutory documents and to make them available to the public.

There are extensive statutory obligations on the DFE within the Companies Act 2006.

How will we store it?

All statutory forms are checked for compliance with the Acts and if accepted are electronically scanned and the image is indexed and stored on a server within GTS. The paper record is stored within a secure unit maintained by DFE.

Who will have access to it?

DFE maintains and hold the register for the public (not Government per se).

Any person can ask to see and obtain a copy of any document submitted to the DFE under the Act.

Public access is prescribed in the Companies Act 2006 – section 209
Access is through Government's Online Services Portal.

Who will we share it with?

DFE maintains and hold the register for the public (not Government).

The information is available on the Companies Registry system COREGSIS on the Government network and the Income Tax Division receive a direct feed rather than re-key information into their IT System.

How will it be kept secure?

The information held by DFE is a matter of public record. The electronic information is held by GTS within their secure system. Paper records are maintained within a secure storage unit.

COREGSIS is hosted within a tier 3, resilient data centre which in turn is managed by an accredited, on Island datacentre provided.

The system and changes are processed by GTS, an ISO27001, Cyber Essentials organisation.

How long will we keep it for?

There is no provision within the Act to dispose of documents

**

These records will be subject to the Public Records Act 1999.

**Data that has always been a matter of public record may be retained if it is considered necessary to fulfil a public function and/or crime prevention of money laundering or fraud. The data may also be retained for historical research and statistical purposes. Following dissolution of a company, legal rights and relations do continue to exist i.e. for restoration, bringing proceedings against former directors.

Register of Limited Liability Companies

Register of Limited Liability Companies - privacy information

How will we collect it?

LLC in terms of the Limited Liability Companies Act 1996 – section 48

There are provisions within the above Act that requires information to be provided to DFE.

Information may be submitted manually on paper or (if available) to the Companies Registry electronically through online services.

What will we collect?

The name and address of the person forming the LLC

The name and address of the members of the LLC

The name and address of the registered agent

The name and address of the nominated officer – Beneficial Ownership Act 2017 – section 7

The name and address of the manager if appointed

Sensitive data?

Yes

Why we will process it?

There is a statutory obligation on DFE to issue a certificate of incorporation to establish the company as well as other defined transactions; to act as a repository for all statutory documents and to make them available to the public.

There are extensive statutory obligations on the DFE within the
Limited Liability Companies Act 1996

How will we store it?

All statutory forms are checked for compliance with the Acts and if accepted are electronically scanned and the image is indexed and stored on a server within GTS. The paper record is stored within a secure unit maintained by DFE.

Who will have access to it?

DFE maintains and hold the register for the public (not Government per se).

Any person can ask to see and obtain a copy of any document submitted to the DFE under the Act.

Public access is prescribed in the Limited Liability Companies Act 1996, section 48

Access is through Government's On-Line Services Portal.

Who will we share it with?

DFE maintains and hold the register for the public (not Government).

The information is available on the Companies Registry system COREGSIS on the Government network and the Income Tax Division receive a direct feed rather than re-key information into their IT System.

How will it be kept secure?

The information held by DFE is a matter of public record. The electronic information is held by GTS within their secure system. Paper records are maintained within a secure storage unit.

COREGSIS is hosted within a tier 3, resilient data centre which in turn is managed by an accredited, on Island datacentre provided.

The system and changes are processed by GTS, an ISO27001, Cyber Essentials organisation.

How long will we keep it for?

Limited Liability Companies Act 1996, Section 52A – may at any time after 12 years dispose of documents that are not of sufficient value to retain them.

Or **

These records will be subject to the Public Records Act 1999.

**Data that has always been a matter of public record may be retained if it is considered necessary to fulfil a public function and/or crime prevention of money laundering or fraud. The data may also be retained for historical research and statistical purposes. Following dissolution of an LLC, legal rights and relations do continue to exist i.e. for restoration, bringing proceedings against former directors.

Register of Foundations - privacy information

Register of Foundations - privacy information

How will we collect it?

Foundations established under the Foundations Act 2011- section 48

There are provisions within the above Act that requires information to be provided to DFE.

Information may be submitted manually on paper or (if available) to the Companies Registry electronically through online services.

What will we collect?

The names and address of the council members

The name and address of the registered agent.

The name and address of the nominated officer – Beneficial Ownership Act 2017 – section 7

Sensitive data?

Yes

Why we will process it?

There is a statutory obligation on the Registrar of Foundations to issue a certificate of establishment as well as other defined transactions; to act as a repository for all statutory documents and to make them available to the public.

There are extensive statutory obligations on the Registrar within the Foundations Act 2011

How will we store it?

All statutory forms are checked for compliance with the Acts and if accepted are electronically scanned and the image is indexed and stored on a server within GTS. The paper record is stored within a secure unit maintained by DFE.

Who will have access to it?

DFE maintains and hold the register for the public (not Government per se).

Any person can ask to see and obtain a copy of any document submitted to the DFE under the Act.

Public access is prescribed in the Foundations Act 2011- section 48

Access is through Government's Online Services Portal.

Who will we share it with?

DFE maintains and hold the register for the public (not Government).

The information is available on the Companies Registry system COREGSIS on the Government network and the Income Tax Division receive a direct feed rather than re-key information into their IT System.

How will it be kept secure?

The information held by DFE is a matter of public record. The electronic information is held by GTS within their secure system. Paper records are maintained within a secure storage unit.

COREGSIS is hosted within a tier 3, resilient data centre which in turn is managed by an accredited, on Island datacentre provided.

The system and changes are processed by GTS, an ISO27001, Cyber Essentials organisation.

How long will we keep it for?

Foundations Act 2012, Section 49 3(b) – May destroy after removed from the register for more than 10 years.

**

These records will be subject to the Public Records Act 1999.

**Data that has always been a matter of public record may be retained if it is considered necessary to fulfil a public function and/or crime prevention of money laundering or fraud. The data may also be retained for historical research and statistical purposes. Following dissolution of a foundation, legal rights and relations may continue to exist.

Register of Foreign Companies - privacy information

Register of Foreign Companies - privacy information

How will we collect it?

Foreign Companies Act 2013.

There are provisions within the above Act that requires information to be provided to DFE.

Information may be submitted manually on paper or (if available) to the Companies Registry electronically through on-line services:

What will we collect?

Name and address of person appointed to accept service

Sensitive data?

Yes

Why we will process it?

There is a statutory obligation on DFE to issue a certificate of registration as well as other defined transactions; to act as a repository for all statutory documents and to make them available to the public.

There are statutory obligations on the DFE within the Foreign Companies Act 2013

How will we store it?

All statutory forms are checked for compliance with the Acts and if accepted are electronically scanned and the image is indexed and stored on a server within GTS. The paper record is stored within a secure unit maintained by DFE.

Who will have access to it?

DFE maintains and hold the register for the public (not Government per se).

Any person can ask to see and obtain a copy of any document submitted to the DFE under the Act. Foreign Companies Act 2013. Section 6(2)
Access is through Government's On-Line Services Portal.

Who will we share it with?

DFE maintains and hold the register for the public (not Government).

The information is available on the Companies Registry system COREGSIS on the Government network and the Income Tax Division receive a direct feed rather than re-key information into their IT System.

How will it be kept secure?

The information held by DFE is a matter of public record. The electronic information is held by GTS within their secure system. Paper records are maintained within a secure storage unit.

COREGSIS is hosted within a tier 3, resilient data centre which in turn is managed by an accredited, on Island datacentre provided.

The system and changes are processed by GTS, an ISO27001, Cyber Essentials organisation.

How long will we keep it for?

Foreign Companies Act 2014, Section 24(3) – May destroy after removed from the register for more than 10 years.

**

These records will be subject to the Public Records Act 1999.

**Data that has always been a matter of public record may be retained if it is considered necessary to fulfil a public function and/or crime prevention of money laundering or fraud. The data may also be retained for historical research and statistical purposes. Following dissolution of a company, legal rights and relations do continue to exist i.e. for restoration, bringing proceedings against former directors.

Register of Beneficial Ownership - privacy information

Register of Beneficial Ownership - privacy information

How will we collect it?

Beneficial Ownership Act 2017

There are provisions within the above Act that requires information to be provided to DFE.

Information may be submitted manually on paper or (if available) to the Companies Registry electronically through on-line services:

What will we collect?

Section 7, 8

Information about the nominated officer: Name, home address on the island.

Section 11
Information about beneficial owner: his or her name, usual residential address, nationality, date of birth, service address, date acquired interest in company and the nature of the interest.

Sensitive data?

Yes

Why we will process it?

There is a statutory obligation on the Department for Enterprise to maintain The isle of Man Database of Beneficial Ownership.

access it for a permitted purpose:

section 3: - "Permitted Purpose"

(a) means any of the following —

(i) the prevention, detection, investigation or prosecution of criminal offences, whether in the Island or elsewhere;

(ii) the prevention, detection, investigation of or the bringing of proceedings for conduct for which penalties other than criminal penalties (including civil and regulatory penalties) are provided under the law of the Island or of any country outside the Island.

How will we store it?

All statutory forms are checked for compliance with the Acts and if accepted are electronically scanned and the image is indexed and stored on a secure server within GTS. The paper record is stored within a secure unit maintained by DFE.

Who will have access to it?

The name of the nominated officer is a matter of public record andi s available to anyone on request.

Only named officers within the Companies Registry have access to BO data. Access is controlled by active directory. Access requires the authority of the director, deputy or manager of the Companies Registry

Who will we share it with?

Access to the database is limited to the competent authorities (see sections 3(1) and 15(3)):

The "competent authorities"
(a) the FIU;
(b) the Attorney General;
(c) the Assessor of Income Tax;
(d) the Authority;
(e) the Chief Constable; or
(f) the Collector of Customs and Excise

How will it be kept secure?

COREGSIS and UBO is hosted within a tier 3, resilient data centre which in turn is managed by an accredited, on Island datacentre provided.

The system and changes are processed by GTS, an ISO27001, Cyber Essentials organisation.

It is an offence within the Act to disclose information, Section 15, 27

Specific provisions within the Act concerning the Data Protection Act and the Freedom of Information Act – sections 37 and 38.

How long will we keep it for?

**

The information will be retained for the life of the company plus the time allowed for the company to be restored if it is or has been struck off – 12 years.

These records will also be subject to the Public Records Act 1999.

Plus **

**Information may be reained if it is considered necessary to fulfil a public function and/or crime prevention of money laundering or fraud. The data may also be retained for historical research and statistical purposes.

Name Approval - privacy information

Name Approval- privacy information

How will we collect it?

Company and Business Names (etc) Act 2012

There are provisions within the above Act that requires name approval to be obtained prior to incorporation or registration of a company or business from DFE.

Information may be submitted manually on paper or (if available) to the Companies Registry electronically through online services.

What will we collect?

Name, Address, Telephone and email of the applicant and the proposed name of the entity.

Sensitive data?

Yes

Why we will process it?

The Act requires anyone seeking to use a name for a company or business to obtain the approval of DFE. The application enables DFE to consider their application and to communication with the applicant. There is provision for others to object to the name after it is approved or registered – section 9.

How will we store it?

Any paper form will be checked for compliance with the Acts and if accepted it will be electronically scanned and the image will be indexed on COREGSIS and stored on a server within GTS. The paper record is stored within a secure unit maintained by DFE.

Who will have access to it?

Access is only available to staff of the Companies Registry.

Who will we share it with?

See SD236/13

  • FSA
  • OFT
  • DEC
  • DFE
  • HSC
  • DOI

How will it be kept secure?

The electronic information is held by GTS within their secure system. Paper records are maintained within a secure storage unit.

COREGSIS is hosted within a tier 3, resilient data centre which in turn is managed by an accredited, on Island datacentre provided.

The system and changes are processed by GTS, an ISO27001, Cyber Essentials organisation.

How long will we keep it for?

There is no statutory provision to destroy these records. They will be retained for the life of the Company or subject to the Public Records Act or **

**Data that has always been a matter of public record may be retained if it is considered necessary to fulfil a public function and/or crime prevention of money laundering or fraud. The data may also be retained for historical research and statistical purposes. Following dissolution of a company, legal rights and relations do continue to exist i.e. for restoration, bringing proceedings against former directors.

Application for Certificate of Good Standing, Misc payments - privacy information

Application for Certificate of Good Standing
Miscellaneoous Payments- privacy information

How will we collect it?

Companies Registry / Central Registry

Debit or Credit Card details

There are provisions within the above Act that requires Companies Registry to provide information that can be ordered manually at the public counter or on-line.

Information may be submitted manually on paper or (if available) to the Companies Registry electronically through online services.

What will we collect?

Name, Address, Telephone and email of the applicant and the proposed name of the entity.

Debit or credit card details

Sensitive data?

Yes

Why we will process it?

To allow direct communication with the applicant and to post the certificates they have applied for

All incorporation or registration fees can be paid by debit or credit card.

Companies Act 2006 Section 209, 211, 212

Companies Act 1931
Section 284A,

How will we store it?

In a paper file with daily cash receipts from the counter.

Debit / Credit card details will be destroyed as soon as the transaction is processed.

Who will have access to it?

Companies Registry counter and management staff for the purpose of reconciling income only

Who will we share it with?

This information will not be shared.

How will it be kept secure?

COREGSIS is hosted within a tier 3, resilient data centre which in turn is managed by an accredited, on Island datacentre provided.

The system and changes are processed by GTS, an ISO27001, Cyber Essentials organisation.

How long will we keep it for?

Name, address, service provided and contact details will be retained for 6 months in case there is a problem. Debit and credit card details are destroyed as soon as the payment is processed

Company Officers (Disqualification) Act 2009 - privacy information

Company Officers (Disqualification) Act 2009 - privacy information

How will we collect it?

The register is the responsibility of the Financial Services Authority who must make it available at the office for the registration of companies.

Company Officers (Disqualification) Act 2009
Section 13(6)

What will we collect?

DFE / Central Registry does not collect any information.

The register contains the name, residential address of the subject as well as nature and means of their disqualification as well as period of disqualification.

Sensitive data?

Name of subject

Why we will process it?

There is an obligation on DFE to make a copy of the register available for inspection

How will we store it?

In a paper file on the public counter.

Who will have access to it?

Available to any member of the public

Who will we share it with?

Available to any member of the public

How will it be kept secure?

Available to any member of the public

How long will we keep it for?

The FSA will update and remove information when it is no longer valid.