Register of Beneficial Ownership - privacy information

Register of Beneficial Ownership - privacy information
How will we collect it?	Beneficial Ownership Act 2017 There are provisions within the above Act that requires information to be provided to DFE. Information may be submitted manually on paper or (if available) to the Companies Registry electronically through on-line services:
What will we collect?	Section 7, 8 Information about the nominated officer: Name, home address on the island. Section 11 Information about beneficial owner: his or her name, usual residential address, nationality, date of birth, service address, date acquired interest in company and the nature of the interest.
Sensitive data?	Yes
Why we will process it?	There is a statutory obligation on the Department for Enterprise to maintain The isle of Man Database of Beneficial Ownership. access it for a permitted purpose: section 3: - "Permitted Purpose" (a) means any of the following — (i) the prevention, detection, investigation or prosecution of criminal offences, whether in the Island or elsewhere; (ii) the prevention, detection, investigation of or the bringing of proceedings for conduct for which penalties other than criminal penalties (including civil and regulatory penalties) are provided under the law of the Island or of any country outside the Island.
How will we store it?	All statutory forms are checked for compliance with the Acts and if accepted are electronically scanned and the image is indexed and stored on a secure server within GTS. The paper record is stored within a secure unit maintained by DFE.
Who will have access to it?	The name of the nominated officer is a matter of public record andi s available to anyone on request. Only named officers within the Companies Registry have access to BO data. Access is controlled by active directory. Access requires the authority of the director, deputy or manager of the Companies Registry
Who will we share it with?	Access to the database is limited to the competent authorities (see sections 3(1) and 15(3)): The "competent authorities" (a) the FIU; (b) the Attorney General; (c) the Assessor of Income Tax; (d) the Authority; (e) the Chief Constable; or (f) the Collector of Customs and Excise
How will it be kept secure?	COREGSIS and UBO is hosted within a tier 3, resilient data centre which in turn is managed by an accredited, on Island datacentre provided. The system and changes are processed by GTS, an ISO27001, Cyber Essentials organisation. It is an offence within the Act to disclose information, Section 15, 27 Specific provisions within the Act concerning the Data Protection Act and the Freedom of Information Act – sections 37 and 38.
How long will we keep it for?	The information will be retained for the life of the company plus the time allowed for the company to be restored if it is or has been struck off – 12 years. These records will also be subject to the Public Records Act 1999. Plus

**Information may be reained if it is considered necessary to fulfil a public function and/or crime prevention of money laundering or fraud. The data may also be retained for historical research and statistical purposes.