PRIVACY

The EU Regulations in relation to GDPR (Regulation (EU) 2016/679 and its associated regulations and directives) have been applied in the Isle of Man by order in accordance with the Data Protection Act 2018 (the “applied GDPR”). In undertaking the Professional Services for you, we may become privy to data which would be defined as personal data under article 4 (1) of the applied GDPR.

For the purposes of the applied GDPR, we act as Processors in providing the Professional Services and you act as Controller. We will only process the personal data received to the extent and in such a manner as is necessary to provide the Professional Services. We will not process the personal data for any other purpose or in a way that does not comply with instructions to provide professional services or the laws of the Isle of Man and we will notify you if, in our opinion, your instructions, as Controller, would not comply with the laws of the Isle of Man.

We will comply with any request or instruction from you requiring us to amend, transfer, delete or otherwise process the personal data, or to stop, mitigate or remedy any unauthorised processing.

We will maintain the confidentiality of all personal data and will not disclose personal data to third parties unless you or the instructions to provide professional services  specifically authorise the disclosure, or as required by law. If a law, court, regulator or supervisory authority requires us to process or disclose personal data, then so far as we are permitted to do so, we will first inform you of the legal or regulatory requirement and give you an opportunity to object or challenge the requirement.

We will reasonably assist you with meeting your compliance obligations as Controller, taking into account the nature of the processing and the information available to us, including in relation to those obligations to allow for and contribute to audits, including inspections, conducted by you or another auditor mandated by you and in relation to Data Subject rights, data protection impact assessments and reporting to and consulting with relevant supervisory authorities.

We will promptly notify you of any changes in the laws of the Isle of Man that may adversely affect our performance of instructions to provide professional services.

We will promptly and without undue delay notify you of a Personal Data Breach as defined by the applied GDPR and provide you with a description of the nature of the Personal Data Breach, the likely consequences and a description of the measures taken or proposed to be taken in response to the breach, including measures to mitigate its possible adverse effects.

We will assist with any investigation into a Personal Data Breach and will not inform any third party of any Personal Data Breach without first obtaining your consent, except when required to do so by law. It is for you to determine whether to provide notice of the Personal Data Breach to any Data Subjects, supervisory authorities, regulators, law enforcement agencies or other, as required by applicable law, including the contents and delivery method of the notice and whether to offer any type of remedy to affected Data Subjects, including the nature and extent of such remedy.

If further information is required about how we store or process personal data or otherwise deal with confidential information, contact our Data Protection Officer.
You have a right to receive a copy of the information we hold about you if you apply to us in writing: UHY Crossleys Forensics Limited, Portland House, Station Road, Ballasalla, Isle of Man, IM9 2AE.

When you give us information about another person, you confirm that they have appointed and/or authorised you to disclose such information to us and that they have consented to the processing of their personal data, including sensitive personal data and for you to receive on their behalf any data protection notices.