This page details the privacy statement for The ID Register (Guernsey) Limited trading as IDR and its affiliates (“we”, “us” and “our”). The purpose of this privacy statement is to explain how we collect, process and protect personal data. “Personal data” means any information relating to an identified or identifiable individual.
IDR is a centralised investor onboarding utility, offering a one-and-done sign-off that makes investment faster, easier and more cost-effective.
We provide a web portal where any user who publishes or subscribes to information may access the services we offer through the website https://idrgroup.com (the “Site”). The Site is owned by The ID Register (Holdings) Limited, a limited company registered in Guernsey under company number 68115 and with a registered office at 5th Floor, Market Building, Fountain Street, St Peter Port, Guernsey GY1 1BX.
For the purposes of the Data Protection (Bailiwick of Guernsey) Law, 2017, the Data Controller in relation to The ID Register group of companies is The ID Register (Guernsey) Limited.
We have appointed Mark Quigley as our representative in the European Union who may be contacted at firstname.lastname@example.org.
This privacy statement applies to all those accessing the Site, including Authorised Users and their agents or delegates (“you”, “your”) and all those whose personal data is collected by us in connection with providing the Services, marketing the Services or employing staff. This privacy statement only covers this website https://idrgroup.com and its associated applications including https://app.theidregister.com. It does not cover any other sites that you can link to from this site so you should always be aware when you are moving to another site and read the privacy statement on that site.
Capitalised words/phrases used but not defined in this Privacy Statement are defined in the Terms of Business or the Services Agreement between you and us.
The following laws principally regulate how we collect, store, manage, use, disclose and provide access to personal data:
When using the public areas of this site you are not required to provide us with any personal data and we do not monitor or collect any personally identifiable information from you on your use of the public portions of this site. We may track the number of users who visit areas of the site, but this tracking will not identify you.
Our clients are typically participants in private investment markets such as funds, fund managers, advisors, administrators, broker-dealers and trust and corporate service providers. Their clients are typically investors although investors may also be our direct clients for certain services.
The main services we offer clients are:
Interaction between our Services and your Personal data
Where we contract with a client such as a fund, fund manager, administrator or broker-dealer to provide one or more of our Services, the contract you sign with that client (for example, a subscription agreement) will generally require you to provide KYC and provide securities law representations. The client will direct you to create a Passport on our platform (or share your existing Passport) in order to provide the required items and our team will assist you in completing the Passport.
You may also choose to contract with us directly to manage your KYC and facilitate your counterparties accessing your KYC.
When you register to use the platform and/or services and create a Passport provided through the Site, we will ask you to voluntarily provide us with certain personally identifiable data, such as your name, date of birth, address, telephone number, e-mail address, driver’s licence, passport details, bank account details, credit or debit card details, investment information and employment information including source of wealth and source of funds. You may also choose to provide the personally identifiable data of other individuals having been duly authorised to do so by the individuals in accordance with our Terms of Business. A simple example of this is where you are acting on behalf of an investment company and are required to provide KYC on the company structure which may include natural person directors, signatories and beneficial owners.
Where you are certifying documents on behalf of a User of the Site, we will gather certain details from you or the person on whose behalf you are acting. Such details may include your name, email address, employer, IP address and professional identification number (for example, your registration number with an accountancy body). These details will be present on the document you certify and therefore will be visible to counterparties of the person on whose behalf you are acting in a similar manner to a wet ink signature.
We may also collect details of your visits to the Site (including but not limited to traffic data, location data, IP addresses, weblogs and other communication data, and the resources that you access).
Generally, this information will be collected directly from you, for example when you fill out an application form, create a Passport, upload KYC documents, email our Helpdesk, submit an online form to us, use the Services, connect with other users, download information or correspond with us.
We may also obtain personal data about you from third parties such as:
We will retain your personal data for as long as you are using the Services provided through the Site or are connected with a client of ours using the Services and for such additional period as we or our clients may be required to retain such personal data under applicable law.
We collect personal data from you and process such personal data for a variety of reasons:
By creating a Passport through the Site you consent to the collection and processing of your personal data and other personal data provided by you for the above purposes.
Where you have not entered into a contract for Services with us or with another user of the platform which requires the collecting and ongoing monitoring of your personal data then you may withdraw your consent at any time by deleting your Passport. We may be obliged to retain a record of your personal data, however, to comply with our legal obligations and it will be deleted after an appropriate period of time.
Where your Passport has been connected with another Passport on the Site to comply with a legal obligation and/or fulfil the terms of a contract then the legal basis for processing your personal data is, in order of priority, (a) compliance with a legal obligation to which the Data Controller is subject or, where the legal obligation does not exist, (b) the processing is necessary for the performance of the contract.
In such circumstances, should you wish to delete your Passport, we will refer the matter to the Data Controller(s) and comply with its directions provided we can do so in accordance with applicable law.
Personal data uploaded to your Passport may be viewed by you and us. It also may be shared with other users of IDR under the following circumstances:
Your choices as to who is able to see your personal data will be respected and we will not transfer that information to others, save as set out in this privacy statement.
We will not disclose or transfer personal data to third parties for the purposes of marketing or profiling, however we may disclose or transfer such information to agents or third parties authorized to act on our behalf such as our screening provider and other sub-processors or to our affiliates or employees only for the purposes of providing the Services or maintaining the platform.
IDR also uses sub-processors to provide the Services, provide auditing and consulting services for the Services, support the Site and support our Information Technology environment. A list of our sub-processors is contained in Appendix 1.
On occasion, we will use and disclose statistical data regarding the use of the Services, but this will not include personal data or any identifiers from which you could be identified. Your personal data will not be used in advertisements for the Services.
When sharing data about you with employees or other entities in the IDR group, or if it is necessary to provide you with our Services or to maintain the platform, your data may be transferred outside the country in which it was collected. If your data is collected within the European Economic Area (EEA), this means that your data may be transferred outside of the EEA, including to a country that may not have data protection standards equivalent to those in the EEA.
To the extent that your personal data is transferred to a country outside the European Economic Area and/or outside a country with an adequacy decision from the European Commission, such transfer will only be undertaken where we have a lawful basis to do so such as:
(a) with your explicit consent, which will be given by you connecting with a person located outside the European Economic Area;
(b) as required under a contract to which you (directly as a contractual party or indirectly as beneficial owner / controller) are a party or have indicated your intent to become a party to the contract and the disclosure of this information is required under this contract and/or by law;
(c) between our employees or affiliates for the purposes of providing the services and maintaining the platform and always subject to appropriate safeguards. All our employees are subject to contractual confidentiality obligations and all our affiliates have agreed to standard contractual clauses (“Standard Contractual Clauses”), to the extent required by applicable law, in the form approved by the European Commission within the meaning of Article 46 GDPR ;
(d) As part of The ID Register screening service further details of which are provided in Appendix 1.
We have strict security and confidentiality procedures covering the storage and disclosure of your information in order to safeguard it, prevent unauthorised access and to comply with applicable laws. Whilst we take appropriate technical and organizational measures to safeguard your personal data, we cannot ensure or warrant the security of any information that you transmit to us.
We do not currently log user IP addresses (the location of your computer on the internet) but we reserve the right to do so for systems administration, site security, evidence certification and trouble-shooting purposes.
We do not log IP addresses to track a user’s session, nor do we link IP addresses to anything personally identifiable. Your browser will also inform us of the type of computer or operating system being used by you.
IDR classifies itself as a Data Processor in circumstances where our clients instruct us to perform the Services and such Services involve the processing of Personal Data and our clients are therefore classified as the Data Controllers. Our clients may also be the Data Processor where their client is the Data Controller in which case IDR will be the sub-processor.
Notwithstanding this, in any situation in which IDR determines the purpose and means of data processing, for example of a potential employer, we will be a Data Controller and therefore agree to comply with our obligations under applicable law.
IDR is headquartered in Guernsey which has been granted an adequacy decision by the European Commission within the meaning of Article 45 of GDPR. IDR may employ staff worldwide.
Our current sub-processors are detailed in Appendix A. You agree that we may add further sub-processors or replace existing sub-processors and we in turn agree to provide you with written notice and a suitable period in which to object.
As a Data Processor, IDR:
We confirm that for clients who have signed a services agreement with IDR for remuneration, we will:
Unless otherwise stipulated, the following terms have the same meaning as set out in GDPR: Data Breach; Data Controller; Data Processor; Data Protection Officer; Data Subject; Personal Data; Standard Contractual Clauses; Subject Access Request; & Supervisory Authority
Should you require more information, please email email@example.com
In addition, you have the ability to view and edit your information online. You have the right to request the rectification or erasure of your personal data and the right to restrict or object to any processing in relation to such personal data. These rights are not absolute and are subject to exceptions such as those outlined in Article 17 of GDPR, for example, where the processing of your personal data is required to comply with a legal obligation.
You also have the right to data portability.
If you wish to exercise any of these rights, please contact us using the details provided below.
We work hard to ensure that the service we provide meets your expectations. However, should you wish to raise any issues regarding the operation of this privacy statement or its impact on you, please contact us using the contact details provided below.
If your complaint remains unresolved following completion of our internal complaints procedures you have a right to lodge a complaint with the Data Protection Authority of Guernsey, the Data Protection Commissioner (Ireland) or any other relevant data protection supervisory authority.
Telephone calls using the telephone numbers provided on this website and all extensions of IDR and e-mail correspondence with IDR via generic or individual employees’ e-mail addresses may be recorded or monitored. By using such communication methods you are consenting to the recording or monitoring of the same.
If this privacy statement changes in any way, an updated version of it will be placed on this page. Regularly reviewing this page ensures that you are always aware of what information is collected by us, how it is used and under what circumstances it will be shared with other parties. If we make any material changes, we will notify you by means of a conspicuous notice on this Website or via e-mail or notification via our Site. Your continued use of our Websites or the Service(s) following the posting of this notice shall constitute your acceptance of the changes.
Should you have any questions or comments about this Privacy Statement, or otherwise wish to contact us, our data protection officer or our representatives please contact us at firstname.lastname@example.org or contact, through the Site at https://idrgroup.com/about-us/contact-us/, or by post as follows:
If you are an applicant for a job with us (a potential employee), we will process personal data about you in our legitimate interests so as to assess and advance that application through our recruitment processes, including by making details of your personal data available to relevant members of staff and to comply with policies, procedures applicable law and guidelines in relation to staff and recruitment.
The personal data that we process about you may include:
If your application for a job with us is unsuccessful, we will retain your personal data on our systems for 6 months after the date on which we inform you (or any recruitment agency through which you have applied to us) that your application was unsuccessful. We will then delete any personal data unless required to retain it under applicable law.
If your application for a job with us is successful, our retention of your personal data will be governed by our Employee Handbook which will be provided to you upon joining.
We work with entities or organisations that provide professional advice or services to us or to our clients, those that supervise and regulate us, and our clients and other suppliers of products and services to our business. We will collect personal data about you if you work for one of these organisations.
The personal data that we collect will include professional and/or personal contact details, including addresses, telephone numbers and email addresses, and records of communications that take place between you and/or others at the organisation for which you work and us, including emails, letters, minutes of meetings and recordings of telephone calls (where made) and voicemails. In addition, we collect personal data that you provide us with or that is created by us during our relationship with the entity or organisation for which you work.
|Freshworks Inc.||Email hosting and ticketing||European Union|
|BDO Limited and BDO Cerberus Regulatory Consulting Limited||Financial and regulatory compliance auditing||Guernsey|
|Bottomline Technologies Limited||Financial Messaging (for clients availing of services involving financial messaging only)||United Kingdom|
|Cloud CoCo Limited||Microsoft Gold Partner – managing The ID Register group’s IT environments including Microsoft Azure and 365||United Kingdom|
|KPMG Channel Islands Limited||Review of FATCA CRS classifications||Guernsey and Jersey|
|Microsoft Azure||Hosting of the Site||European Union|
|Microsoft||Microsoft Office 365 services for employees including email and SharePoint||European Union|
|Refinitiv Limited||Screening names against various lists such as Sanctions and Politically Exposed Persons||United Kingdom / European Union|
|SendGrid Inc. (a Twilio company)||Send automated communications from the Site such as multi-factor authentication mails||USA|
|SWIFT||Financial Messaging (for clients availing of services involving financial messaging only)||Belgium|
|TIDR (Mauritius) Limited||Assist in providing Services to clients and in Site development and maintenance||Mauritius|
|IDR (Services) Limited||Assist in providing Services to clients and in Site development and maintenance||Guernsey|
|The ID Register South Africa (PTY) Limited||Assist in providing Services to clients and in Site development and maintenance||South Africa|
|TIDR (UK) LIMITED||Assist in providing Services to clients and in Site development and maintenance||United Kingdom|