The Affinity Group of Companies, which includes, Affinity Group Limited (“AGL”), Affinity (Isle of Man) Limited (“AIOM”), Affinity (Malta) Holding Limited (AMHL”), Affinity (Malta) Limited (“AML”), Affinity (Cayman) Limited (“ACL”), Affinity Corporate Services Limited (“ACSL”), Affinity South Florida LLC (“ASFLLC”), Affinity South Dakota LLC (“ASDLLC”), Affinity (UK) Limited (“AUKL”), Affinity Corporate Directors Limited (“ACDL”), Affinity Ventures Limited (“AVL”), Affinity Crew Services Ltd SPC (“ACSLSPC”), Affinity (Navigator) Limited (“ANL”) and Affinity (Accounts) Limited (“AAL”) (hereinafter referred to jointly as “Affinity” or “the Group”) are committed to keeping your personal information secure and to adhering to best practice and the principles laid down in data protection regulations in place within the jurisdictions in which we operate.
This privacy policy explains how Affinity will use any personal information that we may collect from you in respect of the services we provide to you.
This privacy policy covers the following:
• Our Companies
• Why do we need your information
• What information do we need
• What we do with the information
• How we store your information
• Sharing your information
• Transferring your information to other countries
• How we keep your information accurate
• What we do with your information when we don’t need it anymore
• How you can access the information we hold
• Affinity’s role as a Data Controller
• The Group Data Protection Officer
• Links to other websites
• Marketing
• Complaints
• Cookies Policy
• Changes to our Privacy Policy
Our Companies
AGL is the holding company for Affinity whose primary business activities are provided through the regulated corporate and trust entities within the Group, namely:-
AIOM is regulated by the Isle of Man Financial Services Authority to undertake, Class 4 (Corporate Services), Class 5 (Trust Services); and Class 7 (Management or Administration to Licence holders) activities.
AML is regulated with the Malta Financial Services Authority to undertake regulated activity in Malta in accordance with Trust and Trustees Act.
ACDL is regulated with the Malta Financial Services Authority to offer company services.
ACL is regulated by the Cayman Islands Monetary Authority to undertake corporate services activities.
ACSL is regulated by Cayman Islands Monetary Authority to offer company management activities.
AMHL is the parent company of AML and ACDL.
ASFLLC, ASDLLC, AUKL, AVL, ACSLSPC, ANL, AAL each provide separate non-regulated services.
Why do we need your information?
Affinity is obliged to operate in accordance with the framework of the laws and licensing regime in place in the jurisdictions in which it operates together with applicable international legislation. Such laws and regulations include (but are not limited to) legislation covering financial and/ or gaming services regulation, anti-money laundering, countering of terrorism and proliferation financing legislation, taxation legislation (“the applicable legislation”)
Affinity also needs to receive your information to enable us to provide to you the level of services that you have contracted with us to provide to you.
Affinity will only use your personal data where we have a lawful base for doing so.
When we collect and use your personal data we will rely on at least one of the following legal bases:-
Legal obligation – this is when we have a legal or regulatory obligation to collect or use your personal data, for example carrying out Know Your Client due diligence checks during the lifetime of our contractual relationship or keeping records of transactions with you to enable us to comply with the applicable legislation.
Performance of a contract – this is when we require the information from you to be able to enter into a contractual relationship with you.
Legitimate interests – where we have deemed the processing to be necessary for the purposes of our business interests (or those of a third party), and these are not overridden by your rights or fundamental freedoms.
Consent – where you have given consent to our use of your personal data for one or more specific purposes. We do not generally rely on consent to process your personal information and will normally only rely upon consent when there is no other lawful base available to us for direct marketing purposes.
What information do we need?
Affinity will collect personal information about you at the beginning of our relationship and may also collect further information from you from time to time during our relationship to ensure our continued adherence with the applicable legislation.
We will only collect personal data that is necessary for us to comply with our requirements under the applicable legislation and to enable us to provide the services you have requested us to provide.
We do not collect any personal information that is deemed to be of a “Special Category” under the applicable data protection legislation in force. (e.g. information pertaining to race; ethnic origin; political beliefs, religious beliefs, trade union membership, genetics, biometrics, health, sex life or sexual orientation).
Below is a summary of the typical types of information that we may collect from you during the lifecycle of our relationship:-
Type of Personal Data
Full Name
Previous names (including maiden names)
Date of Birth
Residential address details
Nationalities
Place of Birth
Tax residency details and personal income tax number(s)
Passport / ID card details
Source of Income / Salary Details
Journey to Wealth statement
Evidence of Wealth
Curriculum Vitae / Employment history
Criminal record checks
Bank Account details
Photographs / Selfies with passports / residential address paperwork
What we do with it
All the personal data we collect is processed by our staff and is used in line with the services we are providing to you and our obligations under the applicable legislation. This may include:
• Providing proposals and engaging terms of business
• Providing services to you including the administration of client companies or trusts
• Managing assets on your behalf
• Crew employment
• Communicating with third parties such as banks
• Communicating with ship and aircraft registries
• Communicating with Government Departments and regulators
• Licencing applications
• AEOI reporting such as FATCA and CRS
• To assist with the prevention of financial crime and the funding of terrorism
• To undertake risk assessments as required under the applicable legislation
As the services we provide are so varied the way we use your information will be determined by what those services are. A specific list based on our agreed relationship can be provided, please contact our Group Data Protection Officer for further information.
How we store your information
We store all electronic personal information securely within Microsoft 365 and Microsoft Azure cloud services. Our primary data is stored and processed in Microsoft’s UK South data centres.
Microsoft may replicate or transfer data within its global infrastructure as part of its normal operations, always in line with its privacy and security commitments. If personal data is transferred outside the UK or EU, Microsoft applies approved safeguards, including the use of Standard Contractual Clauses (Commission Implementing Decision 2021/914). Microsoft also participates in the EU–US Data Privacy Framework, the UK Extension to the EU–US DPF, and the Swiss–US DPF, all of which are recognised by regulators as providing adequate protection for international transfers.
Microsoft has certified its adherence to these frameworks with the US Department of Commerce, ensuring robust safeguards for personal data originating from the EU, UK, and Switzerland.
Our Microsoft cloud services are provisioned and managed by Manx Technology Group, based in the Isle of Man. The Isle of Man is recognised by the European Commission as providing an adequate level of data protection.
For further information pertaining to Microsoft’s commitment to Privacy please visit the below links:-
• Microsoft Privacy Statement - Https://privacy.microsoft.com/en-gb/privacystatement
• Where Microsoft Stores Data - https://learn.microsoft.com/en-us/microsoft-365/enterprise/o365-data-locations?view=o365-worldwide
• Microsoft’s Data Protection and Privacy Commitments - https://learn.microsoft.com/en-us/compliance/regulatory/gdpr?
We store all non- electronic personal information received within files located in our secure offices or within secure archive facilities in each respective jurisdiction which are operated by data processors pursuant to data processing contracts which are issued in accordance with the requirements of GDPR.
Sharing your information
We may share your information within the Group or with other bodies where lawful circumstances provide us to do so. These include:
• Tax and VAT authorities
• Regulators
• Law enforcement agencies
• Third party agencies such as banks
• Yacht and aircraft registries
• Other regulated corporate and trust service providers (who also provide services to you outside of our respective jurisdictions )
• Credit reference agencies
• Third party customer screening entities, (i.e. World Check)
• Software providers and cloud server providers
• Consultants and/or agents contracted to provide services to Affinity.
We do not sell, distribute or lease your personal information to third parties, unless we have your express consent to do so or are required to by law.
Transferring your information to other countries
Affinity may share your information within the Group or may have to share your information with an organisation in another jurisdiction.
When we share data within the Group we do it based on an intra group data sharing agreement to ensure that you are receiving the services that you have requested from the appropriate office, to avoid duplication of work and additional unnecessary requests for personal data when accessing services in more than one jurisdiction, to enable us to provide you with information on new products and services which we feel may be of interest to you, for identity verification purposes, alerts on suspicious activity, creation and development of anti-fraud measures and the purposes of combatting criminal activity.
Malta is a full EU member, and the Isle of Man has been accepted by the EU as having data protection legislation that ensures an adequate level of protection. It is possible to share information freely between Malta and the Isle of Man.
When sharing personal data to an organisation that is outside of the EU/EEA or to a country not deemed by the EU to ensure an adequate level of data protection we will ensure that such data transfers are subject to the additional safeguards, as required under GDPR, by using standard contractual clauses adopted by the EU Commission (Commission Implementing Decision (EU 2021/914).
How we keep your information accurate
Affinity is required to ensure the personal data that we hold for you is accurate and up to date.
Affinity has adopted policies to ensure that they take every reasonable step to ensure that it keeps in regular contact with its clients and customers with a view to ensuring that the information that we hold for you remains up to date and accurate at all times.
What we do with your information when we don’t need it anymore
Affinity will only maintain your personal information for as long as necessary considering relevant laws and regulations and our data retention criteria
Your Rights
You have certain rights over your personal data that we use, and these are listed below, and these rights may be exercised at any time.
Right of access – you have the right to be provided with a copy of any personal data we hold about you
Right to rectification – if any of the personal data that we hold about you is inaccurate, incomplete or out of date, then you have the right to have that information corrected or updated.
Right to deletion – you can request us to delete any personal data that we hold about you. We may not be able to comply with this right in every circumstance as we may have a legal bases to continue to hold that personal data. However, we will carefully consider every request and advise you to the extent we are able to comply.
Right to restriction of processing – you have the right to request that we restrict processing of your data in certain circumstances:
• If you dispute the accuracy of the personal data that we hold;
• If you believe we are processing the personal data unlawfully, but you do not wish to delete it;
• If we no longer need to hold your data, but you require us to do so to establish, exercise or defend a legal claim;
• If you object to our processing of your personal data on our legitimate interests, pending resolution on this point
Right to data portability – if our processing of your personal data is based on performance of a contract or consent, and is carried out by automated means, you can request a copy of your personal data in a commonly used and machine-readable format.
How you can access the information we hold
You have a right to request a copy of the information that we hold about you.
If you would like a copy of some or all your personal information that we hold, please contact the Group Data Protection Officer, whose details are listed below.
You may ask us to correct or remove information that you feel is inaccurate although our legal and regulatory obligations must always be adhered to.
A Data Subject Request is provided free of charge; however, we will reserve the right to charge for any Data Subject request which we may feel is excessive.
Affinity’s role as a Data Controller
A data controller is the person or entity that determines the purposes for which personal data is processed and the way in which the processing is carried out.
The Group controls the collection and processing of personal data that you provide to us and the specific entity which is responsible for the processing of your personal data (“the Data Controller”) will be the company within the Group who is providing services to you, and you will have entered a letter of engagement or /contract with.
Data Protection Officer
Affinity has appointed a Group Data Protection Officer who is responsible for the handling of Data Subject Requests and acting as a point of contact with the relevant authorities in each jurisdiction.
If you have any questions about our privacy policy or require information on the personal data that we hold on you or wish to opt out of us using your personal data for marketing purposes please contact the Group Data Protection Officer at the below e-mail address.
E-mail: dprotection@affinityco.com
Links to Other Websites
Further information pertaining to the operations of Affinity can be found on our website at the following address. http://www.affinityco.com/.
Our website may contain links to other websites. This privacy policy only applies to the website of Affinity and Affinity has no control over the other websites about how they may use your personal data. Affinity cannot be held responsible for the protection of privacy of information that you may provide whilst visiting the other websites.
Marketing
We will only send you information about our products and services with your express consent which you may withdraw/opt out of at any time.
Where personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data for marketing.
Your information that we use for marketing purposes will be retained by us, in accordance with our privacy policy and until such time as you notify us that you no longer wish to receive this information.
Complaints
If you wish to raise a complaint on how we have handled your personal data, you can contact the Group Data Protection Officer who will investigate the matter.
If you are not satisfied with our response or believe we are processing your personal
data in contravention of the law you can complain direct to a supervisory authority in the member state of your habitual residence, your place of work or the place of the alleged infringement. For your information, data protection complaints can be filed as below.
Isle of Man
Isle of Man Information Commissioner’s Office
https://www.inforights.im/complaint-handling/how-to-make-a-complaint-to-the-information-commissioner/
Malta
Office of the Information and Data Protection Commissioner
https://idpc.org.mt/file-a-complaint/
Cayman Islands
Ombudsman Cayman Islands
https://ombudsman.ky/data-protection
Florida Department of Legal Affairs
Florida Department of Agriculture and Consumer Services
https://www.fdacs.gov/Contact-Us/File-a-Complaint
South Dakota
South Dakota Division of Consumer Protection – Office of Attorney General
https://consumer.sd.gov/complaintform.aspx
United Kingdom
Information Commissioner’s Office
https://ico.org.uk/
Cookies Policy
Our Cookies Policy for users of our website can be found on our website at https://www.affinityco.com/cookies-policy/
Changes to our Privacy Policy
We keep our privacy policy under regular review, and we will place any updates on our website and will communicate such changes to you as and when changes occur.
Registered in the Isle of Man.
Affinity Group, Second Floor, 14 Athol Street, Douglas Isle of Man, IM1 1JA
