Privacy Policy

Privacy Policy

The Affinity Group of Companies (namely Affinity Group Limited (“AGL”), Affinity (Isle of Man) Limited (“AIOM”) and Affinity (Malta) Limited (“AML”) (hereinafter referred to jointly as “Affinity”) are committed to keeping your personal information secure and to adhering to best practice and the principles laid down in data protection regulations in place within the jurisdictions in which we operate.

References to “Group” means collectively AGL, AIOM, and AML. This privacy policy explains how Affinity will use any personal information that we may collect from you in respect of the services we provide to you. This privacy policy covers the following:

• Our Companies

• Why do we need your information • What information do we need • What we do with the information

• How we store your information

• Sharing your information

• Transferring your information to other countries

• How we keep your information accurate

• What we do with your information when we don’t need it anymore

• How you can access the information we hold

• Affinity’s role as a Data Controller

• The Group Data Protection Officer

• Links to other websites

• Marketing • Complaints

• Cookies Policy

• Changes to our Privacy Policy Our Companies AGL is the group holding company holding all of the issued shares in its subsidiaries, namely, AIOM and AML. AIOM is regulated by the Isle of Man Financial Services Authority to undertake, Class 4 (Corporate Services), Class 5 (Trust Services); and Class 7 (Management or Administration to Licence holders) activities. AML is regulated with the Malta Financial Services Authority to undertake regulated activity in Malta in accordance with Trust and Trustees Act.

Why do we need your information?

Affinity is obliged to operate in accordance with the framework of the laws and licensing regime in place in the jurisdictions in which it operates together with all applicable international legislation. Such laws and regulations include (but are not limited to) legislation covering financial services regulation, anti-money laundering and countering of terrorism, taxation (“the applicable legislation”). Affinity also needs to receive your information to enable us to provide to you the level of services that you have requested us to provide to you. What information do we need? Affinity will collect personal information about you at the beginning of our relationship and may also collect further information from you from time to time during the course of our relationship to ensure our continued adherence with the applicable legislation. We will only collect personal data that is absolutely necessary for us to comply with our requirements under the applicable legislation and to enable us to provide the services you have requested us to provide. We do not collect any personal information that is deemed to be of a “Special Category” under the applicable data protection legislation in force. (eg. information pertaining to race; ethnic origin; political beliefs, religious beliefs, trade union membership, genetics, biometrics, health, sex life or sexual orientation). What we do with it All of the personal data we collect is processed by our staff and is used in line with the services we are providing to you and our obligations under the applicable legislation. This may include: • Providing proposals and engaging terms of business • Providing services to you including the administration of client companies or trusts • Managing assets on your behalf • Crew employment • Communicating with third parties such as banks • Communicating with ship and aircraft registries • Communicating with Government Departments and regulators • Licencing applications • AEOI reporting such as FATCA and CRS • To assist with the prevention of financial crime and the funding of terrorism • To undertake risk assessments as required under the applicable legislation As the services we provide are so varied the way we use your information will be determined by what those services are. A specific list based on our agreed relationship can be provided, please contact our Group Data Protection Officer for further information. How we store your information We store all electronic personal information received within secure software which is stored and maintained on servers located within the Isle of Man and maintained by a third party cloud processor which is resident in the Isle of Man. The Isle of Man is recognised by the EU as a jurisdiction that provides an adequate level of data protection. We store all non- electronic personal information received within files located in our secure offices or within secure archive facilities in each respective jurisdiction which are operated by data processors pursuant to data processing contracts which are issued in accordance with the requirements of GDPR.   Sharing your information We may share your information within the Group or with other bodies where lawful circumstances provide us to do so. These include:

• Tax and VAT authorities

• Regulators

• Law enforcement agencies

• Third party agencies such as banks

• Yacht and aircraft registries

• Other regulated corporate and trust service providers (who also provide services to you outside of the our respective jurisdictions )

• Credit reference agencies

• Third party customer screening entities, (i.e. World Check)

• Software providers and cloud server providers

• Consultants and/or agents contracted to provide services to Affinity.

We do not sell, distribute or lease your personal information to third parties, unless we have your express consent to do so or are required to by law. Transferring your information to other countries Affinity may share your information within the Group or may have to share your information with an organisation in another jurisdiction.

When we share data within the Group we do it based on an intra group data sharing agreement to ensure that you are receiving the services that you have requested from the appropriate office, to avoid duplication of work and additional unnecessary requests for personal data when accessing services in more than one jurisdiction, to enable us to provide you with information on new products and services which we feel may be of interest to you, for identity verification purposes, alerts on suspicious activity, creation and development of anti-fraud measures and the purposes of combatting criminal activity. Malta is a full EU member and the Isle of Man has been accepted by the EU as having data protection legislation that ensures an adequate level of protection. It is possible to share information freely between Malta and the Isle of Man.

When sharing personal data to an organisation that is outside of the EU/EEA or to a country not deemed by the EU to ensure an adequate level of data protection we will ensure that such data transfers are subject to the appropriate safeguards and on condition that enforceable data subject rights and effective legal remedies for data subjects are available. How we keep your information accurate Affinity is required to ensure the personal data that we hold for you is accurate and up to date. Affinity has adopted policies to ensure that they take every reasonable step to ensure that it keeps in regular contact with its clients and customers with a view to ensuring that the information that we hold for you remains up to date and accurate at all times.

What we do with your information when we don’t need it anymore

Affinity will only maintain your personal information for the minimum amount of time it is required to so by law or where the law does not stipulate a particular retention period, in accordance with our legitimate interests under our retention policy after which time it will be securely destroyed. How you can access the information we hold You have a right to request a copy of the information that we hold about you. If you would like a copy of some or all of your personal information that we hold, please contact the Group Data Protection Officer, whose details are listed below. You may ask us to correct or remove information that you feel is inaccurate although our legal and regulatory obligations must always be adhered to. A Data Subject Request is provided free of charge, however we will reserve the right to charge for any Data Subject request which we may feel is excessive. Affinity’s role as a Data Controller AGL, AIOM, and AML are each a Data Controller in their own right in each of their respective jurisdictions. Each may also act as a Data Processor on behalf of the other entities within the Group. Data Protection Officer Affinity has appointed a Group Data Protection Officer who is responsible for the handling of Data Subject Requests and acting as a point of contact with the relevant authorities in each jurisdiction. If you have any questions about our privacy policy or require information on the personal data that we hold on you or wish to opt out of us using your personal data for marketing purposes please contact the Group Data Protection Officer at the below e-mail address.

E-mail: dprotection@affinityco.com

Links to Other Websites Further information pertaining to the operations of Affinity can be found on our website at the following address. http://www.affinityco.com/. Our website may contain links to other websites. This privacy policy only applies to the website of Affinity and Affinity has no control over the other websites with regard to how they may use your personal data. Affinity cannot be held responsible for the protection of privacy of information that you may provide whilst visiting the other websites. Marketing We will only send you information about our products and services with your express consent which you may opt out of at anytime. Your information that we use for marketing purposes will be retained by us, in accordance with our privacy policy and until such time as you notify us that you no longer wish to receive this information. Complaints If you wish to raise a complaint on how we have handled your personal data, you can contact the Group Data Protection Officer who will investigate the matter. If you are not satisfied with our response or believe we are processing your personal data in contravention of the law you can complain direct to a supervisory authority in the member state of your habitual residence, your place of work or the place of the alleged infringement. For your information, the data protection regulators in the Isle of Man and Malta can be contacted (as below). Isle of Man Isle of Man Information Commissioner’s Office https://www.inforights.im/complaint-handling/how-to-make-a-complaint-to-the-information-commissioner/ Malta Office of the Information and Data Protection Commissioner https://idpc.org.mt/raise-a-concern/ Cookies Policy Our Cookies Policy for users of our website can be found on our website at https://www.affinityco.com/cookies-policy/ Changes to our Privacy Policy We keep our privacy policy under regular review and we will place any updates on our website and will communicate such changes to you as and when changes occur.