Overview

Rowany AML Solutions Limited (‘Rowany AML’, ‘the Company’, ‘we’, ‘us’ or ‘our’) is strongly committed to protecting personal data.  This privacy statement describes why and how we collect and use personal data and provides information about individuals’ rights.  ​It applies to personal data provided to us, both by individuals themselves or by others. We may use personal data provided to us for any of the purposes described in this privacy statement or as otherwise stated at the point of collection.

Personal data is any information relating to an identified or identifiable living person. When “you” or “your” are used in this statement, we are referring to the relevant individual who is the subject of the personal data. ​Rowany AML is registered with the Isle of Man Information Commissioner as a data controller and data processor for the purposes of Isle of Man data protection legislation.

How we process personal data

Rowany AML processes personal data for a number of purposes, and the means of collection, lawful basis of processing, use, disclosure, and retention periods for each purpose may differ. ​When collecting and using personal data, our policy is to be transparent about why and how we process personal data.

Further information is set out in each of the relevant sections below.

Individuals connected
to our clients

Marketing activities and subscription services

Officers, employees and applicants

Others that get in
touch with us

Suppliers and
subcontractors

Users of our website

Security and sharing of information

Third party organisations that provide applications/functionality, data processing or IT services to us

We use third parties to support us in providing our services and to help provide, run and manage our internal IT systems. For example, providers of information technology, cloud based software as a service providers, website hosting and management, data back-up, security and storage services. The servers powering and facilitating that cloud infrastructure are located in secure data centres within the United Kingdom, and personal data may be stored in any one of them.

Third party organisations that otherwise assist us in providing goods, services or information

On certain client engagements, we may engage or otherwise work with other providers to helps us provide professional services to our clients.

Our clients

Where we need to process personal data to provide professional services to our clients, we may share personal data in our deliverables (such as the reports we create).

Insurers and other professional advisers

Personal data may be shared with our insurers and other professional advisers as necessary in connection with the products and services they have been engaged to provide.

Law enforcement or other government and regulatory agencies or to other third parties as required by, and in accordance with, applicable law or regulation

Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data, or we may be under a legal obligation to disclose personal information to enforcement or other agencies. Such requests may be to check that we are complying with applicable law and regulation, to investigate an alleged crime, to establish, exercise or defend legal rights. We will only fulfil requests for personal data where we are permitted to do so in accordance with applicable law or regulation.  Legal obligations may include the reporting of suspicious activity to appropriate enforcement agencies.

Transparency

Changes to this privacy statement

We recognise that transparency is an ongoing responsibility so we will keep this privacy statement under regular review. This privacy statement was last updated on 1 June 2020.

 

Data controller and contact information

We are generally controllers for the personal data we process, however, we may provide some services as a processor (in which case our client is the controller).  If you have any questions about this privacy statement or how and why we process personal data, please contact us at:
 
Rowany AML Solutions Limited
Rowany House
Rowany Drive
Port Erin
Isle of Man
IM9 6LP
 
 

Individuals' rights and how to exercise them

 
Individuals have certain rights over their personal data and controllers are responsible for fulfilling these rights.
 
Individuals’ rights may include the right of access to personal data, to rectification of personal data, to erasure of personal data / right to be forgotten, to restrict processing of personal data, to object to processing of personal data, to data portability, the right to withdraw consent at any time (where processing is based on consent) and the right to lodge a complaint with a supervisory authority.
 
Please see further information about these rights, when they are available and how to exercise them below.
 

Your right of access to personal data

You have the right to obtain confirmation as to whether we process personal data about you, receive a copy of your personal data held by us as a controller and obtain certain other information about how and why we process your personal data (similar to the information provided in this privacy statement).  This right may be exercised by emailing us at privacy@rowany.im. We aim to respond to any requests for information promptly, and in any event within the legally required time limits.
 

Your right of rectification / amendment of personal data

You have the right to request for your personal data to be amended or rectified where it is inaccurate (for example, if you change your name or address) and to have incomplete personal data completed.
 
To update personal data submitted to us, you may email us at privacy@rowany.im.
 
When practically possible, once we are informed that any personal data processed by us is no longer accurate, we will make updates as appropriate based on your updated information.
 

Your right to be forgotten

You have the right to obtain deletion of your personal data in the following cases:
  • the personal data is no longer necessary in relation to the purposes for which it was collected and processed;
  • our legal grounds for processing is consent, you withdraw consent and we have no other lawful basis for the processing;
  • our legal grounds for processing is that the processing is necessary for legitimate interests pursued by us or a third party, you object to our processing and we do not have overriding legitimate grounds;
  • you object to our processing for direct marketing purposes;
  • your personal data have been unlawfully processed; or
  • your personal data must be erased to comply with a legal obligation to which we are subject.
To request deletion of your personal data, please email us at privacy@rowany.im.
 

Your right to restrict processing

You have the right to restrict our processing of your personal data in the following cases:
  • for a period enabling us to verify the accuracy of your personal data where you have contested the accuracy of the personal data;
  • your personal data has been unlawfully processed and you request restriction of processing instead of deletion;
  • your personal data is no longer necessary in relation to the purposes for which they were collected and processed but the personal data are required by you to establish, exercise or defend legal claims; or
  • for a period enabling us to verify whether the legitimate grounds relied on by us override your interests where you have objected to processing based on it being necessary for the pursuit of a legitimate interest identified by us.
To restrict our processing of your personal data, please email us at privacy@rowany.im.
 

Your right to object to processing

You have the right to object to our processing of your personal data in the following cases:
  • our legal grounds for processing is that the processing is necessary for a legitimate interest pursued by us or a third party; or
  • our processing is for direct marketing purposes.
To object to our processing of your personal data, please email us at unsubscribe@rowany.im.
 

Your right to data portability

You have a right to receive your personal data provided by you to us and have the right to send the data to another organisation (or ask us to do so if technically feasible) where our lawful basis for processing the personal data is consent or necessity for the performance of our contract with you and the processing is carried out by automated means.
 
To exercise your right to data portability, please email us at privacy@rowany.im.
 

Your right to withdraw consent

Where we process personal data based on consent, individuals have a right to withdraw consent at any time. Where we rely on your consent for our processing of your personal data, to withdraw your consent please email us at unsubscribe@rowany.im.
 

Complaints

We hope that you won’t ever need to,but if you do want to complain about our use of personal data, please send an email with the details of your complaint to privacy@rowany.im. We will look into and respond to any complaints we receive.
 
You also have the right to lodge a complaint with the supervisory authority in your country of residence, place of work or the country in which an alleged infringement of data protection law has occurred within the EU. The Information Commissioner is the Isle of Man data protection regulator/supervisory authority. For further information on your rights and how to complain to the Information Commissioner, please refer to the Information Commissioner’s website.

 

 

What personal data we collect and why we collect it

 

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

 

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

 

 

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

 

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

 

 

 

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

 

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

 

Where we send your data

Visitor comments may be checked through an automated spam detection service.