The purpose of this Privacy Policy (“the / this Policy”) is to explain why and how the Atla Group  (“Atla”, “we”, “us” “our”) collect and use your personal data. The policy also provides you with information about your rights in relation to personal data held by us. We are strongly committed to protecting the personal data we hold and being open about why we hold the data and how it is processed. The people we hold personal data on fall into three main categories – our staff, those who are clients (or connected to a client through ownership or control) (“Clients”) and those who are not. This policy is applicable to those who are Clients. Persons we hold personal data on who are not Clients include business contacts such as professional advisors, bankers, regulators etc. visitors to our website, visitors to our office and suppliers of goods and services. They have a separate privacy policy which is available below.

Who are we?

The Atla Group is made up of Atla Accountancy Services Limited, Atla Advisory Limited, Atla Audit and Assurance Limited, Atla Connect Limited, Atla Fiduciaries Limited, Atla Retirement Solutions Limited, Atla Services Limited and Browne Craine & Co Limited. The data controllers and processors within the group and their contact details:

Data Controllers/Processors
Atla Accountancy Services Limited

Address & Telephone Number
Ground Floor
11-13 Hill Street
Isle of Man
+44 (0) 1624 777403

77 Parliament Street
Isle of Man
+44 (0) 1624 777401

Email Address

Data Controllers/Processors
Atla Advisory Limited
Atla Audit and Assurance Limited
Atla Connect Limited
Atla Fiduciaries Limited
Atla Retirement Solutions Limited
Browne Craine & Co Limited

Lynsey Smith
Aidan Tucker
David Craine
Andrew Gerrard
Maurice Singer

Address & Telephone Number
Burleigh Manor
Peel Road
Isle of Man
+44 (0) 1624 777400

Email Address

The data controllers are registered for this purpose with the Isle of Man Information Commissioner.

Your personal data is held and processed in accordance with the General Data Protection Regulation (“GDPR”) and the Isle of Man Data Protection Act 2018.

What personal data do we collect?

There is certain information and documentation that we are required to collect to allow us to provide the services requested and to comply with our legal and regulatory responsibilities. We will hold this information on you if you are client in your own right or if you have a connection to a client, which is a legal entity, a partnership or a legal arrangement, and you are a shareholder, an ultimate beneficial owner, a partner, a director, a trustee or someone else who can control or provide instructions to us in relation to the client.

The information held may include, but is not limited to, the following –

·       full legal name (including any previous names used), address, nationality, place of birth, gender, photo ID document number, contact telephone number and email address;

·       a copy of a photographic identity document to verify identity and a document such as a utility bill to verify residential address;

·       national insurance number;

·       tax identification number;

·       VAT number;

·       wealth profile including source of funds and source of wealth;

·       information about your financial affairs, employment, earnings, pension, tax status and residence;

·       bank account details;

·       information about any political positions held;

·       marital status and family situation;

·       records of correspondence and communications with you, including complaints you make and any enquiries about our services;

·       details of your preferences in relation to newsletters and marketing;

Not all of this information is relevant or will need to be held in all cases, the information required will depend on the services we are providing to the client, what your connection is to the client, your risk profile and that of the client.

How do we collect your personal data?

We may obtain information from you when you contact us by email, telephone, post or via our website or social media channels. Personal data will generally be collected direct from you as part of our client take on process and then on an ongoing basis throughout the course of our relationship. If we need to hold your personal data as you are connected to a client i.e. as a director of a client company, we may request your personal data via our primary contact or another person associated with the client through ownership or control. There may also be situations where we deal with a third party or introducer who, acting on the instructions of our client or potential client, provides some or all of this information on your behalf. We may also hold personal data obtained through public source searches i.e. internet searches, company registry searches and searching against paid for databases. We also obtain information and client preferences and interests via client surveys and other marketing activities.

If you choose not to provide us with the information that we ask you for, we might not be able to provide you with the service requested.

How do we use your personal data?

We may process your personal data for the purposes of providing the services requested by our client and to comply with our legal obligations. This may include processing your personal data where you are an employee, subcontractor, supplier, customer of our client or otherwise associated.

We may process your personal data for the purposes of our own legitimate interests provided that those interests do not override any of your own interests, rights and freedoms which require the protection of personal data. This includes processing for marketing, risk management, business development, statistical, website administration and management purposes.

We may collect management information on our e-mail campaigns, such as whether you have read an e-mail sent by us, when and how many times. We will use this information to improve content and services and to inform groups of users about relevant products and services.

We may process your personal data for certain additional purposes with your consent, and in these limited circumstances where your consent is required for the processing of your personal data then you have the right to withdraw your consent to processing for such specific purposes. If you wish to withdraw your consent to processing for specific purposes, please email us at

Please note that we may process your personal data for more than one lawful basis depending on the specific purpose for which we are using your data.

Where will your personal data be stored?

Whilst data held in paper form is in use, it is securely stored in one or more of the Alta Group offices. Once we no longer need regular access to the data, it is archived off site in a secure storage facility in accordance with our data retention policy. Data will also be stored electronically.

Personal data is accessible to staff, when they have the correct permissions, from mobile and laptop devices. This allows our staff to work from home, enabling us to provide the same high level of service to clients when staff cannot work from the office for whatever reason.

Who can see your information?

The staff employed by any of the Atla Group companies including directors and consultants. The Atla Group share computer systems and personal data will be accessible to the staff of group companies, with the appropriate systems access.

Personal data will be shared with other Atla Group companies where it is necessary to facilitate the provision of services to a client or enable us to provide a better service to a client i.e. provision of your Know Your Customer documentation and information to another group company where their services have been requested. We will also share your contact details with another group company if we feel that their services may be of benefit to you and you have opted in to receiving marketing communications.

We never sell your personal information or share it with other organisations outside the Atla Group for marketing purposes.

We utilise third party service providers to support the delivery of our services. We only use reputable providers who meet our data security standards. Their contracts restrict their use of personal information to those services for which they are engaged. The services provided by third parties who have access to personal data include –

·       the provision of IT systems and support

·       the transport, storage and destruction of client records

·       the provision of corporate services to foreign companies. If the company we are providing services was incorporated outside the Isle of Man, we may need to engage the services of a registered agent in the relevant jurisdiction

Depending on the services provided by the Atla Group, client files containing personal data could be selected for review by the Isle of Man Financial Services Authority, the Institute of Chartered Accountants in England and Wales, our auditors or our bankers. They are required to carry out checks to confirm our compliance with laws, regulations or conditions of service. We will ensure that these parties only have access to the data they are obliged to review.

We may be legally obliged, or required as part of our service to you, to exchange certain information with the Isle of Man Companies Registry for the purposes of the Beneficial Ownership Act or with the Income Tax Division. There may be other instances where we are legally obliged, or required as part of our services to you, to file information in other countries with, for example, their company registries or tax authorities. We may also be legally obliged, under Isle of Man anti-money laundering and countering the financing of terrorism legislation, to share your personal data with the Isle of Man Financial Intelligence Unit or other law enforcement agencies.

If, as part of our service to you, we need to engage with professional advisors such as lawyers, accountants or tax advisors, personal data may be shared with them for the purposes of obtaining the advice and meeting their legal requirements. We may also have to share personal data with any bank or investment house with which we are opening an account for a client. We will ensure, however, that we only share the data that we need to and we will conduct appropriate due diligence in advance of sharing the data.

Transferring personal data outside of the Isle of Man

In order to carry out our business activities, we may need to transfer your personal data to organisations based outside of the Isle of Man. We may transfer your personal data to organisations in countries which have equivalent data protection legislation i.e. EU member states and those countries recognised by the European Commission via adequacy decisions. This ensures you the same rights and protections as our local legislation.

Should we need to transfer personal data to other countries outside the EU that do not have adequacy decisions in place, to ensure the transfer of your data is legal, we will have data sharing contracts in place which will, again, ensure that you have the same rights and protections that you have under our local legislation.

How long will your personal data be kept for?

We will hold your personal data for as long as is necessary to fulfil the purposes for which it was collected and once the data is no longer required we will retain it in accordance with statutory, regulatory and legal obligations, where they exist for the type of data held. Where there are no record keeping requirements set out in law or regulations, we will store for a time period we deem appropriate for the type of data. Different retention periods are therefore necessary depending on the information held.

Data security

The Atla Group take the security of your personal data very seriously. We have in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those third parties who have a business need to access the information or where there is a legal or regulatory requirement for them to have access to your data.

We have in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Your rights

Under the data protection legislation, you have various rights in relation to our possession and processing of your personal data, these include –

·       Right of access – you have the right to know whether we are processing your personal data and to request a copy of the personal data we hold about you.

·       Right of rectification – you have the right to request that we correct any information that you believe is inaccurate and complete any information that is incomplete.

·       Right to request erasure – you have the right to request that we erase your personal data, under certain conditions.

·       Right to restrict processing – you have the right to request that we restrict the processing of your personal data, under certain conditions.

·       Right to object to processing – you have the right to object to our processing of your personal data under certain conditions. Specifically where we are processing data for our legitimate interests. This includes processing for marketing, business development, statistical, website administration and management purposes.

·       Right to data portability – you have the right to request that we transfer the data that we have collected to another organisation, or directly to you, under certain conditions.

If you would like to exercise any of these rights please contact us using the details given in the “Contact us” section of this Policy.

Concerns and Complaints

If you have a query, concern or complaint regarding our handing of your personal data, please get in touch so we can resolve the matter. Please use the contact details in the “Contact us” section of this Policy. We take concerns about our handling of personal data seriously and endeavour to resolve any issues promptly.

Should you feel that we have not adequately addressed your concern, you have the right to make a complaint to the Isle of Man Information Commissioner.

Information Commissioner
First Floor, Prospect House
Prospect Hill
Isle of Man
Telephone: +44 (0) 1624 693260

How we use cookies

Please see our Cookies Policy

Links to other websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy policy. You should exercise caution and look at the privacy policy applicable to the website in question.

Changes to our Privacy Policy

Our Privacy Policy is reviewed regularly and any updates will be published on our website.

Contact us

If you have any questions regarding this Policy or if you would like to speak to us about how we process your personal data, please get in touch.

Atla Group – Data Protection
Burleigh Manor
Peel Road
Isle of Man


Telephone: +44 (0) 1624 777400


By submitting this form, you confirm that you have read and agree to our Privacy Policy.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.