Privacy Policy
Last updated: 22 May 2026
1. Introduction
TruFin (BVI) Limited ("we", "us", "our") is committed to protecting and respecting your privacy.
This Privacy Policy explains how we collect, use, store, and share personal data in accordance with the British Virgin Islands Data Protection Act, 2021 (DPA).
For the purposes of the DPA, we act as a Data Controller in respect of your personal data.
2. Scope
This Privacy Policy applies to all individuals whose personal data we process, including:
- Clients and prospective clients
- Directors, officers, and shareholders
- Service providers and business partners
- Website users and other contacts
3. Types of Personal Data We Collect
We may collect and process the following categories of personal data:
a) Information you provide directly
- Name, address, and contact details
- Date of birth, nationality, and identification details
- Financial information (e.g. bank details, income, assets)
- Employment and professional information
- Tax information and residency status
b) Information we generate
- Communications (emails, correspondence, call recordings)
- Website usage data
c) Information from third parties
- Due diligence and compliance data (e.g. KYC, AML, sanctions checks)
- Publicly available information
- Information from advisors, intermediaries, or service providers
4. How We Use Your Personal Data
We process personal data for the following purposes:
- Legal and regulatory compliance (including AML, CTF, FATCA, CRS)
- Client onboarding and administration
- Providing our services
- Risk management and fraud prevention
- Internal record keeping and reporting
We only process personal data where we have a lawful basis under applicable law.
5. Data Protection Principles
We adhere to the following principles when processing personal data:
- Data is processed fairly and lawfully
- Used only for specified, legitimate purposes
- Adequate, relevant, and not excessive
- Accurate and kept up to date
- Retained only as long as necessary
- Protected with appropriate security measures
- Not used for direct marketing without explicit consent
7. International Transfers
Your personal data may be transferred to countries outside the British Virgin Islands.
Where this occurs, we will take reasonable steps to ensure appropriate safeguards are in place, including transfers to jurisdictions with adequate data protection standards or through legally approved mechanisms.
8. Data Retention
We retain personal data only for as long as necessary, including:
- Typically up to 5 years, or
- Longer where required for legal, regulatory, or litigation purposes
We securely delete or anonymise data when it is no longer required.
9. Failure to Provide Personal Data
If you do not provide required personal data, we may:
- Be unable to onboard you as a client
- Be unable to provide services
- Be required to terminate our relationship
10. Your Rights
Under the DPA, you have the right to:
- Access your personal data
- Request correction of inaccurate data
- Request deletion of your data (in certain circumstances)
- Restrict or object to processing
- Withdraw consent (where applicable)
- Object to direct marketing
- Lodge a complaint with the BVI Information Commissioner
We may request identification before fulfilling your request.
11. Data Security
We implement appropriate technical and organisational measures to protect personal data against:
- Unauthorised access
- Loss or destruction
- Misuse or disclosure
However, no method of transmission over the internet is completely secure.
12. Data Breaches
In the event of a data breach, we will:
- Investigate and contain the incident
- Notify affected individuals where required
- Notify the Information Commissioner where applicable
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Any changes will take effect upon publication.
14. Contact Us
If you have any questions or wish to exercise your rights, please contact us:
TruFin (BVI) Limited
info@trufin.io