top of page

Privacy Notice

What is the purpose of this notice? 

This Privacy Notice explains how Mithril will use (‘process’) personal data that relates to you.  It applies where we are ‘Data Controller’ – where we decide how and why to use your personal data. 

This notice may be updated from time-to-time and applies to the activities described below. Additional uses of your data may be covered by separate notices available to you (for example for your use of our website, or in relation to specific products or services). 

Mithril has appointed a Data Protection Officer as the main point of contact for individuals whose data is being processed, and to oversee compliance with privacy and data protection laws applicable to the services we are offering. They can be contacted at

What type of information do we process? 

We process personal data that is relevant to our relationship with you.


This may include: 

  • Basic information, for example your name, contact information and date of birth; 

  • Tax, social security and similar official identifiers, including copies of identity documentation; 

  • Information about your financial circumstances and accounts, including source of wealth and funds, employment status, and your business, family and other relationships; 

  • Information about the services we provide to you, including any preferences you have expressed in relation to products, services or attitude to risk; 

  • Information about how you have used our website or online portal or services available to you including technical identifiers, and any communications that you have had with us; 

  • Public domain information; 

  • CCTV or similar security information, should you visit our premises. 


We may also process special category or more highly confidential data, including: 

  • Information about your race or ethnicity, religious beliefs, sexual orientation and political opinions 

  • Information about your health, including any medical conditions 

  • Biometric data 

  • Information about criminal convictions and offences, or sanctions status 


Why do we process your data? 

We process your data where we are providing services to you under a contract to which you are a party, where we have a legal obligation to do so, or where we otherwise have a legitimate interest in doing so.


Specific purposes include: 

  • Providing services to you throughout the life-cycle of your relationship with us, including performance management or termination of those services; 

  • Where we are deciding whether and on what terms to perform services on your behalf; 

  • To obtain legal or other professional advice; 

  • to prevent fraud and comply with regulatory obligations; 

  • To manage our business, improve and develop products and services, better understand our client relationships, and help to determine those products or services offered by Mithril may be of interest to you; 

  • To send you marketing information, subject to any required consent by you; 

  • To support the wider business activities of Mithril, its shareholders and potential shareholders. 


Where the reasons for our use of your data change in a way that does not fit within the described purposes, this will be communicated to you, and we may ask for your consent for this change. 


Where we are seeking consent for other processing activities, you will receive information about that separately and may withdraw that consent at any time. 


Where do we get the information from? 

In addition to personal data provided by you, or which is created by Mithril in the delivery of services to you, other information we process about you may come from: 

  • Regulators and statutory agencies; 

  • Third party companies helping us to undertake regulatory checks; 

  • Lawyers, accountants and other professional advisers. 


Who will we share the information with? 

We have appropriate legal and security safeguards in place to ensure that your data is handled in a way consistent with your rights and our legal obligations. 


Where it is lawful or we are under legal obligation, we may also share your personal data with: 

  • Regulators and statutory agencies; 

  • Professional advisers such as lawyers and accountants; 

  • Banks, insurance companies, wealth managers and other custodians. 


Where these parties are located outside of your home country, we will ensure that appropriate legal and technical safeguards are in place through use of contractual obligations. 


Is my data secure? 

Mithril operates consistent and appropriate security measures across our business.  All of our employees receive regular training in how we keep data secure, and what to do if there is a risk or incident in relation to your data.  We pass these requirements on to all of our partners and suppliers through contractural safeguards. 


Do you make any automated decisions based on my data? 

We do not currently make solely automated decisions about you.  We may use some automated technologies, such as biometric matching with identity documents to confirm your identity, but we always have additional processes in place where a human will check before a decision is made, if needed. 


How long will you keep my data? 

We will keep your data for as long as it is needed for the reasons we are processing it, including the need to comply with any laws that we or the data is subject to.  This may vary depending on the laws that apply to the services we are providing, and where you live. 


We will securely dispose of your data when it is no longer required, or may anonymise in a way that it cannot be re-identified. 


What rights do I have in respect of my data? 

While specific legal rights may vary from country to country, you may: 

  • Request access to your personal information (commonly known as a “data subject access request”); 

  • Request correction of the personal data that we hold about you. 

  • Request erasure of your personal data, and object to or request restriction of our processing. 

  • Withdraw consent to Marketing. This may be done via the unsubscribe link on any marketing email you have received, or by emailing This request will be actioned within a reasonable time-frame 

  • Request the transfer of your personal information to another party under very limited circumstances 


You can contact to make any of these requests. 


Right to complain to your Data Protection authorities 

If you would like to make a complaint about our processing of your personal data, please do so via However, should a complaint be unresolved, you have the right to make a complaint to a relevant Data Protection Supervisory Authority (“DPSA), either in your home jurisdiction, or in the jurisdiction in which the processing is taking place. 


The Mauritius DPSA can be contacted here


A current list of EU DPSAs can be found here, including contact details: 

bottom of page