Governance

How the group operates. How it protects data. What it expects of itself.

Aspen Meridian conducts its affairs with the discretion, rigour, and long-term regard that private stewardship demands. This page sets out the framework by which the group governs itself, manages information, and maintains its obligations — to those it works with, to the jurisdictions in which it operates, and to the standards it has set for itself.

Conduct & Compliance

The group conducts itself in accordance with the law, in letter and in spirit.

Incorporation & standing

Aspen Meridian Ltd is a private company limited by shares, incorporated in the Isle of Man pursuant to the Companies Acts 1931 to 2004, and registered with the Isle of Man Companies Registry. The company conducts its affairs in accordance with the provisions of those Acts and all subordinate legislation made thereunder, as amended from time to time.

The Isle of Man is a British Crown Dependency with its own legislature — Tynwald, one of the oldest continuous parliaments in the world — its own courts, and a long-established tradition of commercial probity. The Island is fully compliant with OECD standards, participates in the international automatic exchange of tax information under the Common Reporting Standard, and cooperates fully with the Financial Action Task Force. It is not, and has never been, a secrecy jurisdiction.

Regulatory posture

The group maintains its affairs in good standing with all relevant authorities of the Isle of Man. Annual returns are filed as required under statute. The registered office is maintained and accessible in accordance with the company's statutory obligations, and the register of members and other statutory registers are kept and made available as the law requires.

Where individual operating companies within the group carry additional regulatory obligations appropriate to their sector or user base — whether in respect of financial services, data handling, payments, or other regulated activities — those obligations are discharged at the operating company level. Full particulars, including any applicable licences, registrations, and notices, are available within each company's own statutory documentation.

Data Stewardship

Data held is data with a purpose. Nothing more is kept than is necessary.

Data Controller registration

Aspen Meridian Ltd is registered as a Data Controller with the Isle of Man Information Commissioner's Office, in accordance with its obligations under the Data Protection Act 2018 (Isle of Man). That Act gives effect in the Island to the substantive provisions of the United Kingdom General Data Protection Regulation, as retained and adapted, and reflects the Island's commitment to maintaining a data protection framework of the highest international standard.

Personal data held at the level of the parent company is limited strictly to what is necessary for the proper conduct of its corporate affairs. It is not sold, transferred for commercial purposes, or retained beyond the period for which a lawful basis exists.

Product-level particulars

Each operating company within the group maintains its own data protection registration, privacy notices, and subject access procedures, appropriate to the nature of its business, its user base, and the jurisdiction or jurisdictions in which it operates. Full particulars — including the identity of the registered Data Controller, the lawful bases relied upon for processing, retention periods, and the rights available to data subjects — are set out within the statutory documentation published by each respective company.

Enquiries relating to personal data held by locked.im or ManxPay should be directed to those entities, whose contact and compliance details are contained within their own published notices.

Operating Principles

Principles held consistently are worth more than policies consulted occasionally.

Necessity & proportionality

The group collects only what is necessary, retains information only as long as there is a genuine and lawful purpose, and restricts access to those who demonstrably require it in the course of their duties.

Transparency by design

The group's affairs are conducted with the expectation that they could, at any time, withstand the scrutiny of any competent authority. Regulatory transparency is not a burden — it is a baseline.

Forward-looking compliance

Aspen Meridian does not regard compliance as a retrospective exercise. Standards are monitored, obligations are reviewed regularly, and the group anticipates rather than reacts to changes in the regulatory environment.

Further enquiries

Corporate and governance correspondence is welcome.

Matters relating to the group's corporate standing, Data Controller registration, or governance framework may be directed to the holding company. Enquiries relating to specific operating companies should be addressed to those entities directly, whose contact details are set out within their own published documentation.

Contact