This Privacy Notice describes how we process personal information received during the course of our business. This policy may be amended from time to time and new versions will be published on our website.
- About Us
- This Notice is issued by Cavendish Fiduciary (Jersey) Limited (“Cavendish”) and applies to Cavendish Fiduciary (Jersey) Limited and its subsidiaries Cavendish Securities Limited, Cavendish Nominees Limited and Cavendish Secretaries Limited.
- Cavendish is registered under the Data Protection (Jersey) Law 2018 (the “Law”) and will process personal data in accordance with the provisions of the Law.
- Cavendish Fiduciary (Jersey) Limited is regulated by the Jersey Financial Services Commission in the conduct of Trust Company Business.
- Cavendish is committed to protecting your privacy and personal data. This Privacy Notice describes the personal data that we collect, the purposes for which we use such data, the steps we take to store and protect it and your choices regarding our use of it.
- What is personal data?
- Personal data is any information held on a data subject. This includes information such as the subject’s name, address and contact details and may include their IP addresses and on-line identifiers. It may include information on physical, physiological, mental, economic and social identity factors.
- A Data Subject is an identifiable living individual to whom personal data relates.
- Personal data includes information processed or held electronically eg on a computer and/or non-electronically eg paper records held in a filing system.
- What personal data do we collect and why?
- We collect personal data during the application process and throughout our relationship with you.
- We collect the following types of personal data
- Basic personal information; including name, address, contact details
- Demographic information such as gender, age, date of birth, nationality, marital status, next of kin
- Personal identification information such as passport numbers, identity card numbers, driving licence numbers etc
- Financial information including details of your personal wealth, assets and liabilities, proof of income and expenditure, source of wealth
- Financial and payment data such as bank account numbers, bank statements and transaction information
- Education and employment information
- Visual images and personal appearance such as photos in identity documents
- Tax residency
- Details of services provided
The above list is not exhaustive and Cavendish may also collect and process other data to the extent that this is considered necessary for the provision of our services or our compliance with legislative requirements.
- What is sensitive data?
- Sensitive data is data defined in the Law as such eg racial or ethnic origin, political opinion, religion, trade union membership, health data, genetic or biometric data or criminal records
- We will only collect sensitive data for a legitimate reason. Primarily this will be to enable Cavendish to perform and record checks to prevent and detect crime and comply with laws relating to money laundering, fraud, terrorist financing, bribery, corruption and international sanctions. It may involve investigating and gathering intelligence on suspected financial crime, fraud etc and sharing data with law enforcement and regulatory bodies.
- How does Cavendish collect data?
- We collect and process personal data that you provide to us directly (or indirectly via your advisors) when you apply for services to be provided and throughout your relationship with us.
- We collect and process personal data obtained from third parties such as
- existing clients of Cavendish with which you may be associated
- family members connected to an entity to which Cavendish provides services
- fraud prevention agencies, professional background checking entities, screening tools
- publically accessible sources such as international sanctions lists, electoral registers, company registers, on-line directories, social networks, internet searches etc
Where information on an individual is provided to Cavendish by a third party, we may need to make them aware of how that information was obtained. However, we will not make potential beneficiaries of a trust aware of information that we hold relating to them unless it is considered necessary and relevant to do so.
- How does Cavendish use personal data?
Our use of your personal data will always have a lawful basis. We use and collect personal data on the basis that:
- It enables us to perform our contract with you or to comply with your intentions/request that we perform a service for you;
- It is required that we do so to comply with legal or regulatory obligations;
- It is in our legitimate interests to do so; or
- You have consented to our use of your personal data.
- Contractual necessity
We may process your information during the account opening process if you decide to use our services or to perform our obligations under any contract entered into. This may include processing to:
- Assess and process applications by you or another party for Cavendish or its subsidiaries to provide a service to an entity to which you are connected.
- Provide and administer those services during the provision of services to an entity to which you are connected
- Maintain and manage our relationships with you and for ongoing customer service. This may involve sharing your information with group companies
- Communicate with you about the entity to which you are connected and/or the services which we provide.
- Legal obligation
When you or another party apply to Cavendish to provide a service to an entity to which you are connected (and throughout the relationship of that entity with Cavendish) we are required by law to collect and process certain personal information about you. This may include processing to:
- Verify your identity
- Perform checks and monitor transactions and location data for the purposes of preventing and detecting crime and to comply with laws relating to money laundering, fraud, terrorist financing, bribery and corruption and international sanctions, This may require us to proves information about criminal convictions and offences, to gather intelligence on crimes and threats and to share data with law enforcement and regulatory bodies
- Share data with law enforcement, tax authorities and other government and fraud prevention agencies where we have a legal obligation to do so, including reporting suspicious activity and complying with production and other court orders
- Delivering mandatory communications to customers or providing updates to terms and conditions of the provision of services
- Investigate and resolve complaints
- Conduct investigations into breaches of conduct and corporate policies by our employees
- Manage contentious regulatory matters, investigations and litigation
- Perform assessments and analyse customer data for the purposes of managing, improving and fixing data quality
- Provide assurance that Cavendish has effective processes to identify, manage, monitor, and report the risks it is or might be exposed to
- Investigate and report on incidents or emergencies on Cavendish’s properties and premises; and
- Coordinate responses to business disrupting incidents and to ensure facilities, systems and people are available to continue to provide services.
- Legitimate interests of Cavendish
- To manage our risks and determine what services we can offer and the terms of those services
- To carry out financial risk assessments and for risk reporting and risk management
- To protect our business by preventing financial crime or from being used to facilitate financial crime
- To develop, test , monitor and review the performance of services, internal systems and security arrangements offered by Cavendish
- To assess the quality of services to clients
- To provide staff training
- To analyse your use of our site and gathering feedback to enable improvement of our site and your experience including development of user experience
- To provide you with access to our corporate literature and information about our services
- To prevent and detect fraud and abuse and
- To enable third parties to carry out technical, logistical and other functions on our behalf.
- Who does Cavendish provide personal data to?
- In order to provide services to you or to entities that you are connected with, Cavendish may be required to share personal data. Cavendish may disclose or transfer personal data collected by Cavendish to our group companies insofar as reasonably necessary for the purposes of providing services or for compliance purposes as well as on the legal basis set out in this Notice. Except as described below, Cavendish will not disclose, transfer or sell your personal data to any third party without your consent.
- The following are potential recipients of data
- Cavendish, its subsidiaries and associated companies
- Other service providers such as lawyers, accountants, banks, investment managers etc, who provide services to any entity which Cavendish is contracted to provide services to, where disclosure is necessary to provide those services
- Any sub-contractors, agents or service providers to Cavendish and its subsidiaries
- Courts or tribunals
- Regulators, registrars or other governmental or supervisory bodies with a legal right to the data or where necessary to fulfil Cavendish’s legal and/or regulatory obligations
- Law enforcement agencies where disclosure is necessary for Cavendish or its subsidiaries to fulfil their legal and/or regulatory obligations
- Where Cavendish employs another company or individual to perform any function on its behalf or to provide services to you or an entity connected to you, that third party will have access to personal data needed to perform their function but they may not use it for other purposes. Such functions includes, administrative, computer, data processing, screening, debt collecting and compliance services. Such third parties must process the personal data in accordance with this Privacy Notice and applicable laws. Cavendish will seek to enter into an agreement with each third party setting out the respective obligations of each party, to ensure they process personal data with the same level of security and confidentiality as Cavendish and to be reasonably satisfied that the third party has measures in place to protect data against unauthorised or accidental use, access, disclosure, damage loss or destruction.
- If authorised by you, Cavendish will disclose data to any third party that you request. Cavendish is not responsible for any such third party’s use of your data, which will be governed by their agreement with you.
- The personal data that Cavendish holds will be used and stored principally in Jersey, When Cavendish discloses data to third parties to satisfy the purposes outlined above, the third parties are generally located within the European Economic Area (EEA) However, on occasion, Cavendish may disclose or transfer personal data to third parties located outside the EEA; if such third parties are located in countries that do not ensure an equivalent level of protection for your personal data, Cavendish will ensure that the third party will protect the personal data to an equivalent standard as is in force in Jersey.
- How long does Cavendish retain personal data?
Cavendish will process and store your personal data for the duration of our services to you or to an entity you are connected with and in accordance with financial services legislation and the data protection legislation in place in Jersey from time to time. Cavendish will endeavour to delete any personal data where it is not necessary for it to be held. Cavendish will continue to store your personal data as long as necessary to fulfil legal (eg anti money laundering and countering the financing of terrorism legislation), regulatory, contractual or statutory obligations, for the establishment, exercise or defence of legal claims and in general where Cavendish has a legitimate interest for doing so.
- How Cavendish protects personal data
Cavendish regards the lawful and correct treatment of your personal data as fundamental to our successful operation and to maintaining confidence and trust between Cavendish and our clients. In fulfilling this objective, Cavendish will
- ensure that your personal data is not used for any purposes that is incompatible with this Privacy Notice
- ensure that any processing of your personal data is fair and transparent and sufficient for the uses set out above
- endeavour to keep your personal data up to date
- retain your personal data no longer than necessary
- ensure that our staff are trained to handle personal data appropriately and securely
- Implement appropriate technical and organisational measures
- to enable inaccuracies to be corrected and minimise the risk of errors
- to secure personal data appropriately
- to protect your personal data against unauthorised or unlawful access or processing and against accidental loss or destruction
- Your rights
You have the following rights:
- Right of access to your information – you have the right to access the personal data that Cavendish holds about you at any time. Please note that Cavendish is not always required to provide details of or copies of all date held and may charge a fee (where permitted by law) to cover reasonable costs of retrieval.
- Right to correction of your personal data – you have the right to ask Cavendish to correct any incorrect, inaccurate or out of date information
- Deletion of your personal data (Right to be forgotten) – you have the right to ask Cavendish to delete your personal data, to the extent that Cavendish has no legal and/or regulatory obligation to retain such personal information
- Right to data portability – you have the right to request a copy of the personal data that Cavendish holds about you
- Right to object to direct marketing – you have the right to object at any time to the processing of your personal data for direct marketing purposes by Cavendish.
- Rights relating to the use of automated decision making and profiling systems based on personal data. Cavendish does not currently make decisions by purely automated means, but should we do so, you have the right to object.
- Right to apply or remove consent for processing of personal data
- Right to restrict processing – you have the right to ask Cavendish to restrict processing of your personal data where a) you contest the accuracy of the personal data held by Cavendish, b) the processing is unlawful but you objected to the deletion of the personal data and requested that the use be restricted instead, c) Cavendish no longer needs the personal data for the processing purpose but you require them for legal reasons; and d) you objected to processing and Cavendish is investigating whether there are legitimate grounds to override your objection
- How to contact us
If you do not wish to receive email or other mail from Cavendish or for Cavendish to use personal data that we gather please contact firstname.lastname@example.org in the first instance. If you contact us in relation to your rights we will do our best to accommodate your request or objection. You can help us maintain the accuracy of your information by notifying us of any change at email@example.com (or via your usual contact).
If you have any questions, concerns or complaints with respect to this Privacy Notice, the way Cavendish is handling your data or have any other queries or concerns, please contact our Data Protection Officer directly at firstname.lastname@example.org or in writing at First Floor, La Chasse Chambers Ten La Chasse, St Helier, Jersey, JE2 4UE.