Stenham Trustees Limited
We understand that you are aware of and care about your own personal privacy interests, and we take that seriously. This Privacy Notice explains how Stenham Trustees Limited (“the Company”) collects, uses and discloses your personal data, and sets forth your rights in relation to the personal data it holds.
We ask that you read this privacy notice carefully as it contains important information on who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information and on how to contact us, and supervisory authorities, in the event you have a complaint. This notice serves to inform you of the changes to data protection law under the Data Protection (Bailiwick of Guernsey) Law, 2017 (“DP Law”), as amended to incorporate legislation equivalent to EU Regulation 2016/679 (the “GDPR”).
The Company (“we”, “our”, “us”) aims to protect the privacy of our clients, service providers, representatives and suppliers (“you”) as far as possible.
The Company is a Data Controller in respect of any personal information we hold about you.
We recognise that information privacy is an ongoing responsibility, and so we will from time to time update this Privacy Notice as we undertake new personal data practices or adopt new privacy policies. Where we do so, we will take appropriate steps to bring the amendment to your attention by publishing it on our website at www.stenhamtrustees.com. This Privacy Notice was last updated on 1 August, 2018.
Data Protection Officer
The Company has appointed an internal data protection officer for you to contact if you have any questions or concerns about our personal data policies or practices. The Company’s data protection officer’s name and contact information are as follows:
La Corvee House, La Corvee, Alderney, GY9 3TQ
Tel: +44 (0)1481 822763, firstname.lastname@example.org
How we obtain your information
In the course of providing services to you, we collect information that personally identifies you.
The information we collect about you (or your directors, officers, employees, settlors, beneficial owners and/or beneficiaries) comes from:
- application forms or other materials you submit to us during the course of your relationship with us;
- your interactions with us, transactions and use of our products and services (including the use of our website);
- your business dealings with us, including via email, telephone or as stated in our contracts with you;
- depending on the products or services you require, third parties (including for anti-money laundering checks, among other things); and
- recording and monitoring tools that we may use for compliance or security purposes (e.g. recording of telephone calls, monitoring emails, etc.).
The information we collect
We collect information that helps us to identify you and to manage our relationship with you. We also collect financial information about you, information about your transactions with us and information required for us to carry out anti-money laundering and other checks and to comply with our legal obligations.
Information that we collect includes:
- your name, title and contact details;
- your professional title and occupation;
- your age and marital status;
- financial information, including investments, account details, risk appetite and evidence of ownership of financial assets;
- personal identifiers such as your social security number, national insurance number, tax file number, IP address or our internal electronic identifiers;
- information which we need to conduct ‘know your client’ checks such as details relating to your passport and credit history;
- other information you provide to us in the course of your dealings with us or which we require to provide you with the Company’s product and services; and
- other information you provide to us in the course of your dealings with us or which we require in order for you to provide goods and services to us.
In limited cases, we also collect what is known as “special categories” of information. Our money laundering, sanctions, financial crime and fraud prevention checks sometimes results in us obtaining information about political opinion, actual or alleged criminal convictions and offences.
You are not obliged to provide us with your information where it is requested but we may be unable to provide certain products and services or proceed with our business relationship with you if you do not do so. Where this is the case, we will make you aware.
Our use of your information
Your personal data may be processed by the Company (or any of its affiliates, agents, employees, delegates or sub-contractors) for the following purposes:
- in connection with the Company’s internal management and reporting;
- to facilitate our internal business operations, including assessing and managing risk and fulfilling our legal and regulatory requirements;
- the administration and/or management of your structures and any related account on an on-going basis (the “Services”) which are necessary for the performance of your contract with the Company;
- in order to carry out anti-money laundering (AML) checks and related actions which the Company considers appropriate to meet any legal obligations imposed on the Company, or the processing in the public interest, or to pursue the legitimate interests of the Company in relation to, the prevention of fraud, money laundering, terrorist financing, bribery, corruption, tax evasion and to prevent the provision of financial and other services to persons who may be subject to economic or trade sanctions, on an on-going basis, in accordance with the Company’s AML procedures;
- to monitor electronic communications for (i) processing verification of instructions; (ii) investigation and fraud prevention purposes; (iii) crime detection, prevention, investigation and prosecution; (iv) to enforce or defend the Company’s, or their affiliates’ rights, whether directly or indirectly (through third parties to whom they delegate such responsibilities) or rights in order to comply with any legal obligation imposed on the Company; (v) to pursue the legitimate interests of the Company in relation to such matters; or (vi) where the processing is in the public interest;
- to disclose information in order to comply with any legal obligation imposed on the Company or in order to pursue the legitimate interests of the Company;
- to update and maintain records and carry out fee calculations;
- to retain AML and other records of individuals to assist with subsequent screening;
- to ensure that the contractual arrangements between us can properly be implemented so that the relationship can run smoothly;
and which are necessary for the purposes of:
- the performance of our contract with you;
- the performance of a contract between us and another service provider to us the performance of which is in your interest;
- compliance with the Company’s legal obligations;
- the Company’s legitimate interests; or
- processing in the public interest;
Where we process “special categories” of information about you, we do so either because you have given us your explicit consent, we are required by law to do so or the processing is necessary for the establishment, exercise or defence of a legal claim.
How we share your information
The Company may disclose your personal information as follows:
- to any of our Group Companies;
- to the Company’s service providers and other third party vendors in order to store or process the data for the above mentioned purposes;
- in the event of a merger or acquisition by another business in the future, (or where we are in meaningful discussions about such a possibility) we may share your personal data with the prospective new owners of the business;
- to competent authorities (including tax authorities), courts and bodies; or
- to affiliates for internal investigations and reporting.
How we transfer your information
The disclosure of personal information to the third parties set out above may involve the transfer of data to other jurisdictions outside the Bailiwick of Guernsey (“Guernsey”) and the European Economic Area (“EEA”). Such countries may not have the same data protection laws and some of these countries may have lower standards of data protection. Where we transfer your information outside of Guernsey and the EEA, we will ensure that the transfer is subject to appropriate safeguards in accordance with DP Law. Often, these safeguards include contractual safeguards. Please do contact us if you would like more information about these safeguards (see the “Contact Us” section below for further details).
The Company will retain your personal information for as long as required for the Company to perform the Services and/or carry out the purposes for which the data was collected, or perform investigations in relation to the data depending on the legal basis for which that data was obtained and/or where additional legal/regulatory obligations mandate that the Company retains your personal information.
You may have the following rights under DP Law:
- Right of subject access: the right to make a written request for details of information about you held by the Company and a copy of that information.
- Right to rectification: the right to have inaccurate information about you rectified. You must provide any relevant updates to your personal data held by the Company promptly to ensure its accuracy.
- Right to erasure (‘right to be forgotten’): the right to have certain information about you erased.
- Right to restriction of processing: the right to request that your information is only used for restricted purposes.
- Right to object: the right to object to the use of your information, including the right to object to marketing.
- Right to data portability: the right, in certain circumstances, to ask for information you have made available to us to be transferred to you or a third party in machine-readable formats.
- Right to withdraw consent: the right to withdraw any consent you have previously given us to handle your information. If you withdraw your consent, this will not affect the lawfulness of the Company’s use of your information prior to the withdrawal of your consent.
These rights are not absolute: they do not always apply and exemptions may be engaged. We may, in response to a request, ask you to verify your identity and to provide information that helps us to understand your request better. If we do not comply with your request, we will explain why.
To exercise any of these rights, or if you have any other questions about our use of your information, please contact us at the details set out in the “Contact Us” section below.
If you are unhappy with the way we have handled your information you have a right to complain to the data protection regulator. In Guernsey, your local regulator is the Data Protection Authority. Their website is available at https://www.dataci.org/.
The Company takes the protection of your personal information seriously, and has appropriate technical and organisational measures and policies in place to secure your information and to protect it against unauthorised or unlawful use and accidental loss or destruction. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will only do so in an authorised manner and are subject to a duty of confidentiality. All staff of the Company are made aware of their information security responsibilities.
We also have procedures in place to deal with any data breach. We will notify you and any applicable regulator of a data breach where we are legally required to do so.
How to contact us
If you have any questions about our use of your personal information, please be in touch with your usual contact or our Data Protection Officer on email@example.com
Version Date: 1 August, 2018.