Fair Processing Notice

Content

1. Who we are
2. The information we process
3. How we obtain information
4. Your rights

Table A – Your Rights

5.   Changes to the way we use your information
6.   Sharing with third parties
7.   Transferring information overseas
8.   Marketing information
9.   Communications
10. How long we keep your information
11. Security

Schedule A – Schedule of Purposes of Processing

     I. Contractual necessity
    II. Legal obligation
   III. Legitimate interest of Baccata

1. Who we are

1.1 Baccata and Baccata Group are registered business names of Baccata Trustees Limited, which is regulated by the Jersey Financial Services Commission. Registered Office: 35-37 New Street, St Helier, Jersey Channel Islands JE2 3RA.  Tel: +44 (0) 1534 870670.

1.2 This Fair Processing Notice (the “FPN”) applies to all personal information processing activities carried on by the business of Baccata.

1.3 The Baccata Group comprises the following businesses:

  • Baccata Trustees Limited
  • Baccata Nominees Limited
  • Baccata Secretaries Limited
  • Consort 1 Limited
  • Fenlight Trustees Limited
  • Kyle Consultants Limited
  • Sparticus Trustees Limited
  • Trafalgar Executive Limited
  • Ventura Trustees Limited

1.4 Baccata is a data controller in respect of personal information that we process in connection with our business. In this notice, references to “we”, “us” or “our” are references to Baccata.

1.5 We respect individuals’ rights to privacy and to the protection of personal data. The purpose of this FPN is to explain how we collect and use personal data in connection with our business. “Personal data” means information about a living individual who can be identified from that data (either by itself or when it is combined with other information).  We may update our FPN from time to time, by communicating such changes to you and publishing the updated FPN on our website (www.baccata.co.je).  We would encourage you to visit our website regularly to stay informed of the purposes for which we process your information and your rights to control how we process it.

2. The information we process

2.1 We collect and process various categories of personal data at the start of and for the duration of your relationship with us. We will limit the collection and processing of data to information necessary to achieve one or more lawful bases of processing as identified in this notice.  Personal data may include:

  • basic personal information, including name and address, date of birth and contact details;
  • information about your family, lifestyle and social circumstances (such as dependents, marital status, next of kin and contact details);
  • information about your financial circumstances, including personal wealth, assets and liabilities, proof of income and expenditure;
  • education and employment information;
  • visual images and personal appearance (such as copies of passports or CCTV images);
  • online profile and social media information and activity;
  • information about your tax residence, including tax identification numbers, National Insurance numbers and social security number; and
  • personal bank account details.

2.2 We may also process certain special categories of information for specific and limited purposes, such as detecting and preventing financial crime. We will only process special categories of information where we’ve obtained your explicit consent or are otherwise lawfully permitted to do so (and then only for the particular purposes and activities set out at Schedule A for which the information is provided). This may include:

  • information about racial or ethnic origin,
  • religious or philosophical beliefs;
  • trade union membership; and
  • physical or psychological health details or medical conditions.

3. How we collect personal data

3.1 Your information is made up of all the financial and personal information we collect and hold about you. It includes:

  • information and documentation you give to us;
  • information and documentation that we receive from third parties;
  • information and documentation that we learn about you through our relationship with you; and
  • information and documentation that we gather from publicly available sources, such as the press, the electoral register, company registers and online search engines.

4. Your rights

4.1 We want to make sure you are aware of your rights in relation to the personal information we process about you. We have described those rights and the circumstances in which they apply in the table below.

4.2 If you wish to exercise any of these rights, or if you have any queries about how we use your personal information which are not answered here, please contact us by email at DPL@baccata.co.je.  Please note that additional personal information should not be included in this message for security reasons.  We will respond by telephone or letter for the same reason.

4.3 Our Data Protection Team is contactable by writing to DPL@baccata.co.je.

Table A - Your rights

Rights

Description

Access - You have a right to get access to the personal information we hold about you (also referred to as a “Subject Access Request”)

If you would like a copy of the personal information we hold about you, please use the contact details in Section 4.2 – (Your rights) above. If you do not wish to use the contact details in Section 4.2, you can write to our Data Protection Team at the address shown in Section 1.1 above.

Rectification – You have a right to rectification of inaccurate personal information and to update incomplete personal information.

If you believe that any of the information that we hold about you is inaccurate, you have a right to request that we restrict the processing of that information and to rectify the inaccurate personal information.

Erasure - You have a right to request that we delete your personal information.

You may request that we delete your personal information if you believe that:

  • we no longer need to process your information for the purposes for which it was provided;
  • we have requested your permission to process your personal information and you wish to withdraw your consent; or
  • we are not using your information in a lawful manner.

Restriction – You have a right to request us to restrict the processing of your personal information.

You may request us to restrict processing your personal information if you believe that:

  • any of the information that we hold about you is inaccurate;
  • we no longer need to process your information for the purposes for which it was provided, but you require the information to establish, exercise or defend legal claims; or
  • we are not using your information in a lawful manner.

Portability – You have a right to data portability.

Where we have requested your permission to process your personal information or you have provided us with information for the purposes of entering into a contract with us, you have a right to receive the personal information you provided to us in a portable format.

You may also request us to provide it directly to a third party, if technically feasible. We are not responsible for any such third party’s use of your account information, which will be governed by their agreement with you and any privacy statement they provide to you.

If you would like to request the personal information you provided to us in a portable format, please write to or contact us using the contact details in Section 4.2 – (Your rights) above.

Objection – You have a right to object to the processing of your personal information.

You have a right to object to us processing your personal information (and to request us to restrict processing) unless we can demonstrate compelling and legitimate grounds for the processing, which may override your own interests or where we need to process your information to investigate and protect us or others from legal claims.

Marketing – You have a

right to object to direct marketing.

You have a right to object at any time to processing of your personal information for direct marketing purposes, including profiling you for the purposes of direct marketing. For more information see Section 8 (Marketing Information) below.

Withdraw consent – You have a right to withdraw your consent.

Where we rely on your permission to process your personal information, you have a right to withdraw your consent at any time. We will always make it clear where we need your permission to undertake specific processing activities.

Lodge complaints – You have a right to lodge a complaint with the regulator.

If you wish to raise a complaint on how we have handled your personal information, you can contact our Data Protection Team who will investigate the matter. We hope that we can address any concerns you may have, but you can always contact the data protection authority. For more information please visit jerseyoic.org (full address details listed below).

5. Changes to the way we use your information

From time to time we may change the way we use your information. Where we believe you may not reasonably expect such a change we will notify you and will allow a period of at least 30 days for you to satisfy any queries before the change is made.

6. Sharing with third parties

6.1 We will not share your information with any third party outside Baccata except:

  • where we have your permission;
  • where required for your product or service;
  • where we are required by law and by law enforcement agencies, judicial bodies, government entities, tax authorities or regulatory bodies around the world;
  • with third parties providing services to us, such as market analysis;
  • with debt collection agencies;
  • with credit reference and fraud prevention agencies;
  • where required for a proposed sale, reorganisation, transfer, financial arrangement, asset disposal or other transaction relating to our business and/or assets held by our business;
  • in anonymised form as part of statistics or other aggregated data shared with third parties; or
  • where permitted by law, it is necessary for our legitimate interests or those of a third party, and it is not inconsistent with the purposes listed above.

6.2 Baccata will not share your information with third parties for their own marketing purposes without your permission.

7. Transferring information overseas

7.1 We may transfer your information to organisations in other countries on the basis that anyone to whom we pass it protects it in the same way we would and in accordance with applicable laws.

7.2 In the event that we transfer information to countries outside of the European Economic Area (which includes countries in the European Union as well as Iceland, Liechtenstein and Norway), we will only do so where:

  • the European Commission has decided that the country or the organisation we are sharing your information with will protect your information adequately;
  • the transfer has been authorised by the relevant data protection authority; and/or
  • we have entered into a contract with the organisation with which we are sharing your information (on terms approved by the European Commission or our own Data Protection Authority) to ensure your information is adequately protected. If you wish to obtain a copy of the relevant data protection clauses, please contact us using the contact details in Section 4.2 (Your rights) above.

8. Marketing information

We will not use your personal data for marketing purposes unless we have obtained your prior consent.  If you have consented to marketing, we may send you relevant marketing information including details of services provided by Baccata which we believe may be of interest to you. If you change your mind and no longer wish to receive this information, you can inform us at any time using the contact details in Section 4.2 (Your rights) above.

Where you attend a marketing event hosted by Baccata, you acknowledge that images and sound may be captured during the event using film photography, digital photography, video or other medium and may be used by us to promote Baccata Group or other future events within Jersey, on our website, social media sites, promotional leaflets and brochures and other publicity material (such as internal and external communiqués). The images may also be provided to the media for publication in local, national or international newspapers or magazines. We acknowledge our responsibilities in capturing images by photography or other means.

Where possible and practical to do so, we shall seek written consent in respect of image capture. Where this is not possible for practical reasons, unless express objections are received, individuals attending Baccata hosted events are deemed to have given their consent by attending or remaining at the event. No image shall be used by us for commercial purposes without express consent of the individual(s) captured in that image. We shall take no responsibility for the capture and use of any images taken at the event by any third party not directly engaged by us to do so on its behalf and accepts no liability for the actions of such third parties.

9. Communications

9.1 We will contact you with information relevant to the operation of our related business (including updated information about how we process your personal information), by a variety of means including via email, text message, post and/or telephone. If at any point in the future you change your contact details you should tell us promptly about those changes.

9.2 We may monitor or record calls, emails, text messages or other communications in accordance with applicable laws for the purposes outlined in Schedule A - Purposes of Processing.

10. How long we keep your information

10.1 By providing you with services, we create records that contain your information, on a variety of media (physical or electronic) and formats.

10.2 We manage our records to help us to serve our clients well (for example for operational reasons, such as dealing with any queries relating to our related business) and to comply with legal and regulatory requirements. Records help us demonstrate that we are meeting our responsibilities and to keep as evidence of our business activities.

10.3 Retention periods for records are determined based on the type of record, the nature of the activity and service provided.   We normally keep customer account records for up to 10 years after your relationship with us, whilst other records are retained for shorter periods. Retention periods may be changed from time to time based on business or legal and regulatory requirements.

10.4 We may on exception retain your information for longer periods, particularly where we need to withhold destruction or disposal based on an order from the courts or an investigation by law enforcement agencies or our regulators. This is intended to make sure that Baccata will be able to produce records as evidence, if they are needed. Baccata is also entitled to retain records and information in order to support the establishment, exercise or defence of any legal claims in the future. Where this is the case Baccata has in place proper systems for restricting access to that retained information.

10.5 If you would like more information about how long we keep your information, please contact us using the contact details in Section 4.2 (Your rights) above.

11. Security

We are committed to ensuring that your information is secure with us and with the third parties who act on our behalf.

In 2017 we became Cyber Essentials certified for cyber security and we have regular system vulnerability assessments in order to mitigate the risk of potential cyber security weaknesses.

We use Transport Layer Security (TLS) and Secure Sockets Layer (SSL) to encrypt and protect email traffic.  If your email service does not support TLS or SSL, you should be aware that any emails we send or receive may not be protected in transit.

We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.

We do not control and are not responsible for the security or privacy controls over any website or organisation to which our website provides links. By including references, hyperlinks or other connections to such third party websites we do not imply any endorsement of them or any association with their owners or operators.

For more information about the steps we are taking to protect your information please email trustees@baccata.co.je or contact our Data Protection Team at DPL@baccata.co.je

Schedule A - Schedule of Purposes of Processing

We will only use and share your information where it is necessary for us to carry out our lawful business activities.  We want to ensure that you fully understand how your information may be used. We have described the purposes for which your information may be used in detail in a table below:

    I. Contractual necessity

We may process your information where it is necessary to enter into a contract with you for the provision of our services or to perform our obligations under that contract to:

  • assess and process take on of new business;
  • provide and administer those services throughout your relationship with Baccata, including collecting and issuing all necessary documentation, executing your instructions, processing transactions, resolving any queries or discrepancies and administering any changes;
  • manage and maintain our relationships with you and for ongoing customer service; or
  • communicate with you about the services we are providing to you.

    II. Legal obligation

When you request us to provide you with a service, and throughout your relationship with us, we are required by law to collect and process certain personal information about you.  This may include processing to:

  • confirm your identity;
  • perform checks and monitor transactions for the purpose of preventing and detecting crime and to comply with laws relating to money laundering, fraud, terrorist financing, bribery and corruption, and international sanctions. This may require us to process information about criminal convictions and offences, to investigate and gather intelligence on suspected financial crimes, fraud and threats and to share data with law enforcement and regulatory bodies;
  • share data with police, law enforcement, tax authorities or other government and fraud prevention agencies where we have a legal obligation, including reporting suspicious activity and complying with production and court orders;
  • deliver mandatory communications to customers or communicating updates to our service terms and conditions;
  • investigate and resolve complaints;
  • conduct investigations into breaches of conduct and corporate policies by our employees;
  • manage contentious regulatory matters, investigations and litigation;
  • perform assessments and analyse customer data for the purposes of managing, improving and fixing data quality;
  • provide assurance that Baccata has effective processes to identify, manage, monitor and report the risks it is or might be exposed to;
  • investigate and report on incidents or emergencies on Baccata’s properties and premises;
  • coordinate responses to business disrupting incidents and to ensure facilities, systems and people are available to continue providing services; and
  • share data with service providers, e.g. banks, investment managers, legal advisors and tax advisors to meet their legal obligations.
  • To validate and process data subject access requests.

    III. Legitimate interest of Baccata

We may process your information where it is in our legitimate interests do so as an organisation and without prejudicing your interests or fundamental rights and freedoms.

  • We may process your information in the day to day running of our business, to manage our business and financial affairs and to protect our clients, employees and property. It is in our interests to ensure that our processes and systems operate effectively and that we can continue operating as a business. This may include processing your information to:
  • monitor, maintain and improve internal business processes, information and data, technology and communications solutions and services;
  • ensure business continuity and disaster recovery and responding to information technology and business incidents and emergencies;
  • ensure network and information security, including monitoring authorised users’ access to our information technology for the purpose of preventing cyberattacks, unauthorised use of our telecommunications systems and websites, prevention or detection of crime and protection of your personal data;
  • provide assurance on Baccata’s material risks and reporting to internal management and supervisory authorities on whether Baccata is managing them effectively;
  • perform general, financial and regulatory accounting and reporting;
  • protect our legal rights and interests;
  • manage and monitor our property (for example through CCTV) for the purpose of crime prevention and prosecution of offenders, for identifying accidents and incidents and emergency situations and for internal training; and
  • enable a sale, reorganisation, transfer or other transaction relating to our business.
  • It is in our interest as a business to ensure that we provide you with the most appropriate service and that we continually develop and improve as an organisation. This may require processing your information to enable us to:
  • identify new business opportunities and to develop enquiries and leads into applications or proposals for new business and to develop our relationship with you;
  • understand our customers’ actions, behaviour, preferences, expectations, feedback and financial history in order to improve our services, develop new  services, and to improve the relevance of offers of services by Baccata;
  • monitor the performance and effectiveness of products and services;
  • assess the quality of our customer services and to provide staff training. Calls to our office and communications to our mobile telephones may be recorded and monitored for these purposes;
  • perform analysis on customer complaints for the purposes of preventing errors and process failures and rectifying negative impacts on customers;
  • compensate customers for loss, inconvenience or distress as a result of services, process or regulatory failures;
  • identify our customers’ use of third party products and services in order to facilitate the uses of customer information detailed above; and
  • combine your information with third party data, such as economic data in order to understand customers’ needs better and improve our services.

We may perform data analysis, data matching and profiling to support decision making with regards to the activities mentioned above.

  • It is in our interest as a business to manage our risk and to determine what services we can offer and the terms of those services. It is also in our interest to protect our business by preventing financial crime. This may include processing your information to:
  • carry out financial, credit and insurance risk assessments;
  • manage and take decisions about your relationship with us;
  • carry out checks (in addition to statutory requirements) on customers and potential customers, business partners and associated persons, including performing adverse media checks, screening against external databases and sanctions lists and establishing connections to politically exposed persons; and
  • share data with, fraud prevention agencies and law enforcement agencies.

If your matters are not resolved by Baccata in a satisfactory manner you are entitled to contact the local data protection authority, the details for whom are set out below:

Office of the Information Commissioner

Address: 2nd Floor, 5 Castle Street, St Helier, Jersey, JE2 3BT.

Tel: +44 (0)1534 716530

Email: enquiries@jerseyoic.org

August 2019

The Baccata Group