Privacy Notice

This Privacy Notice explains how Cavendish and its Affiliates collect, use, retain and share your Personal Data.  It also explains your rights in relation to your Personal Data and how to raise a concern. When we mention ‘we’, ‘us’ or ‘our’ in this Privacy Notice, we are referring to Cavendish as the entity controlling your Personal Data.

The website to which this policy relates is operated by us.  Please note that our website may link to other third-party websites that may also gather information about you. Third-party websites will operate in accordance with their own separate privacy policies, and we have no control over any personal data that they may acquire, store and use. For privacy information relating to these other third-party websites, you should consult their privacy policies as appropriate.

This Privacy Notice covers our Processing of Personal Data when you interact with us as a Data Subject, which includes your capacity as a client and as an employee.  When we collect, use or are responsible for Personal Data about you, we are subject to Data Protection Laws.  Cavendish’s main establishment deciding the purposes and means of its Processing of Personal Data is in Jersey.

This Privacy Notice is subject to the laws of Jersey.

  1. Definitions

Cavendish: Cavendish Fiduciary (Jersey) Limited.

Affiliates: in relation to Cavendish, its subsidiaries and any body corporate under common ownership with it.

Data Subject: the person to whom the Personal Data relates.

Data Protection Laws: the GDPR, the DPJL, the Data Protection Authority (Jersey) Law 2018, or equivalent laws as applicable.

DPJL: the Data Protection (Jersey) Law 2018.

GDPR: the EU General Data Protection Regulation 2016/679.

Personal Data: any information that identifies or could identify you.

Processing: any operations performed on Personal Data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Special Category Data: Personal Data revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs, trade union membership, genetic and biometric data (when processed to identify an individual uniquely), data concerning health, sex life or sexual orientation, and in Jersey, criminal records or alleged criminal conduct.

  1. The categories of Personal Data we collect

We collect the following categories of Personal Data about you:

  • Your name and contact information such as your home or business address, job title, email address and telephone number;
  • Biographical information which may confirm your identity including your date of birth, tax identification number and your passport number or national identity card details, country of domicile and/or your nationality;
  • Information relating to your financial situation such as income, expenditure, assets and liabilities, sources of wealth, as well as your bank account details;
  • An understanding of your goals and objectives in procuring our services;
  • The pages of our website, or other resources on that website, that you have accessed and when you accessed them;
  • Details of any documents or other resources that you have downloaded from our website;
  • Information about your employment, education, family or personal circumstances, and interests, where relevant; and
  • Information to assess whether you may represent a politically exposed person or money laundering risk.

We may also collect, store and use Special Category Data for employment purposes and the purposes of equal opportunities monitoring.

  1. How we collect your Personal Data

We collect your Personal Data in a number of ways:

  • When you access our website or complete forms on our website;
  • From the information you provide to us when you meet us;
  • From information about you provided to us by your company or an intermediary;
  • When you communicate with us in writing, by telephone, fax, website registration, email or other forms of electronic communication. In this respect, we may monitor, record and store any such communication;
  • When you complete (or we complete on your behalf) client on-boarding or employment application or other forms;
  • With your consent, from your agents, advisers, intermediaries, custodians of your assets and other third parties;
  • From our Affiliates; and
  • From publicly available sources and third parties not requiring your consent, most commonly where we need to conduct background checks about you.

Personal Data is collected either directly (for example when you complete forms via our website) or indirectly (for example where you are browsing our website through the use of ‘cookies’).

Please note that our website is not intended for use by children, and we do not knowingly collect or use Personal Data relating to children.

  1. How and why we use your Personal Data

Under Data Protection Laws, we can only use your Personal Data if we have a proper reason, including:

  • Where you have given consent;
  • To comply with our legal and regulatory obligations;
  • For the performance of a contract with you or to take steps at your request before entering into a contract;
  • In the substantial public interest;
  • To protect your vital interests; or
  • Where applicable, for our legitimate interests or those of a third party

The most common reasons are explained further below. Where our basis for Processing your Personal Data is your consent, you can withdraw such consent without penalty.

Performance of a contract with you

We process your Personal Data because it is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract.  In this respect, we use your Personal Data for the following:

  • To prepare a proposal for you regarding the services we offer;
  • To provide you with the services as set out in our engagement letter and terms of business with you or as otherwise agreed with you from time to time;
  • To deal with any complaints or feedback you may have;

Legitimate interests

We also process your Personal Data because it is necessary for our legitimate interests, or sometimes where it is necessary for the legitimate interests of another person.  In this respect, we use your Personal Data for the following:

  • For marketing to you. In this respect, see the separate section on Marketing below;
  • Training our staff or monitoring their performance;
  • For the administration and management of our business, including providing and improving our services, recovering money you owe to us, and archiving or statistical analysis; and
  • Seeking advice on our rights and obligations, such as where we require our own legal advice.

Legal obligations

We also process your Personal Data for our compliance with a legal obligation which we are under.  In this respect, we will use your personal data for the following:

  • To meet our compliance and regulatory obligations, such as compliance with anti-money laundering laws; and
  • As required by tax authorities or any competent court or legal authority.

Marketing

We will send you marketing about services we provide which may be of interest to you, as well as other information in the form of alerts, newsletters and invitations to events or functions which we believe might be of interest to you or in order to update you with information (such as legal or commercial news) which we believe may be relevant to you.  We will communicate this to you in a number of ways including by post, telephone, email or other digital channels.

We will also use Personal Data:

  • To analyse the use made of our website. Here we may make use of your IP address, where you are based, the type and version of the browser you use, details of your operating system, how you came to our website (for example whether you were referred from another website or from a search engine), how long you remained on our site, the number of pages on our site that you viewed, how you moved around our site, the links that you followed, and whether any of those links were used to leave our site. This processing relies upon your consent where this has been given, or upon factors related to our legitimate interests in processing the data (in that we are seeking to monitor and improve our website and/or the services/products we provide).
  • To improve the operation of our website and provide those services which you have requested us to provide. This may include taking such security measures as are appropriate, backing up the data we hold, and contacting you. This processing relies upon your consent where this has been given, or upon factors related to our legitimate interests in processing the data (in that we are seeking to provide services as part of our business, or the performance of a contract between us, and the steps needed to deliver those contractual services).

Special Category Data

Where we Process your Special Category Data, we will also ensure we are permitted to do so under the Data Protection Laws, for example:

  • To protect your (or someone else’s) vital interests where you are physically or legally incapable of giving consent;
  • To comply with another law;
  • To prevent of unlawful acts, including money laundering or other financial misconduct, and the financing of terrorism;
  • To establish, exercise or defend legal claims; or
  • Where we have your explicit consent.
  1. With whom we share your Personal Data

We share your Personal Data with our Affiliates, our officers and employees and those of our Affiliates (their use is limited to the performance of their duties and in line with the reason for processing) and third parties we use to help deliver our services to you.  As required, we also share your Personal Data with:

  • Third parties we use to help us run our business, e.g. marketing agencies or website hosts;
  • Organisations with whom we co-host marketing events;
  • Professional advisers, including lawyers, regulatory specialists, and tax advisers;
  • IT service providers;
  • Our insurers and banks;
  • Intermediaries;
  • Third parties you approve e.g. social media sites you choose to link your account to or third party payment providers;
  • Government agencies to whom we have a disclosure obligation;
  • Competent courts and tribunals who issue an order with which we are obliged to comply; and
  • Service providers, advisers, potential transactional partners, or other third parties in connection with the consideration, negotiation, or completion of a transaction in which Cavendish or any of its Affiliates is acquired by or merged or amalgamated with another company, or Cavendish or any of its Affiliates sells, liquidates or transfers all or a portion of its
  1. Where your Personal Data is held and where it may be transferred

 Personal Data may be held at our offices and those of our Affiliates, third party agencies, service providers (including IT and CRM systems and servers), representatives and agents as described above.  Some of these third parties may be based outside Jersey.

We transfer your Personal Data from the British Isles or the European Union/the European Economic Area where:

  • The recipient jurisdiction is also a member of the European Union and/or the European Economic Area;
  • The recipient jurisdiction ensures an adequate level of data protection, as determined by the European Commission (and/or local data protection authority);
  • There are appropriate safeguards in place, such as approved ‘standard contractual clauses’ together with enforceable rights and effective legal remedies for data subjects; or
  • A specific exception applies under the Data Protection Laws.

Jersey’s legal framework for data protection is certified under the GDPR as ‘adequate’ (equivalent).

We also deploy administrative, technical, and physical safeguards designed to comply with applicable legal requirements and safeguard the information that is collected.  However, no information system can be 100% secure. So, we cannot guarantee the absolute security of your information. Moreover, we are not responsible for the security of information you transmit to us over networks that we or our Affiliates do not control, including the Internet and wireless networks.

  1. Retention of your data

We will keep your Personal Data while you have a relationship with us or we are providing services to you.  We will then keep your Personal Data only for as long as necessary.  We will not keep your Personal Data for longer than is necessary. Different retention periods apply for different types of Personal Data.  In particular:

  • Where we have collected your Personal Data as required by anti-money laundering legislation, including for identification, screening and reporting, we will retain That Personal Data for between five and seven years after the termination of our relationship, unless we are required to retain this information by another law or for the purposes of court proceedings; or
  • Otherwise, we will in most cases retain your Personal Data for a minimum period of five years after the termination of our contractual or other relationship with you in case any claims arise out of the provision of our services to you.

 

  1. About cookies

We use cookies in connection with the operation of our website. A cookie is a small file that is sent by a web server (where we host our website) to a web browser (from where you view our website) and which is then stored by the browser. The cookie contains an identifier which is stored in your browser and then sent back to our server each time your browser accesses our website. These cookies may either be ‘persistent cookies’ (in which case they will continue to be held by your browser until they are deleted, or until a specified event/date) or they will be ‘session cookies’ which expire when you close your browser.

Usually, cookies do not hold any data by which you can be identified, although if we do hold Personal Data about you (for example, because you have subscribed to a service that we offer) the cookie may be linked to that data.

If you wish to do so then, usually, you can prevent cookies from being downloaded to your browser and can delete those that have already been downloaded.  How this may be achieved varies between different browsers. Consult the website of your browser provider for more details.  You should be aware that if you block or delete cookies this may have a detrimental impact upon your ability to access our website, and the services that we provide.

 

  1. Your rights

You have a number of rights in relation to the Personal Data that we hold about you. These rights include:

    • Access: The right to be provided with a copy of your Personal Data.
    • Rectification: The right to require us to correct any mistakes in your Personal Data.
    • Erasure (also known as the right to be forgotten) The right to require us to delete your Personal Data in certain situations.
    • Restriction of processing: The right to require us to restrict processing of your Personal Data in certain circumstances, e.g. if you contest the accuracy of the data.
    • To object: The right to object to: (i) your Personal Data being processed for direct marketing; (ii) in certain other situations to our continued processing of your Personal Data e.g. processing carried out for the purpose of our legitimate interests.
    • Not to be subject to automated individual decision making: The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you.

If you have any questions about how we use your personal data, or you wish to exercise any of the rights set out above, please contact us as follows:By post: Data Protection Officer, First Floor, La Chasse, Ten La Chasse, St Helier, Jersey, JE2 4UE

By email: dpo@cavendishjersey.com

By telephone: 01534 888860

Our lead supervisory authority will generally be the Office of the Information Commissioner, Jersey (“ICO”). You have the right to complain to the ICO if you feel that we have not responded to your requests. You can find the ICO’s contact details here: https://jerseyoic.org.

10. Changes to this Privacy Notice

 

This Privacy Notice supersedes any previous privacy notice.  It was published on 30 May 2024.  We may update this Privacy Notice from time to time.