In respect of the provision of trust, fiduciary, foundation, fund administration, fiduciary investment and corporate services (the “Services”)
At Zedra, we take the protection of your personal data privacy very seriously and maintaining the integrity and confidentiality of your personal data is very important to us. This Privacy Notice sets out how those members of the Zedra Group of companies (the Zedra Group”) that are subject to the General Data Protection Regulation of the European Union (the ”GDPR”) and/or local legislation on data protection (altogether, (the “Law”) collect, use and disclose your personal data, and your rights as a data subject in relation to your personal data which is processed by a member of Zedra Group (a “Zedra Company”), in the course of providing services to you. The main purpose of the Law is to ensure transparent processing of personal data and to protect your rights and freedoms as a data subject.
This Privacy Notice confirms how the Zedra Group looks after your personal data and your rights as a data subject. We promise to protect the privacy of your personal data, not to sell your personal data and to implement procedures to enable you to exercise your rights as a data subject under the Law. The Zedra Group protects your personal data with up to date storage and security techniques.
In this Privacy Notice, “us”, “we” and “our” refers to the Zedra Group. More information on the Zedra Group may be found at www.zedra.com. “Processing” means any operation performed on your personal data
The Zedra Company which is engaged to provide the Services to you is the controller of your personal data and determines the purposes and means by which your personal data is processed, and is ultimately responsible for the processing of that personal data. The controller may appoint a third party to process your personal data, including another Zedra Company, which will process that personal data on the instructions of the controller, and will be placed under a duty of confidentiality and obliged to implement appropriate technical and organisational measures to ensure the security of your data. In certain circumstances, there may be joint controllers who will agree their respective responsibilities for compliance with the Law including which controller is obliged to respond to a data subject who wishes to exercise any rights under the Law, although the data subject may exercise any rights against either controller.
If you wish to receive details regarding the controller and any third party that has been engaged to assist the controller in delivering services to you and with whom the controller may have shared your personal data, or of any joint controllers, and the arrangements made between the joint controllers to comply with the Law, please contact the Data Protection Officer.
We may amend this Privacy Notice from time to time to reflect any changes in the way that we process your personal data and the current Privacy Notice will always be available on our website. This Privacy Notice supersedes any previous privacy notice with which you may have been provided, as well as anything to the contrary contained in any agreement between us.
Lawfulness of Processing
The Law provides that we may only process your personal data in certain circumstances. These are:
The nature of the Services requires us to have a knowledge and understanding of our clients circumstances, needs and requirements. For example, when acting as trustees, we are legally obliged to consider the interests and requirements of beneficiaries before exercising our powers, such as when making distributions and investing trust assets, or when administering employee benefit trusts.
Similar obligations may apply when administering other structures, such as companies and funds, where the needs and requirements of beneficial owners and investors are our concern. If we do not process personal data, we cannot discharge our obligations. Therefore when providing our Services, we will process your personal data on the basis that it is in our legitimate interests to do so and these interests are not over-ridden by your interests or fundamental rights and freedoms as a data subject, as there is a clear benefit to you in the processing, and the collection, processing and disclosure of personal data is necessary or desirable to provide the Services. Such personal data will be processed for the following purposes:
When processing on the basis that it is in our legitimate interests to do so, we may collect and share your personal data from and with the following:
You may object at any time to our processing of any or all of your personal data on this ground by contacting the Data Protection Officer and the processing of personal data may be restricted while those legitimate interests are considered, and, if it is decided that we do not have a legitimate interest to process that personal data, can be erased.
Under the Law, certain kinds of personal data such as data relating to health, racial or ethnic origin, political opinions, religious and philosophical beliefs, trade union membership, genetic or biometric data, sex life or sexual orientation is considered to be a special category of personal data (“Special Data”) and can only be processed in certain circumstances, including with your explicit consent. We will only process any Special Data with your explicit consent. Special Data will be processed for the same purposes and shared with the same entities as personal data processed in our legitimate interests. You will be asked to complete a consent form to evidence that your explicit consent has been given to the processing of Special Data. This consent can be withdrawn at any time by contacting the Data Protection Officer who will advise you of the procedure to be followed in order to withdraw your consent to the processing of Special Data The withdrawal of your consent will not affect the lawfulness of any processing up to that point. However, if your consent is withdrawn, the nature of the Services may mean that we can no longer provide some or all of the Services to you.
Biometric data is Special Data and we may use biometric data for the purpose of verifying your identity. You will be asked to confirm that you have read this Privacy Notice before downloading the software enabling us to do so. By giving the confirmation, we will consider that you have given your explicit consent to Zedra obtaining and using the biometric information provided by you for the purpose of verifying your identity and that you are aware of your rights under data protection legislation and Zedra’s obligations to you as set out in the Privacy Notice. Please contact the Data Protection Officer regarding the provision of the biometric data of children.
In addition to processing carried out to fulfil our legitimate purposes, and processing of Special Data with consent, we may also process your data in order to comply with a legal obligation to which we are subject. Each Zedra Company is regulated and must comply with legal and regulatory obligations such as to ‘know your client’ and to detect the proceeds of crime. Personal data processed to comply with a legal obligation will be processed for the following purposes:
When processing in order to comply with a legal obligation, we may collect and share your personal data from and with the following:
How we collect your data
We may collect your personal data in a number of ways, for example:
The categories of the data we collect
We may collect the following categories of personal data about you:
Zedra does not use personal data to make automated decisions.
International data transfers
In sharing your personal data for the reasons set out in this Privacy Notice, we may need to transfer it to other entities, including other Zedra Companies, located in the European Union, all of which will apply the GDPR, as well as to entities in jurisdictions which are considered to provide an adequate level of protection for your personal data as is provided under the GDPR.
If we transfer your personal data to entities in countries outside the European Union which do not provide an adequate level of protection for your personal data, including Zedra Companies, we will ensure that your personal data will always be protected by appropriate safeguards to give you enforceable rights and legal remedies. You may ask us at any time what safeguards have been put in place to protect such personal data.
Retention of your data
We will retain your personal data for a period of at least ten years after the termination of our relationship with you in order to meet our regulatory and legal obligations but may retain your personal data for a longer period where necessary for other legal or regulatory reasons, to respond to questions or complaints, and to defend any legal claims.
Is it necessary for me to provide personal data to receive the Services?
It is necessary for you to provide us with the personal data that we request to enable us to provide the Services. Without these details, we will be unable to provide some or all of our Services to you. If you decide not to provide us with your personal data, or object to the processing of personal data, and the legitimate purposes for processing cannot be justified, or you subsequently withdraw your consent to the processing of your Special Data, then we may not be able to provide some or all of our Services to you.
Your rights as a data subject
You have the following specific rights (the “Rights”) under the Law:-
Please note that the Rights are not absolute and the controller may be entitled to refuse requests where exemptions apply. You will be advised of any exemptions that we depend upon.
Data Protection Officer
If you have any questions about the processing of your personal data, or you wish to make a SAR or exercise any of the other Rights, please contact the Data Protection Officer at:
Zedra Data Protection Officer
By post – 50 La Colomberie, St. Helier, Jersey, JE2 4QB
By email – Data Protection@zedra.com
By telephone – +44 1534 844245
You will be asked to provide identification to ensure that another person is not attempting to fraudulently exercise your Rights and to confirm which of the Rights you wish to exercise to enable the controller to deal with your request without delay.
If you are not satisfied with our processing of your personal data, or how we respond to, or deal with, the exercise of any of your Rights, you can make a complaint to the local regulator. The Data Protection Officer will provide you with contact details.
Please fill in all fields.