In respect of the provision of trust, fiduciary, foundation, fund administration, fiduciary investment and corporate services (the “Services”)
At ZEDRA, we take the protection of your personal data privacy very seriously and maintaining the integrity and confidentiality of your personal data is very important to us. This Privacy Notice sets out how those members of the ZEDRA Group of companies (the “ZEDRA Group”) that are subject to the General Data Protection Regulation of the European Union (the ”GDPR”) and/or local legislation on data protection (altogether, (the “Law”) collect, use and disclose your personal data, and your rights as a data subject in relation to your personal data which is processed by a member of ZEDRA Group (a “ZEDRA Company”), in the course of providing services to you. The main purpose of the Law is to ensure transparent processing of personal data and to protect your rights and freedoms as a data subject.
This Privacy Notice confirms how the ZEDRA Group looks after your personal data and your rights as a data subject. We promise to protect the privacy of your personal data, not to sell your personal data and to implement procedures to enable you to exercise your rights as a data subject under the Law. The ZEDRA Group protects your personal data with up to date storage and security techniques.
In this Privacy Notice, “us”, “we” and “our” refers to the ZEDRA Group. More information on the ZEDRA Group may be found at www.zedra.com. “Processing” means any operation performed on your personal data.
The ZEDRA Company which is engaged to provide the Services to you is the controller of your personal data and determines the purposes and means by which your personal data is processed, and is ultimately responsible for the processing of that personal data. The controller may appoint a third party to process your personal data, including another ZEDRA Company, which will process that personal data on the instructions of the controller, and will be placed under a duty of confidentiality and obliged to implement appropriate technical and organisational measures to ensure the security of your data. In certain circumstances, there may be joint controllers who will agree their respective responsibilities for compliance with the Law including which controller is obliged to respond to a data subject who wishes to exercise any rights under the Law, although the data subject may exercise any rights against either controller.
If you wish to receive details regarding the controller and any third party that has been engaged to assist the controller in delivering services to you and with whom the controller may have shared your personal data, or of any joint controllers, and the arrangements made between the joint controllers to comply with the Law, please contact the Data Protection Officer.
We may amend this Privacy Notice from time to time to reflect any changes in the way that we process your personal data and the current Privacy Notice will always be available on our website. This Privacy Notice supersedes any previous privacy notice with which you may have been provided, as well as anything to the contrary contained in any agreement between us.
Lawfulness of Processing
The Law provides that we may only process your personal data in certain circumstances. These are:-
• When we have a legitimate interest for processing.
• When you have given your consent.
• To fulfil a contract to which you are party.
• To comply with a legal obligation to which we are subject.
The nature of the Services requires us to have a knowledge and understanding of our clients circumstances, needs and requirements. For example, when acting as trustees, we are legally obliged to
consider the interests and requirements of beneficiaries before exercising our powers, such as when making distributions and investing trust assets, or when administering employee benefit trusts.
Similar obligations may apply when administering other structures, such as companies and funds, where the needs and requirements of beneficial owners and investors are our concern. If we do not process personal data, we cannot discharge our obligations. Therefore when providing our Services, we will process your personal data on the basis that it is in our legitimate interests to do so and these interests are not over-ridden by your interests or fundamental rights and freedoms as a data subject, as there is a clear benefit to you in the processing, and the collection, processing and disclosure of personal data is necessary or desirable to provide the Services. Such personal data will be processed for the following purposes:
• To prepare preliminary information or a proposal for you regarding our Services.
• To provide you with the Services as set out in our engagement letter, the Law, any
other documentation such as a trust instrument or administration agreement or as
otherwise agreed from time to time.
• To correspond with you and provide you with information on ZEDRA i.e. changes in
• To fulfil our regulatory and other legal obligations.
• To deal with any complaints or feedback that you may have.
• For any other purpose for which you provide us with your personal data.
• To develop and improve our services.
When processing on the basis that it is in our legitimate interests to do so, we may collect and share your personal data from and with the following:
• Your advisers or agents or employees of firms with which you are associated.
• Third parties who require the personal data in order to provide a service to us in connection with the provision of the Services including other ZEDRA Companies, such as directors, officers, consultants, agents or contractors and delegates or sub-delegates, internet service providers and data storage providers, in respect of which Services are provided, or which provide services to us, and/or in respect of which you are connected or have an interest; or to a new service provider who will be providing the services and the directors and/or employees of such third parties.
• Our advisers who provide us with advice or assistance.
• Third parties and service providers such as banks, bankers, intermediaries, insurance companies, fund managers, investment advisers and managers, property managers, tax advisers, lawyers, and any other entity which provide services to us in respect of the Services and/or in respect of which you are connected or have an interest.
• Government bodies, quasi government bodies, regulators and other authorities in any jurisdiction.
• Any third party who requires personal data as a result of any assignment, transfer or novation of our rights and obligations or any merger, restructure, sale or acquisition of the ZEDRA Group or any part thereof or to any party to whom we may transfer our rights and/or obligations.
• Other ZEDRA Companies in connection with the proper management of the ZEDRA Group.
You may object at any time to our processing of any or all of your personal data on this ground by contacting the Data Protection Officer and the processing of personal data may be restricted while those legitimate interests are considered, and, if it is decided that we do not have a legitimate interest to process that personal data, can be erased.
Under the Law, certain kinds of personal data such as data relating to health, racial or ethnic origin, political opinions, religious and philosophical beliefs, trade union membership, genetic or biometric data, sex life or sexual orientation is considered to be a special category of personal data (“Special Data”) and can only be processed in certain circumstances, including with your explicit
consent. We will only process any Special Data with your explicit consent. Special Data will be processed for the same purposes and shared with the same entities as personal data processed in our
legitimate interests. You will be asked to complete a consent form to evidence that your explicit consent has been given to the processing of Special Data. This consent can be withdrawn at any time by contacting the Data Protection Officer who will advise you of the procedure to be followed in order to withdraw your consent to the processing of Special Data. However, if your consent is withdrawn, the nature of the Services may mean that we can no longer provide some or all of the Services to you.
In addition to processing carried out to fulfil our legitimate purposes, and processing of Special Data with consent, we may also process your data in order to comply with a legal obligation to which we are subject. Each ZEDRA Company is regulated and must comply with legal and regulatory obligations such as to ‘know your client’ and to detect the proceeds of crime. Personal data processed to comply with a legal obligation will be processed for the following purposes:
• To manage risk, meet our legal, compliance and regulatory obligations, such as those required to comply with anti-money laundering, drug trafficking, or countering terrorist financing laws and with tax and beneficial ownership reporting requirements.
• To manage our business in an efficient and proper way including monitoring corporate governance and audit.
When processing in order to comply with a legal obligation, we may collect and share your personal data from and with the following:
• Our advisers where it is necessary for us to obtain their advice or assistance.
• Our accountants and auditors where it is necessary as part of their functions.
• Third parties who assist us in conducting background checks about you, such as
checking to see if you are on sanctions lists.
• Fraud prevention agencies who will use it to prevent money laundering, to verify your
identity and to prevent fraud.
• Courts, regulatory authorities, tax authorities, ombudsmen, law enforcement agencies, credit reference agencies or similar bodies in any jurisdiction whether or not such requirements have the force of law or whether not such disclosure may be enforced on us or any ZEDRA Company.
• Any party to which we may wish to sell, transfer or merge all or part of our business.
How we collect your data
We may collect your personal data in a number of ways, for example:
From the information and documentation that you provide at any time and from time to time including information and documentation provided at meetings.
• When you communicate with us or when we communicate with you by telephone, fax, email or other forms of electronic communication. In this respect, we may monitor record and store any personal data.
• From information contained within client on-boarding documents provided by you, or by another person on your behalf.
• From other ZEDRA Companies.
• From your agents or advisers and employees of firms and intermediaries with which you are associated or who introduce you to us.
• From publicly available sources or from third parties where we need to conduct background checks about you.
The categories of the data we collect
We may collect the following categories of personal data about you:
• Your name, date of birth, passport or national identity card details.
• Country of birth, domicile and citizenship, gender, marital status, racial or ethnic origin, religious, or other beliefs.
• Contact information such as residential or business address, email address and telephone number.
• Information about your employment, education, family, personal circumstances, and interests.
• Information relating to your tax affairs including tax identification number.
• Information relating to your financial situation such as income, expenditure, assets and liabilities, sources of wealth and your bank account details.
• Information about your investment knowledge and experience.
• Information regarding your goals and objectives in connection with your wealth.
• Information regarding your personal or family circumstances, including future requirements and possible needs.
• Information to assess whether you may represent a money laundering or terrorist financing risk, including whether you are a politically exposed person, or have had previous criminal convictions or regulatory sanctions imposed.
ZEDRA does not use personal data to make automated decisions.
International data transfers
In sharing your personal data for the reasons set out in this Privacy Notice, we may need to transfer it to other entities, including other ZEDRA Companies, located in the European Union, all of which will apply the GDPR, as well as to entities in jurisdictions which are considered to provide an adequate level of protection for your personal data as is provided under the GDPR.
If we transfer your personal data to entities in countries outside the European Union which do not provide an adequate level of protection for your personal data, including ZEDRA Companies, we will ensure that your personal data will always be protected by appropriate safeguards to give you enforceable rights and legal remedies. You may ask us at any time what safeguards have been put in place to protect such personal data.
Retention of your data
We will retain your personal data for a period of at least ten years after the termination of our relationship with you in order to meet our regulatory and legal obligations but may retain your personal data for a longer period where necessary for other legal or regulatory reasons, to respond to questions or complaints, and to defend any legal claims.
Is it necessary for me to provide personal data to receive the Services?
It is necessary for you to provide us with the personal data that we request to enable us to provide the Services. Without these details, we will be unable to provide some or all of our Services to you. If you decide not to provide us with your personal data, or object to the processing of personal data, and the legitimate purposes for processing cannot be justified, or you subsequently withdraw your consent to the processing of your Special Data, then we may not be able to provide some or all of our Services to you.
Your rights as a data subject
You have the following specific rights (the “Rights”) under the Law:-
• To request confirmation as to whether we are processing personal data about you and, if so, to make a subject access request (a “SAR”) for information about the processing of that personal data.
• To request rectification of inaccurate or incomplete personal data concerning you.
• To require us to erase or restrict the processing of your personal data in certain circumstances;
• To request copies of any personal data which is being processed by automated means with your consent or under contract in a machine readable format.
• To object to the processing of personal data which is being processed in the public interest or to
pursue the legitimate interests of the controller.
• To object to processing for direct marketing purposes.
Please note that the Rights are not absolute and the controller may be entitled to refuse requests where exemptions apply. You will be advised of any exemptions that we depend upon.
Data Protection Officer
If you have any questions about the processing of your personal data, or you wish to make a SAR or exercise any of the other Rights, please contact the Data Protection Officer at:-
ZEDRA Data Protection Officer
By post: 50 La Colomberie, St. Helier, Jersey, JE2 4QB
By email: DataProtection@zedra.com
By telephone: +44 1534 844245
You will be asked to provide identification to ensure that another person is not attempting to fraudulently exercise your Rights and to confirm which of the Rights you wish to exercise to enable the controller to deal with your request without delay.
If you are not satisfied with our processing of your personal data, or how we respond to, or deal with, the exercise of any of your Rights, you can make a complaint to the local regulator. The Data Protection Officer will provide you with contact details.