TABLE OF CONTENTS:
- Who we are
PART 1: VISITORS OF THIS WEBSITE
- Information collected by you accessing our website
- Information collected where you submit information to us (e.g. as an enquiry)
PART 2: OUR CLIENTS: HOW WE USE YOUR DATA
- Categories of personal data
- Why we process your personal data
- Client Due Diligence, Anti-Money Laundering, Countering The Financing Of Terrorism and Anti-Bribery And Corruption
- Who we share your personal data with
- Your Rights
- Contact Us
Who we are:
For the purposes of the Data Protection (Bailiwick of Guernsey) Law, 2017 (as may be amended from time to time) ("Guernsey Data Protection Law") the data controller is Harbour Trustees Limited.
Harbour Trustees Limited ("we", "us", "our", "Harbour") is a Guernsey incorporated company which is licensed by the Guernsey Financial Services Commission (GFSC).
This privacy statement aims to give you information about how your personal data (i.e. information which directly or indirectly identifies you) are processed by us both when you visit our website http://harbour.co.gg and as a client of the company.
On this basis, this privacy statement comprises two Parts: Part 1 sets out to visitors of this website, how we process the personal data collected through this website; and Part 2 provides further information about how we process your information where you are a client of ours.
PART 1: VISITORS OF THIS WEBSITE
Information collected by you accessing our website:
All visitors may visit this website anonymously and without revealing any personal information unless they specifically contact us. We may employ the services of a third party to host the website. In some cases, the third party may receive certain information such as traffic data to find out information, such as how many people visit the website.
We may also monitor visitors’ jurisdictions, domains, browsers, internet service providers and other available data but we do not collect any personal information. We may analyse the data collected for market research purposes. We may also collect data provided to us by visitors’ browsers about the type of systems they use.
Information collected where you submit information to us (e.g. as an enquiry) To the extent that you submit any personal information to us as a prospective client, or as an existing client in respect of a prospective matter, we will assume (unless you notify us to the contrary) that such information is not subject to confidentiality requirements owed to you unless you become a client, in which case relevant rules concerning conflicts of interest and confidentiality will apply.
If you call us: whilst we do not electronically record telephone conversations in 'real time', we do keep a manual record of telephone notes following any conversation. Such records may be retained, in accordance with our retention policy below ('Retention'), to help us monitor enquiries which have been declined (for example due to conflict of interest).
If you email us: We may monitor emails sent to us, including file attachments, for viruses or malicious software and in order to help us monitor enquiries which have been declined.
If you are applying for a job, please see our heading 'Recruitment' below.
If you would like to apply for a job or placement with us, please email the Managing Director at email@example.com. This may trigger an email from us to you inviting you to send us your curriculum vitae. Any information you send us for the purpose of a job application will be treated by us with the greatest care for that purpose only. Upon receipt, our recruitment personnel will make an informed decision as to whether to proceed with your application and invite you to attend an interview. All of the information gathered during the application/recruitment process will be taken into account when making our decision.
If you are unsuccessful following assessment for the position you have applied for, we may ask if you would like your details to be retained on our recruitment records for a period of 6 months. If you say yes, we will contact you should any further suitable vacancies arise during this period. Following this time, we will secure dispose of your information in accordance with our records management procedures.
PART 2: OUR CLIENTS: HOW WE USE YOUR DATA
Categories of personal data:
We will principally collect information from you such as name, date of birth, residential address, gender, marital status, telephone and other contact details, driver's licence or passport details, debit or credit card details, financial information, tax status and tax identification number, employment information. This will generally be collected directly from you, for example when you fill out a form or correspond with us.
We may also collect personal data about you indirectly from other sources as follows:
Information (such as the categories of personal data described above) received from another person (for example, where an individual or corporate provides information on your behalf).
Where we are required to ascertain the beneficial ownership of a structure, we may carry out checks against the business;
Where permitted, we may receive personal information from third parties acting on our behalf such as credit reference agencies, due diligence databases (such as World-Check) and other public sources (such as an electoral register, address databases (e.g. directories) and UK Companies House).
In limited cases, we may also collect "special categories" of data. Our money laundering, sanctions, financial and fraud prevention checks may, sometimes, result in us obtaining information about actual or alleged criminal convictions and offences, as well as (for example) information relating to a person's ethnicity, political opinions or religious beliefs. To the extent that we process such data, we will ensure that we have a lawful basis for processing. This may either be because we are required to comply with a legal obligation imposed by enactment, or because we have obtained your prior explicit consent. In the case of consent you have a right to withdraw your consent at any time.
Why we process your personal data:
Harbour is entitled to process your personal data on the following legal grounds:
a) where the processing is necessary to comply with our contractual obligations under the terms of our Terms and Conditions of Business and other supplemental agreements; b) where the processing is necessary for us to comply with our legal obligations (e.g. as set out by law or imposed on us by way of a court order); and c) where the processing is necessary to provide the services in our legitimate interests (such as those described in sub-paragraphs (i), (ii), (iv) (in the case of fraud checks), (vii) and (viii).
Personal data processed by Harbour may be used in a number of ways, including:
(i) providing the relevant services as defined under the Terms and Conditions of Business and any other applicable service agreement “Services” and the services ancillary thereto, including for: a. maintaining and using relevant IT systems; b. conducting quality and risk management reviews; c. updating your records (including fee billing) as part of the provision of the Services; (ii) providing you with information about Harbour and Harbour's range of services for marketing purposes, where permitted to do so; (iii) complying with any requirement of law, regulation or of a professional body of which Harbour is a member; (iv) detecting and preventing financial crime such as fraud, money laundering, terrorist financing, bribery, corruption, tax evasion or facilitation of tax evasion and to prevent the provision of financial and other services to persons who may be subject to economic or trade sanctions, on an ongoing basis in accordance with Harbour's anti-money laundering checks and procedures ("Regulatory Assessments") as more fully described under the heading "Client Due Diligence, Anti-Money Laundering, Countering The Financing Of Terrorism And Anti-Bribery And Corruption" below; (v) transferring personal data to competent authorities, courts and bodies in order to provide the Services, comply with law or comply with requests from such regulatory bodies; (vi) reporting tax-related information to tax authorities in order to comply with a legal obligation; (vii) monitoring and recording calls and electronic communications for quality, business analysis, training, investigation and fraud prevention purposes, for crime detection, prevention, investigation and prosecution, and to enforce or defend Harbour's rights either ourselves or through third parties with whom Harbour delegates such responsibilities or rights; (viii) retaining personal data (including personal data processed in order to conduct Regulatory Assessments) for as long as required to perform the Services, to provide future services entered into by Harbour, or as required by law (ix) where applicable for employee services and payroll
We do not intend to make decisions using your personal data based on automated processing.
Client Due Diligence, Anti-Money Laundering, Countering The Financing Of Terrorism And Anti-Bribery And Corruption
We are required to verify the identity and obtain other information on all our clients and connected persons in relation to entities we administer. In this context, 'connected persons' means (as applicable) representatives, office holders, employees, beneficial owners, agents, delegates, subcontractors or, in the case of a trust, underlying beneficiaries, settlor, protector and any other person connected to a trust as may apply from time to time.
We recognise our local and international responsibilities to prevent any use of the financial system for purposes connected to the proceeds of crime or corruption. We take a zero-tolerance approach to tax evasion, bribery and corruption and are committed to upholding all applicable laws in relation to countering tax evasion, bribery and corruption. We will report to the relevant authorities any knowledge or suspicion of money laundering, including that relating to drugs, terrorism, bribery or indictable crime in line with our statutory duties. These duties override the duty of client confidentiality.
Who we share your personal data with:
This may involve the disclosure of personal information to:
(a) third party institutions such as banks or professional advisers (including those persons connected to entities we administer and those appointed by Harbour); (b) external technology providers who provide certain software or tax reporting capabilities including mail filtering services; (c) courts, governmental and non-governmental regulators and ombudsmen, law enforcement agencies, relevant tax authorities, fraud prevention agencies (as described under the heading 'Client Due Diligence, Anti-Money Laundering, Countering The Financing Of Terrorism And Anti-Bribery And Corruption' above); (d) any introducers – such as financial advisers; (e) any third party that acquires, or is interested to acquire, all or part of our assets or shares whether by way of a merger, acquisition, reorganisation or otherwise; or where we are otherwise required by law.
All personal data supplied to and processed by Harbour will be processed in accordance with the Guernsey Data Protection Law. Other than where we transmit data to you in the course of providing the Services, Harbour may need to transfer the personal data to a jurisdiction outside of Guernsey (and in certain circumstances outside the European Economic Area (EEA), to a jurisdiction which may not ensure adequate levels of protection for the rights and freedoms of data subjects).
In those circumstances, Harbour will take steps to ensure that a high level of protection is afforded to protect your personal data against any unauthorised or accidental disclosure, access or deletion, such as putting in place Standard Contractual Clauses as approved by the European Commission, or other appropriate data transfer mechanisms. Please contact us via the contact details set out under the heading 'Contact Us' below for further information about what transfer mechanisms are in place and for copies of any Standard Contractual Clauses used (as applicable).
We will hold your personal data on our systems for the longest of the following periods:
- A minimum of six years; or
- as long as is necessary for the relevant activity or as long as is set out in any relevant agreement you enter into with us; the length of time it is reasonable to keep records to demonstrate compliance with professional or legal obligations;
- any retention period that is required by law;
- the end of the period in which litigation or investigations might arise in respect of the services that we provide to you
Harbour takes the protection of your personal information seriously, and has appropriate security measures and policies in place to address this. All our staff are made aware of their information security responsibilities.
In accordance with the Guernsey Data Protection Law, you may have a right (in certain circumstances):
- to access and port personal data (subject to any exemptions which may apply under the Guernsey Data Protection Law);
- to rectify or erase your personal data;
- to restrict the use of personal data;
- to request that your personal data is erased; and
- to object to having your personal data processed [(for example, where it is based on direct marketing)].
Should you wish to access a copy of your personal data, please contact us in writing at Harbour Trustees Limited, PO Box 73, St Peter Port, Guernsey GY1 3DD with proof of identity.
If you wish to exercise any of these rights you should contact us using the details set out under the heading 'Contact Us' below.
You also have the right to lodge a complaint about the processing of your personal data with your local data protection authority if you consider that the processing of your personal data carried out by us infringes the Guernsey Data Protection Law.
Complaints may be made to The Office of the Data Protection Commissioner in Guernsey. For further information about how to contact her Office or how to appeal against a decision issued by her Office, please visit her website at: https://dataci.gg/
If you have any questions about this privacy statement or our privacy related practices, please contact us at: firstname.lastname@example.org marking your e-mail for the attention of the Data Protection Officer or write to us at The Data Protection Officer, Harbour Trustees Limited, P O Box 73, Harbour Court, Les Amballes, St Peter Port, Guernsey, GY1 3DD Channel Islands
This privacy statement was last updated on 24 May 2018 and may be updated from time to time. Where we do so, we will take appropriate steps to bring this to your attention.