Privacy notice
PURPOSE OF THIS NOTICE
This site is provided by Entrust Limited (also referred to as “Entrust”, “we”, “us”, or “our”), who is registered in Jersey with the Jersey Financial Services Commission Registry under registration number 130844. Entrust is regulated by the Jersey Financial Services Commission (“JFSC”) as a Trust Company Business Service Provider (“TCBSP”).
We take the security of the data and information we hold seriously and are committed to protecting and respecting your privacy. This Notice is designed to help you understand what kind of information we collect in connection with our services and how we will process and use this Personal Data, in accordance with General Data Protection Regulation (“GDPR”) (Regulation (EU) 2016/679), Data Protection (Jersey) Law 2018, and the Data Protection Authority (Jersey) Law 2018, or equivalent laws as applicable (“Data Protection Legislation”).
This Notice describes how we collect, use, share, retain and safeguard Personal Data. This Notice also sets out your individual rights and who you should contact if wishing to discuss the use of your Personal Data.
Please read the Notice carefully to understand our practices regarding your Personal Data and how we will, collect, use, share, secure and retain it.
For the avoidance of doubt – The Entrust entity which provides services to you, or which provides services to the entity in which you have an interest, is a “Data Controller” for the purpose of Data Protection. A Data Controller is responsible for deciding how we hold and use Personal Data about you.
DEFINING PERSONAL DATA
Personal Data is information relating to an identified or identifiable natural living person. Examples include an individual’s name, age, address, date of birth, gender and contact details.
COLLECTION OF PERSONAL DATA
When you contract with us to receive TCBSP or other agreed services, we ask you to give us some of your Personal Data so that we can service your needs. We collect most of this Personal Data directly from you in person, by telephone, video call, text or email. We also collect your Personal Data at other times, for example when you contact us.
We may also collect information from publicly accessible sources or directly from third parties, such as sanctions screening providers or professional suppliers, with your consent. We are committed to keeping all the Personal Data we hold about you secure, private and confidential. This Notice explains why we need to collect your Personal Data and what we do with it. It also sets out the legal basis on which we collect and use your Personal Data and outlines the rights you have under Data Protection Legislation.
We may ask for identity information, including your current and former names, gender, date and place of birth, nationality, and passport information; contact information, including your postal address, email address(es), telephone number(s), company details and where applicable, social media contact information; verification information, including government-issued documents, bank statements, and utility bills; taxation information, including domicile, tax identification number, tax returns and tax advice; source-of-wealth information; financial information, including employment and bank account information, assets held and on what basis (e.g., legal/beneficial ownership, etc); politically exposed person information, including your political activities and relationships; and connected-persons information, including familial relationships.
We need this Personal Data so that we can provide you with the services that you have asked for. We also need some of this information to meet our legal obligation to check your identity, address and source of funds. If you don’t provide it, then it may delay or prevent us from providing you with our services.
For the avoidance of doubt – We do not generally process any Special Category Personal Data (e.g., data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership; genetic or biometric data that is processed for the purpose of uniquely identifying a natural person; data concerning health; data concerning a natural person’s sex life or sexual orientation; or data relating to a natural person’s criminal record or alleged criminal activity). If we are provided with a copy of a passport which contains information of racial or ethnic origin the data subject is deemed to consent to us holding and processing such data.
USE OF PERSONAL DATA
We will only use your Personal Data when the law allows us to. Most commonly, we will use your Personal Data in the following circumstances:
- Where we have your consent.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal obligation.
PURPOSES FOR WHICH WE WILL USE YOUR PERSONAL DATA
A description of all the ways we plan to use your Personal Data, and which of the lawful bases we rely on to do so are outlined below.
Purpose:
To manage our relationship with you for the functionality of TCBSP business within the regulatory environment, and to keep you up to date with information about your Structure. We may also use your Personal Data to:
- Notify you about changes to our terms and conditions or privacy notice
- Send you information about Entrust, its events and services
- To meet our legal obligation to check your identity, address and source of funds
- To prevent or detect fraud or other crime
- For administration and record keeping purposes
- Making a decision about whether to perform services on your behalf or on behalf of an entity in which you are interested
- Determine the terms on which we are prepared to carry out such services
- Make payments to you, and if we operate a payroll scheme of which you are part, in making relevant tax and national insurance contributions in respect thereof
- Administer the contract we have entered into with you, or the contract we have entered in to with the entity in which you are interested
- Business management and planning, including accounting and auditing
- Conduct performance reviews, managing performance and determining performance requirements in respect of the professional services we provide
- Make arrangements for the termination of our business relationship with you
- Deal with legal disputes involving you or the entity in which you are interested
- Conduct data analytics studies to review and better understand client retention (we won’t be able to identify individuals when we do this)
- Provide information to our professional advisers and the advisers of any party which may have, or may be interested in acquiring, an interest in Entrust, or part thereof
- Provide information to our insurers or to our regulators
- Improve the products, systems and services we offer to our customers
- Customise our website for certain customers according to their interests
- Carry out anonymous statistical analysis (we won’t be able to identify individuals when we do this)
- Keep you up to date with relevant news and events
Type of Data:
- Identity Information
- Contact Information
- Verification Information
- Taxation Information
- Source-of-Wealth Information
- Financial Information
- Politically Exposed Person Information
- Connected-Persons Information
- Marketing and communications data
Lawful basis for processing including basis of legitimate interest:
- Necessary to be responsible for the management of entities whether trust, company or other structures
- Necessary for activities relating to the prevention, detection and investigation of crime
- Necessary to verify clients’ identity, make fraud prevention and anti-money laundering checks
- Necessary to complete Statutory Returns
- Necessary to comply with a legal obligation
- Necessary for our legitimate interests (to develop and grow our business)
- Consent
Note that we may process your Personal Data for more than one lawful ground depending on the specific purpose for which we are using your data.
CHANGE OF PURPOSE
Where we need to use your personal data for another reason, other than for the purpose for which we collected it, we will only use your personal data where that reason is compatible with the original purpose.
Should it be necessary to use your personal data for a new purpose, we will notify you and communicate the legal basis which allows us to do so before starting any new processing.
SHARING PERSONAL DATA
We use selected organisations to help us deliver the service we provide to you. We may share your Personal Data with:
- Agencies and other organisations to check your identity, address and source of funds, and to prevent fraud and other financial crime.
- Professional advisors, including lawyers, regulatory specialists, and tax advisers
- IT service providers
- Our insurers and banks
We may also share your Personal Data with government bodies, law enforcement agencies, courts or other third parties to comply with our legal obligations or lawful disclosure requests, for example.
TRANSFERRING PERSONAL DATA OUTSIDE THE CHANNEL ISLANDS OR EUROPEAN ECONOMIC AREA (“EEA”)
We may transfer the personal information we collect about you to other countries for the reasons detailed above. In most cases, those countries will either be within the EU or will have been subject to an adequacy decision by the European Commission. In such cases the countries to which we transfer your data are deemed to provide an adequate level of protection for your personal information. In the event that your data is to be transferred to a country outside the EU and which does not have an adequacy decision by the European Commission, we shall ensure that a contract is entered in to by the recipient third party under the terms of which, the recipient agrees to take such measures as we deem appropriate and necessary to ensure the security of your data.
SECURING PERSONAL DATA
We are committed to ensuring the confidentiality of the Personal Data that we hold and we continue to review our security controls and related policies and procedures to ensure that your Personal Data remains secure.
When we contract with third parties, we require that they have appropriate security, privacy and confidentiality measures in place to ensure that Personal Data is kept secure.
RETENTION OF PERSONAL DATA
We keep your Personal Data where we have an ongoing legitimate or lawful need to do so. For example, we keep some records for audit purposes for up to five years after you have ceased to be client of Entrust. When we no longer have a legitimate or lawful need to keep your Personal Data, we will delete it.
KEEPING EACH OTHER INFORMED
We will give you information about your Structure(s). If we need to get in touch, we will call, write to you, or email. To make sure you can receive information and communications from us, please make sure you tell us whenever you change your name, address, phone number, or email address.
LEGAL BACKGROUND AND YOUR RIGHTS
Here we summarise the lawful basis on which we collect and use your Personal Data and outline the rights you have under Data Protection (Jersey) Law 2018.
LAWFUL BASIS
The processing of Personal Data will only be lawful if it satisfies at least one of the following conditions:
- Consent of the data subject;
- Necessary for the performance of a contract with the data subject or to take steps preparatory to such a contract;
- Necessary for compliance with a legal or regulatory obligation;
- Necessary to protect the vital interests of a data subject or another person where the data subject is incapable of giving consent;
- Necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; or
- Necessary for the purposes of legitimate interests or those of a third party.
We have a legitimate interest in promoting our services. For this reason, we may use your Personal Data to, for example, where explicit consent is given, send you marketing information about our own products or services that we think you may be interested in. You can ask us to stop sending you marketing and/or research at any time by clicking on the “unsubscribe” links in any of the electronic messages we may use for marketing purposes.
YOUR RIGHTS
Under certain circumstances, you have the following rights in relation to your Personal Data such as, the right to:
• Right to Access
You have the right to access Personal Data that we hold about you under Data Protection Legislation by making a “Subject Access Request”. You can request the form from hello@entrustlimited.com or by writing to us:
Subject Access Request
Entrust Limited
2nd Floor
Unity Chambers
28 Halkett Street
St Helier
Jersey
JE2 4WJ
• Right to Rectification
You have the right to ask us to rectify Personal Data we hold about you if it is inaccurate or not complete.
• Right to Erasure
You can request that we erase your Personal Data. We will keep basic data to identify you and retain it solely for preventing further unwanted processing.
• Right to Restriction of Processing
You have the right to ask us to restrict how we process your data. This means we are permitted to store the data but not further process it. We keep just enough data to make sure we respect your request in the future.
• Right to Data Portability
Where processing is based on consent or performance of a contract, you have the right to data portability. We must allow you to obtain and reuse your Personal Data for your own purposes in a safe and secure way without this affecting the usability of your data. This right only applies to Personal Data that you have provided to us as the Data Controller.
• Right to Object to Processing
Where processing is based on legitimate interests, you have the right to object to us processing your data. We will discontinue processing your data, unless we can demonstrate compelling legitimate grounds for the processing. We will keep basic data to identify you and retain it solely for preventing further unwanted processing.
• Right not to be subject to automated individual decision-making and profiling
If we have made a decision about you based solely on an automated process (e.g., through automatic profiling) that affects your ability to use the services or has another significant effect on you, you can ask to not to be subject to such a decision unless we can demonstrate to you that such decision is necessary for entering into, or the performance of, a contract between you and us. Even where a decision is necessary for entering into or performing a contract, you may contest the decision and require human intervention.
Please note that Schedule 1 of the Data Protection (Jersey) Law 2018 sets out that certain of rights referred to above may be restricted in certain circumstances, including where it is necessary to avoid obstructing official or legal inquiries, investigation or procedures or to avoid prejudicing the prevention, detection, investigation or prosecution of a criminal offence.
If you wish to exercise any of these rights, please email hello@entrustlimited.com. In your request, please make clear (a) what personal information is concerned, and (b) which of the above rights you would like to enforce. For your protection, we may only implement requests with respect to the personal information associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable.
When you make a request, we will consider any lawful exemptions that may apply and that may prevent us from responding to your request in the manner you may wish. It is possible that there is something that may prevent us from responding to your request in the way you would like. If that is the case, we will explain this to you in writing when we respond to your request.
You will not usually have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive.
• Right to withdraw consent
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your Personal Data for a specific purpose (for example, in relation to direct marketing that you have indicated you would like to receive from us), you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please notify us using the details at the end of this Notice.
Once we have received notification that you have withdrawn your consent, we will no longer process your personal information (personal data) for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
LINKS TO THIRD PARTY WEBSITES OR OTHER SERVICES
Our site may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over these other websites. Entrust cannot be responsible for the protection and privacy of any information which you provide whilst visiting such websites and such websites are not governed by this Notice. You should exercise caution and we encourage you to review the privacy notice or policy applicable to the website in question.
SIGNIFICANT CHANGES
From time to time we may update this Notice. You can see the latest version at www.entrustlimited.com. If we make a significant change to how we use your Personal Data, we will let you know in advance.
CONTACT US
Entrust Limited is the Data Controller of the Personal Data we hold about you. If you have questions about this Notice, or need further information about our privacy practices, please write to us:
Data Controller
Entrust Limited
2nd Floor
Unity Chambers
28 Halkett Street
St Helier
Jersey
JE2 4WJ
We aim to meet the highest standards when processing Personal Data., but if you wish to raise a complaint about how we have handled your Personal Data, you can contact us and we will investigate the matter.
Data Protection Complaints
Entrust Limited
2nd Floor
Unity Chambers
28 Halkett Street
St Helier
Jersey
JE2 4WJ
You also have the right to make a complaint to the following authority in respect of Data Protection:
Jersey Office of the Information Commissioner
2nd Floor
5 Castle Street
St Helier
Jersey
JE2 3BT
Email: enquiries@jerseyoic.org
This Privacy Notice is dated Tuesday, 3 January 2023.