This Privacy Statement (the “Statement”) describes how Albany Trustee Company Limited (“ATCL”) collects, uses and shares the information you provide to us and the information we collect in the course of operating our business. It does not constitute, nor should it be construed to constitute or give rise to a contract or contractual rights.
In this Statement, where we refer to ATCL (or “we”/ “us”/“our”), we mean ATCL and its subsidiaries and the companies and other entities that are associated with us.
ATCL has created this Statement under the Data Protection (Bailiwick of Guernsey) Law, 2017 (the Data Protection Law) and the General Data Protection Regulations 2018 (GDPR), the latter being applicable to all organisations that are active in the European Union. The Statement is for your information and it covers how we collect, use, disclose, transfer and store your personal data and how seriously we take the security and privacy of data.
We are committed to complying with our obligations under the Data Protection Law, which stipulates that your personal information must be:
- processed in a lawful, fair and transparent manner;
- collected only for specific, explicit and legitimate purposes and not in any manner which is incompatible with the purposes for which it was collected;
- adequate, relevant and limited to the purpose(s) for which it is processed;
- accurate and, as applicable, up-to-date, with reasonable steps to be taken to erase or correct inaccurate data
- retained only for as long as is necessary for the purpose(s) for which it was collected
- secured appropriately
Introduction and General Terms
ATCL is committed to protecting your personal information when you are using our services. We want our services to be fair, lawful, safe, transparent and reliable. This privacy statement relates to our use of any personal information we collect from you.
It also relates to our use of any personal information you provide to us by phone, SMS, email, and letters and other correspondence and in person.
In order to provide you with the full range of ATCL’s services, we sometimes need to collect information about you. This privacy statement explains the following:
- what personal information we collect about you;
- how we use information collected about you;
- when we use your details to contact you;
- under which circumstances we may disclose your personal details to any third party; and
- your choices around what personal information you provide to us.
ATCL is committed to safeguarding your personal information. Whenever you provide such information, we are legally obliged to use your information in line with all applicable laws concerning the protection of personal information, including the Data Protection Law. No system of data storage can be completely secure; if you have any concerns or complaints that your personal data held by ATCL could have been compromised and/or someone could have discovered your personal details held by us, please contact us immediately. Our contact details can be found in section 14 of the statement.
All of our staff have been trained in accordance with our Data Protection Law implementation process.
What information will ATCL collect about me and where will it be obtained?
When you get in touch with us either via email, a telephone call or when you visit us at our office, we will collect some personal information about you. When you request a service, we may collect some personal information about you, including but not limited to:
- your personal identification information (which may include your name, date of birth and passport information, photographs, your IP address and personal data relating to claims, court cases and convictions, politically exposed person (PEP) status, personal data available in the public domain and such other information as may be necessary for ATCL to provide its services and complete its CDD (Client Due Diligence) process and discharge its AML/CFT (Anti-Money Laundering/Countering Financing of Terrorism) obligations;
- your contact information (which may include postal address and e-mail address and your home and mobile telephone numbers);
- your family relationships (which may include your marital status, the identity of your spouse and the number of children or dependants that you have);
- your professional and employment or occupation information (which may include your level of education and professional qualifications, your employment, employer’s name and details of directorships and other offices which you may hold);
- financial and tax information, sources of wealth and your assets (which may include details of your assets, source of wealth, shareholdings and your beneficial interest in assets, your bank details, your credit history and your tax residency); and
- information about client matters which may include a wide range of personal information which may include (but may not be limited to) information about employment, health, family issues and relationships, regulatory status.
We may also collect and process personal data regarding people connected to you, either by way of professional (or other) association or by way of family relationship.
If you apply for a position with us we may collect personal information relating to your past employment, professional qualifications and education, your nationality and immigration/residential status, opinions from third parties about you (such as references) and other details about you which may be gathered during the recruitment process. Such information will be collected in a variety of ways, including information included by job applicants or prospective employees in their curriculum vitae, cover letters, job applications, and interview notes. We may also review publicly available information about you on your social media accounts. If you are offered and accept employment with us, further information will be collected directly from you, including right to work documentation, bank account details and next of kin details. We will only collect certain sensitive information, such as information regarding criminal convictions where it is appropriate in view of the nature of your role and/or where it is permitted under the law.
The Data protection law requires an enhanced level of protection to be applied in respect of certain sensitive categories of personal information (Special Category Data), which categories comprise:
- personal information revealing or pertaining to an individual’s racial or ethnic origin, political opinion, religious or philosophical belief or trade union membership, sex life or sexual orientation;
- genetic information;
- biometric information;
- information about your health, including your medical records and/or history; and
- criminal information, including information about your convictions.
The nature of the information processed will be dependent upon the services to be provided. Additional factors are required to therefore be considered when determining whether there is justification to process Special Category Data. Circumstances in which we will process Special Category Data include, without limitation:
- the processing is necessary for us to fulfil a legal or regulatory obligation;
- in limited circumstances, where you have provided us with explicit consent to process your personal information for the purpose for which it is processed; and
- where it is necessary to protect your vital interests or those of a third party, and i) you are physically or legally incapable of giving consent, or ii) we cannot reasonably be expected to obtain your explicit consent.
Along with any information that you give to us, we collect your personal information from the following sources, including but not limited to:
- such other forms and documents as we may request that are completed in relation to the administration/management of any of our services;
- information gathered through client due diligence carried out as part of our compliance with regulatory requirements, including information from open or publicly available sources;
- face to face meetings;
- any personal information provided by way of correspondence with us by telephone, e-mail or otherwise;
- personal information we receive from third party sources, such as: our clients in connection with matters on which we are engaged with you; entities in which you, or someone connected with you, has an interest; your legal and or financial advisors; financial institutions who hold and process your personal information; credit reference agencies and financial crime databases for the purposes of complying with our regulatory requirements; personal information received in the course of dealing with advisors, regulators, official authorities and service providers by whom you are employed or for whom you act; and in the process of our recruitment processes, we may obtain information from recruitment agencies, past or current employers and or educational institutions and or professional bodies.
We require this information for a number of different reasons including, performance of contracts we enter into with you, fulfilment of legal and/or regulatory obligations, communicating with you as we provide our services to you, communication on your behalf with third parties, reporting and research purposes and for marketing and other activities.
How will ATCL use the information collected about me?
ATCL will use your personal information for a number of purposes including the following:
- to ensure compliance with our legal and regulatory obligations;
- to conduct administrative or operational processes within our business;
- to provide and enhance our fiduciary offering;
- to perform a contract which we may have with you;
- to respond to and process any requests, enquiries or complaints;
- to ensure we have accurate information so that we may communicate with you and keep you updated of developments as we provide a service to you;
- ensuring that we have consent and that we hold accurate information so that we may contact you at a future date for the purposes of quality control and marketing activities;
- ensuring that we have accurate information for internal reporting, for example, reporting to our director/board or trustees/shareholders, all reporting to other interested stakeholders;
- for dealing with any legal disputes in which you may be involved;
- for other legitimate business purposes;
- for the purposes of carrying out our application and recruitment process, including but not limited to:
- assessing your skills, qualifications and interests against our career opportunities;
- verifying your information and carrying out reference checks and or conducting background or criminal records checks (where applicable) if you are offered a job;
- communications with you about the recruitment process and or your application(s);
- complying with applicable laws, regulations and other legal duties;
All of your information will be considered confidential. ATCL will not use or disclose your information except as provided for in this statement, or where it is required or permitted to fulfil a legal obligation. In the event that we need to use or process your personal information in a manner or for a purpose that is not provided for in this statement, we will provide you with notification, including an explanation of the legal basis for the use/processing of such information. It is your responsibility to obtain consent from referees before providing their personal information to ATCL.
Processing your personal data enables us to effectively provide you with products and services, and, where applicable, to carry out our recruitment process. Whilst there is no obligation on you to provide us with your personal information, failure to do so may render us unable to provide you with products and services, or, as applicable, consider your application for a position with us.
When will ATCL contact me?
ATCL may contact you:
- in relation to an enquiry as to our services from any third parties;
- in relation to any communication we receive from you or any other parties involved in the service we provide for you, for example (responding to emails, correspondence, arranging meetings);
- in relation to any financial questions or issues (expand here on various operational reasons for contact);
- for reporting, research and marketing purposes.
Will I be contacted for marketing purposes?
ATCL will only send you marketing emails or contact you where you have agreed to this by giving us your consent. From time to time, we may also contact you and ask your views about the service ATCL has provided to you. We may personalise the message content based upon any information you have provided to us.
If you want to stop all personalised messages from ATCL, including targeted marketing messages you can contact us at any time and instruct us to stop. We will, of course, stop.
Will ATCL share my personal information with anyone else?
We will keep your information within ATCL except where disclosure is required or permitted by law (for example to government bodies and law enforcement agencies), where sharing is required to fulfil the contract between us or where you have consented to sharing your information with other parties involved in the service we provide to you, including, for example:
- IT and communications service providers;
- your own, and our own, advisors such as: auditors, accountants, bankers, investment managers and insurers and any external legal or other professional advisors as instructed from time to time;
- counterparties to any transactions or litigations;
- other professional service providers, regulators, tax authorities, law enforcement agencies, governmental institutions, tribunals and courts
- if we are under a duty to disclose your personal information in order to comply with any legal obligation such as our obligations in respect of anti money laundering and countering the financing of terrorism and countering the proliferation of weapons of mass destruction.
- should you apply for a position with us, we may disclose/use your personal information for the purposes of seeking references and confirmation of the details which you have provided.
Where we transfer your personal information outside of the European Economic Area, we will ensure that it is protected and transferred in a manner consistent with legal requirements applicable to the information. In other circumstances, the law may permit us to otherwise transfer your personal information outside the European Economic Area. In all cases, any transfer of your personal information will be compliant with applicable data protection law.
Generally, we will use your information within ATCL and will only share it outside of ATCL where you have requested it via a data portability request, where you have given your consent, or where it is required or permitted by law. ATCL requires all third parties to comply strictly with its instructions and ATCL requires that they do not use your personal information for their own business purposes and only use your information for reasons associated with or connected to the services we provide for you.
In certain circumstances where it is required under the Guernsey Data Protection Law, before we share any of the personal data we hold about you with any third party, we will request consent from you. In such circumstances, if you do not want us to share your personal data with any third party, please let us know. We will not pass on or sell your personal information to any third party for that party to use for direct marketing purposes without your prior consent.
You also have the right to ask us to share your personal data with anyone you wish. To exercise this right to data portability, please write to us, giving full details, using the details provided at section 14 of this statement.
For the purposes of this section:
Adequacy Decision, in respect of any country, sector within a country or international organisation, means a decision made by the European Commission that the relevant country, sector or international organisation ensures an adequate level of protection within the meaning of Article 45(2) of the GDPR.
Authorised Jurisdiction means (a) the Bailiwick, (b) a Member State of the European Union, (c) any country, any sector within a country, or any international organisation that the Commission has determined ensures an adequate level of protection within the meaning of Article 45(2) of the GDPR (or the equivalent article of the former Directive), and for which the determination is still in force, or (d) a designated jurisdiction.
Designated Jurisdiction means a) the United Kingdom, b) a country within the United Kingdom, (c) any Crown Dependency, or any sector (within the meaning of the GDPR) within a country or dependency mentioned in (a), (b) or (c) above.
Unauthorised Jurisdiction means any jurisdiction which is not an Authorised Jurisdiction.
In order to provide, and/or in the course of providing products and services to you, we may transfer your personal information to Authorised Jurisdictions. Where we transfer your personal information to Authorised Jurisdictions which are not member states of the European Union such jurisdictions are (as applicable):
- Designated Jurisdictions (as defined above); or
- jurisdictions in respect of which an Adequacy Decision is in force. Details of jurisdictions in respect of which an Adequacy Decision is in place can be found here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en.
We may transfer your personal information to Unauthorised Jurisdictions in order to provide, and/or in the course of providing products and services to you. We apply appropriate measures to ensure that your personal information is protected and processed in accordance with standards similar to those required under the Guernsey Data Protection Law. These measures include, but are not limited to, standard data protection clauses. Details regarding the measures referred to above can be obtained from our Data Protection Officer.
We have policies, procedures and controls in place to ensure that your personal information is protected from loss, unauthorised access and/or unauthorised disclosure, including a duty of confidentiality binding on all our staff. In addition, information is only shared with staff and outsourced or contracted third parties on a “need to know” basis. Further information regarding the measures we have in place to protect your personal information may be requested from our Data Protection Officer.
How long will ATCL keep my personal information?
We will hold your personal information on our systems for as long as is necessary for the purpose of the supply of services and for any legal requirements for the purposes for which the personal information was collected; in order to establish or defend legal rights or obligations or to satisfy any reporting or accounting obligations; and /or as required by data protection laws and any other applicable laws or regulatory requirements.
We do not keep your personal information once it is no longer reasonably necessary for us to retain it pursuant to applicable laws, or, where we have relied on your consent to keep your personal information, once you withdraw your consent, and we are not otherwise legally permitted to retain your personal information (for example, due to a court order or investigation by regulators or law enforcement agencies).
If you have applied for a role with us, we will retain your information for the following periods:
- If you are unsuccessful for the role(s) you have applied for, six months after receipt of your initial application; or
- If you are interviewed for a post, six months from our last contact with you. Information retained for this period will include interview notes, and any other relevant information supplied by you;
- If you are offered and accept employment with ATCL, the information collected during the application and recruitment process will become part of your employment record.
Can I access or delete my personal information?
You have the following rights in respect of the personal information about you that we process:
- the right to be informed and to be notified of rectification, erasure and restrictions;
- the right to access and port personal information;
- the right to rectify personal information;
- the right to restrict the use of personal information;
- the right to request that personal information is erased;
- the right to object to processing of personal information (e.g. objection to processing for direct marketing purposes or objection to protect significant interests of the data subject); and
- the right not to be subject to decisions based on automatic processing.
You can always ask for your information to be deleted by ATCL, however, please bear in mind that we are required to hold your data for a minimum period of seven years for legal reasons.
We will retain records of prospective clients who do not become clients for five years from the date of the enquiry, save in the case of a complaint where the records shall be kept for seven years from the date of the resolution of the complaint.
We will retain records of prospective employees who are not recruited by the Company for six months from the date of receipt of that prospective employees’ personal data, save in the case of a complaint where the records shall be kept for seven years from the date of the resolution of the complaint.
Deleting the data ATCL holds about you will erase any personal data we have about you and it will mean any data we hold about you after your request, that we use in future; will be made anonymous.
You also have the right to lodge a complaint about the processing of your personal information either with us, with The Office of the Data Protection Authority in Guernsey, Office of the Data Protection Authority, St Martin’s House, Le Bordage, St. Peter Port, Guernsey
GY1 1BR. Email: email@example.com. Telephone: +44 (0) 1481 742074.
Where we have relied on consent to process your personal information, you have the right to withdraw consent at any time.
If you wish to exercise any of the rights set out above, please contact The Data Protection Officer, Albany Trustee Company Limited, Newport House, 15 The Grange, St Peter Port, Guernsey, GY1 2QL, telephone +44 1481 724136, firstname.lastname@example.org.
Can I find out what personal information ATCL holds about me?
Under the general Data Protection Law you have the right to request a copy of the personal information ATCL holds about you and to have any inaccuracies corrected. (We require you to prove your identity with two pieces of approved identification). We have a legal duty to supply, correct or delete personal information about you on our files. Please address requests and questions about this or any other question about this privacy statement to The Data Protection Officer, Albany Trustee Company Limited, Newport House, 15 The Grange, St Peter Port, Guernsey, GY1 2QL, telephone +44 1481 724136, email@example.com.
We will need two copies of forms of identification of the person making the request for information, which can be:
- drivers licence;
- birth certificate;
- utility bill (from last three months);
- current vehicle registration document;
- bank statement (from last three months).
Web browser cookies
- What is a cookie?
A cookie is digital information, which has a unique identifier function that are sent to your computer, tablet or mobile phone (a device) web browser from a website that you visit and are stored on your device. All websites can send cookies to your device web browser if you allow it. Many websites do this in order to track online usage. Similar technologies are also often used within emails.
- Other information collected from web browsers
Your web browser may also provide the information about your device such as an IP address and details about the browser that you are using.
ATCL may collect information such as the device you are using, your IP address or the browser you are using.
Do not track (DNT) browser setting
DNT is a feature offered by some browsers which, when enabled, sends a signal to websites to request that your browsing is not tracked, such as by third-party ad networks, social networks and analytic companies.
ATCL does not respond to DNT requests.
Changes to the ATCL privacy statement
This privacy statement may be updated from time to time, so you may wish to check it each time you submit personal data to ATCL. If you do not agree to any changes, please do not continue to use the ATCL website or submit your personal data to ATCL. You can also delete your personal data that ATCL holds at any time (subject to any legal reasons we may have to keep some of the data we hold about you).
Contacting ATCL about this privacy statement
If you have any questions or comments about ATCL’s privacy statement please contact: The Data Protection Officer, Albany Trustee Company Limited, Newport House, 15 The Grange, St Peter Port, Guernsey, GY1 2QL