Close Menu

WHITMILL PRIVACY NOTICE

 

BACKGROUND: 

Whitmill Trust Company Limited (“Whitmill”) understands that your privacy is important to our clients and that you care about how your personal data is used. We respect and value the privacy of all of our customers and will only collect and use personal data in ways that are described here, and in a way that is consistent with our obligations and your rights under the law.  In this Privacy Notice “you” and “your” refers to the customer and “we” and “our” refers to Whitmill.

We obtain and process personal data in connection with our services or offering prospective services to our clients which include:

  • providing services to our clients relating to the formation, management and administration of entities, accountancy services, provision of trustees, directors, council members and secretaries, provision of marine and aviation services;
  • fund services including, fund establishment, multi-currency valuation and fund accountancy, shareholder registration and dealing, corporate secretarial, regulatory compliance monitoring, fund administration across the full regulatory spectrum; and
  • assisting clients with the creation of executive remuneration solutions, employee benefit schemes and arrangements for companies, the provision  of employed contractors as well as corporate turnarounds, restructuring and insolvency and investment funds.

1. Information About Us

Whitmill’s registered address is First Floor, 17 The Esplanade, St Helier, Jersey JE23QA.  

2. What Does This Notice Cover?

This Privacy Notice explains how we use your personal data: how it is collected, how it is held, and how it is processed. It also explains your rights under the law relating to your personal data.

3. What is Personal Data?

Personal data is defined by the Data Protection (Jersey) Law 2018 (the “Law”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.  Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.  The personal data that we use is set out in Part 5, below.

4. What Rights do you have?

Under the Law, you have the following rights, which we will always work to uphold:

  1. The right to be informed about our collection and use of your personal data. This Privacy Notice should tell you everything you need to know, but you can always contact the Data Protection Reporting Officer to find out more or to ask any questions using the details in Part 11.
  2. The right to access the personal data we hold about you. Part 10 will tell you how to do this.
  3. The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete. Please contact the Data Protection Reporting Officer using the details in Part 11 to find out more.
  4. The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we have. Please contact the Data Protection Reporting Officer using the details in Part 11 to find out more.
  5. The right to restrict (i.e. prevent) the processing of your personal data.
  6. The right to object to Whitmill using your personal data for a particular purpose or purposes.

For more information about Whitmill’s use of your personal data or exercising your rights as outlined above, please contact the Data Protection Reporting Officer using the details provided in Part 11.

5. What Personal Data do we Collect?

Whitmill may collect some or all of the following personal data (this may vary according to your relationship with us:

  • Name;
  • Date of birth;
  • Gender;
  • Address;
  • Email address;
  • Telephone number;
  • Business name;
  • Job title;
  • Occupation/Profession;
  • Payment information;
  • Financial details (e.g. assets, sources of wealth, salary and details of other income, and details of bank accounts, TIN details or their equivalent); and
  • Education and employment details/employment status for anti-money laundering and customer due diligence purposes.
  • The provision of personal information relating to settlors of trusts, beneficiaries, trustees and protectors, and other related persons such as spouses or children linked in structures. 

Whitmill may collect your personal data from other companies in the Whitmill group of companies and persons who we have joint ventures with us or third party providers or administrators.  

6. How Do We Use Your Personal Data?

Under the Law Whitmill must always have a lawful basis for using personal data.  We will process personal data:

  1. As necessary in order to carry out fund, trust and company, executive remuneration solutions, employee benefit schemes and arrangements, marine and aviation administration services by providing management services, the provision  of employed contractors and acting on behalf of the managed entity for clients and related parties including:
  • To take steps at a client’s request prior to entering into the contract for services; 
  • To decide whether to enter into a contract for services with prospective clients;
  • To be responsible for the management of entities whether funds, trust, company or other structures; 
  • To arrange for the setting up of bank accounts and discretionary mandates for investment managers;
  • To prepare details of assets held by the client and related parties; 
  • To update clients and related parties’ records; and
  • To trace clients’ and related parties whereabouts to contact them about the distribution of assets and to make payments.
  1. As necessary for our clients’ own legitimate interests or those of other related parties and organisations, e.g.:
  • For good governance, accounting, and managing and auditing business operations; 
  • To monitor emails, calls, and other communications with clients and relevant parties; and
  • For market research, analysis and developing statistics.
  1. As necessary to comply with a legal obligation, e.g.:
  • When a client exercises their rights under data protection law and make requests;
  • For compliance with legal and regulatory requirements and related disclosures;  
  • For establishment and defence of legal rights;  
  • For activities relating to the prevention, detection and investigation of crime; and
  • To verify clients’ identity, make fraud prevention and anti-money laundering checks.
  1. Based on consent, e.g.:
  • When clients or related parties request that we disclose personal data to other people or organisations such as an audit or accountancy firm handling a tax return, or otherwise agree to disclosures; and
  • To send clients or related parties communications including marketing communications where they have agreed to this. 

With your permission and/or where permitted by law, we may also use your personal data for marketing purposes, which may include contacting you by email or post with information, and news about our services.  You will not be sent any unlawful marketing. We will always work to fully protect your rights and comply with our obligations under the Law and you will always have the opportunity to opt-out.  However if you chose to opt out then we may not be able to provide services to you as requested.

7. How Long Will You Keep My Personal Data?

We will not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected. Your personal data will therefore be kept for the following periods:

Document

Retention period

Know Your Client identification documents

Throughout the relationship and 10 years from end of relationship

Financial records

Throughout the relationship and 10 years from end of relationship

General Information relating to clients

Throughout the relationship and 10 years from end of relationship

Supplier Invoices

Throughout the relationship and 10 years from end of relationship

Where events occur that mean that data needs to be kept for longer, the following factors will be used to determine data retention periods for personal data:

  • Retention in case of queries. We will retain personal data as long as necessary to deal with queries (e.g. if an application to subscribe is unsuccessful); 
  • Retention in case of claims. We will retain personal data for as long as a client or a data subject might legally bring claims against us; and
  • Retention in accordance with legal and regulatory requirements. We will retain personal data after the services provided have come to an end based on our legal and regulatory requirements which is normally 10 years.   

8. How and Where Do You Store or Transfer My Personal Data?

We will only store your personal data on servers based in Jersey and Guernsey.  This means that it will be fully protected under the Law or under equivalent data protections laws.

Personal data will be transferred to the Whitmill group of companies in order to allow us to provide our services to clients.  Personal data will be processed in jurisdictions where we manage entities and structures.  Personal Data will also be sent to banks in jurisdictions requested by our clients in order to open bank accounts and liaise with such banks in respect of bank accounts.  Some countries have equivalent protections in place for personal data under their applicable laws, in other countries steps will be necessary to ensure appropriate safeguards apply. These include imposing contractual obligations of adequacy in line with the data protection legislation in Jersey.  Where this is not possible the Whitmill group of companies will rely on the client’s explicit consent to provide such information to entities in these jurisdictions which is considered to be obtained on the basis of the client’s instructions to us.   

Group Companies

The Whitmill group of companies are Whitmill, Whitmill Middle East DMCC, Whitmill Secretaries Limited, Whitmill Nominees Limited, Whitmill Contractors Limited, Whitmill Trust Company (Gibraltar) Limited and their subsidiaries and any other company that may fall within the group in the future. 

9. Do You Share My Personal Data?

Subject to the Law and applicable data protection laws we may share clients and related parties personal data with:

  • Our group of companies and related, joint ventures or representative companies and their employees, officers, agents or professional advisors;
  • Sub-contractors and other persons who help us provide our products and services;
  • Companies and other persons providing services to clients and related parties; 
  • Legal and other professional advisors, including auditors;
  • Government bodies and agencies in Jersey, and overseas e.g. the Jersey Tax Authorities who may in turn share it with relevant overseas tax authorities, with regulators e.g. in the area of financial services such as the Jersey Financial Services Commission, data protection regulators such as the Office of the Information Commissioner (Jersey) and equivalent regulators in other jurisdictions;
  • Courts, to comply with legal requirements, and for the administration of justice;
  • Other parties where necessary in an emergency or to otherwise protect clients and related parties vital interests;
  • Other parties connected with the managed entities and our clients e.g. directors, shareholders, beneficial owners, beneficiaries, trustees or any named official;
  • Other parties if there is a restructure or selling of assets or in the case of a merger or re-organisation;
  • Payment systems (e.g. Visa or Mastercard), and who may transfer personal data to others as necessary to operate the accounts and for regulatory purposes; to process transactions; resolve disputes; and for statistical purposes, including sending personal data overseas; and
  • Anyone else where the clients or related parties consent is given or as required by law.

We require all third parties to respect the security of personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with the data subjects’ instructions.

If any of your personal data is required by a third party, as described above, we will take steps to ensure that your personal data is handled safely, securely, and in accordance with your rights, our obligations, and the third party’s obligations under the law, as described above in Part 8.

If any personal data is transferred outside of Jersey, the EEA or other jurisdictions not subject to adequacy decisions by the European Commission, we will take suitable steps in order to ensure that your personal data is treated just as safely and securely as it would be within Jersey and under the Law as explained above in Part 8 or based on your instructions and consent.

10. How Can I Access My Personal Data?

If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request”.

All subject access requests should be made in writing and sent to the email or postal addresses shown in Part 11. There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.

We will respond to your subject access request as soon as possible and within 30 days of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.

11. Who Do I Contact?

To contact us about anything to do with your personal data and data protection, including to make a subject access request, please contact our responsible person by email at mike@whitmill.com or by writing to our address.  Further information about your rights can also be obtained from the Information Commissioner’s Office by reviewing the website www.oicjersey.org.

If you have any cause for complaint about Whitmill’s use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office by emailing enquiries@oicjersey.org.

12. Changes to this Privacy Notice

We may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data held.

Any changes will be made available on our website.

The latest moves in the Transparency Debate

Read full story

Citywealth Brand Management and Reputation Awards 2018

Read full story

A special occasion in historic surroundings

Read full story