Privacy policy & notice

1. Introduction and Definitions

1.1. Chesann Trower (also known as Ches) holds a business license as a sole trader. Her registered business name is Comply. References to I, me and my refer to Ches Trower, who controls your personal data.

1.2. Data Protection Laws means the EU Data Law, the Jersey Data Law, the Data Protection Authority (Jersey) Law 2018 and/or any other relevant and applicable equivalent legislation, including the Data Protection Authority (Jersey) Law 2018, as amended from time to time.

1.3. Data Subject means the person who is the subject of the Personal Data in question.

1.4. EU Data Law means the General Data Protection Regulation 2016/679.

1.5. Jersey Data Law means the Data Protection (Jersey) Law 2018.

1.6. Personal Data under the Data Protection Laws means any information that identifies or could identify you and which is about you.

1.7. Processing means operations performed on Personal Data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

1.8. Special Category Data means Personal Data revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs, trade union membership, genetic and biometric data (when processed to identify an individual uniquely), data concerning health, sex, life or sexual orientation, and in Jersey, criminal records or alleged criminal conduct.

2. Privacy Policy and Notice

2.1. I prioritise safeguarding your privacy. Please review this privacy notice, which contains important information about me and the methods and rationale behind the collection, use, retention, and sharing of your Personal Data. Additionally, it outlines your rights concerning your Personal Data and provides guidance on addressing any concerns.

2.2. The purpose of this privacy notice is to address the handling of Personal Data when you engage with me as a Data Subject, encompassing your role as a client or customer. As a person collecting, utilising, or assuming responsibility for your Personal Data, I must comply with Data Protection Laws.

2.3. The Office of the Information Commissioner, Jersey, serves as the primary supervisory authority for me. Jersey's legal framework for data protection has been certified as 'adequate' under the EU Data Law, indicating equivalence to the required standards.

2.4. You can contact me by email if you have any questions about this privacy policy or the information I hold about you, to exercise a right under the Data Protection Laws or to make a complaint. My email address is ches@comply.je. Please contact me directly if you have any queries or concerns about my use of your Personal Data.

2.5. You can also complain to the Office of the Information Commissioner, Jersey, known as “JOIC”. You can lodge a complaint with JOIC:

2.5.1. using the JOIC website: https://jerseyoic.org

2.5.2. by email: enquiries@jerseyoic.org

2.5.3. by calling: 01534 716530

2.6. I may update this privacy notice from time to time. The current privacy notice can be found on my website at the following address: comply.je.

3. Reasons for processing

3.1. Under Data Protection Laws, I can only use your Personal Data if I have a proper reason, including:

3.1.1. where you have given consent;

3.1.2. to comply with my legal and regulatory obligations;

3.1.3. for the performance of a contract with you or to take steps at your request before entering into a contract;

3.1.4. in the substantial public interest;

3.1.5. to protect your vital interests; or

3.1.6. where necessary for the purposes of my legitimate interests (as described in clause 2.2) or those of a third party.

3.2. A legitimate interest is when I have a business or commercial reason to use your non-sensitive Personal Data, as long as your rights and interests do not override this. I will carry out an assessment when relying on legitimate interests to balance my interests against your own.

3.3. Where my basis for Processing your Personal Data is your consent, you can withdraw such consent without penalty.

4. Information processed

4.1. I will Process Personal Data in accordance with the law and your reasonable expectations. Depending on the nature of my interaction with you, the Personal Data I will Process may encompass:

4.1.1. contact information, including your postal address, email address(es), telephone number(s), company details and, where applicable, social media contact information;

4.1.2. identity information, including your current and former names, gender, date and place of birth, nationality, passport information (or similar photo ID information) and birth certificate;

4.1.3. preference information, and preferred correspondence language;

4.1.4. verification information, including government-issued documents, bank statements, and utility bills;

4.1.5. taxation information, including domicile, tax identification number(s), tax returns and tax advice;

4.1.6. source-of-wealth information, including pension plans, property sale documentation and loan documents;

4.1.7. financial information, including bank account information, assets held and on what basis (e.g. legal/beneficial ownership);

4.1.8. trusts information (if applicable), including settlor details and letters of wishes;

4.1.9. employment information;

4.1.10. criminal records or allegations information, including details of any official body's investigation of you and sanctions applying against you;

4.1.11. insolvency/bankruptcy information (as applicable);

4.1.12. debtor information;

4.1.13. connected-persons information, including information about familial relationships;

4.1.14. politically exposed person information, including your political activities and relationships;

4.1.15. information in the public domain;

4.1.16. correspondence between you, your agents/representatives, and me;

4.1.17. billing, transaction and payment information; and

4.1.18. technical data, including information about how you use my website, IT, communication and other systems.

4.2. Further information on how I process cookie data can be obtained by contacting me.

4.3. I collect and use this Personal Data to provide services to you. If you do not provide the Personal Data I ask for, it may delay or prevent me from providing such services to you.

5. Collection

5.1. Comply collects most of this Personal Data directly from you in person, by telephone, video call, text or email and via my website. However, I may also collect information:

5.1.1. from publicly accessible sources;

5.1.2. directly from a third party;

5.1.3. from a third party with your consent;

5.1.4. from cookies on my website;

5.1.5. via my IT systems, for example:

5.1.5.1.1. from door entry systems and reception logs; and

5.1.5.1.2. through automated monitoring of my websites and other technical systems, such as my computer networks and connections, CCTV and access control systems, communications systems, email and instant messaging systems.

5.2. I may, from time to time, record telephone calls.

6. Use

6.1. I may use your data in the following ways and for the following reasons:

6.1.1. Preventing and detecting fraud or other unlawful financial activity against you or me:

The reason for the processing is to minimise fraud or other unlawful financial activity that could be damaging for you and/or me.

6.1.2. Conducting checks to identify my customers and verify their identity / screening for financial and other sanctions or embargoes / other activities necessary to comply with professional, legal and regulatory obligations that apply to my business, e.g. under health and safety law or rules issued by my regulators:

The reason for the processing is to comply with my legal and regulatory obligations.

6.1.3. Gathering and providing information required by or relating to audits, enquiries or investigations by regulatory bodies:

The reason for the processing is to comply with my legal and regulatory obligations.

6.1.4. Operating IT systems, software and business applications:

The reason for the processing is to provide agreed services to you safely and efficiently.

6.1.5. Ensuring security and internet use policies are adhered to:

The reason for the processing is to ensure I am following my own internal procedures to deliver the best service to you.

6.1.6. Ensuring the confidentiality of commercially sensitive information:

The reason for the processing is to protect trade secrets and other commercially valuable information and to comply with my legal and regulatory obligations.

6.1.7. Preventing unauthorised access and modifications to systems:

The reason for the processing is to prevent and detect criminal activity that could be damaging to you or me and to comply with my legal and regulatory obligations.

6.1.8. Client/customer communication:

The reason for the processing is to perform my contract with you or to take steps at your request before entering into a contract, to comply with my legal and regulatory obligations, to make sure that I can keep in touch with my clients and customers about existing orders and new products and to update my records.

6.1.9. Ensuring safe working practices, staff administration and assessments:

The reason for the processing is to comply with my legal and regulatory obligations and to ensure I am following my own internal procedures and working efficiently to deliver the best service to you.

6.1.10. Marketing my services and those of selected third parties to existing and former customers; third parties who have previously expressed an interest in my services; and third parties with whom I have had no previous dealings:

The reason for the processing is to promote my business to existing and future clients.

6.1.11. To enforce or defend rights:

The reason for the processing is to ensure my rights and the rights of those under my scope of responsibility are protected, to liaise with regulatory authorities, and to ensure I meet my reporting obligations and commitment to government agencies that have jurisdiction.

7. Special Category Data

7.1. Where I Process your Special Category Data, I will also ensure I am permitted to do so under the Data Protection Laws for the following reasons:

7.1.1. to protect your (or someone else's) vital interests where you are physically or legally incapable of giving consent;

7.1.2. to comply with another law;

7.1.3. to prevent unlawful acts, including money laundering or other financial misconduct, and the financing of terrorism;

7.1.4. to establish, exercise or defend legal claims; or

7.1.5. where I have your explicit consent.

8. Sharing data

8.1. As required, I may share your Personal Data with:

8.1.1. other third parties I use to help me run my business, e.g. marketing agencies or website hosts;

8.1.2. organisations with whom I co-host marketing events;

8.1.3. professional advisors, including lawyers, regulatory specialists, and tax advisers;

8.1.4. IT service providers;

8.1.5. my insurers and banks;

8.1.6. intermediaries;

8.1.7. third parties you approve, e.g. social media sites you choose to link your account to or third-party payment providers;

8.1.8. government agencies to whom I have a disclosure obligation; and

8.1.9. competent courts and tribunals who issue an order with which I am obliged to comply.

8.2. I only allow my service providers to handle your Personal Data if I am satisfied they take appropriate measures to protect it. I also impose contractual obligations on service providers to ensure they can only use your Personal Data to provide services to me and to you.

8.3. On occasion, I may also need to:

8.3.1. share Personal Data with external auditors;

8.3.2. disclose and exchange information with law enforcement agencies and regulatory bodies to comply with my legal and regulatory obligations; and

8.3.3. share some Personal Data with other parties, such as potential buyers of some or all of my business or during a restructuring. Information will be anonymised, but this may not always be possible. However, the recipient of the information will be bound by confidentiality obligations.

9. Data Retention

9.1. I will keep your Personal Data while you have a relationship with me or I provide services. I will then keep your Personal Data for as long as necessary:

9.1.1. to respond to any questions, complaints or claims made by you or on your behalf;

9.1.2. to show that I treated you fairly;

9.1.3. to keep records required by law.

9.2. Different retention periods may apply for different types of Personal Data. I reserve the right to keep all Personal Data for as long as the longest period required in relation to any particular item of your Personal Data, in order that I may manage your Personal Data efficiently. Once the relevant period has ended, I will delete or anonymise the data.

10. Contacting you

10.1. The utilisation of your Personal Data for marketing purposes may involve sending you updates about my services, such as exclusive offers, promotions, or new services, via email, text message, telephone, or post.

10.2. In situations where I have a legitimate interest in utilising your Personal Data for marketing purposes, your consent is not typically required. However, if consent is necessary, it will be explicitly and separately requested.

10.3. You can opt out of receiving marketing communications at any time. This can be accomplished by contacting me at ches@comply.je.

10.4. If you request additional services in the future or there are changes in the law, regulation, or my business structure, I may request your confirmation or update of your marketing preferences.

11. Rights

11.1. You may have the following rights in relation to your data, which you can exercise free of charge:

11.1.1. Access - The right to be provided with a copy of your Personal Data.

11.1.2. Rectification - The right to require me to correct any mistakes in your Personal Data.

11.1.3. Erasure (also known as the right to be forgotten) - The right to require me to delete your Personal Data in certain situations.

11.1.4. Restriction of processing - The right to require me to restrict processing of your Personal Data in certain circumstances.

11.1.5. The right to object:

11.1.5.1. at any time to your Personal Data being processed for direct marketing (including profiling); and

11.1.5.2. in certain other situations to my continued processing of your Personal Data, e.g. processing carried out for the purpose of my legitimate interests.

11.1.6. Not to be subject to automated individual decision making - The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you.

11.2. In most cases, I will have a maximum of four weeks to respond to your request. However, it is important to note that in certain situations, this timeframe can be extended by an additional eight weeks. The specificity and focus of your request will directly impact the speed at which I can assist you.

12. Safety of Data

12.1. In case of a suspected data protection breach, where legally required, you and the relevant supervisory authority will be promptly notified.

Last updated 24 April 2024