- Client Data Privacy Statement
- Supplier Data
- Appendix 1
- Appendix 2 General
Client Data Privacy Statement
This statement sets out how MitonOptimal Jersey Limited (MOJL) will collect, use and process your personal data (as the Data Controller).
In providing Services, MOJL is obligated and/or permitted by Jersey Law to retain copies of certain Personal Data in respect of its relationship with its clients.
MOJL is registered under the Data Protection (Jersey) Law 2018 and will retain the Personal Data collected from you either in electronic and/or hard copy form.
Your personal information may be disclosed to other companies within the MitonOptimal Group in order to facilitate the provision of the Services. When processing your Personal Data there will be times where MOJL acts in the capacity of a data controller (as defined under the Data Protection (Jersey) Law 2018).
Please note the following terms set out below will apply to the way in which MOJL process your Personal Data when acting as a data controller.
Purposes of processing and legal basis for processing MOJL may collect, use or process your Personal Data for the following purposes:
- MOJL will itself (or through a third party e.g. media screening agency) process certain information about you or your directors, officers and employees and your beneficial owners (if applicable) in order to carry out media and anti-money laundering checks and related actions which MOJL considers appropriate to meet any legal obligations imposed on MOJL relating to data processing, the prevention of fraud, money laundering, terrorist financing, bribery, corruption, tax evasion and to prevent the provision of financial and other services to persons who may be subject to economic or trade sanctions, on an on-going basis, in accordance with MOJL’s anti-money laundering procedures;
- to provide the Services to you and/or for MOJL’s internal administration;
- to monitor calls and electronic communications for investigation and fraud prevention purposes, for crime detection, prevention, investigation and prosecution, and to enforce or defend MOJL and its affiliates’ rights, itself or through third parties to whom it delegates such responsibilities or rights in order to comply with a legal obligation imposed on MOJL.
Collection of Data
We collect Client data in the following ways:
1. Personal data that we receive directly from you:
- Where you contact us proactively, usually by phone or email; and/or
- Where we contact you, either by phone or email.
2. Personal data we receive from other sources. Where appropriate and in accordance with any local laws and requirements, we may seek more information about you or your directors, officers and employees and your beneficial owners from other sources including:
- Your business’ website;
- Your regulator’s or a Company Registry website;
- Using a search engine to obtain publicly available information;
- From other limited sources and third parties (for example; from third party due diligence providers).
Recipients of data and international transfer of data
MOJL may disclose your personal information as follows:
- to Compliance Consultancies in order to carry out money laundering and identity checks to comply with regulatory obligations;
- to third party vendors in order to process the data for the above mentioned purposes and who perform functions on our behalf, such as IT providers, Auditors and Accountants, Lawyers and Custodians;
- to competent authorities, courts and bodies as required by law or requested or to affiliates for internal investigations and reporting; and
- to MOJL’s affiliates in order to share your Personal Data for hosting and future investments or Services.
The disclosure of personal information to the third parties set out above may involve the transfer of data to the United States of America and other jurisdictions outside the European Economic Area (“EEA”). Such countries may not have the same data protection laws as your jurisdiction.
MOJL will not transfer Personal Data to persons located outside the EEA until, if required by applicable Data Protection Law, that person has entered into an agreement with MOJL that includes the standard contractual clauses (known as model contract clauses) that are recognised by the European Commission as offering adequate safeguards in relation to data protection.
Your Personal Data is only processed in accordance with applicable Data Protection Laws and in order to maintain an appropriate level of protection over that Personal Data.
Please contact MOJL for further details, including copies of the standard contractual clauses referred to above (details are listed at the end of this notice).
MOJL will retain your personal information for ten years or any longer term required for it and its Affiliates to perform the Services and/or as required by Data Protection or other applicable law.
Data Subject Rights
You have the following rights, in certain circumstances, in relation to your Personal Data:
- right to access your Personal Data;
- right to rectify your Personal Data;
- right to restrict the use of your Personal Data;
- right to request that your Personal Data is erased;
- right of data portability;
- right not to be to be subject to a decision based solely on automated processing; and
- right to object to processing of your Personal Data.
Where you have provided your consent to processing, you may withdraw your consent at any time by contacting MOJL by writing to our us stating that you withdraw your consent. Details of how to contact us can be found at the end of this notice.
Where MOJL requires your Personal Data to comply with KYC/CDD or other legal requirements, failure to provide this information means MOJL may not be able to provide the Services.
If you would like to exercise any of these rights or withdraw your consent to the processing of your personal data (where consent is our legal basis for processing your personal data), details of how to contact us can be found at the end of this notice. Please note that we may keep a record of your communications to help us resolve any issues which you raise.
You have the right to lodge a complaint with a Supervisory Authority, details of how to contact them can be found at the end of this notice.
Please refer to appendix 2 for more information on the data subject rights.
What kind of personal data do we collect?
We do not collect extensive data in relation to Suppliers – we simply need to make sure that our relationship runs smoothly. We’ll collect the details for our contacts within your organisation, such as
names, telephone numbers and email addresses. We’ll also collect bank details, so that we can pay you. We may also hold extra information that someone in your organisation has chosen to tell us.
How do we collect it?
We collect your personal data during the course of our working relationships.
How do we use your personal data?
The main reasons for using your personal data are to ensure that the contractual arrangements between us can properly be implemented and to comply with legal requirements. We will only use your information:
- To store (and update when necessary) your details on our database, so that we can contact you in relation to our agreements;
- To offer services to you or to obtain support and services from you;
- To perform certain legal obligations; and
- To help us to establish, exercise or defend legal claims.
We may use your personal data for these purposes if we deem this to be necessary for our legitimate interests.
If you are not happy about this, in certain circumstances you have the right to object and can contact us at the address detailed at the end of this notice.
How long do we keep your data for?
If we have not had meaningful contact with you for a period of three years, we will delete your personal data from our systems unless we believe in good faith that the law or other regulation requires us to preserve it (for example, because of our obligations to local authorities or in connection with any anticipated litigation). After this period, it is unlikely your data will be relevant for the purpose for which it was collected.
When we refer to “meaningful contact”, we mean, for example, communication between us (either verbal or written), or where you are actively engaging with us and using our services. We will consider there to be meaningful contact with you if you communicate with us about potential services, either by verbal or written communication. Your receipt, opening or reading of an email or other digital message from us will not count as meaningful contact – this will only occur in cases where you click-through or reply directly.
MOJL may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from 14th May 2018.
The Information we collect
So we can provide you with services that meet your precise financial needs we obtain certain information about your personal and financial situation and may collect the following information:
- identity details: Such as your name, age, date of birth, gender and national insurance number
- personal and professional contact details: this includes your email, phone number, mobile number and address:
- associated third party information, this could include your spouse, children or beneficiaries of trusts financial details, this could include source of wealth, existing investments, tax returns and bank details concerning your attitude to investment risk
- information on your children or dependants: where a child is named as a beneficiary on the policy taken out by a parent or guardian on their behalf. In these cases, we will collect and use only the information required to identify the child (such as their name, date of birth and gender)
- use of our website: This information is collected through cookies as further explained in our cookies policy.
How and why we use this information
We have published this policy so that you understand what we do and why, and in order that, if you wish to challenge us, you have information about the rights. This policy is not detailed with respect to all aspects of our processing of personal data because so much depends on your needs and individual circumstances. We have given as much information as we can by way of default, and we supplement this where appropriate in other documentation.
The purposes are as follows:
- Marketing to you as a prospective client
- Accepting you as a client
- Dealing with you as a client
- Performing our Services to clients, which involve processing personal data about others associated with them, such as a spouse, parent, guardian, child or other family member, a representative of our client, or a trustee, settlor or beneficiary
- Operating our business
We may use the information to improve our products and services.
We may periodically send promotional emails about new products, special offers or other information which we think you may find interesting using the email address which you have provided.
From time to time, we may also use your information to contact you for market research purposes. We may contact you by email, phone, fax or mail. We may use the information to customise the website according to your interests. Security We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
Links to other Websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website.
Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Controlling your Personal Data
You may choose to restrict the collection or use of your personal information in the following ways:
- whenever you are asked to fill in a form on the website, look for the box that you can click to indicate that you do not want the information to be used by anybody for direct marketing purposes
- if you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by writing to or emailing us at the email address listed at the bottom of this notice.
We will not sell, distribute or lease your personal information to third parties unless we are required by law to do so. We may use your personal information to send you promotional information about third parties which we think you may find interesting if you tell us that you wish this to happen.
How to Contact Us
MitonOptimal Jersey Limited, based in Jersey, Channel Islands controls the processing of personal data of Clients, Suppliers and Website Users.
Contact details If you have any questions about our use of your Personal Data, please contact Claire Southam by
Email [email protected] to exercise any of the below rights:
- to access, amend or take back the personal data that you have given to us;
- if you suspect any misuse or loss of or unauthorised access to your personal information;
- to withdraw your consent to the processing of your personal data (where consent is the legal basis on which we process your personal data);
- To update your marketing preferences or profile, you can email us at: [email protected] or by clicking the ‘unsubscribe’ link in any marketing e-mail we send to you.
Alternatively, you can write to us at: MitonOptimal Jersey Limited, Suite 23, 4 Wharf Street, St Helier, Jersey, JE2 3NR.
Or call us on +44 (0) 1534 616818.
How to contact your local data protection authority
You can contact the Office of the Information Commissioner in the following ways:
Our Legal Bases for processing your data – Legitimate Interests
Schedule 2, Article 9 (5)(1) of the Data Protection (Jersey) Law 2018 is the one that is relevant here – it says that we can process your data where it “is necessary for the purposes of legitimate interests pursued by the controller or by the third party or parties” unless the processing is unwarranted in any particular case by reason of prejudice to the rights and freedoms or legitimate interests of the data subject”.
We don’t think that any of the following activities prejudice individuals in any way – in fact, they help us to offer you a more tailored, efficient service which is beneficial to both parties. However, you do have the right to object to us processing your personal data on this basis.
We think it’s reasonable to expect that if you are looking for us to provide a service, you are happy for us to collect and otherwise use your personal data to offer or provide our services to you.
We must make sure our business runs smoothly, so that we can carry on providing Services to clients like you. We therefore also need to use your data for our internal administrative activities, like invoicing where relevant.
We have our own obligations under the law, which is a legitimate interest of ours to insist on meeting. If we believe in good faith that it is necessary, we may therefore share your data in connection with crime detection, tax collection or actual or anticipated litigation.
In certain circumstances, we are required to obtain your consent to the processing of your personal data in relation to certain activities. Depending on exactly what we are doing with your information, this consent will be opt-in consent or soft opt-in consent.
Article 11 of the Data Protection (Jersey) Law 2018 states that consent “means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, whether orally or in writing, signifies agreement to the processing of that data”.
In plain language, this means that:
- you have to give us your consent freely, without us putting you under any type of pressure;
- you have to know what you are consenting to – so we’ll make sure we give you enough information;
- you need to take positive and affirmative action in giving us your consent – we’re likely to provide a tick box for you to check so that this requirement is met in a clear and unambiguous fashion.
We will keep records of the consents that you have given in this way.
In some cases, we will be able to rely on soft opt-in consent. We are allowed to market products or services to you which are related to the services we provide as long as you do not actively opt-out from these communications.
As we have mentioned, you have the right to withdraw your consent to these activities. You can do so at any time, and details of how to do so can be found by contacting us using the contact details provided at the end of this privacy notice.
Establishing, exercising or defending legal claims
Sometimes it may be necessary for us to process personal data and, where appropriate and in accordance with local laws and requirements, sensitive personal data in connection with exercising or defending legal claims. Schedule 1, Article 9 substituted (3)(c) of the Data Protection (Jersey) Law 2018, allows this where processing is necessary “for the establishment, exercise or defence of a legal claim or whenever a court is acting in its judicial capacity”.
This may arise for example where we need to take legal advice in relation to legal proceedings or are required by law to preserve or disclose certain information as part of the legal process.
Appendix 2 – General
How can you access, amend or take back the personal data that you have given us?
One of the GDPR’s main objectives is to protect and clarify your rights with regards to data privacy. This means that you retain various rights in respect of your data, even once you have given it to us. These are described in more detail below.
To get in touch with us about these rights, please contact us using the contact details listed at the bottom of this notice. We will seek to deal with your request without undue delay, and in any event within one month (subject to any extensions to which we are lawfully entitled). Please note that we may keep a record of your communications to help us resolve any issues which you raise.
Right of access: You may ask us to confirm what information we hold about you at any time. We may ask you to verify your identity and for more information about your request. If we provide you with access to the information we hold about you, we will not charge you for this unless your request is “manifestly vexatious, unfounded or excessive”. Where we are legally permitted to do so, we may refuse your request. If we refuse your request, we will always tell you the reasons for doing so. Right to rectification: You have the right to request that we rectify any inaccurate or incomplete personal data that we hold about you. If we have shared this personal data with third parties, we will notify them about the rectification unless this is impossible or involves disproportionate effort. Where appropriate, we will also tell you which third parties we have disclosed the inaccurate or incomplete personal data to. Where we think that it is reasonable for us not to comply with your request, we will explain our reasons for this decision.
Right to erase (to be forgotten): You have the right to request that we erase your personal data in certain circumstances. Normally, the information must meet one of the following criteria:
- the data is no longer necessary for the purpose for which we originally collected and/or processed them;
- where previously given, you have withdrawn your consent to us processing your data, and there is no other valid reason for us to continue processing;
- the data has been processed unlawfully (i.e. in a manner which does not comply with the GDPR);
- it is necessary for the data to be erased in order for us to comply with our legal obligations as a data controller; or
- if we process the data because we believe it necessary to do so for our legitimate interests, you object to the processing and we are unable to demonstrate overriding legitimate grounds for our continued processing.
We would only be entitled to refuse to comply with your request for one of the following reasons:
- to exercise the right of freedom of expression and information;
- to comply with legal obligations or for the performance of a public interest task or exercise of official authority;
- for public health reasons in the public interest;
- for archival, research or statistical purposes; or
- to exercise or defend a legal claim.
When complying with a valid request for the erasure of data we will take all reasonably practicable steps to delete the relevant data.
Right to restrict processing: You have the right to request that we restrict our processing of your personal data in certain circumstances. This means that we can only continue to store your data and will not be able to carry out any further processing activities with it until either: (i) one of the circumstances listed below is resolved; (ii) you consent; or (iii) further processing is necessary for either the establishment, exercise or defence of legal claims, or the protection of the rights of another individual.
The circumstances in which you are entitled to request that we restrict the processing of your personal data are:
- where you dispute the accuracy of the personal data that we are processing about you. In this case, our processing of your personal data will be restricted for the period during which the accuracy of the data is verified;
- where you object to our processing of your personal data for our legitimate interests. Here, you can request that the data be restricted while we verify our grounds for processing your personal data;
- where our processing of your data is unlawful, but you would prefer us to restrict our processing of it rather than erasing it; and
- where we have no further need to process your personal data, but you require the data to establish, exercise, or defend legal claims.
If we have shared your personal data with third parties, we will notify them about the restricted processing unless this is impossible or involves disproportionate effort. We will, of course, notify you before lifting any restriction on processing your personal data.
Right of data portability: If you wish, you have the right to receive and transfer your personal data between data controllers where technically feasible. This right of data portability applies to: (i) personal data that we process automatically (i.e. without any human intervention); (ii) personal data provided by you; and (iii) personal data that we process based on your consent or in order to fulfil a contract.
Right to object to processing: This right enables you to object to us processing your personal data where we do so for one of the following four reasons: (i) our legitimate interests; (ii) to enable us to perform a task in the public interest or exercise official authority; (iii) to send you direct marketing materials; and (iv) for scientific, historical, research, or statistical purposes.
The “legitimate interests” and “direct marketing” categories above are the ones most likely to apply to our Website Users, Clients and Suppliers. If your objection relates to us processing your personal data because we deem it necessary for your legitimate interests, we must act on your objection by ceasing the activity in question unless:
- we can show that we have compelling legitimate grounds for processing which overrides your interests;
- or we are processing your data for the establishment, exercise or defence of a legal claim.
If your objection relates to direct marketing, we must act on your objection by ceasing this activity.
Right not to be to be subject to a decision based solely on automated processing: We do not base any decisions solely on automated processing of your personal data, but if we did you would have the right to restrict our use of your data for this purpose.
You also have the right to lodge a complaint with your local authority. Details of how to contact them can be found at the end of the privacy notice.
If you would like to exercise any of these rights or withdraw your consent to the processing of your personal data (where consent is our legal basis for processing your personal data), details of how to contact us can be found at the end of the privacy notice. Please note that we may keep a record of your communications to help us resolve any issues which you raise.
If registered for newsletters or investor updates, you may ask to unsubscribe at any time using the contact details provided at the end of this privacy notice.
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during the period for which we hold your data.
Clients – This category covers our clients, and others to whom MitonOptimal Jersey Limited provides services in the course of its business.
Delete – while we will endeavour to permanently erase your personal data once it reaches the end of its retention period or where we receive a valid request from you to do so, some of your data may still exist within our systems, for example if it is waiting to be overwritten. For our purposes, this data has been put beyond use, meaning that, while it still exists on an archive system, this cannot be readily accessed by any of our operational systems, processes or employees.
General Data Protection Regulation (GDPR) – a European Union statutory instrument which aims to harmonise European data protection laws. It has an effective date of 25 May 2018, and any references to it should be construed accordingly to include any national legislation implementing it.
Data Protection (Jersey) Law 2018 – Will be implemented 25 May 2018 and will replace the Data Protection (Jersey) Law 2005.
Suppliers – refers to partnerships and companies (including sole traders), and atypical workers such as independent contractors and freelance workers, who provide services to MitonOptimal Jersey Limited. In certain circumstances MitonOptimal Jersey Limited will sub-contract the services it provides to Clients to third party suppliers who perform services on MitonOptimal Jersey Limited’s behalf.
Website Users – any individual who accesses the MitonOptimal Jersey Limited website.