In providing our services, we must obtain certain data from you, which may be construed as constituting personal data for the purposes of The Data Protection (Bailiwick of Guernsey) Law, 2017 (the “DP Law”) and, to the extent relevant, the General Data Protection Regulation. At all times, we shall process personal data in accordance with these requirements.
What information do we collect?
When you engage with us, such as enquiring about services, or enter into any agreement for services with us, we will request personal information about you, which will include your name, email address and other personal information. By giving us your details, you enable us to address your query or to provide services to you.
In order to provide many of our services, we will routinely require data known as sensitive data. Examples of this will include medical history and, when applicable, details of criminal convictions. It should also be noted that you will frequently be required to provide information in relation to your dependents for the purpose of policy quotations etc. We shall only ever obtain such information as is necessary in all cases.
When providing certain services, we are also obliged by law to hold certain additional personal information on clients and certain associated parties, which will include Customer Due Diligence, which we are required to hold in respect of business conducted under license issued by the Guernsey Financial Services Commissions.
How do we use your information?
We use your information for a number of reasons, including to contact you regarding an enquiry received from you, to complete transactions envisaged by our services and/or to meet contractual, legal and regulatory obligations.
The information you provide is used by us to assess and consider requests by you to use our facilities. This may include sharing your information with third parties in order for us to be able to assess your credit worthiness. We may apply for a search of your records with registered Credit Reference Agencies. Our search will be recorded and seen by other organisations that make searches.
Because of the nature of our services, we are habitually required to transmit your information to external service providers in order to obtain quotations, enter into terms etc in accordance with details you have provided to us. Such information shall only be transmitted to countries subject to equivalent data protection provisions.
Personal data collected from you directly or by the other means described shall only be utilised for the purpose of entering into and maintaining a contract with you and/or providing services, including handling any enquiry you make of us in respect of our services regardless of whether you go on to enter into a contract with us.
From time to time, we may undertake checks utilising accredited screening software, which searches publicly available databases; provide your information to outsourced service providers or be required to provide your information to law enforcement, the regulator(s) and/or associated parties because of our legal obligations. This may require information to be submitted to the United Kingdom, EU or other jurisdictions. We shall not provide your information to any other third parties (e.g. for marketing purposes) without your express consent and acknowledge that such consent may be withdrawn by you at any time.
When may we contact you?
We may contact you in relation to any service you have enquired about, where you have opted to receive further correspondence and in relation to a service we have agreed to provide. We may also need to contact you to obtain further information in order to be able to address an enquiry or to meet our legal and regulatory obligations.
We will not send any marketing material but may contact you in relation to associated services frequently packaged alongside those you have enquired about or have purchased through us, (e.g. life insurance where you utilise us for mortgage services).
How will we manage your personal information?
At all times, information provided to us will be protected by the relevant data protection obligations.
Howsoever collected, information shall only be collected by us and, as such, we are the Controller for the purposes of data protection law. Wherever we engage with third parties who may be required to handle your data or process it on our behalf, such Processors shall be vetted to ensure their own policies comply with data protection laws.
Your personal data shall be held at all times in accordance with and for as long as our statutory and regulatory requirements require it. This includes a retention period following the cessation of our provision of services to you. Our standard retention period is 6 years, however we reserve the right to hold your data for differing periods, which shall, at all times, be determined by our legal and regulatory obligations. As soon as such obligations cease to apply, we shall permanently erase all personal information held on you from our records within a maximum period of 12 months.
Your Internet Protocol address (IP address) may be collected to help us diagnose problems with our server, identify you during a particular session, gather broad demographic data and to assist in the administration of our site. When you use the internet your computer has an assigned IP address which does not contain any identifiable personal information about you.
What are your rights?
We hereby undertake to provide you with all the rights and protections granted to you under the data protection law. These include, but are not limited to, your right to ensure that your personal data is maintained accurately, your right to access your personal data and your right to ensure that your personal data is only utilised for the purposes envisaged.
If at any time you believe we hold information in error or that the information we hold on you is inaccurate or incomplete, you may submit a request to us to consider rectifying and/or erasing it.
You have the right to request a copy of the personal information we hold about you and to have any inaccuracies corrected. Information requests are free, though we reserve the right to charge a small fee where more than one copy is requested or where the request is unfounded, repetitive and/or excessive. Where a request is submitted, we will require you to prove your identity with 2 pieces of approved photographic identification. Once identity has been verified, we will use reasonable efforts to supply, correct or delete personal information about you on our files within 30 days of the request.
If at any time you are concerned with the information held, the way in which we hold it or are unhappy with any response from us in relation to information held or with any other element relating to your personal information, you may lodge a complaint.
We would ask that you contact us in the first instance using the contact details below and we will seek to resolve any concerns as soon as possible. You also have a right to lodge a complaint directly with a regulatory authority, in Guernsey this is the Guernsey Data Protection Commissioner:
Guernsey Information Centre
St. Peter Port
Details of the complaints and appeals processes are available on their website at www.dataci.gg.
Primary Point of Contact
The primary point of contact for all data protection purposes is Lorna Brown. Should you wish to make contact or require any further information on any of the above, please contact us;
26 Glategny Esplanade
St Peter Port
T +44(0)1481 727347
Updates to this Policy