JTC Group Privacy Page

Introduction

The JTC Group takes your privacy seriously. Please read this privacy notice carefully as it contains important information on who we are and how and why we collect, use, retain and share your Personal Data. It also explains your rights in relation to your Personal Data and how to raise a concern. Capitalised terms are defined below.

This privacy notice covers our Processing of Personal Data when you interact with us as an existing or potential client/customer or in relation to a service that we provide to an entity you work for or are connected to.

Note that this Privacy Notice does not cover Personal Data that we may process on behalf of our clients or customers as part of the services we provide to them (such as Administration Services). We cannot erase your Personal Data or provide you with details of the Personal Data held about you in relation to those services without an instruction to do so from our customer, so please contact them in the first instance.

When we collect, use or are responsible for Personal Data about you, we are subject to Data Protection Laws.

1 Defined Terms

Data Subject means the person to whom the Personal Data relates.

Data Protection Laws means all applicable laws and regulations relating to the processing of personal data by JTC.

DPGO means the Director (Data Privacy Governance Officer).

JTC or the JTC Group means the JTC group of companies as set out in its Terms of Business, which can be found on the JTC Group website. When we mention ‘we’, ‘us’ or ‘our’ in this privacy notice, we are referring to the JTC corporate entity controlling your Personal Data.

Personal Data under the Data Protection Laws means any information that identifies or could identify you. In certain jurisdictions it is referred to as ‘personal information’.

Processing means any operations performed on Personal Data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Special Category Data means Personal Data revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs, trade union membership, genetic and biometric data (when processed to identify an individual uniquely), data concerning health, sex life or sexual orientation, and in Jersey and Guernsey, criminal records or alleged criminal conduct.

2 Personal Data We Process About You

We will never Process Personal Data outside of reasonable expectations. Depending on the nature of our interaction with you, our Processing encompasses:

contact information, including your postal address, email address(es), telephone number(s), company details and where applicable, social media contact information;
identity information, including your current and former names, gender, date and place of birth, nationality, passport information, and birth certificate;
preference information, including dietary restrictions, preferred correspondence language, etc.
verification information, including government-issued documents, bank statements, and utility bills;
taxation information, including domicile, tax identification number, tax returns and tax advice;
source-of-wealth information, including pension plans, property sale documentation and loan documents;
financial information, including, bank account information, assets held and on what basis (eg legal/beneficial ownership, etc);
trusts information (if applicable), including settlor details and letters of wishes;
employment information;
criminal records or allegations information, including details of any official body’s investigation of you and sanctions applying against you;
insolvency/bankruptcy/en desástre information (as applicable);
debtor information;
connected-persons information, including familial relationships;
politically exposed person information, including your political activities and relationships;
information in the public domain;
correspondence between you, your agents/representatives, and us;
billing, transaction and payment information; and
technical data, including information about how you use our website, IT, communication and other systems.
Further information on how we process cookies data can be found here – 19785-Cookie-notice-A4-v3.pdf (jtcgroup.com).

We collect and use this Personal Data to provide services to you. If you do not provide Personal Data we ask for, it may delay or prevent us from providing such services to you.

3 How We Collect Your Personal Data

We collect most of this Personal Data directly from you—in person, by telephone, video call, text or email and/or via our website. However, we may also collect information:

from publicly accessible sources, eg the Jersey Financial Services Commission Registry.
directly from a third party, eg:

settlors;
sanctions screening providers;
customer due diligence providers, eg World Check;
professional suppliers.

from a third party with your consent, eg your bank or building society.
from cookies on our website.
from marketing directories or event providers.
Vide third parties/third party systems that you provide your personal data to for processing on our behalf (e.g.
Electronic ID Verification systems)
via our IT systems, eg:

from door entry systems and reception logs; and
through automated monitoring of our websites and other technical systems, such as our computer networks and connections, CCTV and access control systems, communications systems, email and instant messaging systems.

We may from time to time record telephone calls.

4 How And Why We Use Your Personal Data

Under Data Protection Laws, we can only use your Personal Data if we have a proper reason, including:

where you have given consent;
to comply with our legal and regulatory obligations;
for the performance of a contract with you or to take steps at your request before entering into a contract;
in the substantial public interest;
to protect your vital interests; or
where applicable, for our legitimate interests or those of a third party.

A legitimate interest is when we have a business or commercial reason to use your non-sensitive Personal Data, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our interests against your own.

Where our basis for Processing your Personal Data is your consent, you can withdraw such consent without penalty. For consent to receive marketing communications, this can be done by updating your preferences on our preference centre or clicking the unsubscribe button at the bottom of an email communication. Alternatively, you can use the contact details set out below to notify us that you wish to withdraw your consent. Withdrawal of your consent will not affect the lawfulness of the processing based on consent before its withdrawal.

The table below further explains what we use your Personal Data for and why

What we use your Personal Data for	Our Lawful Basis / reasons and interests
Providing funds administration, trusts services or other agreed services to you.	To perform our contract with you or to take steps at your request before entering into a contract.
Preventing and detecting fraud or other unlawful financial activity against you or us	Our legitimate interest to minimise fraud or other unlawful financial activity that could be damaging for you and/or us.
Conducting checks to identify our customers and verify their identity. Screening for financial and other sanctions or embargoes. Other activities necessary to comply with professional, legal and regulatory obligations that apply to our business, eg under health and safety law or rules issued by our regulators	To comply with our legal and regulatory obligations such as legislation relating to anti-money laundering, Combating the Financing of Terrorism or Countering Proliferation Financing.
Gathering and providing information required by or relating to audits, enquiries or investigations by regulatory bodies.	To comply with our legal and regulatory obligations such as obligations imposed on us by virtue of operating regulated services.
Operating IT systems, software and business applications.	To perform our contract with you and provide agreed services to you in a safe and efficient manner.
Ensuring security and internet use policies are adhered to	Our legitimate interest to make sure we are following our own internal procedures so we can deliver the best service to you.
Operational reasons, such as improving efficiency, training and quality control.	Our legitimate interest to be as efficient as we can so we can deliver the best service to you at the best price.
Ensuring the confidentiality of commercially sensitive information.	Our legitimate interest to protect trade secrets and other commercially valuable information
Statistical analysis to help us manage our business, eg in relation to our financial performance.	Our legitimate interest to be as efficient as we can so we can deliver the best service to you at the best price.
Preventing unauthorised access and modifications to systems.	Our legitimate interest to prevent and detect criminal activity that could be damaging for you or us. To comply with our legal and regulatory obligations such as those imposed by Data Protection Laws or by virtue of providing regulated services
Client/customer communication.	To perform our contract with you or to take steps at your request before entering into a contract. Our legitimate interest to make sure that we can keep in touch with our clients and customers about existing services or to update our records.
Statutory returns.	To comply with our legal and regulatory obligations such as the Companies Law.
Ensuring safe working practices, staff administration and assessments.	To comply with our legal and regulatory obligations such as Health and Safety legislation. Our legitimate interest to make sure we are following our own internal procedures and working efficiently so we can deliver the best service to you.
Marketing our services and those of selected third parties to: existing and former customers; prospective customers who have previously expressed an interest in our services; prospective customers with whom we have had no previous dealings.	Our legitimate interest to promote our business to existing and future clients (in relation to corporate subscribers) Consent (in relation to individual subscribers)
External audits and quality checks, eg for ISO accreditations and the audit of our accounts	Our legitimate interest to maintain our accreditations so we can demonstrate we operate at the highest standards. To comply with our legal and regulatory obligations such as those imposed by virtue of providing regulated services.

Where we Process your Special Category Data, we will also ensure we are permitted to do so under the Data Protection Laws. In most instances the purpose for processing your Special Category Data will be in order to conduct anti-money laundering or sanctions checks (which may require us to process your political opinions, race/ethnicity or your criminal record/alleged criminal activity). Our lawful basis in these instances is that the processing is necessary for reasons of substantial public interest to prevent unlawful acts including money laundering and financing terrorism. If it is necessary to process your Special Category Data for another purpose, we will ensure we can rely on one of the following legal bases:

we have your explicit consent.
we need to comply with a legal obligation in the field of employment, social security or social protection law
we need to protect your (or someone else’s) vital interests where you are physically or legally incapable of
giving consent
you made the personal data public
we need to establish, exercise or defend legal claims;
for the purposes of preventive or occupational medicine or for archiving purposes.

If you choose not to provide certain information when requested, we may not be able to perform the contract we have entered into with you (such as paying you or providing you with the information you have requested), or we may be prevented from complying with our legal obligations (such as to performing anti-money laundering checks).This may mean we are unable to provide a service you (or the entity you work for/are related to) have requested.

5 Marketing

We may use your Personal Data to send you updates (by email, text message, telephone or post) about our services, including exclusive offers, promotions or new services.

Where we have a legitimate interest in using your Personal Data for marketing purposes (see above ‘How and why we use your Personal Data’) we do not usually need your consent. However, where consent is needed, we will ask for this separately and clearly.

You have the right to opt out of receiving marketing communications at any time by contacting us at [email protected]. You can also select your topic of interests for future communication using our Preference Centre link or opt-out from all future marketing communications via unsubscribe link. Both of these can be found in marketing emails which we send you.

We may ask you to confirm or update your marketing preferences if you ask us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.

We will always treat your Personal Data with respect and never sell or share it with other organisations outside JTC’s group for marketing purposes.

6 With Whom We Share Your Personal Data

In certain circumstances, we may need to share your Personal Data with other companies or individuals. We are very careful about the third parties with whom we share your Personal Data and we ensure that we only share the minimum amount of information that is necessary

Where necessary in order to fulfil the purposes set out above, we share your Personal Data with the following types of recipient:

Other members of the JTC Group
KYC Screener providers or Electronic ID Verification Service providers
Email and document storage providers
Client data management system providers
Customer Relationship Management system providers
Marketing agencies or directories
Website hosting providers;
Organisations with whom we co-host marketing events;
IT service or telecommunication providers
professional advisors, including lawyers, regulatory specialists, and tax advisers;
our insurers and banks;
intermediaries or other professional advisers, agents or third parties providing services in relation to a matter for which JTC is providing services;
third parties you approve, eg social media sites you choose to link your account to or third party payment providers;
government agencies to whom we have a disclosure obligation; and
competent courts and tribunals who issue an order with which we are obliged to comply.

We only allow our service providers to handle your Personal Data if we are satisfied they take appropriate measures to protect it. We also impose contractual obligations on service providers to ensure they can only use your Personal Data to provide services to us and to you.

On occasion we may also need to:

share Personal Data with external auditors, eg in relation to ISO accreditation and the audit of our accounts;
disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations; and
share some Personal Data with other parties, such as potential buyers of some or all of our business or during a restructuring—usually, information will be anonymised but this may not always be possible, however, the recipient of the information will be bound by confidentiality obligations.

If you would like more information about who we share our data with and why, please contact us (see ‘How to contact us’ below).

7 Where Your Personal Data Is Held

Personal data may be held at our offices and those of our group companies, third party agencies, service providers (including CRM systems and servers), representatives and agents as described above (see above: ‘Who we share your Personal Data with’).

Some of these third parties may be based outside Jersey. For more information, including on how we safeguard your Personal Data when this happens, see below: ‘Transferring your Personal Data Abroad’.

8 How Long We Will Keep Your Personal Data

The length of time we will retain your personal data will depend on the purpose for which it was collected.

If you are a previous or existing customer, we will keep your Personal Data while you have a relationship with us or we are providing services to you. If your personal data was collected in order for us to comply with a legal obligation, we will retain it for the length of time required by that legal obligation. If you are a potential customer, we will keep your Personal Data for three years from the date of your last interaction with us.

We will then keep your Personal Data only for as long as necessary:

to respond to any questions, complaints or claims made by you or on your behalf;
to show that we treated you fairly;
to keep records required by law.

Further details on this can be requested using the contact details below.

When it is no longer necessary to keep your Personal Data, we will delete or anonymise it.

9 Transferring Your Personal Data Abroad

To deliver services to you, it is sometimes necessary for us to share your Personal Data abroad, eg:

with our offices or other companies within our Group;
with your and our service providers located abroad;
if you are based in another jurisdiction from where we are;
where there is an international dimension to the services we are providing to you.

We transfer your Personal Data from the British Islands or European Union where:

the recipient jurisdiction is also a member of the European Union and/or the European Economic Area;
the recipient jurisdiction ensures an adequate level of data protection, as determined by the European Commission (and/or local data protection authority). Presently the ‘adequate’ jurisdictions are Andorra, Argentina, the Canadian private sector, Faroe Islands, Guernsey, Jersey, Israel, Isle of Man, the Japanese
private sector, New Zealand, Republic of Korea, Switzerland, the United Kingdom and Uruguay;
there are appropriate safeguards in place, such as approved ‘standard contractual clauses’ (see below), together with enforceable rights and effective legal remedies for data subjects; or
a specific exception applies under the Data Protection Laws

Further information

If you would like further information about data transferred abroad, please contact our Director (Data Protection Governance Officer) Legal (see ‘How to contact us’ below).

10 EU Representative

To the extent that we are not established in the European Union or otherwise covered by the GDPR directly, we have appointed an EU representative. This is JTC Data Services (Europe) Sarl. Any changes to the identity of this representative will be reflected in this privacy notice.

11 Your Rights

You may have the following rights, which you can exercise free of charge by using the contact details set out below:

Access	The right to be provided with a copy of your Personal Data
Rectification	The right to require us to correct any mistakes in your Personal Data
Erasure (also known as the right to be forgotten)	The right to require us to delete your Personal Data— in certain situations
Restriction of processing	The right to require us to restrict processing of your Personal Data in certain circumstances, eg if you contest the accuracy of the data
To object	The right to object: —at any time to your Personal Data being processed for direct marketing (including profiling); —in certain other situations to our continued processing of your Personal Data, eg processing carried out for the purpose of our legitimate interests
Not to be subject to automated individual decision making	The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you

Generally we will have up to four weeks to respond to your request, but in limited circumstances where a request is complex, this period can be extended by a further eight weeks. Generally the more targeted a request is, the quicker we will be able to assist you.

12 Keeping Your Personal Data Secure

We have appropriate organisational and technical security measures to prevent Personal Data from being accidentally lost, or used or accessed unlawfully. We limit access to your Personal Data to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable supervisory authority of a suspected data protection breach where we are legally required to do so.

13 How to Raise A Concern

We encourage you to contact us directly if you have any query or concern about our use of your Personal Data (see below ‘How to contact us’). We hope we can resolve any issues you may have.

You can also complain to the data protection supervisory authority where you reside, work or where you think an infringement took place. You can ask us if unsure of their contact details.

14 How To Raise A Concern

This privacy notice was last updated on 1 August 2024. We may update this privacy notice from time to time.

Previous versions of the notice are available here JTC Group Privacy Notice

15 How To Contact Us

You can contact our DPGO by post, email or telephone if you have any questions about this privacy policy or the information we hold about you, to exercise a right under the Data Protection Laws or to make a complaint.

Our contact details are shown below:

Our contact details

Our DPGO’s contact details

Our EU Rep’s contact details

PO Box 1075
JTC House
28 Esplanade
St Helier

JE4 2QP
Jersey
+44 1534 700 000
https://www.jtcgroup.com/contact/

C/- JTC House Jersey

+44 1534 700 000

[email protected]

JTC Data Services (Europe) Sarl

68-70 Boulevard de la Pétrusse

L-2320

Luxembourg

Do you need extra help?

If you would like this notice in another format, please contact us (see ‘How to contact us’ above).