JTC PLC (“JTC”)
This Privacy Notice sets out how JTC deals with your personal data which we collect in the course of you and people and entities connected with you interacting with JTC entities. We take privacy and security of your information seriously and will only use such personal information as set out in this Privacy Notice and in ways which are reasonably ancillary to what is set out below.
JTC is made up of different legal entities. This privacy notice is issued on behalf of the entire JTC group so when we mention “we”, “us” or “our” in this privacy notice, we are referring to the relevant company in the JTC group responsible for processing your data. We will let you know which entity will be the controller for your personal data if you formally engage us to provide you with a service.
For further detail on the JTC group of companies please refer to our Terms of Business
We may also act as a controller (or someone else) provides your personal data to us as part of our obligation to provide a service to a third party or parties, including but not limited to fulfilling our legal and regulatory obligations in connection with Client Due Diligence. The identity of the relevant JTC entity responsible for your personal data in such situations can be provided to you by emailing email@example.com.
References to “you” include all individuals whose personal data we collect, hold and process in the course of operating the various business within the JTC group.
Visitors to our website should review our Website Privacy Notice at www.jtcgroup.com.
2. CONTACT DETAILS
JTC (Jersey) Limited has appointed Nick Broughton as Data Protection Representative. He can be contacted by email – firstname.lastname@example.org
The contacts for Data Protection matters for respective JTC offices are as follows, please contact the office that your query applies to:
Guernsey – email@example.com
Luxembourg – firstname.lastname@example.org
Switzerland – email@example.com
U.K – firstname.lastname@example.org
Isle of Man – gdpr-IOM@jtcgroup.com
Netherlands – gdpr-Netherlands@jtcgroup.com
South Africa – gdpr-SA@jtcgroup.com
Jersey – email@example.com
Dubai – firstname.lastname@example.org
Mauritius – email@example.com
BVI – firstname.lastname@example.org
South Dakota – email@example.com
Cayman – firstname.lastname@example.org
Please email email@example.com for any other JTC office or should you have any general queries.
The JTC Group have appointed JTC Data Services (Europe) Sarl as their representative within the European Economic Area (EEA).
You can contact JTC Data Services (Europe) Sarl by email: firstname.lastname@example.org
4. THE PERSONAL INFORMATION WE PROCESS
- We may collect various types of personal data about you, including:
- Your identification information (which may include your name, ID card and passport numbers, nationality, place and date of birth, gender, photograph and/or IP address and personal data relating to claims, court cases and convictions, politically exposed person (PEP) status, personal data available in the public domain and such other information as may be necessary for JTC to provide its services and to complete its CDD process and discharge its AML/CFT obligations); Your tax status information (which may include your tax residency, tax ID and/or tax status);
- Your contact information (which may include postal address and e-mail address and your home and mobile telephone numbers);
- Your family relationships (which may include your marital status, the identity of your spouse and the number of children that you have);
- Your professional and employment information (which may include your level of education and professional qualifications, your employment, employer’s name and details of directorships and other offices which you may hold);
- Financial information, sources of wealth and your assets (which may include details of your assets, sources of wealth, shareholdings and your beneficial interest in assets, your bank details and your credit history);
- We may also collect and process personal data regarding people connected to you, either by way of professional (or other) association or by way of family relationship.
5. Where we obtain your personal information:
- We collect your personal information from the following sources:
- personal information which you give to us, including but not limited to:
- such other forms and documents as we may request that are completed in relation to the administration/management of any of our services;
- information gathered through client due diligence carried out as part of our compliance with regulatory requirements; or
- any personal information provided by way of correspondence with us by phone, e-mail or otherwise.
- personal information we receive from third party sources, such as:
- entities in which you or someone connected to you has an interest;
- your legal and/or financial advisors;
- other financial institutions who hold and process your personal information; and
- credit reference agencies and financial crime databases for the purposes of complying with our regulatory requirements; and
- personal information received in the course of dealing with advisors, regulators, official authorities and service providers by whom you are employed or engaged or for whom you act.
- personal information which you give to us, including but not limited to:
6. WHY WE COLLECT YOUR PERSONAL INFORMATION:
LAWFUL GROUNDS FOR PROCESSING:
- We may hold and process your personal information on the following lawful grounds:
- the processing is necessary for our legitimate interests, provided your interests and fundamental rights do not override those interests;
- the processing is necessary to comply with our contractual duties;
- the processing is necessary to comply with our legal and regulatory obligations;
- where we have obtained your consent to processing your personal information for a specific purpose; and
- on rare occasions, where it is needed in the public interest.
- Pursuant to paragraph 4.1 above, your personal information may be processed for the purposes set out below (“Purposes”). The Purposes based on our legitimate interests are set out in paragraphs 6.2.1 to 6.2.4 inclusive):
- facilitating the administration of our business and/or our service providers;
- communicating with you as necessary in connection with our services;
- monitoring and recording telephone and electronic communications and transactions: Pursuant to paragraph 4.1 above, your personal information may be processed for the purposes set out below (“Purposes”). The Purposes based on our legitimate interests are set out in paragraphs 6.2.1 to 6.2.4 inclusive);
- for quality, business analysis, training and related purposes in order to improve service delivery; and
- for investigation and fraud prevention purposes, for crime detection, prevention, investigation and prosecution of any unlawful act (or omission to act)
- disclosing your personal information to any bank or financial institution in providing our services;
- to enforce or defend our legal and contractual rights or those of third party service providers;
- to comply with legal or regulatory obligations imposed on us (including but not limited to AML/CDD obligations);
- collecting, processing, transferring and storing customer due diligence, source of funds information and verification data under applicable anti-money laundering and terrorist financing laws and regulations; and
- liaising with or reporting to any regulatory authority (including tax authorities) with whom we are either required to cooperate or report to, or with whom we decide or deem it is appropriate to cooperate in relation to tax matters.
7. SHARING PERSONAL INFORMATION
- We may share your personal information with our group companies and third parties, including banks, financial institutions or other third party lenders, IT service providers, auditors and legal professionals) to facilitate the running of our business.
- Where we share your information with a third party, we require the recipients of that personal information to put in place adequate measures to protect it
- Where we transfer your personal information outside the European Economic Area, we will ensure that it is protected and transferred in a manner consistent with legal requirements applicable to the information. This can be done in a number of different ways, for instance:
- the country to which we send the personal information may be approved by the European Commission as providing adequate protection for personal data (for example, this includes our offices in Guernsey, Jersey and the Isle of Man);
- by utilising a contract based on model contractual clauses which have been approved by the European Commission; or
- where the recipient is located in the US, it may belong to the EU-US Privacy Shield scheme.
- In other circumstances, the law may permit us to otherwise transfer your personal information outside the EEA.
- If you would like further information about the safeguards we have in place to protect your personal information, please contact email@example.com.
8. RETENTION OF PERSONAL INFORMATION
- Your personal information will be retained for as long as required:
- for the purposes for which the personal information was collected;
- in order to establish or defend legal rights or obligations or to satisfy any reporting or accounting obligations; and/or
- as required by data protection laws and any other applicable laws or regulatory requirements.
9. ACCESS TO AND CONTROL OF PERSONAL INFORMATION – YOUR RIGHTS
- You have the following rights (which may be exercisable depending on the circumstances) in respect of the personal information about you that we process:
- the right to access and port personal information;
- the right to rectify personal information;
- the right to restrict the use of personal information;
- the right to request that personal information is erased; and
- the right to object to processing of personal information.
- You also have the right to lodge a complaint about the processing of your personal information either with us or with the applicable jurisdictional regulator for data protection matters:
- The Office of the Information Commissioner in Jersey (https://oicjersey.org) in connection with JTC plc; JTC (Jersey) Limited; JTC Fund Solutions (Jersey) Limited; JTC Trustees Limited, JTC Trust & Corporate Services Limited and associated entities;
- The Office of the Data Protection Commissioner in Guernsey (https://www.dataci.gg/) in connection with JTC Fund Solutions (Guernsey) Limited; JTC Global AIFM Solutions Limited and associated entities;
- The Information Commissioners Office Cayman Islands in connection with JTC (Cayman) Limited; JTC Fund Services (Cayman) Ltd and associated entities;
- The Commissioner of Data Protection of the Dubai International Finance Centre in connection with JTC Corporate Services (DIFC) Limited;
- The Information Commissioner in Isle of Man (https://inforights.im/) in connection with JTC Trustees (IOM) Limited and associated entities;
- The Information Regulator of South Africa in connection with JTC Fund Solutions RSA (Pty) Limited and associated entities;
- The South Dakota Office of the Attorney General in connection with JTC Trustees (USA) Limited; JTC Corporate Services (USA) LLC and associated entities;
- The Florida Office of the Attorney General in connection with JTC Miami Corporation;
- The Data Protection Office of Mauritius in connection with JTC Fiduciary Services (Mauritius) Limited and associated entities;
- The Office of the Privacy Commissioner of New Zealand in connection with JTC Group (NZ) Limited; JTC Trust Company (New Zealand) Limited and associated companies;
- The Personal Data Protection Commission of Singapore in connection with JTC Fiduciary Services (Singapore) Pte Limited and associated entities;
- The Federal Data Protection and Information Commissioner of Switzerland in connection with JTC (Geneva) Sarl; JTC (Suisse) SA; JTC Trustees (Suisse) Sarl, JTC Trust Company (Switzerland) SA and associated companies;
- if you are an EU resident, then please refer to the supervisory authority in the EU member state of your usual residence in connection with the following JTC entities: JTC Institutional Services Netherlands B.V. and JTC Netherlands B.V.; JTC (UK) Limited and associated entities and JTC Luxembourg S.A and associated entities.
- Where we have relied on consent to process your personal information, you have the right to withdraw consent at any time. You also have the right to object to processing on the basis of legitimate interests (although this right is subject to certain exceptions).
- If you wish to exercise any of the rights set out in this paragraph, please submit a formal written request to the Data Protection Representative in the jurisdiction relevant to your relationship. Please refer the locations page for address details – Formal written requests may also be made via email to firstname.lastname@example.org. Please note that we shall only respond to email requests where the address corresponds to that which we have on file.
10. INACCURATE OR AMENDED INFORMATION
Please let us know as soon as possible if any of your personal information changes (including your correspondence details) by contacting us at email@example.com. Failure to provide accurate information or to update information when it changes may have a detrimental impact upon our ability to provide our services. When receiving updated information we must also comply with all local laws and regulations with respect to anti-money laundering and associated verification and these legal obligations override any rights under GDPR.
11. COMMUNICATIONS AND MEDIA
People who email us
JTC force the use of TLS (an encrypted end to end tunnel) for the secure transmission of emails. If your email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit. Please contact us for further detail should you require it.
We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.
Visitors to our website
We are committed to protecting and respecting your privacy on-line. We are aware of the concern which exists over the use of personal information provided over the internet and therefore, we do not collect personal data through our website.
Our website uses Google Analytics to help analyse how users use the site. The tool uses “cookies,” which are text files placed on your computer, to collect standard Internet log information and visitor behaviour information in an anonymous form. The information generated by the cookie about your use of the website (including IP address) is transmitted to Google. This information is then used to evaluate visitors’ use of the website and to compile statistical reports on website activity for JTC.
You can opt-out of Performance and Advertising cookies by deleting or blocking these in your browser settings at any time.”
If you have any questions about this data protection Privacy Notice or how we handle your personal information e.g. our retention procedures or the security measures we have in place, or if you would like to make a complaint, please contact the Data Protection Representative– email – firstname.lastname@example.org.
CHANGES TO THIS PRIVACY NOTICE
We keep our privacy notice under regular review. This privacy notice was last updated on 2 September 2020.