CLIENT PRIVACY NOTICE
We understand that you are aware of and care about your own personal privacy interests, and we take that seriously. This Privacy Notice explains how Oakbridge Limited (“the Company”) collects, uses and discloses your personal data, and sets forth your rights in relation to the personal data it holds.
We ask that you read this privacy notice carefully as it contains important information on who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information and on how to contact us, and supervisory authorities, in the event you have a complaint. This notice serves to inform you of the changes to data protection law under the Data Protection (Jersey) Law, 2018 (“DP Law”), as amended to incorporate legislation equivalent to EU Regulation 2016/679 (the “GDPR”).
The Company (“we”, “our”, “us”) aims to protect the privacy of our clients (“you”) as far as possible.
Where your details are provided to the Company as a consequence of your enlisting their services, then the Company, acting as a Data Controller may itself (or through a third party such as your chosen custodian (an “Administrator”) process any personal information we hold about you as our client. When processing your personal information, there may also be times where an Administrator will act as a data controller.
We recognise that information privacy is an ongoing responsibility, and so we will from time to time update this Privacy Notice as we undertake new personal data practices or adopt new privacy policies. Where we do so, we will take appropriate steps to bring the amendment to your attention by publishing it on our website at www.oakbridge.je. This Privacy Notice was last updated on 29 Mar, 2019.
The Company has appointed an internal privacy team for you to contact if you have any questions or concerns about our personal data policies or practices. The Company’s privacy team can be contacted at email@example.com.
How we obtain your information
In the course of providing services to you, we collect information that personally identifies you.
The information we collect about you (or your directors, officers, employees, and/or beneficial owners) comes from:
- application forms or other materials you submit to us during the course of your relationship with us;
- your interactions with us, transactions and use of our products and services (including the use of our website);
- your business dealings with us, including via email, telephone or as stated in our contracts with you;
- depending on the products or services you require, third parties (including for anti- money laundering checks, among other things); and
- recording and monitoring tools that we may use for compliance or security purposes (e.g. recording of telephone calls, monitoring emails, etc.).
The information we collect
As our client, we collect information that helps us to identify you and to manage our relationship with you. We also collect financial information about you, information about your transactions with us and information required for us to carry out anti-money laundering and other checks and to comply with our legal obligations.
As our client, information that we collect includes:
- your name, title and contact details;
- your professional title and occupation;
- your age and marital status;
- financial information, including investments, account details, risk appetite and evidence of ownership of financial assets;
- personal identifiers such as your social security number, national insurance number, tax file number, IP address or our internal electronic identifiers;
- information which we need to conduct ‘know your client’ checks such as details relating to your passport and credit history; and
- other information you provide to us in the course of your dealings with us or which we require to provide you with the Company’s product and services.
In limited cases, we also collect what is known as “special categories” of information. Our money laundering, sanctions, financial crime and fraud prevention checks sometimes results in us obtaining information about political opinion, actual or alleged criminal convictions and offences.
You are not obliged to provide us with your information where it is requested but we may be unable to provide certain products and services or proceed with our business relationship with you if you do not do so. Where this is the case, we will make you aware.
Our use of your information
Your personal data may be processed by the Company or an Administrator (or any of its affiliates, agents, employees, delegates or sub-contractors) for the following purposes:
- in connection with the Company’s internal management and reporting;
- to facilitate our internal business operations, including assessing and managing risk and fulfilling our legal and regulatory requirements;
- the administration and/or management of your holdings and any related relationships on an on-going basis (the “Services”) which are necessary for the performance of your contract with the Company;
- in order to carry out anti-money laundering (AML) checks and related actions which the Company considers appropriate to meet any legal obligations imposed on the Company relating to, or the processing in the public interest, or to pursue the legitimate interests of the Company in relation to, the prevention of fraud, money laundering, terrorist financing, bribery, corruption, tax evasion and to prevent the provision of financial and other services to persons who may be subject to economic or trade sanctions, on an on- going basis, in accordance with the Company and an Administrator’s AML procedures;
- to monitor electronic communications for (i) processing verification of instructions; (ii) investigation and fraud prevention purposes; (iii) for crime detection, prevention, investigation and prosecution; (iv) to enforce or defend the Company’s, or their affiliates' rights, themselves or through third parties to whom they delegate such responsibilities or rights in order to comply with any legal obligation imposed on the Company; (v) to pursue the legitimate interests of the Company in relation to such matters; or (vi) where the processing is in the public interest;
- to disclose information to other third parties such as service providers of the Company, auditors, regulatory authorities and technology providers in order to comply with any legal obligation imposed on the Company or in order to pursue the legitimate interests of the Company;
- to monitor and record calls for quality, business analysis, training and related purposes in order to pursue the legitimate interests of the Company to improve its service delivery;
- to update and maintain records and carry out fee calculations;
- to retain AML and other records of individuals to assist with subsequent screening of them by and Administrator including in relation to other clients of the Administrator in pursuance of the Administrator’s and its client’s legitimate interest;
- and which are necessary for the purposes of:
- the performance of our contract with you or a contract between us and another service provider to us the performance of which is in your interest
- to comply with the Company’s legal obligations
- are necessary for the Company’s legitimate interests indicated above
- the processing is in the public interest
- Where we process “special categories” of information about you, we do so either because you have given us your explicit consent, we are required by law to do so or the processing is necessary for the establishment, exercise or defence of a legal claim.
- How we share your information
- The Company may disclose your personal information as follows:
- to the Company’s service providers, including an Administrator, and their affiliates and other third party vendors in order to store or process the data for the above mentioned purposes;
- to competent authorities (including tax authorities), courts and bodies as required by law or requested or to affiliates for internal investigations and reporting.
How we transfer your information
The disclosure of personal information to the third parties set out above may involve the transfer of data to other jurisdictions outside Jersey and the European Economic Area (“EEA”) in accordance with the requirements of the DP Law, as amended or replaced from time to time. Such countries may not have the same data protection laws as your jurisdiction. Some of these countries may have lower standards of data protection than in your home country, and not all countries outside of Jersey and the EEA have data protection laws that are similar to those in Jersey and EEA, so they may not be regarded by the European Commission as providing an adequate level of data protection. Where we transfer your information outside of Jersey and the EEA, we will ensure that the transfer is subject to appropriate safeguards in accordance with data protection laws. Often, these safeguards include contractual safeguards. The Company has Service Level Agreements in place with their Administrators and any relevant parties to whom personal data will be transferred. Please do contact us if you would like more information about these safeguards (see the “Contact Us” section below for further details).
The Company and their Administrators will retain your personal information for as long as required for the Company or their Administrator to perform the Services and/or carry out the purposes for which the data was collected, or perform investigations in relation to the data depending on the legal basis for which that data was obtained and/or whether additional legal/regulatory obligations mandate that the Company retains your personal information.
You may have the following rights under data protection laws:
- Right of subject access: the right to make a written request for details of information about you held by the Company and a copy of that information.
- Right to rectification: the right to have inaccurate information about you rectified. You must provide any relevant updates to your personal data held by the Company promptly to ensure its accuracy.
- Right to erasure ('right to be forgotten'): the right to have certain information about you erased.
- Right to restriction of processing: the right to request that your information is only used for restricted purposes.
- Right to object: the right to object to the use of your information, including the right to object to marketing.
- Right to data portability: the right, in certain circumstances, to ask for information you have made available to us to be transferred to you or a third party in machine-readable formats.
- Right to withdraw consent: the right to withdraw any consent you have previously given us to handle your information. If you withdraw your consent, this will not affect the lawfulness of the Company’s use of your information prior to the withdrawal of your consent.
- These rights are not absolute: they do not always apply and exemptions may be engaged. We may, in response to a request, ask you to verify your identity and to provide information that helps us to understand your request better. If we do not comply with your request, we will explain why.
- To exercise any of these rights, or if you have any other questions about our use of your information, please contact us at the details set out in the “Contact Us” section below.
- If you are unhappy with the way we have handled your information you have a right to complain to the data protection regulator. In Jersey, the local regulator is the Office of the Information Commissioner. Their website is available at https://oicjersey.org/.
The Company takes the protection of your personal information seriously, and has appropriate technical and organisational measures and policies in place to secure your information and to protect it against unauthorised or unlawful use and accidental loss or destruction. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will only do so in an authorised manner and are subject to a duty of confidentiality. All staff of the Company are made aware of their information security responsibilities.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
How to contact us
If you have any questions about our use of your personal information, please be in touch with your Investment Advisor or our privacy team on firstname.lastname@example.org
Version Date: 29 March 2019.