Privacy Notice
1. Introduction
This Privacy Notice sets out how Crestbridge collects and handles personal information about you when you, or someone on your behalf, interacts with us in respect to:
i. the availability of services we offer; or
ii. when we provide services; or
iii. when you use our website.
We take the privacy and security of your personal information very seriously and will only use your personal information as set out in this Privacy Notice or as we may otherwise inform you from time to time.
If you work for Crestbridge you should please refer to our Staff Privacy Notice which is available from Crestbridge Human Resources staff, published in the Careers section of our website at staff-privacy-notice-april-23.pdf (crestbridge.com) and also published on our intranet.
If you are seeking employment with Crestbridge you should please refer to the Job Applicant Privacy Notice which can be found in the Careers section of our website at: job-applicant-privacy-notice-august-23.pdf.
If you are interested in how we use personal information for marketing purposes please see our Marketing Privacy Notice at https://www.crestbridge.com/marketing-communications-privacy-notice.
References to “Crestbridge”, "we", "us" are, in the context of enquiries made through forms completed and submitted on this website or the information we collect by cookies on this website, references to Crestbridge Group Services Limited of 47 The Esplanade, St Helier, Jersey, JE1 0BD which is the controller of that information.
References to "Crestbridge", "we", "us" are, in the context of a potential new client relationship, references to whichever Crestbridge affiliate(s) you are dealing with to become the contracted service provider(s) in respect to such potential new client relationship. The relevant affiliate(s) will be the individual controller(s) of that information.
References to "Crestbridge", "we", "us" are, in the context of an existing client relationship, references to whichever Crestbridge affiliate(s) that is / are the contracted service provider(s) in respect to that client relationship. The relevant Crestbridge affiliate(s) will be the individual controller(s) of that information for its / their own purposes and the processor(s) on behalf of the relevant client controller.
2. Contact details
A list of regulated Crestbridge affiliates and their contact details is at https://www.crestbridge.com/regulatory.
You can contact the Crestbridge Data Protection Officer by email to dpo@crestbridge.com or in writing to:
The Data Protection Officer
Crestbridge Group Services Limited
47 Esplanade
St Helier
Jersey
JE1 0BD
Channel Islands
3. EU representative
Each Crestbridge company which is situated outside of the European Economic Area (EEA) has nominated Crestbridge S.A. in Luxembourg as its EU representative. You can contact Crestbridge S.A. in writing addressed to:
Head of Legal and Compliance
Crestbridge S.A.
33, Avenue J.F. Kennedy
L-1855 Luxembourg
Luxembourg
4. What information does Crestbridge collect and why?
Depending on the nature of our relationship with you, we will collect various types of personal information about you for various purposes.
4.1 In terms of enquiries made through forms completed and submitted on this website and your use of our website:
|
Information |
Purpose |
Primary Legal Basis |
4.1.1 |
Your first and last name and your email contact details. |
To enable us to respond to your enquiry. |
Legitimate Interests |
4.1.2 |
Reason for contact. |
To enable us to respond appropriately and/or direct your enquiry internally for response. |
|
4.1.3 |
Company name. |
If you want to be a Crestbridge supplier or speak to sales we will require this. It may also be required for you to receive other information from us. |
|
4.1.4 |
Department/business function of interest where you have expressed an interest in working at Crestbridge. |
To enable our HR team to respond appropriately and/or direct your enquiry internally for response. |
|
4.1.5 |
Level of role where you have expressed an interest in working at Crestbridge. |
||
4.1.6 |
Your country. |
Certain countries have additional confidentiality laws which prevent us sharing your information outside of that country (including within our Group) without your consent. Establishing your jurisdiction enables us to offer you the ability to consent. |
Legal Obligation |
When using our website you should also please refer to our Cookies and Website Tracking Tools information at https://www.crestbridge.com/cookies.
4.2 In terms of potential and existing client relationships:
|
Information |
Purpose |
Primary Legal Basis |
4.2.1 |
Your identification information, including: i) your title and full name (and any previous names and aliases); ii) your personal and work address(es); iii) your photographic identification (e.g. national ID card (or equivalent) or driving licence or passport); iv) your proof of address (eg. recent utility bill or bank statement); v) your nationality, place and date of birth; vi) your gender; vii) information relating to civil legal claims and civil court cases against or in respect of which you have/had involvement; viii) other publicly available information about you relevant to this Purpose. |
To enable Crestbridge to comply with its statutory obligations under anti-money laundering, countering terrorist financing, sanctions and regulatory laws applicable to it in terms of knowing your client (KYC) and source of wealth/funds and due diligence information requirements. |
Legal Obligation |
4.2.2 |
Your source of wealth and source of funds information. This may vary depending on what you state to be your source of wealth and funds (eg. information regarding any relevant inheritances, your income, your employment, your assets and investments, your bank account details and credit history). |
||
4.2.3 |
Your tax status information (which may include your country of tax residency, tax identification number (TIN) and tax status). |
To enable Crestbridge to comply with its statutory obligations under relevant taxation legislation including, but not limited to, FATCA/CRS and DAC6. |
|
4.2.4 |
Your occupation, professional and employment information (which may include your level of education, professional qualifications, professional / regulatory body memberships, your present employment, employer’s name and details of directorships and other offices which you may hold). |
This may be required for us to enable Crestbridge to comply with statutory obligations under anti-money laundering, countering terrorist financing, sanctions and regulatory laws applicable to us, both in terms of knowing you, or in terms of ascertaining your credentials where you certify a document that is submitted to us. It may also be required in terms of applicable legal structure / entity laws, including appropriate qualifications / experience for holding certain positions in respect to such structures, awareness and management of conflicts of interest, or to meet certain statutory record keeping requirements. |
|
4.2.5 |
Relevant personal and professional connected / associated party relationships, which may include information on other legal structures you are connected to and how, your professional advisers, your family relationships (including your marital status, the identity of your spouse / civil partner and the number, names and ages of children that you have). |
This may be required for us to enable Crestbridge to comply with statutory obligations under anti-money laundering, countering terrorist financing, sanctions and regulatory laws applicable to us in terms of knowing your client (KYC) and due diligence purposes. |
Legal Obligation |
4.2.6 |
Written documentation and correspondence to, from, concerning you, or to which you are party (including memorandums of telephone or video call conversations), and which may include your signature. |
To evidence business transactions (including all transactions carried out on a client’s behalf) as required to comply with statutory obligations under anti-money laundering, countering terrorist financing, sanctions and regulatory laws |
Legal Obligation |
4.2.7 |
Your contact information (which may include your postal, residential and business addresses, personal and business e-mail address and your home, business and mobile telephone numbers). |
Primarily for client administration purposes so that we can communicate with you, although some of this information may also be processed by us pursuant to a Legal Obligation in order to satisfy our due diligence requirements (see 4.2.1). |
Legitimate Interests |
It may also include the following special category / sensitive personal data:
|
Information |
Purpose |
Legal Basis |
4.2.8 |
Whether you have, or are connected to someone with politically exposed person (PEP) status. |
To enable Crestbridge to comply with its statutory obligations under anti-money laundering, countering terrorist financing, sanctions and regulatory laws applicable to it in terms of knowing your client (KYC) and due diligence information requirements. |
Legal Obligation |
4.2.9 |
Criminal convictions and sanctions information. |
Whilst processing is predominantly required for Legal Obligations in the context of Crestbridge’s potential and existing client relationships then where circumstances require it and we are lawfully permitted to do so Crestbridge may also process personal information in this context as necessary in order for Crestbridge to:
- prevent and detect unlawful acts/fraud; and/or
- exercise, bring or defend legal claims.
Such information may be shared with Crestbridge’s professional advisers for the purpose of obtaining advice, Crestbridge’s insurers, and with investigative and prosecuting authorities and ultimately with the courts or mediation authorities.
Your personal information, not including special category/sensitive information, may also be shared within the Crestbridge group of companies in our legitimate interests for client administration purposes and subject to Crestbridge’s compliance with any laws regarding the lawful sharing of that personal information.
Where we do process personal information pursuant to a Legal Obligation then we will retain this information during the client relationship and are obliged to retain it for a prescribed period of time post the end of our client relationship, typically a minimum of 5 years.
We may also then continue to hold / process the personal information post the end of that prescribed period in order that we may exercise, bring or defend legal claims during the legal limitation / prescription periods for bringing such a contract and/or tort/civil wrong claim as may apply under the relevant jurisdictional law.
5. Where we obtain your personal information:
|
Source |
5.1 |
Information you provide directly to Crestbridge: a) on such forms and documents as you may complete and provide to us either by way of enquiry or as we may require from you in respect to the services we provide; or b) on such documents as are submitted to us as part of our due diligence gathering procedures and/or in compliance with any other statutory or regulatory requirements; c) any personal information provided by way of correspondence with us by telephone, e-mail or otherwise. |
5.2 |
Information Crestbridge receives about you from third party sources being: (a) legal entities in which you have an ownership, management or employment interest; (b) your or 5.2(a)’s professional advisors; (c) companies registries, court databases, published sanctions/sanctions databases, financial crime databases or credit reference databases; (d) other financial institutions who hold and process your personal information and who may share that with us; (e) regulators or other official authorities with jurisdiction over us or those structures that we administer or otherwise provide services in respect of; (f) other publicly available information such as published articles and online content. |
5.3 |
Information Crestbridge obtains through monitoring activities undertaken by us via: (a) CCTV and/or electronic swipe card use in our different office premises – please refer to the relevant Crestbridge office’s CCTV and/or swipe card privacy notice information when you visit us; (b) Cookies and similar technology in use on our website(s) – please refer to our Cookies and Website Tracking Tools information at https://www.crestbridge.com/cookies; (c) Crestbridge IT systems monitoring in the event we provide you with access to our IT systems or provide any form of client portal – please refer to our separate terms and conditions and/or privacy notice information that will be provided where this is the case. |
6. Sharing personal information
6.1 Unless otherwise stated then Crestbridge may share your personal information:
6.1.1 |
within our Crestbridge group of companies (a list of Crestbridge regulated affiliates and their contact details is at https://www.crestbridge.com/regulatory) for client administration purposes; |
6.1.2 |
with Crestbridge’s professional advisers, insurers and insurance agents, auditors and IT service support providers to facilitate our business and the services which we provide to you; |
6.1.3 |
with Crestbridge’s other Approved Sub-Processors (please see clause 20 of our standard Terms of Business or Administration Agreement); |
6.1.4 |
with a client’s own approved service providers where Crestbridge is providing services and in its capacity as processor is following your instructions to do so; |
6.1.5 |
where we are subject to a legal obligation that necessitates the sharing of this information with other parties such as regulatory authorities, tax and revenue authorities, companies registries, governmental departments, courts and law enforcement authorities; |
6.1.6 |
in the context of a merger, sale or acquisition, or other change in our organisational structure. |
The group companies to whom your personal information may be transferred are based in the following jurisdictions: Jersey, the UK, Luxembourg, Ireland and the United States.
The third-party service providers to whom your personal information may be transferred are based primarily in the countries / territories where we have a jurisdictional presence, but may also be based in other European Economic Area countries, and in a few exceptional circumstances outside of the European Economic Area or those other countries / territories in which we have a jurisdictional presence.
6.2 Where we share your personal information with group companies and/or third party service providers and/or in the context of a change in our organisational structure outside of the European Economic Area, and where we are not otherwise subject to a legal obligation to share your personal information, then we require the recipients of that personal information to put in place adequate measures to protect it, including by entering into appropriate data sharing agreements such as the EU standard contractual clauses. If you would like further information about the safeguards we have in place to protect your personal information, please contact dpo@crestbridge.com.
7. Retention of personal information
7.1 Unless otherwise stated your personal information will be retained for as long as required:
7.1.1 |
by applicable laws or regulatory requirements; |
7.1.2 |
for the purposes for which the personal information was collected; |
7.1.3 |
in order to establish or defend legal rights or obligations or to satisfy any reporting or accounting obligations. |
8. Your Data Protection Rights
8.1 Depending on the country or territory in which Crestbridge’s processing of your personal information takes place and/or where you are then, subject to any relevant conditions or exemptions, you may have some or all of the following rights in respect of the personal information about you that we process:
8.1.1 |
the right to access and obtain a copy of your personal information; |
8.1.2 |
the right to correct inaccurate, incomplete or outdated personal information; |
8.1.3 |
the right to erase personal information; |
8.1.4 |
the right to restrict our processing of your personal information; |
8.1.5 |
the right to object to our processing of your personal information (in particular for marketing purposes or where it is processed in our legitimate interests); |
8.1.6 |
the right not to be subject to a decision based solely on the automated processing by us of your personal information; |
8.1.7 |
the right to port (i.e. move) your personal information; |
8.1.8 |
the right to compensation where we or another organisation has caused you damage as a result of our processing of your personal information; |
8.1.9 |
the right to seek a judicial (i.e. court) remedy where you consider we have acted or are about to act in breach of the relevant data protection legislation. |
8.2 You also have the right to lodge a complaint about our handling of your personal information with a relevant data protection supervisory authority either in the country/territory in which you are located and/or in the jurisdiction in which we are located and process your personal information.
For a list and contact details of the data protection regulatory authorities in our different jurisdictions please see Data Protection Supervisory Authorities.
Whenever you are considering lodging a complaint however we should please be grateful if you would first allow us the opportunity to resolve your complaint by addressing it in writing, and providing as much detail as possible, to dpo@crestbridge.com.
8.3 If we ever rely on your consent to process your personal information, you also have the right to withdraw that consent at any time.
8.4 If you wish to receive more information about your data protection rights or to exercise any of your rights, please contact dpo@crestbridge.com.
9. Inaccurate or amended information
Please let us know as soon as possible if any of the personal information we hold about you changes (including your correspondence details).
Failure to provide accurate information or to update information when it changes may have a detrimental impact upon our ability to provide services.
10. Your acknowledgment of this Privacy Notice
By using this website and/or submitting information to us and / or using our services you acknowledge having received and read this Privacy Notice.
11. Questions
If you have any questions about this Privacy Notice or how we handle your personal information (e.g. our retention procedures or the security measures we have in place), or if you would like to make a complaint, please contact dpo@crestridge.com.