This Privacy Notice sets out how Crestbridge collects and handles personal information about you when you, or someone on your behalf, interacts with us in respect to the services we offer, or when you use our website.
We take the privacy and security of your personal information very seriously and will only use your personal information as set out in this Privacy Notice or as we may otherwise inform you from time to time.
If you work for Crestbridge you should please refer to our Employee Privacy Notice which is available from Crestbridge Human Resources staff and published on our intranet. If you are seeking employment with Crestbridge you should please refer to the Job Applicant Privacy Notice which can be found in the Careers section of our website at: https://careers.crestbridge.com/privacy-policy
References to “Crestbridge”, "we", "us" are, in the context of enquiries made through forms completed and submitted on this website or the information we collect by cookies on this website, references to Crestbridge Limited of 47 The Esplanade, St Helier, Jersey, JE1 0BD which is the controller (in Bahrain terms the data manager) of that information.
References to "Crestbridge", "we", "us" are, in the context of a potential new client relationship, references to whichever Crestbridge affiliate(s) you are dealing with to become the contracted service provider(s) in respect to such potential new client relationship. The relevant affiliate(s) will be the individual controller(s) (in Bahrain terms the data manager) of that information.
References to "Crestbridge", "we", "us" are, in the context of an existing client relationship, references to whichever Crestbridge affiliate(s) that is / are the contracted service provider(s) in respect to that client relationship. The relevant Crestbridge affiliate(s) will be the individual controller(s) (in Bahrain terms the data manager) of that information for its / their own purposes and the processor(s) on behalf of the relevant client controller.
A full list of Crestbridge affiliates and their contact details is at https://www.crestbridge.com/regulatory.
2. Contact details
You can contact the Crestbridge Data Protection Officer in relation to data protection and your rights by email email@example.com or in writing to:
The Data Protection Officer
3. EU representative
Each Crestbridge entity processor and controller which is situated outside of the European Economic Area (EEA) has nominated Crestbridge S.A. as its EU representative. You can contact Crestbridge S.A. in writing, addressed to:
Head of Legal and Compliance
1 Boulevard de la Foire
4. The personal information we process
4.1 Depending on the nature of our relationship with you, we will collect various types of personal information about you which may include some or all of the following:
4.1.1 Your identification information (which may include your name, ID card and passport numbers, nationality, place and date of birth, gender, photograph and/or IP address and personal information relating to claims, court cases and convictions, politically exposed person (PEP) status, personal information available in the public domain and such other information as may be necessary for Crestbridge to provide its services and to complete its client due diligence process and discharge its AML/CFT obligations);
4.1.2 Your tax status information (which may include your tax residency, tax ID and tax status);
4.1.3 Your contact information (which may include postal residential and business addresses, personal and business e-mail address and your home, business and mobile telephone numbers);
4.1.4 Your family relationships (which may include your marital status, the identity of your spouse and the number of children that you have);
4.1.5 Your professional and employment information (which may include your level of education and professional qualifications, your employment, employer’s name and details of directorships and other offices which you may hold);
4.1.6 Financial information, sources of wealth and your assets (which may include details of your assets, sources of wealth, shareholdings and your beneficial interest in assets, your bank details and your credit history); and
4.1.7 IP Address (we may collect your IP (Internet Protocol) address to help diagnose problems with our server, and to administer our Site. An IP address is a number that is assigned to your computer when you use the Internet. This information does not contain any personally identifiable information about you. Your IP address is also used to help identify you during a particular session and to gather broad demographic data.)
4.2 We may also collect and process personal information regarding people connected to you, either by way of professional (or other) association or by way of family relationship.
5. Where we obtain your personal information
5.1 We collect your personal information from the following sources:
5.1.1 personal information which you give to us, including but not limited to:
(a) on such other forms and documents as we may request you complete or provide in relation to the administration/management of any of our services;
(b) information gathered through client due diligence carried out as part of our compliance with regulatory requirements; or
(c) any personal information provided by way of correspondence with us by phone, e-mail or otherwise;
5.1.2 personal information we receive from third party sources, such as:
(a) entities in which you or someone connected to you has an interest;
(b) your legal and/or financial advisors;
(c) other financial institutions who hold and process your personal information; and
(d) credit reference agencies and financial crime databases for the purposes of complying with our regulatory requirements; and
5.1.3 personal information received in the course of dealing with advisors, regulators, official authorities and service providers by whom you are employed or engaged or for whom you act.
6. Why we collect your personal information?
Lawful grounds for processing:
6.1 Unless we inform you otherwise then we may hold and process your personal information on the following lawful grounds:
6.1.1 the processing is necessary to comply with our legal obligations;
6.1.2 the processing is necessary for our legitimate interests or the legitimate interests of a third party to whom your personal information is disclosed, provided your interests and fundamental rights do not override those interests;
6.1.3 the processing is necessary for the performance of a contract to which you are a party, or to take such steps, at your request, with a view to entering you into such a contract;
6.1.4 the processing is necessary in our performance of a public task or in the public interest;
6.1.5 the processing is necessary to exercise, bring or defend a legal claim or to prevent and detect an unlawful act; and
6.1.6 in exceptional circumstances, where we have obtained your consent to processing your personal information for a specific purpose.
Purposes of processing:
6.2 Your personal information may be processed for the purposes set out below ("Purposes"). The Purposes based on our legitimate interests (and in some cases on other lawful bases as stated) are set out in paragraphs 6.2.1 to 6.2.4 inclusive:
6.2.1 facilitating the administration of our business, clients and/or our service providers;
6.2.2 communicating with you as necessary in connection with our services;
6.2.3 monitoring and recording, including of telephone and electronic communications, system use and transactions, for:
(a) quality, business analysis, training and related purposes in order to improve service delivery and/or to monitor adherence to our internal staff policies and procedures; and
(b) for the prevention, detection, investigation and prosecution of any unlawful act (or omission to act) or in the wider public interest;
6.2.4 disclosing your personal information to any bank or financial institution in providing our services;
6.2.5 to enforce or defend our legal and contractual rights or those of third party service providers;
6.2.6 to comply with legal or regulatory obligations imposed on us;
6.2.7 collecting, processing, transferring and storing customer due diligence, source of funds information and verification data under applicable anti-money laundering and terrorist financing laws and regulations; and
6.2.8 liaising with or reporting to any regulatory authority (including tax authorities) with whom we are either required to co-operate or report to, or with whom we decide or deem it is appropriate to co-operate.
7. Sharing personal information
7.1 We may share your personal information:
- with our group companies (a full list of Crestbridge affiliates and their contact details is at https://www.crestbridge.com/regulatory);
- with third party service providers, including, our insurers and insurance agents, banks, financial institutions or other third party lenders, IT service providers, auditors and legal professionals to facilitate our business and the services which we provide;
- where we are subject to a legal obligation that necessitates the sharing of this information with parties such as our regulatory authorities, tax and revenue authorities, companies registries, governmental departments, courts and law enforcement authorities;
- in the context of a merger, sale or acquisition, or other change in our organisational structure.
The group companies to whom your personal information may be transferred are based in the following jurisdictions: Jersey, the UK, Luxembourg, Cayman, Bahrain, Ireland and the United States.
The third party service providers to whom your personal information may be transferred are based primarily in the countries / territories where we have a jurisdictional presence, but may also be based in other European Economic Area countries, and in a few exceptional circumstances outside of the European Economic Area or those other countries / territories in which we have a jurisdictional presence.
7.2 Where we share your personal information with group companies and/or third party service providers and/or in the context of a change in our organisational structure outside of the European Economic Area, and where we are not otherwise subject to a legal obligation to share your personal information, then we require the recipients of that personal information to put in place adequate measures to protect it, including by entering into appropriate data sharing agreements such as the EU standard contractual clauses. If you would like further information about the safeguards we have in place to protect your personal information, please contact firstname.lastname@example.org.
8. Retention of personal information
8.1 Your personal information will be retained for as long as required:
8.1.1 for the purposes for which the personal information was collected;
8.1.2 in order to establish or defend legal rights or obligations or to satisfy any reporting or accounting obligations; and/or
8.1.3 as required by data protection laws and any other applicable laws or regulatory requirements.
9. Access to and control of personal information
9.1 Depending on the country or territory in which our processing of your personal information takes place and/or where you are you may have some or all of the following rights (although these may only be exercisable in certain circumstances) in respect of the personal information about you that we process:
9.1.1 the right to access and port personal information;
9.1.2 the right to correct inaccurate, incomplete or out of date personal information;
9.1.3 the right to restrict the use processing of personal information;
9.1.4 the right to have personal information erased;
9.1.5 the right to object to processing of personal information;
9.1.6 the right not to be subject to a decision based solely on our automated processing of your personal information;
9.1.7 the right to compensation where we or another organisation has caused you damage as a result of the processing of your personal information; and
9.1.8 the right to seek a judicial (ie. court) remedy where you consider we have acted or are about to act in breach of the relevant data protection legislation.
9.2 You also have the right to lodge a complaint about our handling of your personal information with a relevant data protection supervisory authority either in the country/territory in which you are located and/or in the jurisdiction in which we are located and process your personal information. For a list and contact details of the data protection regulatory authorities in our different jurisdictions please see Data Protection Supervisory Authorities. Whenever you are considering lodging a complaint however we should please be grateful if you would first allow us the opportunity to resolve your complaint by addressing it in writing, and providing as much detail as possible, to email@example.com .
9.3 Where we have relied on consent to process your personal information, you have the right to withdraw consent at any time.
9.4 If you wish to exercise any of the rights set out in this paragraph 9, please contact firstname.lastname@example.org.
10. Inaccurate or amended information
Please let us know as soon as possible if any of your personal information changes (including your correspondence details). Failure to provide accurate information or to update information when it changes may have a detrimental impact upon our ability to provide services.
11. Social Networking
The views and opinions of Crestbridge Directors and employees published on social networking websites such as, but not limited to; linkedin.com twitter.com and facebook.com do not necessarily reflect those of Crestbridge. Social networking website posts are not intended as legal or financial advice and should not be relied on as such. Reference to any specific commercial products, processes, or services by trade name, trademark, manufacturer, or otherwise does not necessarily constitute or imply its endorsement or recommendation by Crestbridge, Nor shall any information or statements contained on social networking websites be used for the purposes of advertising, or to imply an endorsement or recommendation. With respect to any documents available from social networking websites, neither Crestbridge nor any of its employees make any warranty, express or implied, including but not limited to the warranties of merchantability and fitness for a particular purpose. Further, neither Crestbridge nor any of its employees assume any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product or process disclosed; nor do they represent that its use would not infringe privately owned rights.
The copyright in this website is owned by Crestbridge Corporate Services Limited. The pages in this site may be viewed, copied and printed but any copying or printing of the pages or of any part of the pages must include the copyright notice or must otherwise identify Crestbridge Coroprate Services Limited as the owner of the copyright.
13. Your acknowledgment of this Privacy Notice
By using this website and / or our services you acknowledge having received and read this Privacy Notice.
If you have any questions about this Privacy Notice or how we handle your personal information (e.g. our retention procedures or the security measures we have in place), or if you would like to make a complaint, please contact email@example.com.