The Cayman Islands Monetary Authority (“CIMA”) has changed the application form for the registration of Virtual Asset Service Providers (VASPs) through the REEFS portal. Additionally, CIMA has issued an update to the Rule and Statement of...
Data Protection
Stuarts Humphries is a client-oriented offshore legal practice. Stuarts Humphries together with its affiliates Stuarts Corporate Services Ltd. and Southern Management Services Ltd., form a group (collectively, “Stuarts”, “we”, “us” and “our”). In the process of operating our business and as a result of legal requirements, Stuarts acquires, stores, manages and uses your personal information. Personal information in this context means information that is on a specific person and not that of a corporate entity.
Your privacy is important to us. This privacy policy (“Privacy Policy”) sets out how we protect your personal information and your rights in respect of that personal information. Stuarts complies with applicable data protection laws. We are committed to best practices. Each member of Stuarts is a data controller and your personal information is processed for the purpose(s) as set out in this Privacy Policy. Your personal information may be transferred within Stuarts. All members of Stuarts are required to meet the data protection standards in this Privacy Policy. Stuarts is committed to ensuring that your privacy is protected.
If you have any questions about this Privacy Policy or requests in respect of personal information, please contact us at dataprotection@stuartslaw.com.
Personal Information we Collect
The types of personal information that we may process include:
- basic information, such as your full name, date of birth, gender, marital status and dependents, employer details, your title or position and your relationship to a person;
- contact information, such as your postal address, home address, business address, email address(es), fax number(s) and phone number(s) and next of kin and emergency contact information;
- information necessary for the provision of legal and corporate services, such as information related to financial wealth and assets, tax status, professional relationships and background, disputes and court proceedings, any international sanctions and restrictive measures;
- information required to meet legal and regulatory requirements, such as in respect of anti-money laundering requirements and know-your-customer requirements including identification documents such as your passport, national insurance number, driving licence or other photographic identity details and address verification documentation such as a recent utility bill;
- financial information, such as payment-related information;
- technical information, such as information from your visits to our website, including information that we collect automatically through cookies and similar tracking technologies, or in relation to materials and communications we send to you electronically;
- information you provide to us including when you sign up to or otherwise request legal, marketing or other materials including for the purposes of attending meetings and events;
- information provided for the purposes of recruitment and alumni records of former employees; and
- any other information you may provide to us.
In certain instance we may also obtain sensitive personal data such as information on the commission or alleged commission of an offence, or any proceeding for any offence committed, or alleged, to have been committed, the disposal of any such proceedings or any sentence of a court, information about your family and personal life where relevant to advice that you have requested and certain health information where you have provided this to us, for example, where you will attend an event that we organize and have certain dietary restrictions.
You are required to advise us of any changes to your personal data. From time to time we may request for you to verify or update your data. We retain the right to not create relationship with you or to cease a relationship in the event we do not obtain the necessary personal information we are legally obligated to obtain.
How we Collect your Personal Information
We endeavor to collect your personal information directly from you where possible. However, given the nature of our business and the services we offer we may collect your data from a third party, such as an instructing attorney or the organisation that is our client. We may collect personal data from you, and on you, in a number of ways. Some examples include:
- when you visit our website;
- when you request information from us;
- when you or your organisation seek any of our services;
- when we provide you or your organisation with any of our services;
- when we request information on you to either you or your organisation or a third party;
- when you or your organisation provide us or seek to provide us with any services;
- when any of our personnel meet you;
- when you sign up for any of our communications;
- when you attend an event that we organise or attend;
- when we on-board you or your organisation as a client;
- when we carry out know-your-client and anti-money laundering checks using information that you provide us, information that we obtain from you and information that we obtain from publicly available records, online databases, government agencies, credit agencies, social media platforms and third-party service providers;
- when a third party engages us, and you are a member or principal of that third party or otherwise related; and
- when you act in certain capacities for a Cayman entity such as, as a director, officer, manager, partner, shareholder or member.
What we Do with your Personal Information
We only process personal information for the purpose it was collected for. We only collect and process personal information where we have a legal basis for doing so including: where you consent to the collection and use, where we are fulfilling a contract with you, where we have a legitimate interest in collecting and processing the personal information, where we have to comply with a legal obligation, where we need to protect your interest or someone else’s interest and where processing the personal information is in the interest of the public. Primarily we will use any personal information we collect to carry out our legal and regulatory obligations and to perform any contract we enter into with you/our client. In certain circumstances we may use your personal information to pursue our own legitimate interests or those of third parties as long as they do not override your interests or fundamental rights.
Some examples where we use your personal information include:
- for our website - such as to improve our website features, content and functionality including by using online identifiers and statistics;
- for our services– including entry into and maintaining client relationships and providing legal, corporate and other services;
- for our communications– such as providing legal and industry news and updates, invitations to events and seminars, client communications and marketing communications;
- for our research – to improve our services, products and technologies;
- for our security– to protect our systems, premises and staff;
- for our marketing – to market our services and products including sending legal updates, publications and details of events;
- for our training – including internal know-how and industry training;
- for our recruitment– including for us to recruit personnel;
- for fraud prevention purposes;
- to fulfil our legal and regulatory obligations;
- to comply with court orders or defend our legal rights; and
- for any purpose related to or ancillary to the above or for any such other purpose that your personal data was provided for.
With respect to sensitive personal information, we will only generally process this information with consent or where we otherwise need to carry out our legal obligations. There may also be limited situations such as where it is needed for a legal claim or to protect your interests (or someone else’s) and you are not able to give consent or where the information is already public. We may also process this information in the course of our legitimate business activities with appropriate protections.
In the event that information that we require is not provided to us then we may not be able to perform the contract we have entered into with you, continue to act for you or otherwise be prevented from complying with our legal obligations.
Who we Share your Personal Information with
We may share your personal information amongst Stuarts on a confidential basis in order to provide legal advice, other services and products as well for business, administrative and billing purposes and with certain trusted third parties in accordance with contractual arrangements in place with them, including:
- our professional advisers and auditors;
- suppliers to whom we outsource support and IT services;
- courts or tribunals, where necessary to fulfil our legal obligations;
- law enforcement agencies, where necessary to fulfil our legal obligations;
- regulators or other governmental or supervisory bodies with a legal right or legitimate interest;
- public registers;
- other service providers in the course of the services we provide to clients and with their prior approval;
- third parties involved in hosting or organising events or seminars;
- potential parties with whom Stuarts intend to merge or sell any part of Stuarts using all reasonable efforts to notify you of any such change.
We will not sell, distribute or lease your personal information to third parties unless we are legally required to do so or have been given your prior approval. Where it is necessary for personal information to be shared with regulatory authorities, courts, tribunals, government agencies and law enforcement agencies, we will use reasonable endeavours to notify you before we do this where we are not legally prevented from doing so.
In certain circumstances it may be necessary to transfer your personal information out of Stuarts to another jurisdiction. We will only transfer such data to jurisdiction(s) deemed to have adequate levels of data protection, unless the transfer is made with your consent or necessary for the performance of a contract with you or a third party on your behalf, required for legal proceedings, obtaining legal advice or establishing, exercising or defending a legal right, required under international cooperation agreements or otherwise permitted under applicable data protection laws.
How Long do we Keep your Personal Information
We will only keep your personal information for as long as is necessary to fulfil the purposes for which it was collected, taking into account legal and regulatory requirements to retain the information for a minimum period, limitation periods for taking legal action, good practice and Stuarts’ legitimate business purposes. We will destroy or anonymize documents and other records containing personal information when it is reasonable or necessary to do so. We will take all necessary precautions to prevent any unauthorised access to your personal information when destroying the same.
Any request for further information in relation to personal information we hold and for destruction of such personal information should be sent to dataprotection@stuartslaw.com.
Individual Personal Information Rights
You have rights with respect to your personal information that we hold. Your personal rights to your personal information include:
- right to be informed – you have the right to be informed about the collection and use of your personal information, as set out in this Privacy Policy;
- right to access – you have the right to obtain details on the processing of your personal information. You may obtain details by making a ‘subject access request’ to the email address as set out below. This right may be used to help you understand how and why we are using your personal information, and check we are doing it lawfully;
- right to rectification – this right requires that we, in our capacity as a data controller, must ensure personal information is accurate and, where necessary, up to date. This enables you to have any personal information we hold be corrected, completed or updated;
- right to stop/restrict processing – you have the right to require that processing you personal information stops, or doesn’t begin, or that it ceases for a specified purpose or in a specified way. Please note this is not an absolute right. Where you have requested that we restrict our processing of your personal information we shall only maintain and destroy the information in accordance with your permissions subject to applicable law.
- right to stop direct marketing – you have the right to stop the processing of your personal information for direct marketing purposes.
- rights in relation to automatic decision making – automatic decision making is a decision made by automated means without any human involvement. We presently do not engage in solely automated individual decision-making with significant effects on an individual. In the event we do we will only do so with your prior consent.
- right to complain– In the event that you have any concerns or complaints in relation to this Privacy Policy or our processing of your personal information we will seek to address them as soon as reasonably practicable. Please direct them any such matters to dataprotection@stuartslaw.com.
Please be aware that if you object or withdraw any previously given consent to the use of your personal information, this may mean that we are unable to perform the relevant services or there may be a restriction on the services which can be provided. Where necessary we may continue to process your personal information after you have chosen to withdraw your consent, to the extent it is required or otherwise permitted by law, in particular in connection with exercising and defending our legal rights or meeting our legal and regulatory obligations.
If you wish to make a request in relation to your personal information that we have processed then please send your request dataprotection@stuartslaw.com.
Cookies
A cookie is a small text file that is stored in your web browser that allows us or a third party to recognize you and keep track of your preferences. We use Google Analytics cookies. Google Analytics lets us see detailed statistics about how users interact with our website. Related links: Google’s Privacy Policy and How Google uses this information. These cookies help us improve our website by providing us with information such as the number of visitors to our website, the pages they visit and the length of time spent on our website.
For more information on the cookies we use on our website, please see our Cookies Policy.
Links to other Websites
Our website may contain links to other websites of interest. Once you have used these links to leave our website, we do not have any control over that other website. We cannot be responsible for the protection and privacy of any information which you provide whilst visiting such websites and such websites are not governed by this Privacy Policy. You should exercise caution and look at the privacy policy/statement applicable to the website in question.
Security
We take appropriate technical and organisational measures to keep your personal information confidential and secure, in accordance with our internal policies and procedures regarding storage of, access to and disclosure of personal information. We may keep your personal information in our electronic systems, in the systems of our contractors, or in paper files. All employees and third parties engaged to process your personal information are obliged to respect the confidentiality of your personal information. Stuarts will use all reasonable efforts to ensure all third parties are bound by the terms of this Privacy Policy or a comparable policy. No information system is absolutely secure. Stuarts cannot guarantee and is not responsible for the security of information and for any loss or damage suffered as a result of a breach of security or confidentiality when information is transmitted over the internet (for example, by email) or network(s) not in our control.
Changes to this Privacy Policy
We may update this Privacy Policy from time to time. Any updates to this Privacy Policy will appear on our website and will take effect upon being posted on our website. This Privacy Policy was last updated on 1 September 2019.