1. Introduction
Crestbridge Family Office Services (Crestbridge) is made up of different legal entities. These entities include, but are not limited to, Crestbridge Fiduciary Limited (the Affiliation Leader) and its participating members, Crestbridge Trustees Limited, Corporate Trust Company Limited and Pacaya Investments Limited. This privacy policy is issued on behalf of the Group so when we mention Crestbridge, “we”, “us” or “our” in this privacy notice, we are referring to the relevant company in the Crestbridge Group responsible for processing your data. Further details are set out below.
We take the privacy and security of your personal information very seriously and will only use your personal information as set out in this Privacy Notice or as we may otherwise inform you from time to time.
If you work for Crestbridge Fiduciary Limited you should please refer to our Employee Privacy Notice which is available from Crestbridge Human Resources staff and published on the Group intranet. If you are seeking employment with Crestbridge Fiduciary Limited you should please refer to the Job Applicant Privacy Notice which is available on request.
References to “Crestbridge”, “we”, “us” are, in the context of enquiries made through forms completed and submitted on this website or the information we collect by cookies on this website, references to Crestbridge Fiduciary Limited of 40 Don Street, St Helier, Jersey, JE2 4TR, Channel Islands which is the controller of that information.
References to “Crestbridge”, “we”, “us” are, in the context of a potential new client relationship, references to whichever Crestbridge Fiduciary Services affiliate(s) you are dealing with to become the contracted service provider(s) in respect to such potential new client relationship. The relevant affiliate(s) will be the individual controller(s) of that information.
References to “Crestbridge”, “we”, “us” are, in the context of an existing client relationship, references to whichever Crestbridge Fiduciary Limited affiliate(s) that is / are the contracted service provider(s) in respect to that client relationship. The relevant Crestbridge Fiduciary Limited affiliate(s) will be the individual controller(s) of that information for its / their own purposes and the processor(s) on behalf of the relevant client controller.
2. Contact details
You can contact the Crestbridge Fiduciary Limited Data Protection Lead in relation to data protection and your rights by email dataprotection@crestfos.com or in writing to:
Data Protection Lead
Crestbridge Fiduciary Limited
40 Don Street
St Helier
Jersey
JE2 4TR
Channel Islands
3. The personal information we process
3.1 Depending on the nature of our relationship with you, we will collect various types of personal information about you which may include some or all of the following:
3.1.1 Your identification information (which may include your name, ID card and passport numbers, nationality, place and date of birth, gender, photograph and/or IP address and personal information relating to claims, court cases and convictions, politically exposed person (PEP) status, personal information available in the public domain and such other information as may be necessary for Crestbridge to provide its services and to complete its client due diligence process and discharge its AML/CFT/CPF obligations);
3.1.2 Your tax status information (which may include your tax residency, tax ID and tax status);
3.1.3 Your contact information (which may include postal residential and business addresses, personal and business e-mail address and your home, business and mobile telephone numbers);
3.1.4 Your family relationships (which may include your marital status, the identity of your spouse and the number of children that you have);
3.1.5 Your professional and employment information (which may include your level of education and professional qualifications, your employment, employer’s name and details of directorships and other offices which you may hold);
3.1.6 Financial information, sources of wealth and your assets (which may include details of your assets, sources of wealth, shareholdings and your beneficial interest in assets, your bank details and your credit history);
3.1.7 Transaction data including details about payments to and from you and other details of services you have obtained from us;
3.1.8 Profile data including usernames and passwords, details of services, your interests and preferences; and
3.1.9 IP Address (we may collect your IP (Internet Protocol) address to help diagnose problems with our server, and to administer our Site. An IP address is a number that is assigned to your computer when you use the Internet. This information does not contain any personally identifiable information about you. Your IP address is also used to help identify you during a particular session and to gather broad demographic data. We may also collect usage data including information about how you interact with and use our website and services and marketing and communications data including your preferences for receiving marketing communications from us and our third parties.
3.2 We may collect and process personal information regarding people connected to you, either by way of professional (or other) association or by way of family relationship.
3.3 We may also collect, use and share aggregated data such as statistical or demographic data which is not personal data as it does not directly (or indirectly) reveal your identity. For example, we may aggregate individuals’ Usage Data to calculate the percentage of users accessing a specific website feature in order to analyse general trends in how users are interacting with our website to help improve the website and our service offering.
4. Where we obtain your personal information
4.1. We collect your personal information from the following sources:
4.1.1. personal information which you give to us, including but not limited to:
(a) on such other forms and documents as we may request you complete or provide in relation to the administration/management of any of our services;
(b) information gathered through client due diligence carried out as part of our compliance with regulatory requirements; or
(c) any personal information provided by way of correspondence with us by phone, e-mail or otherwise;
4.1.2. personal information we receive from third party sources, such as:
(a) entities in which you or someone connected to you has an interest;
(b) your legal and/or financial advisors;
(c) other financial institutions who hold and process your personal information;
(d) other publicly available sources such as Companies House, the Jersey Financial Services Registry etc; and
(e) credit reference agencies and financial crime databases for the purposes of complying with our regulatory requirements.
4.1.3. personal information received in the course of dealing with advisors, regulators, official authorities, payment providers and service providers by whom you are employed or engaged or for whom you act.
5. Why we collect your personal information?
Lawful grounds for processing:
5.1. Unless we inform you otherwise then we may hold and process your personal information on the following lawful grounds:
5.1.1. the processing is necessary to comply with our legal obligations including in any employment or social field;
5.1.2. the processing is necessary for our legitimate interests or the legitimate interests of a third party to whom your personal information is disclosed, provided your interests and fundamental rights do not override those interests;
5.1.3. the processing is necessary for the performance of a contract to which you are a party, or to take such steps, at your request, with a view to entering you into such a contract;
5.1.4. the processing is necessary in our performance of a public task or in the public interest;
5.1.5. the processing is necessary to exercise, bring or defend a legal claim or to prevent and detect an unlawful act; and
5.1.6. in exceptional circumstances, where we have obtained your consent to processing your personal information for a specific purpose.
Purposes of processing:
5.2. Your personal information may be processed for the purposes set out below (“Purposes”).
The Purposes based on our legitimate interests (and in some cases on other lawful bases as stated) are set out in paragraphs 5.2.1 to 5.2.4 inclusive:
5.2.1. facilitating the administration of our business, clients and/or our service providers;
5.2.2. communicating with you as necessary in connection with our services or in relation to a contract we have in place with you;
5.2.3. monitoring and recording, including of telephone and electronic communications, system use and transactions, for:
(a) quality, business analysis, training and related purposes in order to improve service delivery and/or to monitor adherence to our internal staff policies and procedures; and
(b) for the prevention, detection, investigation and prosecution of any unlawful act (or omission to act) or in the wider public interest;
5.2.4. disclosing your personal information to any bank or financial institution in providing our services;
5.2.5. to enforce or defend our legal and contractual rights or those of third party service providers;
5.2.6. to comply with legal or regulatory obligations imposed on us;
5.2.7. collecting, processing, transferring and storing customer due diligence, source of funds information and verification data under applicable anti-money laundering and terrorist financing laws and regulations; and
5.2.8. liaising with or reporting to any regulatory authority (including tax authorities) with whom we are either required to co-operate or report to, or with whom we decide or deem it is appropriate to co-operate.
5.3. You may receive marketing communications if you have opted in to receive them and have not opted out of receiving the marketing.
5.4. You can ask us to stop sending you marketing communications at any time by following the opt-out links within any marketing communication sent to you.
5.5. If you opt-out of receiving marketing communications, you will still receive service-related communications that are essential for administrative or customer service purposes.
5.6. For more information about the cookies we use and how to change your cookie preferences, please see Cookies Policy – Crestbridge (crestfos.com) .
6. Sharing personal information
6.1. We may share your personal information:
6.1.1. within our group of companies including to our affiliates;
6.1.2. with third party service providers, including, our insurers and insurance agents, banks, financial institutions or other third party lenders, IT service providers, auditors and legal professionals to facilitate our business and the services which we provide;
6.1.3. where we are subject to a legal obligation that necessitates the sharing of this information with parties such as our regulatory authorities, tax and revenue authorities, companies registries, governmental departments, courts and law enforcement authorities;
6.1.4. in the context of a merger, sale or acquisition, or other change in our organisational structure.
6.2. The third party service providers to whom your personal information may be transferred are based primarily in the countries / territories where we have a jurisdictional presence, but may also be based in other European Economic Area countries, and in a few exceptional circumstances outside of the European Economic Area or those other countries / territories in which we have a jurisdictional presence.
6.3. Where we share your personal information with group companies and/or third party service providers and/or in the context of a change in our organisational structure outside of Jersey, the UK or the European Economic Area, and where we are not otherwise subject to a legal obligation to share your personal information, then we require the recipients of that personal information to put in place adequate measures to protect it, including by entering into appropriate data sharing agreements such as the EU standard contractual clauses. If you would like further information about the safeguards we have in place to protect your personal information, please contact dataprotection@crestfos.com.
7. How does Crestbridge protect data?
7.1. Crestbridge takes the security of your data seriously. Crestbridge has internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties.
7.2. Where Crestbridge engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.
7.3. If you would like further information about the safeguards we have in place to protect your personal information, please contact at dataprotection@crestfos.com.
8. Retention of personal information
8.1. Your personal information will be retained for as long as required:
8.1.1. for the purposes for which the personal information was collected;
8.1.2. in order to establish or defend legal rights or obligations or to satisfy any reporting or accounting obligations; and/or
8.1.3. as required by data protection laws and any other applicable laws or regulatory requirements.
8.2. If we rely on consent to process your personal information, you are free to withdraw your consent at any time.
8.3. For further information about applicable retention periods, please contact the Data Protection Lead: dataprotection@crestfos.com.
9. Access to and control of personal information
9.1. Depending on the country or territory in which our processing of your personal information takes place and/or where you are you may have some or all of the following rights (although these may only be exercisable in certain circumstances) in respect of the personal information about you that we process:
9.1.1. the right to access and port personal information;
9.1.2. the right to not provide or withdraw consent;
9.1.3. the right to correct inaccurate, incomplete or out of date personal information;
9.1.4. the right to restrict the use processing of personal information;
9.1.5. the right to have personal information erased;
9.1.6. the right to object to processing of personal information;
9.1.7. the right not to be subject to a decision based solely on the automated processing by us of your personal information;
9.1.8. the right to compensation where we or another organisation has caused you damage as a result of the processing of your personal information; and
9.1.9. the right to seek a judicial (ie. court) remedy where you consider we have acted or are about to act in breach of the relevant data protection legislation.
9.2. You also have the right to lodge a complaint about our handling of your personal information with a relevant data protection supervisory authority either in the country/territory in which you are located and/or in the jurisdiction in which we are located and process your personal information.
For Jersey, you can contact the Jersey Office of the Information Commissioner at the following address:
Office of the Information Commissioner
5 Castle Street
St. Helier, Jersey, JE2 3BT
Or by telephone at +44 1534 716530 or by email at enquiries@jerseyoic.org.
9.3. Whenever you are considering lodging a complaint however we should please be grateful if you would first allow us the opportunity to resolve your complaint by addressing it in writing, and providing as much detail as possible, to dataprotection@crestfos.com.
9.4. Where we have relied on consent to process your personal information, you have the right to withdraw consent at any time.
9.5. If you wish to receive more information about your data protection rights or to exercise any of your rights, please contact dataprotection@crestfos.com.
10. Inaccurate or amended information
10.1. Please let us know as soon as possible if any of your personal information changes (including your correspondence details).
10.2. Failure to provide accurate information or to update information when it changes may have a detrimental impact upon our ability to provide services.
11. Changes to this privacy notice
We reserve the right to update this Privacy Notice at any time and keep it under regular review.
12. Questions
If you have any questions about this Privacy Notice or how we handle your personal information (e.g. our retention procedures or the security measures we have in place), or if you would like to make a complaint, please contact dataprotection@crestfos.com.