Your Privacy Matters to Us
As Data Controllers for the information obtained by you, Oppenheim & Co. Limited (“Oppenheim”, the “Firm”, “we” or “us”), are committed to maintaining the accuracy, confidentiality and security of your personal information. We have a duty to safeguard and keep confidential any information relating to our customers or their financial affairs. Whether it is provided to us in person, over the phone, by electronic means or while visiting our website, we will strive at all times to ensure that the information is kept confidential and secure.
As a business regulated by the Guernsey Financial Services Commission, we may on occasion need to process your data to comply with the regulatory requirements or fulfil the obligations of a contract we have entered into with you.
What is personal information?
Personal Information we collect, process, and hold includes (amongst other):
Name and residential address
Date of birth
Identification numbers and documents (i.e. TINs and passport numbers)
Various financial information including assets, liabilities, and transactions
Why we collect and use this information:
Providing our contracted services to you
Maintaining and using relevant electronic filing systems
Keeping your records up to date
Conducting compliance, anti-money laundering and risk reviews
Complying with any requirement of Law, Regulation or reporting to a Regulatory or Tax authority
Information Collected via the Website
We will not collect any personal information that identifies a visitor to our website individually unless specified otherwise. Your visit to our website will record only the Domain Name Server of your address (and/or IP address) and of the pages visited. Such information will be used to prepare aggregate information about the number of visitors to the site and general statistics on usage patterns.
Some of this information will be gathered through the use of "cookies". Cookies are small bits of information that are stored on a person's web browser on their computer that can be retrieved by this site. Should you wish to disable these cookies you may do so by changing the settings on your browser itself.
In the future, if we intend to process your personal data for a purpose other than that which it was collected, we will provide you with information on that purpose and any other relevant information.
The lawful basis on which we process this information
We process your personal data in order to comply with legal obligations. These obligations are set out in legislation such as the Criminal Justice (Proceeds of Crime) (Bailiwick of Guernsey) Law 1999, the Companies (Bailiwick of Guernsey) Law 2008, and other legislation and regulation applicable to our business.
Collecting this information
Much of the information we hold will have been provided by you upon completion of an application form. We do not use automated decision making (including profiling) in any circumstances.
Storing this information
We hold your personal data both in hard copy files and on IT systems. The information will be stored until the expiration of a period of ten years after the termination of our relationship with you. We take the security of your data seriously. We have internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees, agents or service providers in the proper performance of their duties.
Who we share this information with
Personal data may be shared with the senior management of the Firm and relevant information may be shared with members of the workforce. Information may also be shared with parties that provide certain information technology and data processing services to us so that we may operate our business.
Any request for Personal Data made by a financial services regulator or public authority or governmental body with jurisdiction over us will be complied with.
We will take into account the risks that are presented by processing the Personal Data, in particular from a Data Breach and will take reasonable steps to ensure the reliability of any employee, agent or contractor of ours or any such approved sub-processor who may have access to Personal Data, ensuring that all such individuals are subject to confidentiality undertakings or other contractual, professional or statutory obligations of confidentiality.
Sub-processors will only be used by us to process Personal Data where they offer the same level of protection for Personal Data at a minimum which meet the requirements of the Data Protection (Guernsey) Law 2017 (the “DP Law”).
We do not in the normal course of our business transfer personal data outside of the Bailiwick of Guernsey and the European Economic Area. Should such a transfer be deemed necessary, we will ensure contractual safeguards are in place with any third party as relevant. Should such a transfer become a typical or regular part of the way we conduct our business, we will update this privacy notice and inform you of the change.
No information collected as a result of your interaction with our website will be disclosed to any third party, other than in accordance with the terms set out below:
where we (or any third party acting on our behalf) are legally compelled to do so;
where there is a duty to the public to disclose;
where our interests require disclosure; or
where disclosure is made at your request or with your consent.
Privacy and personal data protection principles vary from one country to another. When you access or link to any Local Site, please read the privacy statement issued by the Local Site to determine the policies that apply to information or data maintained by the Local Site. If the privacy statement contained in our website conflicts with that of the Local Site, the privacy statement of the Local Site shall prevail.
We draw your attention to the fact that Guernsey law (for example, with regard to banking secrecy and data protection) extends only to Guernsey territory and that all data transmitted abroad therefore ceases to enjoy any protection under Guernsey law.
Whenever you use any of our electronic services (“e-Services”) or contact us by e-mail, data is transmitted via an open public network (the internet) often across borders without any controls. Although data provided through e-Services may be encrypted, normal e-mails are not and neither is the identity of the sender or recipient, thereby potentially being vulnerable to any third party who may read these details.
Under the EU’s General Data Protection Regulation (GDPR) and the DP Law, you have specific legal rights and responsibilities with regards to your personal data. These rights have been summarised below:
Right to information for personal data collected from data subject
You have a right to be given various information about the data we hold about you along with a statement as to whether the provision of your Data is a statutory or contractual requirement, or a requirement necessary to be met in order to enter into a contract, and whether you are obliged to provide the Data, and the possible consequences of failure to provide that Data.
Right to information for indirectly collected personal data
Where Data processed in the context of a controller has not been collected from you by us or a processor acting on our behalf, you have a right to request the information.
Right to Data Portability
You may also ask us to move, or ‘port’, your personal information to another organisation electronically. We will only port personal information that you have provided to us, that we have processed based on your consent or performance of a contract, or that has been processed automatically. We will port your personal information without charge and within one month, where technically feasible.
Right of Access
You have the right to request a copy of the information that we hold about you.
Exception to right of portability or access involving disclosure of another individual's personal data.
Where we are unable to comply with a request made by you without disclosing information relating to another individual who is identified or identifiable from that information, we have the right to refuse provision or transmission.
Rights to Object
You have the right to require us to cease processing of your Data for direct marketing purposes, on grounds of public interest or for historical or scientific purposes.
Right to Rectification
We want to make sure that your personal information is accurate and up to date. You may ask us to correct, update or remove information you think is inaccurate or incomplete, and we ask that you inform us promptly of any changes to your circumstances.
Right to Erasure
You may also ask us to erase your personal information from our systems, in certain circumstances. There are some specific circumstances where the right to erasure does not apply and we are permitted to hold your Data. We will explain the reason for this at the time if this should occur.
Right to Restriction of Processing
You have a right to request that we restrict the processing of your Data in certain circumstances. We will inform our third parties to whom we have disclosed your Data that they must also restrict processing. We will inform you when the restriction on processing your Data ends.
Right to be notified of rectification, erasure and restrictions
Where we have disclosed your Data to another person, you have the right to be notified unless such notification is impracticable or involves disproportionate effort.
Right not to be subject to decisions based on automated processing
You have a right not to be subjected to an automatic decision and we would only allow automated processing with your consent or if it is necessary to protect your vital interests.
If you would like access to the data we hold, we must receive a request in writing in order to fulfil the request. This request should be sent to us by post to the Attention of and at the address appended to the end of this Privacy Notice.
Sections 82 and 83 of the DP Law provides for rights of appeal. Where that complaint relates to the processing of your Personal Data by us, specific procedures can be found on the Authority’s website at www.odpa.gg.
Identity and contact details of Responsible Officer
If you have any concerns as to how your data is processed, you can contact our Data Responsible Officer using the following address:
Oppenheim & Co. Limited
Attn: Data Responsible Officer
Tudor House, 1st Floor
St. Peter Port, GY1 1DB