In order to help you navigate the new data protection legislation and understand your rights we have set out below a number of questions and answers which we think you may find of benefit.
The new Data Protection (Jersey) Law 2018 can be found on The Office of the Information Commissioner’s (OIC) website and our Privacy Notice is detailed on the Le Gallais and Luce website.
Definitions: What is an Information Controller vs. Processor?
‘Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal information.
‘Processor’ means a natural or legal person, public authority, agency or other body which processes personal information on behalf of the controller
Le Gallais & Luce may act in both capacities as an information controller and processor.
What type of information is collected by Le Gallais & Luce?
At Le Gallais & Luce we obtain your personal and on rare occasions sensitive information in the course of our Client Due Diligence process and we may be required to obtain further information from you during our period of instruction.
Examples of information which this firm holds is:
- Contact details
- Bank account details
Sensitive personal information:
- Marital status
How will this information be used?
The information held is required by law for Anti-Money Laundering/Counter-Terrorist Financing purposes and for the due execution of your instructions in accordance with this firm’s standard terms and conditions which will need to be signed at the start of the business relationship.
As part of the services provided to you by Le Gallais & Luce, we may use third party agents. We shall ensure that those third party agents provide us with their confirmation of compliance with the new data protection law and your personal information shall not be released or disclosed to any third party without your prior consent unless there is an explicit reason to do so, or it is required by Court Order or otherwise required by law.
Have I given Le Gallais & Luce my consent?
As part of our new business-take-on process, at Le Gallais & Luce we ask you to sign a document called Terms of Engagement, a contract. This action is one of six lawful bases for allowing us to process your personal information, without the necessity for any additional consent from you.
How secure is my information held by Le Gallais & Luce?
We process your information using secured technologies. Our systems are regularly monitored for any exposures and risk of cyber-attacks, enabling us to identify ways to further improve our security.
Your personal information will also be held in hard copy paper format at the office.
Can you transfer my information internationally?
New data protection law imposes restrictions on the transfer of personal information outside the European Union (EU), to third countries or international organisations and jurisdictions which do not offer the same level of protection compared to countries, organisations and jurisdictions within EU boundaries. If you request such a transfer, we will assess each situation individually against the new law and its criteria to see if it is feasible and we will advise you accordingly.
Is my information used for any marketing purposes?
We do not use any marketing tools, nor mailing lists with information on our clients and therefore your information will not be used for anything other than the execution of your instructions.
Is the automated decision making taking place at Le Gallais & Luce?
There are no automated decisions made within Le Gallais & Luce with regard to your information.
Have Le Gallais & Luce appointed a Data Protection Officer?
Le Gallais & Luce is a local partnership law firm of four Partners and thirty-one employees. We are not a public authority or body, or acting in any judicial capacity. At our firm we do not regularly or systematically monitor data subjects such as online behaviour tracking or process sensitive personal information, including that relating to criminal convictions and offences, on a large scale. There is therefore no requirement to have a Data Protection Officer appointed, however, we do have a designated Compliance Officer Paulina Jaskulska who is acting as an advisor on data protection laws and relevant obligations and can be contacted at email@example.com or on 760760.
What are Cookies?
A cookie is a small file which asks permission to be placed on your computer’s hard drive. The cookie helps analyse web traffic or lets you know when you visit a particular site.
What are my rights?
The new data protection legislation provides you with increased rights in relation to the information we hold about you.
What are my rights?
- A right to be informed by us on how and for what purpose we process your information
- A right to request access to the information we hold on you
- A right to request your information be amended where incorrect or incomplete
- A right to have your information erased
- A right to restrict your information from processing
- A right for your information portability
However, if you chose not to provide us with your personal information, or use your right to request the information we hold about you be restricted or erased before your matter is completed, we may be unable to provide you with the services required as per your original instructions.
How can I make a Data Subject Access Request?
If you wish to receive confirmation of the information we hold on you, please request this in writing via email or at our address stated below.
We will respond to your request within one month of receipt. According to the new law, we are permitted to extend the time of our response, by a further two months for complex or multiple requests. Initial requests will be provided free of charge, subsequent, excessive and repetitive access requests will be subject to an administration fee.
How long will my information be retained for?
Your personal information will be retained for as long as necessary for the purpose of completing the work instructed.
In accordance with our document retention policy, Le Gallais & Luce will hold personal information for at least 11 years from the last material entry on the file and shall not destroy it unless it is reasonable in the circumstances to do so.
There are certain exceptions to the above and those include work related to wills, probate and conveyancing, or disputes where personal information would be still pertinent after work has been completed. In addition, there may be situations where the information cannot be deleted for legal, regulatory or technical reasons.
Contact and complaints or queries
If you have any questions in relation to this policy or the Jersey data protection law, please contact us at:
PO Box 696
6 Hill Street
T: +44 (0)1534 760760
F: +44 (0)1534 878118
If you would like to make a complaint to The Office of the Information Commissioner (OIC) in the Bailiwick of Jersey or learn more about Jersey data protection please go to www.jerseyoic.org. The Commissioner is an independent statutory authority, with a mission to promote respect for the private lives of individuals through ensuring privacy of your personal information.
Please note that this document together with any further documents published on our website may be updated from time to time without any given notice, we would therefore advise you to visit our website regularly.