1 PRIVACY NOTICE AJH LIMITED
Data Protection Privacy Notice
Who collects the information?
AJH Limited ("the Company"). ‘The Company’ is a ‘data controller’ and gathers and uses certain information about you. Relevant Law The way in which we process personal data is governed by data protection law, which includes the Data Protection (Jersey) Law 2018 (the ‘DPJL 2018’), the Data Protection Authority (Jersey) Law 2018 (the ‘Authority Law’)and, where relevant, the General Data Protection Regulation (EU) 2016/679 (‘GDPR’). Data protection principles We will comply with the data protection principles when gathering and using personal information.
We process data in order to provide accountancy and tax services to our clients. The type of information we collect includes but it not limited to: • Your name, contact details (i.e. address, home and mobile phone numbers, email address); • Details of salary and benefits, bank/building society, Social Security and tax information, your age; • Details of your spouse/partner and any dependants; • Your nationality and immigration status and information from related documents, such as your passport or other identification and immigration information; • A copy of your driving licence or passport; • Details of your use of business-related social media, such as LinkedIn; • Details in references about you that we give to others; • Information to meet legal and regulatory requirements and to allow us to check and verify your identity prior to engagement, including information on source of funds and source of wealth; • Information provided in the course of the provision of services (for example, information on professional relationships and background, disputes and court proceedings engaged in); • We may collect information such as your business contact details if we meet you in person, or at a telephone, or online meeting (including images or video obtained during visits to events hosted by us or in which we are involved.
How we collect the information?
We will usually collect most information from you directly. However, we may also collect information from: • Publicly accessible sources, e.g. the Jersey Financial Services Commission website, the Public Registry or social media sites such as LinkedIn; • From your colleagues or third-party business contacts who have referred you to us, or put you in touch with us; and • From a third party with your consent (e.g. your bank or insurance provider).
Why we collect the information and how we use it?
We will typically collect and use this information for the following purposes: • For the performance of a contract with you, or to take steps to enter into a contract; • For compliance with a legal obligation; • For the purposes of our legitimate interests or those of a third party (such as a benefits provider), but only if these are not overridden by your interests, rights or freedoms. • For reasons of substantial public interest (equality of opportunity and regulatory requirements); • To enter into client relationships and provide the services you have asked us to provide; • The ensure the security of our computer systems and premises; and • To notify you about goods or services and updates about relevant industry developments and our services, which may be of interest to you We seek to ensure that our information collection and processing is always proportionate. We will notify you of any material changes to information we collect or to the purposes for which we collect and process it. How we may share the information? We will never sell your information or pass it to any third party for marketing purposes or for any other purpose unconnected with my business. We may need to share some of the above information with other parties such as: • Any sub-contractors, agents or professional service providers; • Potential purchasers of some or all of our business or on a re-structuring; • Courts or tribunals; • Third parties with whom we engage for the hosting of events or other marketing initiatives; • Law enforcement agencies where considered necessary for us to fulfil legal obligations applicable to it; and • Regulators or other governmental or supervisory bodies with a legal right to the material or a legitimate interest in any material.
Information may be transferred internationally to other countries around the world, including countries that do not have data protection laws equivalent to those in Jersey, for the reasons described above. Where we enter into an engagement with a third party pursuant to which data may be processed by that third party, we will impose contractual obligations on them to ensure that they are only allowed to use your information to complete the tasks we have asked them to carry out and that they take appropriate measures to protect your personal data. We may also disclose your personal data to third parties: • If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce any agreement with you; or • To protect our rights, property, or safety or that of our clients or any third party we interact with. 3 Other than as set out above and save insofar as is necessary in order for us to carry out our obligations arising from any contracts entered into between us and you, we will not share your data with third parties unless we have procured your express consent to do so.
Where information may be held?
Information may be held at our offices and those of our group companies, and third party agencies, service providers, representatives and agents as described above. Information is stored on secure systems provided by our third party service provider within the EU.
How long we keep your information?
We keep your information for no longer than is necessary for the purposes for which the personal information was collected. We retain your information for 10 years in order for us to provide the services we are contracted to perform.
Your rights Under data protection legislation, you have various rights in connection with any personal data about you that is processed by us as data controller. These include rights to: • Access to your personal data and to certain other supplementary information that this notice is already designed to address; • Require us to correct any mistakes in your information which we hold; • Require the erasure of personal data concerning you in certain situations; • Receive the personal data concerning you which you have provided to us in a structured, commonly used and machine readable format and have the right to transmit those data to a third party in certain situations; • Object at any time to processing of personal data concerning you for direct marketing; • Object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you; • Object in certain other situations to our continued processing of your personal data; • Otherwise restrict our processing of your personal data in certain circumstances; and • Claim compensation for damages caused by our breach of any data protection laws.
Further information on those rights can be found on the website of the Jersey Office of the InformationCommissioner: www.jerseyoic.org
If you would like to exercise any of those rights, please call, email or write to us.
We are obliged to respond to your request.
Keeping your personal information secure We have appropriate security measures in place to prevent personal information from being accidentally lost, used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
How to complain?
You can also complain to the Jersey Office of the Information Commissioner (JOIC) if you are unhappy with how we have used your personal data. JOIC’s current address is 2nd Floor, 5 Castle Street, St. Helier, Jersey, JE2 3BT. 4 The JOIC email and telephone contact details are: firstname.lastname@example.org +44 (0) 1534 716530
Changes to this Notice We reserve the right to modify this notice at any time. Any changes will be notified and made available via www.jerseyoic.org Last updated: 25th March 2021