Privacy policy

Moore Stephens Channel Islands Privacy Notice
 
Purpose of this notice
 
This privacy notice describes how Moore Stephens Channel Islands (“Moore Stephens”, “we”, “us” or “our”) collects and uses Personal Data, in accordance with the General Data Protection Regulation 2016/679 (GDPR), the Data Protection (Jersey) Law 2018 (DPJL) and the Data Protection (Bailiwick of Guernsey) Law 2017 (collectively “data protection law”). 

 
It applies to Personal Data provided to us, both by individuals or by others.
 
Personal Data is any information relating to an identified or identifiable living person. Words used with first letter capitalisation (e.g. Personal Data), unless otherwise defined in this policy, have the same definition and meaning as under data protection law.
 
About us
 
Moore Stephens, is an accountancy, advisory and fiduciary firm and includes audit and assurance, accounting and business support, wealth management, restructuring and insolvency, trust and corporate services and fund administration services.  The firm provides professional support to a broad range of individuals and entrepreneurs, large organisations and complex international businesses.  Personal interactions are at the core of our business, so we have implemented this policy for reasons of lawfulness, fairness and transparency in relation to our use of Personal Data.
 
Moore Stephens Channel Islands
 
Jersey
 
The Moore Stephens (Jersey) office, Moore Stephens (Jersey) Limited is a limited company, incorporated in Jersey with registration number 121337.  It is registered with the (OIC) in Jersey as a Data Controller under registration number 58434.
 
Guernsey
 
Moore Stephens Guernsey is a limited liability partnership and registered with the Office of the Data Protection Commissioner (DPC) in Guernsey as a Data Controller under registration number 11184.
 
Our role
 
Where we decide how and why Personal Data is processed, we are a Controller. This is generally the role under which we process Personal Data.
 
There may be limited circumstances where we solely process Personal Data on behalf of a Controller, and in these circumstances, we will be a Processor.  Should this apply to you, we will inform you during the period of engagement and on-boarding.
 
Types of Personal Data
 
Given the diversity of the services we provide to clients we may process many categories of Personal Data. By way of example, we could collect and process:
  • contact and personal details (including name, address, date of birth, employer name, contact, title, phone, email and other business or family contact details);
  • business activities;
  • family information;
  • information about management and employees of clients;
  • income, taxation and other financial-related details;
  • investments and other financial interests;
  • payroll details and other financial information.
For certain services or activities, and when required by law or with an individual's consent, we may also collect Special Category Data. Examples of special categories include race or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; physical or mental health; genetic data; biometric data; sexual life or sexual orientation; and, criminal records.
 
Collection of Personal Data
 
We will only collect such Personal Data that is necessary for us to perform our services or where there has been an explicit selection to receive other information from use of this website.  We therefore ask our clients or website users to share such Personal Data as required for that purpose. Where we identify that a client has provided us with unnecessary Personal Data we will either return that information to its source or destroy it, taking into account our client’s preference wherever possible. 
 
Generally, we collect Personal Data from our clients or from third parties acting on the instructions of the relevant client. Examples of this collection include when:

 
  • we are contacted about our services;
  • a proposal is requested from us in respect of the services we provide;
  • our clients engage us to provide our services and also during the provision of those services;
  • from third parties (e.g. agents of our clients, or from corporate entities who employ Data Subjects) and/or publicly available resources (e.g. the Jersey Financial Services Commission, Guernsey Financial Services Commission, Company Registry).
Cookies

IP addresses of authorised users are not logged for either administrative or other purposes.  The standard technology known as 'cookies' is however used on our website. Cookies are small text files placed on the authorised user's hard drive that allow the website to store tokens of information in connection with use of the website by allocation of an identifier to an authorised user while the site is in use.

Use of cookies enable Moore Stephens to analyse the operation of the website, thus permitting continuous improvement of the service that it provides, but cannot retrieve any other data from the hard drive of the authorised user's computer or capture the authorised user's e-mail address. It is therefore not intended to link personal data to information that may be contained in a cookie to determine or track the identity of any user of the site.

Google Analytics

We use Google Analytics to analyse our website usage and create reports for internal use at Moore Stephens only.

Google Analytics Cookies

Like many services, Google Analytics uses first-party cookies to track visitor interactions. These cookies are used to store information, such as what time the current visit occurred, whether the visitor has been to the site before, and what website referred the visitor to the web page. Browsers do not share first-party cookies across domains. To find out more about how Google treats personal information, please see the Google Privacy Policy.


 Use of Personal Data
 
Here we set out the basis upon which we process Personal Data. Please note that we may process Personal Data for more than one lawful basis, depending on the specific purpose for which we are using that information.
 
Performance of a contract
 
We provide a diverse range of professional services, of which more information can be found here
 
Many of our services require us to process Personal Data for purposes necessary for the performance of our contract with our clients. For example, this may include processing Personal Data to provide requested bespoke fiduciary support to a private client, or processing the Personal Data of a Data Subject who is the employee, subcontractor, supplier or customer of our client.
 
Legitimate interests
 
We may process Personal Data for the purposes of our own legitimate interests in the effective delivery of information and services to our clients, and in the effective and lawful operation of our businesses, provided that those interests do not override the interests, rights and freedoms of a Data Subject which require the protection of that Personal Data.
 
Examples of such processing activities include:

 
  • managing our relationship with clients;
  • developing our businesses and services (such as identifying client needs and improvements in service delivery);
  • monitoring the services we provide clients for quality control purposes, which may involve processing the Personal Data stored on the relevant professional file;
  • managing risk in relation to client engagements and to the firm generally;
  • maintaining and using IT systems, including security monitoring to identify harmful programs;
  • hosting or facilitating the hosting of events;
  • administering and managing our website and systems and applications. 
Compliance with a legal obligation 
 
As with any provider of professional services, we are subject to legal, regulatory and professional obligations. We will process Personal Data as necessary to comply with those obligations.
 
One example of such processing includes anti-money laundering activities such as carrying out searches (using for example, internet searches and sanctions lists) to identify politically exposed persons and heightened risk individuals and organisations, and to check that there are no issues that would prevent us from working with a particular client (such as sanctions, criminal convictions (including in respect of company directors), conduct or other reputational issues).
 
We are also required to keep certain records to demonstrate that our services are provided in compliance with our legal, regulatory and professional obligations.  
 
Consent
 
In certain limited circumstances, such as where a Data Subject has agreed to receive marketing communications from us, we may process Personal Data by consent. Where consent is the only basis upon which Personal Data is processed the relevant Data Subject shall always have the right to withdraw their consent to processing for such specific purposes.
 
We understand the importance of protecting children’s privacy and data.  Should we be required to process children’s data below the age of legal consent (for Jersey, Guernsey and EU purposes, this would be the age of 13) we will request consent from persons with legal parental responsibility.  Otherwise, consent will be obtained from the child where they are legally able to provide it.
 
It is our policy to only process Personal Data by consent where there is no other lawful basis for processing.
  
 
Data retention
 
We retain the Personal Data processed by us for as long as is considered necessary for the purpose for which it was collected (including as required by applicable law or regulation).

 

In the absence of specific legal, regulatory or contractual requirements, Moore Stephens Jersey’s standard retention period for records and other documentary evidence created in the provision of services is 10 years. 
 
Moore Stephens Guernsey implement a retention period of 6 years except for those documents that require a longer or permanent period. 

 
Should you have any queries with respect to retention periods please see “Contacts” section toward the end of this privacy notice. 

We continually review our data retention policies, and we reserve the right to amend the above retention periods without notice.
 
Other records, which are not required to be retained as part of our professional services, will be kept for a period of time depending on:

 

  • the type, amount and categories of Personal Data we have collected;
  • the requirements of our business and the services we provide;
  • the purposes for which we originally collected the Personal Data;
  • the lawful grounds upon which we based our processing;
  • any relevant legal or regulatory obligations;
  • whether the purpose of the processing could be reasonably fulfilled by other means. 
Data Security
 
We take the security of all the data we hold very seriously. We have a framework of policies, procedures and training in place covering data protection, confidentiality and security and regularly review the appropriateness of the measures we have in place to keep the data we hold secure.
 
We have put in place appropriate security measures to prevent Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. This is not only in accordance with our obligations under data protection law, but also in accordance with our regulatory obligations of confidentiality.
 
In addition, we limit access to Personal Data to those employees, agents, contractors and other third parties who have a business need to know, and our IT systems operate on a ‘least privileged’ basis by default. Third parties will only process Personal Data on our instructions and they are subject to a duty of confidentiality.
 
We have put in place procedures to deal with any suspected data security breach and will notify any affected Data Subject and any applicable regulator of a suspected breach where we are legally required to do so.
 
In some circumstances, we may anonymise or pseudonymise Personal Data so that it can no longer be associated with the Data Subject, in which case we may use it without further notice.
 
Data transfers
 
We will share Personal Data with third parties where we are required by law, where it is necessary to administer our relationships between clients and Data Subjects, or where we have another legitimate interest in doing so.
 
We are part of a global network of firms and accordingly Personal Data may be transferred to other member firms of the Moore Stephens International network. This may result in Personal Data being transferred outside the countries where we and our clients are located. This includes to countries outside the European Union (EU) and to countries that do not have laws that provide specific protection for personal data. All Personal Data will be provided with adequate protection and all transfers of Personal Data outside the EU are undertaken lawfully. Where we transfer Personal Data outside of the EU to a country not determined by the European Commission as providing an adequate level of protection for Personal Data, the transfers will be under an agreement which covers the EU requirements for the transfer of personal data outside the EU, such as the European Commission approved standard contractual clauses.
 
Please also see https://www.moorestephens.com for a list of firms and countries in which member firms of the Moore Stephens International network operate. We will also share Personal Data with other entities within our group, subject to the safeguards mentioned above.
 
We will also share Personal Data with third-party service providers.  For example, we use third parties to provide:

 
  • our cloud services, and to operate and manage these services;
  • professional advisory services (including our auditors);
  • administration services;
  • marketing services;
  • banking services;
  • investment services.
 All of our third-party service providers are required to take commercially reasonable and appropriate security measures to protect your personal data. We only permit our third-party service providers to process your personal data for specified purposes and in accordance with our instructions.
 
Rights and responsibilities
 
A Data Subject’s duty to inform us of changes
 
It is important that the Personal Data we hold is accurate and current. Should your personal information change, please notify us of any changes of which we need to be made aware by contacting us, either through your usual contact at Moore Stephens or by using one of the means set out at the end of this privacy notice.
 
A Data Subject’s rights in connection with Personal Data
 
Data Subjects may have certain rights under Jersey, Guernsey or EU law in relation to the Personal Data held by us about them. In particular, they may have a right to:

 
  • request access to their Personal Data. This enables a Data Subject to receive details of the Personal Data we hold about them and to check that we are processing it lawfully;
  • ask that we update the Personal Data we hold about them, or correct such Personal Data that they think is incorrect or incomplete;
  • request erasure of their Personal Data. This enables a Data Subject to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. Data Subjects also have the right to ask us to delete or remove Personal Data where they have exercised their right to object to processing (see below). Please note that we may not always be able to comply with a request for deletion of Personal Data for legal reasons which will be notified, if applicable, after receiving such a request;
  • object to processing of their Personal Data where we are relying on a legitimate interest solely (or those of a third party), and there is something about their particular situation which makes them want to object to processing on this basis. The Data Subject may also have the right to object where we are processing their personal information for direct marketing purposes;
  • request the restriction of processing of their Personal Data. This enables a Data Subject to ask us to suspend the processing of Personal Data about them, for example if they want us to establish its accuracy or the reason for processing it. The Data Subject may also have a right to be notified before lifting or otherwise ceasing a restriction of processing by us as a controller;
  • request the transfer of their Personal Data to them or another Controller if the processing is based on consent, carried out by automated means and this is technically feasible. Please note that, at the time of the drafting of this notice, we do not undertake any processing relevant to the exercise of this right;
  • information for Personal Data collected from the Data Subject; and
  • information for indirectly collected Personal Data. 
Withdrawal of consent
 
Where we process Personal Data based on consent, individuals have a right to withdraw consent at any time. However, as noted above, we do not generally process Personal Data based on consent.
 
To withdraw consent to our processing of your Personal Data please email:
 
To stop receiving an email from a Moore Stephens marketing list, please click on the unsubscribe link in the relevant email received from us.
 
Contacting us to exercise a right
 
If any individual would like to exercise the above rights please contact us by sending an email to:
 
We may charge for a request to access details of Personal Data, if permitted by law. If a request is clearly unfounded, repetitive or excessive we may refuse to comply with that request.
 
Please note that it is our policy not to provide copy documents if we are contacted by the Data Subject seeking access to their Personal Data. We will comply with this request in another way, usually by providing a newly created document listing the information we are required to provide under data protection law.
 
We may need to request specific information from those individuals who contact us to help us confirm their identity and ensure their right to access their personal data (or to exercise any of their other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact an individual to ask them for further information in relation to their request to speed up our response.
 
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if a request is particularly complex. In this case, we will notify the individual concerned and keep them updated.
 
Data Subjects also have the right to make a complaint to the OIC, the supervisory authority for Jersey, or the DPC, the supervisory authority for Guernsey.
 
Complaints with respect to the Jersey office
 
For further information on individual rights and how to complain to the OIC, please refer to the https://oicjersey.org/

Complaints with respect to the Guernsey office
 
For further information on individual rights and how to complain to the DPC, please refer to the:
https://dataci.gg/
 
Changes to this notice
 
We recognise that transparency is an ongoing responsibility so we will keep this privacy statement under regular review.
 
This privacy statement was last updated on 20 July 2018.
 
Contacts
 
If there are any questions regarding this notice or if anyone would like to contact us about the manner in which we process their Personal Data or Special Category Data, please email our data team:
 
Moore Stephens Jersey:
dataprotection@moorestephens-jersey.com
 
Moore Stephens Guernsey:
dataprotection@msgsy.com