This policy includes the following headings:
- Important information
- Collection of your data
- Use of your data
- Retention of your data
- Transfer of your data to third parties
- Links to other sites
- Know your rights
It is important that you read this policy when working with us to ensure that you are fully aware of how we collect, use and retain your data.
For the purposes of the Data Protection (Jersey) Law 2018 (“JGDPR”):
- the data controller is Baker Regulatory; and
- Baker Regulatory may use third-party processors to deliver specific services that are requested by you from Baker Regulatory.
Baker Regulatory is a firm established to provide regulatory services. For any questions relating to your data, or to submit any requests, please contact Baker Regulatory using one of the methods below:
Post: Midland Chambers
2 – 10 Library Place
Phone: +44 (0) 1534 719222
Collection of your data
Baker & Partners may collect information from you directly, indirectly by email, phone or other means, or via our website https://www.bakerregulatory.com.
We may collect and/or process the following data about you:
- Information you provide to us – by entering into a contract with us, or by correspondence with us by email, letter, phone or other methods, which includes placing a request for services or otherwise contacting us.
- Personal Data – the information you give us may include; your name, date of birth, nationality, passport information, address(es), email address(es), phone number(s), family related or work-related information together with financial and credit card information. All of which is Personal Data and subject to the JGDPR.
- Sensitive Personal Data – the information you give us, depending on the nature of our engagement, may also include; information concerning racial or ethnic origin (e.g. in relation to a discrimination proceedings), your sex life or sexual orientation (e.g. relating to divorce proceedings), criminal and alleged criminal activity (e.g. in relation to criminal proceedings) and other information in respect of your case or in relation to your case.
- Information we receive from other sources – information about you may be received by us if you use another website or service that are connected with in our normal course of business (e.g. publicly available sources such company registries, regulatory bodies or otherwise published materials). Third-parties may also provide information to us about you, specifically from any of the following; companies or legal entities of which you are a legal owner or controller, our business partners, sub-contractors or credit reference agencies for payment and delivery services, or advertising and marketing services, or our technical and analytics providers, or our search engine and search information providers.
All Personal Data we hold is protected by us in accordance with the Principles of the JGDPR.
- Data security – We endeavour to take all reasonable steps to protect your data. All the data collected by us is stored on a secure platform in a secure hosting facility and we take all reasonable steps to ensure any access is pre-authorised and recorded; and
- Data encryption – all Personal Data is segmented and held in AES256 encrypted files to ensure protection. We retain a copy file within our on-premises devices together with a duplicate backup on our data centre account within Europe.
The information we collect about you, if you agree to provide it, will allow us to perform your request for services or otherwise contact and send information to you where you may have an interest.
- In providing us your information you thereby consent to us processing it for this purpose; and
- We will not pass your information on to any third party without your express permission, except as defined herein for the provision of services that you have requested, other than authorities and the police in the event of any investigation.
Use of your data
We abide by the law when using your data. The information we hold about you is predominantly used as follows:
- To fulfil a contract we have, or are about to, entered into with you;
- Where it is necessary to use the information for legitimate interests (and where your interests and rights do not override those legitimate interests); and
- To comply with a legal and/or regulatory obligations or legal proceedings.
Information we receive from other sources – we may use third-party information, which may be combined with information you provided to us and/or information collected by us, which may be used for the purposes we have defined above.
Retention of your data
Baker Regulatory comply with the Law Society of Jersey policy on document retention that all documents and records in either physical or electronic form shall be retained for a minimum period of 11 years from the date of the last substantive exchange with the client on the matter. Records may be destroyed without client consent after 20 years from the last material event on the file.
Transfer of your data to third parties
We may pass your data to other parties as follows:
- Where relevant, we may pass your data to our employees, suppliers and agents to administer the services provided to you by us or them, now or in the future.
- We may disclose your data to the police, regulatory bodies or legal advisers in connection with any alleged criminal offence or suspected breach of the Terms and Conditions of Use and (where appropriate) by you or otherwise where required by law.
We use third-parties to process data and deliver services for the purposes shown. All of these processors may have access to some of your Personal Data as appropriate for the delivery of the purpose specified.
All of our third-party processors are subject to our Controller-Processor terms, which limit their legal right to access Personal Data unless under supervision by our personnel or by other specific written consent from us. These include:
- IT Support – General IT, website, hosting and office systems support
- CRM – Client relationship management and marketing
- PMS – Practice management, information and analytical systems
- Security – Cyber and data security systems
- Communications – Telephone and other communication system providers
Links to other sites
Please be aware that the Baker Regulatory site and/or published materials may link to other web sites that may be accessed by you through our site or materials.
We are not responsible for their data policies, content or security of these linked web sites. We do not have any control over the use to which third parties may put your data where you choose to purchase products or services or otherwise to contact them via our site or materials.
Know your rights
Under JGDPR, all individuals who are the owners of their Personal Data have specific and clear rights, which are:
- Right to Erasure – Every individual has the right to be forgotten upon request. The data controller must remove your Personal Data from its systems and request the same of any third-party systems of that controller;
- Right to Access – Every individual has the right to access their Personal Data held about them upon request;
- Right to Portability – Every individual has the right to request their Personal Data and use it for other parties they wish to engage with;
- Right to be Informed – Every individual has the right to be informed about how their Personal Data is being used, which may be provided upon request of the individual, or before the controller changes any use of that data, giving the individual the right to consent or object;
- Right to Objection – Every individual has the right to object to the use of their Personal Data for any purpose proposed by a controller;
- Right to Rectification – Every individual has the right to have errors in their Personal Data to be corrected;
- Right to Restrict – Every individual has the right to restrict the uses of their Personal Data for any specific type of processing;
- Rights on automated decisions & profiling – Every individual has the right to restrict or object to automated decision-making processes or profiling based on their Personal Data;
To exercise such rights, or ask questions regarding how we collect, use and retain personal information, please contact us using the contact information above. In addition, you may wish to provide:
- Revocation of your consent – in accordance with the JGDPR, to revoke consent for processing of your Personal Data send an email with the word “Revoke” in the subject field to firstname.lastname@example.org;
- Data Subject Access Request (DSAR) – in accordance with the JGDPR,
- you may request us to send you details about any Personal Data that we may hold about you; or
- you may request that we correct any errors; or
- you may request us to delete any/all Personal Data about you; or
- Complaints – you may wish to make a complaint regarding our use of Personal Data to the appropriate supervisory body. We would appreciate the chance to address your concerns first by contacting us. The website of the Jersey Office of the Information Commissioner (JOIC) can be found at https://jerseyoic.org where you can make your complaint.
Please note that, in accordance with the JGDPR, any DSAR is provided free of charge within 30 days, unless a particular DSAR is subject to other regulatory requirements as defined within the JGDPR, in which case we will inform you as required by those specific regulations.