Your privacy is important to us
Cornwalls Lane is a Group of GFSC Regulated companies. Comprising of Cornwalls Lane Directors Ltd, Cornwalls Lane Trustees Ltd and Cornwalls Lane Company Managers Limited.
We take your privacy very seriously. Please read this privacy policy carefully as it contains important information on who we are and how and why we collect, store, use and share your personal data. It also explains your rights in relation to your personal data and how to contact us or supervisory authorities in the event you have a complaint.
When we use your personal data we are regulated under the General Data Protection Regulation (GDPR) which applies across the European Union (including in Gibraltar) and we are responsible as ‘controller’ of that personal data for the purposes of the GDPR. Our use of your personal data is subject to your instructions, the GDPR, other relevant Gibraltar and EU legislation and our professional duty of confidentiality.
WHAT PERSONAL INFORMATION DO WE COLLECT?
We collect personal data to provide you with our services. When we require certain personal data from clients it is because we are required by law to collect this information or it is relevant for specified purposes. Any information you provide to us that is not required is voluntary. You are free to choose whether to provide us with the types of personal data requested, but we may not be able to serve you as effectively or offer you all of our services when you do choose not to share certain information with us.
For example, we collect personal data which is required under the law to comply with anti-money laundering regulations. We also collect personal data when you use or request information about our services or subscribe to marketing communications. We may also collect personal data from you offline, such as when you attend one of our events, or when you contact the firm. We may use this information in combination with other information we collect about you as set forth in this Policy.
Data Protection law says that we are allowed to use personal data only if we have a proper reason to do so. The law says we must have one or more of these reasons:
- To fulfil a contract we have with you (i.e. to provide you with our legal and other services), or
- When it is our legal duty, or
- When it is in our legitimate interest, or
- When you consent to it.
When we have a business or commercial reason of our own to use your information, this is called a ‘legitimate interest’. We will tell you what that is, if we are going to rely on it as the reason for using your data. Even then, it must not unfairly go against your interests.
The law and other regulations treat some types of sensitive personal data as special. This includes information about racial or ethnic origin, sexual orientation, religious beliefs, trade union membership, health data, and criminal records. We will not collect or use these types of data without your consent unless the law allows us to do so. If we do, it will only be when it is necessary
WHAT DO WE DO WITH THE DATA COLLECTED?
Our primary purpose in collecting personal data is to provide you with a secure, smooth, efficient level of service. In general, we use personal data to deliver and improve our services and for anti-fraud purposes. We may use this information in the following ways:
To maintain legal and regulatory compliance
The provision of our services are subject to laws and regulations requiring us to collect and use your personal identification information, formal identification information, financial information, transaction information, employment information, online identifiers, and/or usage data in certain ways. For example, we must identify and verify clients using our services in order to comply with anti-money laundering and terrorist financing laws. In addition, we use third parties to verify your identity by comparing the personal data you provided against third-party databases and public records. The consequences of not processing your personal data for such purposes is the termination of your engagement as we cannot perform the services in accordance with legal and regulatory requirements.
To provide our services
We process your personal data in order to provide the services to you. For example, we require certain information such as your identification, contact information, and payment information. In addition, we may need to provide your personal data to third parties such as banks, estate agents, accountants and other service providers (see transfer to third parties below). We cannot provide you with our services without processing such information.
To provide service communications
We send administrative or account-related information to you to keep you updated about our services, inform you of relevant issues or updates, or provide other transaction-related information. Without such communications, you may not be aware of important developments that may affect how you can use our services.
To provide client care service
We process your personal data when you contact us to resolve any questions, disputes, collect fees, or to troubleshoot problems. Without processing your personal data for such purposes, we cannot respond to your requests and ensure your uninterrupted use of the services.
To ensure quality control
We process your personal data for quality control and staff training to make sure we continue to provide you with accurate information. Our basis for such processing is based on the necessity of performing our contractual obligations with you.
To ensure network and information security
We process your personal data in order to enhance security, monitor and verify identity or service access, combat spam or other malware or security risks and to comply with applicable security laws and regulations. Without processing your personal data, we may not be able to ensure the security of our services and we process this personal data to satisfy our legal obligations.
To engage in marketing activities
Subject to your consent, we may send you marketing communications to inform you about our events or our partner events or to deliver targeted marketing. We use information about your usage of our services and your contact information to provide marketing communications. You can opt-out of our marketing communications at any time. We will not use your personal data for purposes other than those purposes we have disclosed to you, without your permission. You may opt out of having your personal data shared with third parties, or allowing us to use your personal data for any purpose that is incompatible with the purposes for which we originally collected it or subsequently obtained your authorisation. If you choose to so limit the use of your personal data the provision of our services may not be available to you.
HOW DO WE SHARE YOUR DATA?
We will not share your information with anyone outside of us except: a) where we have your permission; b) where required to provide you with our services; c) where we are required by law and by law enforcement agencies, judicial bodies, government entities, tax authorities or regulatory bodies around the world; d) with third parties providing services to us, such as professional and expert advisors, insurers, managing agents, estate agents, accountants, or legal professionals in other jurisdictions e) with debt collection agencies; f) with credit reference and fraud prevention agencies; g) where required for a proposed sale, reorganisation, transfer, financial arrangement, asset disposal or other transaction relating to our business and/or assets held by our business; or h) where permitted by law, it is necessary for our legitimate interests or those of a third party, and it is not inconsistent with the purposes listed above.
SENDING DATA OUTSIDE OF THE EEA
We will only send your data outside of the European Economic Area (‘EEA’) to:
- Follow your instructions
- Comply with a legal duty
- Work with our suppliers and partners who help us to provide our services. If we do transfer your personal data outside the EEA to our suppliers and partners, we will make sure that it is protected to the same extent as in the EEA. We’ll use one of these safeguards:
- Transfer it to a non-EEA country with privacy laws that give the same protection as the EEA. Learn more on the European Commission Justice website.
- Put in place a contract with the recipient that means they must protect it to the same standards as the EEA. Read more about this here on the European Commission Justice website.
- Transfer it to organisations that are part of Privacy Shield. This is a framework that sets privacy standards for data sent between the US and EU countries. It makes sure those standards are similar to what is used within the EEA. You can find out more about data protection on the European Commission Justice website.
HOW LONG DO WE KEEP YOUR DATA?
We will keep your personal data for as long as you are a client of ours. We may keep your data for up to 7 years after you stop being a client. The reasons we may do this are:
- To respond to a question or complaint, or to show whether we gave you fair treatment
- To study client data as part of our own internal research
- To obey rules that apply to us about keeping records
We may also keep your data for longer than 7 years if we cannot delete it for legal, regulatory or technical reasons. We may on exception retain your information for longer periods, particularly where we need to withhold destruction or disposal based on an order from the courts or an investigation by law enforcement agencies or our regulators. In addition, we may retain your information for a longer period where we view that this may assist in providing you with our services in the future (for example, we may retain copies of title deeds to assist in any property matter in the future) or where we believe that this is required in order to assist in any potential legal action as a result of any extended limitation period for action as provided in the Limitation Act. This is intended to make sure that we may be able to produce records as evidence, if they’re needed.
WHAT ARE MY RIGHTS?
Personal data must be processed in line with individuals’ rights, including the right to:
- access to the personal data we hold about you;
- request that any inaccurate personal data is corrected;
- request that personal data is deleted and destroyed. You may request that we delete your personal data if you believe that: – we no longer need to process your information for the purposes for which it was provided; – we have requested your permission to process your personal data and you wish to withdraw your consent; or – we are not using your information in a lawful manner. Please note that if you request us to delete your information, we may have to suspend the services we provide to you.;
- restrict the processing of your personal data. You may request us to restrict processing your personal data if you believe that: – any of the information that we hold about you is inaccurate; – we no longer need to process your information for the purposes for which it was provided, but you require the information to establish, exercise or defend legal claims; or – we are not using your information in a lawful manner. Please note that if you request us to restrict processing your information, we may have to suspend the services we provide to you;
- data portability. Where we have requested your permission to process your personal data or you have provided us with information for the purposes of entering into a contract with us, you have a right to receive the personal data you provided to us in a portable format. You may also request us to provide it directly to a third party, if technically feasible. We are not responsible for any such third party’s use of your account information, which will be governed by their agreement with you and any privacy statement they provide to you. If you would like to request the personal data you provided to us in a portable format, please contact the Data Protection Officer;
- object to the processing of your personal data. You have a right to object to us processing your personal data (and to request us to restrict processing) unless we can demonstrate compelling and legitimate grounds for the processing, which may override your own interests or where we need to process your information to investigate and protect us or others from legal claims. Depending on the circumstances, we may need to restrict or cease processing your personal data altogether, or, where requested, delete your information. Please note that if you object to us processing your information, we may have to suspend the services we provide to you.
- object at any time to processing of your personal data for direct marketing purposes, including profiling you for the purposes of direct marketing;
- withdraw your consent. Where we rely on your permission to process your personal data, you have a right to withdraw your consent at any time. We will always make it clear where we need your permission to undertake specific processing activities; and
- lodge a complaint with the regulator. If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer who will investigate the matter. We hope that we can address any concerns you may have, but you can always contact the relevant data protection authority. For more information please visit: www.gra.gi.
Should you wish to make a request in line with your rights as an individual, please forward it to the Data Protection Officer data@cornwalls.gi.
Our staff must notify or inform the Data Protection Officer immediately if they receive a request in relation to personal data which the firm processes.
If we choose not to action your request we will explain to you the reasons for our refusal.
WHO CAN I TALK TO?
If you have any questions please:
Email our Data Protection Officer:
data@cornwalls.gi
Our use our contact us page to either send us a message or visit us.