Amberton Limited (“Amberton”) (“We”) or (“Us”) conform with the Data Protection (Jersey) Law 2018 and General Data Protection Regulation EU 2016/679 (“GDPR”). Amberton is registered with the Office of the Information Commissioner in Jersey.
Amberton has determined it is unnecessary to appoint a Data Protection Officer, however, the Data Controller is the main contact regarding privacy issues.
Amberton is committed to ensuring personal data is processed fairly with appropriate safeguards which consider your privacy rights. We limit access to your personal information to employees who we believe have a reasonable need to access your information in order to carry out their jobs.
We will only collect and use your personal information where we have lawful grounds and legitimate business reasons to do so. We will be transparent in our dealings with you and will tell you how we will collect and use your personal information. If we have collected your personal information for a particular purpose we will not use it for any other purpose unless you have been informed, we have a legitimate interest, or where we are legally obliged to. We will update our records when you inform us your details have changed. We will implement appropriate retention policies and ensure your personal information is securely disposed of at the end of the appropriate period. We will observe the rights granted to you under the applicable privacy and data protection laws. We will train our staff on their privacy obligations. We will ensure we have appropriate organisational and technical measures to protect your personal information and when we outsource any processes, the supplier has appropriate measures in place.
What information we collect
We will collect personal information about you and any associated parties you are authorised to disclose data about. This will include information such as names, addresses, telephone numbers, email addresses, date of birth, nationality, financial and banking details, identification documents, tax identification numbers, and technical details including your Internet Protocol (“IP”) address, login information, browser type and operating system.
Where an application is on behalf of a business we will require information in respect of the business itself as well as personal information relating to the Principals, including but not limited to any directors, partners, members, shareholders, ultimate beneficial owners, trustees, settlors and/or beneficiaries (whatever the case may be).
Where we obtain the information
This information will be collected when you access our website, register your interest for our services and complete an application. We will also collect information from other parties acting on your behalf and from our employees when interacting with you regarding the use of our facilities. We will collect information during the term of any contract between you and us.
What we do with the information
We are required to process your information at your request to enter into, and thereafter manage, a contract. Failure to provide the necessary information will not permit us to offer you such contract.
We will use your information to achieve the legal obligation of assessing the suitability of the contract. We may share your information with other categories of recipient, subject to the purpose of processing. These may include (and not limited to): Entrust Limited as Administrators, Law Enforcement or other government bodies (to assist them in preventing crime, tax avoidance or other fraudulent activities), where appropriate.
We have a legitimate interest in:
- contacting you from time to time to tell you about similar products or services which we believe you could be interested in;
- sharing your information with other companies in our wider Group, affiliated or associated companies, ensuring adequate protection of your information;
- use your information for statistical purposes for us to improve our products and services.
In the event that we are unable to enter into a contract with you, we will require your explicit consent to share your information with third-party companies who offer similar products and who may be able to assist you.
There are certain regulatory requirements for the retention of any personal data we hold. We will only hold data for as long as necessary which considers these requirements. For instance, we will retain your personal data for 10 years after the last transaction/dealing with us, unless we have a legitimate reason to retain it for longer.
Transferring or storing data outside the EU
Occasionally we will be required to share your data with other parties. These parties may be located within or outside of the European Union. Where these parties operate (i) in territories within the EU, (ii) are in territories which have been granted EU adequacy status for transferring of data, or (iii) operate within the US and subscribe to the US-EU Privacy Shield, there are appropriate safeguards in place for the transfer of your personal data. Where these parties may be located in another territory, we will ensure there are adequate contractual clauses in place to safeguard the transfer of your personal data.
Under the GDPR, you are given certain rights about how your data is used, these rights are:
- the right to be informed how your data will be processed – we will provide a Fair Processing Notice at the time of collecting your personal data (ordinarily at the time of making an application), which informs you how we will process your data. (If another party has provided the data, this notice will be provided within one-month of processing your data);
- the right to withdraw consent – if we require consent for a specific process, you may withdraw this consent at any time preventing us from any further processing. You may withdraw consent by contacting us, selecting communications preferences on the web-site or by selecting unsubscribe in any emails we send to you;
- the right of access – we will confirm if we hold and process any personal data, and describe the purpose of the processing; the categories of the data concerned; the recipients or categories of recipients where the data has been or will be disclosed; the envisaged period the data will be retained (or the criteria for determining the retention period); any information available regarding the source of your information where we have not collected it from you; the existence of any automated decision making or profiling; and we will confirm your rights. Amberton will not charge for such request and will provide the information within 4 weeks. If there are any exceptions, we will confirm these exceptions in writing within 4 weeks;
- the right of rectification – where you believe data we hold is inaccurate you have the right to request this inaccuracy be rectified;
- the right of erasure (to be forgotten) – in certain circumstances you have the right to have your personal information erased. If you make a request to erase data which we are not obliged to erase, we will confirm the reason in writing;
- the right to restrict processing – in certain circumstances you have the right to restrict how we process your personal information. If you make a request to restrict data processing which we are not obliged to restrict, we will confirm the reason in writing;
- the right to data portability – we will provide the personal data which you provided to us in an appropriate format which you may pass to another data controller;
- the right to object to automated decision making or profiling – if we make automated decisions or use your data for profiling you may object to this processing and request ‘human intervention’;
- the right to complain to the Supervisory Authority – you may make a complaint to the relevant Data Protection Office if you believe we are processing your data inappropriately/illegally.
The transmission of information via the internet may not be completely secure. We will do our best to protect your personal information, but we cannot guarantee the security of data transmitted to our site. A transmission is at your own risk.
Complaints about how your data is handled
How to complain to Amberton
You can make a complaint directly to Amberton by contacting us by email to: or in writing to us at: Data Controller, Amberton Limited, 45 Esplanade, St Helier, Jersey, JE2 3BQ
How to complain to a Supervisory Authority
If you believe we are processing your personal data inappropriately or without a lawful basis for processing the data, you may make a complaint to the Supervisory Authority in writing to Office of the Information Commissioner, Brunel House, Old Street, St Helier, Jersey, JE2 3RG, or by telephone to: 01534 716530, or by email to [email protected]. The Office of the Information Commissioner website is: https://jerseyoic.org/
Cookies contain information that is transferred to your computer. Some of the Cookies we use are essential for the web-site to operate. Some Cookies allow us to recognise and count the number of visitors and to see how visitors move around the site when they’re using it. This helps us to improve the way our website works and deliver a better and more personalised service, for example, by making sure users are finding what they need easily. We may obtain information about your general internet usage by using a cookie file which is stored on your browser or the hard drive of your computer.
We use the following Cookies:
_ga, _gat, and _gid. These are used to track and report website traffic. For further information please see Google Analytics https://bit.ly/1dm9wka
Changes to this policy