Statement of Data Protection and Privacy Policies
Artemis Holdings Limited and associated group companies (“Artemis”)
This Statement of our Data Protection and Privacy Policies explains how we collect, use, disclose, transfer and store your personal information. It also details your rights under the Data Protection (Bailiwick of Guernsey) Law 2017. Artemis is committed to protecting the privacy of people whose personal data we are obliged to collect as a regulated financial services business and employer. We therefore fully endorse and adhere to the Law and to the Principles of the EU General Data Protection Regulation. We regard the lawful and appropriate treatment of personal information as very important to our successful operations, and essential to maintaining confidence between Artemis and those with whom it carries out business. These include but are not limited to
- those who use our services, (including both clients and prospective clients)
- those who have a connection to our clients or services, where the law requires us to collect and keep information about them
- job applicants and present and former employees
- contractors, consultants and service providers
- contacts, business partners and visitors to our website
Please note that throughout this Policy Statement the word "website" refers to any web page hosted under our artemisci.com domain.
Because Artemis has collected your data it is designated as a Controller of Personal Information under the Law. If you have any questions about any aspect of this Statement please contact us at firstname.lastname@example.org.
Artemis does not collect or harvest personal data through its website for statistical or marketing purposes. However, our server may record your IP address data together with the date, time and duration of your visit. You are not required to provide any personal information to access public areas of our website. If your initial communication with us is via the details on our "Contact Us" page, depending on the nature of your enquiry or request, we may add the information you supply to our contact database.
We only retain information that is necessary for the purposes set out in this Policy Statement. We use personal information which we have collected from you in order to:
- provide you with a full and effective service
- communicate with you as part of that service, including letters, emails, faxes, billing reminders, terms and conditions of engagement
- communicate with you in connection with any services that we are providing to you as part of a business relationship
- fulfil any fiduciary duties that we have to you and others
- ensure compliance with regulatory requirements and applicable law
- apply our client due diligence policies
- carry out our administrative purposes which may include for example, accounting and billing, auditing and identification checking
- ensure that, if our relationship ends, your affairs with us are concluded in an orderly manner and that any unresolved issues or disputes are dealt with fairly and professionally
- comply with the terms of our insurance policies
- If you are a job applicant, to evaluate your suitability for a position and verify the information that we receive about you
- If you are an employee or service provider, to fulfil our contract with you (such as ensuring that you are paid and receive benefits due to you) and ensure that you fulfil your contract with us (including supervising and evaluating your performance and ensuring that those who need your services can contact you)
We only collect, use and otherwise process information revealing racial or ethnic origin, political opinions, religious beliefs or relating to your health, sexual orientation or your criminal activity, allegations or proceedings or otherwise (which is designated by applicable data protection laws as a "sensitive" or "special" category of personal information) where and to the extent that you have given your explicit consent, unless we are otherwise permitted or required under applicable data protection laws.
As a Guernsey fiduciary licence holder, we are required by law to collect information on the identities and activities of our clients and people who have a close connection to our clients, as well as our employees and service providers. This means that we will, at the beginning of our relationship, conduct background checks on you. These background checks include searches of publicly-available information on internet search engines and of subscription based databases. We will repeat these searches from time to time for as long as our relationship lasts.
By law, we must collect identity and activity information about certain people who have a relationship or connection with our clients. If you are such a person and we are unable to collect the needed information from you, we may collect it from our clients.
We will not usually send out direct marketing communications other than responding to an enquiry from you about our services, which we will consider as permission to send you that information. As set out in the Your Rights section below, where you have given us your consent to send you marketing communications, you may withdraw that consent at any time by contacting our Data Protection Team via email@example.com.
In the event of a re-organisation, change in ownership or transfer of all or part of our business, we reserve the right to transfer all of our data, including personal information, to a new entity or to third parties through which our business will then be carried out. We will use all reasonable efforts to notify you of such change by posting details on www.artemisci.com or via an email, sent to the email address you provide.
Artemis has business relationships with third parties and in some instances we may disclose your personal information to them where this is necessary to perform the services for which you have engaged us, or in furtherance of an outsourcing or other data processing arrangement. In those circumstances we will ensure that the third party is contractually bound to process personal information only in accordance with applicable data protection laws and with our specific instructions and requirements, and at all times in a manner that protects your rights under applicable data protection law. We will only disclose your information where you have given your consent or where we are required to do so by law, or where it is necessary for the purpose of, or in connection with legal proceedings or in order to exercise or defend legal rights.
As part of those transfers of information, personal data may be transferred to or accessed from countries whose laws provide a level of protection for personal data which may not always be equivalent to the level of protection that may be provided in your own country. In particular, if you are located inside the European Economic Area (EEA) your personal information may be transferred to a country or territory outside of the EEA. Artemis ensures that cross border transfers comply with all relevant laws and regulations.
Unless you have expressly consented to the transfer of personal information, or the transfer is necessary for the performance of the services for which we have been engaged or the conclusion or performance of a contract concluded in your interests, or the transfer is otherwise permitted by applicable data protection laws, we will only transfer your personal information to a country or territory that is deemed to have an adequate level of protection under the applicable data protection law, or where we have put in place adequate safeguards to protect the personal information. If we make this type of transfer of your data, you have the right to know whether the European Union or Bailiwick of Guernsey has deemed that the country or territory where your information is being transferred has equivalent data protection laws, or what type of other adequate safeguards of your personal information exist.
We will only retain your personal information for so long as there is a reasonable need to do so for the purposes set out in this Policy Statement, or as required by applicable law.
Artemis is committed to protecting the security of your personal information. We use a variety of security technologies and procedures to help protect your personal information from unauthorised access, use, or disclosure. These systems are constantly under review and we use the most appropriate technologies available.
Our email messages sometimes include links to other websites which are not within our control. Once you have left our email message, we cannot be held responsible for the content of other websites or the protection and privacy of any information which you provide to those websites. You should exercise caution and look at the privacy statement applicable to the website in question.
Your Rights under the Law
You have various rights in respect of the personal information that we collect, use, disclose and transfer concerning you, which are set out below. Should you wish to exercise your rights please contact our Data Protection Officer at firstname.lastname@example.org.
Right of Access
You are entitled to obtain from us details concerning the processing of your personal information. This includes details of the data being processed, the purposes of the processing, any recipients of that information, the period for which the information is processed, the source of the information (if it is not provided by you), any international transfers of the information and the protections we put in place to protect your information. You are also entitled to details of any automated decision making, including profiling, involving your information (although Artemis does not currently use such technologies). You are entitled to a copy of the personal information we process about you (including in electronic form). Additional copies may be subject to a reasonable administrative fee. Guernsey fiduciary law requires us to keep certain types of information confidential, which may limit your right of access.
Right to Rectification
You are entitled to have any incomplete and inaccurate personal information held by us rectified.
Right to Erasure
In certain circumstances you are entitled to have personal information erased, including: where this is no longer necessary for the purposes for which it was collected and/or processed, or you withdraw consent to our use of the information. We may continue processing the information in certain circumstances, including if there are grounds other than consent for processing the information, where processing is in compliance with a legal obligation or for reasons of public interest, or for the exercise or defence of legal claims. If you request that we erase your personal information we shall advise you if we consider that there are on-going grounds permitting us to continue processing your information.
Right to Restrict Processing
You can ask us to restrict the processing of personal information we hold about you if you contest the accuracy of the personal information we process about you, consider that the processing is unlawful but you do not want us to erase the information, you wish the information to be retained in connection with a legal claim, or you have objected to the grounds upon which we process the information. Where you have asked us to restrict processing the information we shall only hold, process and erase the information as permitted by you or as permitted by applicable data protection laws. We will advise you if we do not agree with your request to restrict processing and our reasons.
Right to Data Portability
Where you provide personal information to us and consent to us using it and the processing is carried out by automatic means you are entitled to receive a copy of that information in a machine-readable format and for that to be provided to another data controller, where technically possible.
Right to Object
You are entitled to object to Artemis collecting, using and otherwise processing your personal information. We will cease processing your personal information unless we are legitimately processing the information on a legally required or permitted basis, there are compelling legitimate grounds for continuing to process the personal information, or we are otherwise permitted to process the information under applicable data protection laws. If this is the case we will advise you of the basis upon which we continue to process your personal information. If you are not clear of the grounds upon which we collect, use and process your personal information you can ask us to confirm this to you, as part of the Right of Access set out above.
Right to Withdraw Consent
Where you have given us consent to make use of your personal information for any of the purposes outlined in this Policy Statement you are entitled to withdraw that consent. You may do this by emailing us at email@example.com.
Right to Complain
In the event that you have any questions, concerns or complaints regarding this Policy Statement or the manner in which Artemis collects, uses and otherwise processes your personal information, we will always seek to address them promptly and to your satisfaction. However if you consider that we have not done so you are entitled to lodge a complaint to your local supervisory authority or to the Office of the Data Protection Commissioner in Guernsey. If you are unclear who the appropriate supervisory authority is for you, please contact us at firstname.lastname@example.org. Decisions of the Office of the Data Protection Commissioner in Guernsey may be appealed in Guernsey courts.
This Policy Statement is dated 23rd May 2018 and may be updated from time to time. The current version is available to view or download from our website at www.artemisci.com. It may also be requested from our Data Protection Team at email@example.com, who will also be pleased to answer any related questions.