Privacy Policy
Reference in this policy to Nextgen Directors means Nextgen Directors Limited, a company incorporated in Jersey with registered number 154548.
Reference to the Parties in this policy refer to Nextgen Directors and Jonathan Trigg, who is registered under Article 9 of the Financial Services (Jersey) Law 1998 and Article 1 of the Financial Services (Financial Service Business) (Jersey) Order 2009 as may be amended or superseded from time to time, to carry on a single class of Trust Company Business.
The Parties respect a user’s privacy and are committed to protecting a user’s personal data.
This privacy policy provides information on how the Parties collect, process and protect personal data received about a user, through the provision of services and/or through other dealings.
It is important that a user reads and understands this privacy policy together with any related privacy related policies that may be issued by the Parties in order that a user may be aware of how and why the Parties are using personal data.
The Parties are each a data controller and responsible for a user’s personal data.
The contact address for the Parties is Hangarbarn, Les Vaux Farm, Trinity, Jersey JE3 5HD.
The Parties keep this privacy policy under regular review. It is important that the personal data the Parties hold about a user is accurate and current. The Parties should be informed if a user’s personal data changes during a user’s relationship with the Parties.
Should a user have any questions surrounding this policy, including wishing to make a subject access request, please contact jtrigg@nextgendirectors.co.uk
What is Personal Data or Personal Information?
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
Through this website and through the provision of services, the Parties may collect, use, store and transfer different kinds of personal data about a user which is grouped together as follows:
-
Identity Data includes username or similar identifier, first name, maiden name, last name, title, date of birth and gender.
-
Contact Data includes billing address, postal and email address and telephone numbers.
-
Financial Data includes details about payments and bank account details.
-
Technical Data includes internet protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices a user utilises to access this website.
-
Usage Data includes information about how a user uses this website.
-
Marketing and Communications Data includes a user’s preferences in receiving marketing from the Parties and the Parties’ third parties and a user’s communication preferences.
The Parties also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from a user’s personal data but is not considered personal data in law as this data does not directly or indirectly reveal a user’s identity. For example, the Parties may aggregate a user’s Usage Data to calculate the percentage of users accessing a specific site feature. However, if the Parties combine or connect aggregated data with a user’s personal data so that it can directly or indirectly identify a user, the Parties treat the combined data as personal data which will be used in accordance with this privacy policy.
The Parties do not collect any special categories of personal data about a user (this includes details about a user’s race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about a user’s health and genetic and biometric data).
Privacy Policy - the basics
Having said that, a privacy policy is a statement that discloses some or all of the ways a website collects, uses, discloses, processes, and manages the data of its visitors and customers. It usually also includes a statement regarding the website’s commitment to protecting its visitors’ or customers’ privacy, and an explanation about the different mechanisms the website is implementing in order to protect privacy.
Different jurisdictions have different legal obligations of what must be included in a Privacy Policy. You are responsible to make sure you are following the relevant legislation to your activities and location.
How is Personal Data collected?
The Parties use different methods to collect data from and about a user including through:
-
Direct input by a user. A user may provide the Parties with their identity and contact data by completing booking request forms, contacting the Parties by email and/or post and/or by corresponding with the Parties via this website or through alternative communication and web applications.
-
Automated technologies or interactions. As a user interacts with this website, the Parties may automatically collect technical data about their equipment, browsing actions and patterns. The Parties collect this personal data by using cookies, and other similar technologies. Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is utilised by the Parties to track visitor use of the website and to compile statistical reports on website activity.
-
Third parties or publicly available sources. The Parties may receive personal and technical data about a user from various third parties and public sources including analytics providers.
How is Personal Data used?
The Parties will only use personal data when the law permits. Most commonly, the Parties will use personal data in the following circumstances:
-
In order to send a user further information about the Parties’ services.
-
Where the Parties need to perform contractual services with a user.
-
Where it is necessary for the Parties’ legitimate interests (or those of a third party) and a user’s interests and fundamental rights do not override those interests.
-
Where the Parties need to comply with a legal or regulatory obligation.
Generally, the Parties do not rely on consent as a legal basis for processing personal data other than in relation to sending third party direct marketing communications to a user via email or text message.
A user has the right to withdraw consent to marketing at any time by contacting jtrigg@nextgendirectors.co.uk
Purposes for which Personal Data is used?
The Parties have set out below, a description of how it plans to use personal data, and which of the legal bases they rely upon to do so. The Parties have identified the legitimate interests where appropriate.
Legitimate interest means the interest of the Parties in conducting and managing the services to enable the Parties to give a user the best service/product and the best and most secure experience. The Parties make sure they consider and balance any potential impact to a user (both positive and negative) and a user’s rights before it processes a user’s personal data for its legitimate interests. The Parties do not use a user’s personal data for activities where the Parties’ interests are overridden by the impact on a user (unless it has a user’s consent or are otherwise required or permitted to by law).
Note that the Parties may process a user’s personal data for more than one lawful ground depending on the specific purpose.
Please contact jtrigg@nextgendirectors.co.uk should you require further details about the specific legal ground the Parties are relying on to process a user’s personal data where more than one ground has been set out below
Purpose/Activity
To register a user as a potential new customer or intermediary.
Type of data
-
Identity
-
Contact
Lawful basis for processing including basis of legitimate interest
Necessary for legitimate interests to expand the Parties’ customer base for the growth of his business.
Purpose/Activity
To manage the relationship with a customer including notifying a user of changes to the Parties’ terms and conditions or privacy policy and any request to provide feedback, undertake a review or a survey.
Type of data
-
Identity
-
Contact
-
Marketing and Communications
Lawful basis for processing including basis of legitimate interest
Necessary for the performance of a contract with a user.
Necessary to comply with a legal obligation.
Necessary for legitimate interests to keep the Parties’ records updated and to understand how customers use the Parties’ services.
Purpose/Activity
To administer and protect the Parties’ businesses and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data).
Type of data
-
Identity
-
Contact
-
Technical
Lawful basis for processing including basis of legitimate interest
Necessary to comply with a legal obligation.
Necessary for legitimate interests (for the provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation).
Purpose/Activity
To deliver relevant website content and advertisements to a user and measure or understand the effectiveness of the advertising.
Type of data
-
Identity
-
Contact
-
Usage
-
Marketing and Communications
-
Technical
Lawful basis for processing including basis of legitimate interest
Necessary for legitimate interests (to study how customers use the Parties’ products/services, to develop them, to grow the business and to inform the Parties’ marketing strategy).
Purpose/Activity
To use data analytics to improve this website, products/services, marketing, customer relationships and experiences.
Type of data
-
Usage
-
Technical
Lawful basis for processing including basis of legitimate interest
Necessary for legitimate interests (to define types of customers for the Parties’ products and services, to keep the website updated and relevant, to develop the business and to inform the Parties’ marketing strategy).
Purpose/Activity
To make suggestions and recommendations to a user about goods or services that may be of interest.
Type of data
-
Identity
-
Contact
-
Usage
-
Technical
Lawful basis for processing including basis of legitimate interest
Necessary for legitimate interests (to develop the Parties’ products/services and grow the business).
Change of Purpose
The Parties will only use a user’s personal data for the purposes for which it was collected, unless the Parties reasonably consider that it is needed to be utilised for another reason and that reason is compatible with the original purpose.
If a user wishes to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact jtrigg@nextgendirectors.co.uk
If the Parties need to use a user’s personal data for an unrelated purpose, the Parties will notify the user and will explain the legal basis which allows the Parties to do so.
Data Security
The Parties have established appropriate security measures to prevent a user’s personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
In addition, the Parties limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. Such parties will only process a user’s personal data on the Parties’ instructions and are subject to a duty of confidentiality.
The Parties have put in place procedures to deal with any suspected personal data breach and will notify a user and any applicable regulator of a breach where we are legally required to do so.
Sending information over the internet to the Parties is generally not completely secure, and the Parties cannot guarantee the security of a user’s data while it is in transit. The Parties have procedures and security features in place to keep data secure once it is received.
Data Sharing
The Parties may pass a user’s personal data to a third-party service provider contracted to the Parties as a consequence of providing services to a user.
The Parties require that all third parties respect the security of a user’s personal data and treat it in accordance with the Data Protection (Jersey) Law 2018 or relevant EU data protection legislation.
The Parties do not allow third-party service providers to use a user’s personal data for their own purposes and the Parties only permit them to process a user’s personal data for specified purposes and in accordance with the Parties’ instructions.
How long will Personal Data be kept?
The Parties will only retain a user’s personal data for as long as necessary to fulfil the purposes it has been collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, the Parties consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of a user’s personal data, the purposes for which the Parties process a user’s personal data and whether the Parties can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances a user can ask the Parties to delete a user’s data.
In some circumstances the Parties may anonymise a user’s personal data (so that it can no longer be associated with a user) for research or statistical purposes in which case the Parties may use this information indefinitely without further notice to a user.
Legal Rights
Under certain circumstances, a user has rights under data protection laws in relation to their personal data.
A user has the right to:
-
Request access to their personal data (commonly known as a “data subject access request”). This enables a user to receive a copy of the personal data the Parties hold about the user and to check that the Parties are lawfully processing it.
-
Request correction of the personal data that the Parties hold about a user. This enables a user to have any incomplete or inaccurate data held by the Parties corrected, though the Parties may need to verify the accuracy of the new data provided.
-
Request erasure of personal data. This enables a user to ask the Parties to delete or remove personal data where there is no good reason for continuing to process it. A user also has the right to ask the Parties to delete or remove their personal data where a user has successfully exercised their right to object to processing (see below), where the Parties may have processed their information unlawfully or where the Parties are required to erase their personal data to comply with local law. Note, however, that the Parties may not always be able to comply with a user’s request of erasure for specific legal reasons which will be notified, if applicable, at the time of a request.
-
Object to processing of their personal data where the Parties are relying on a legitimate interest (or those of a third party) and there is something about a user’s particular situation which makes the user want to object to processing on this ground as they feel it impacts on their fundamental rights and freedoms. A user also has the right to object where the Parties are processing their personal data for direct marketing purposes. In some cases, the Parties may demonstrate that they have compelling legitimate grounds to process a user’s information which overrides their rights and freedoms.
-
Request restriction of processing of their personal data. This enables a user to ask the Parties to suspend the processing of their personal data in the following scenarios:
-
If a user wants the Parties to establish the data’s accuracy.
-
Where the Parties’ use of the data is unlawful but a user does not want the Parties to erase it.
-
Where a user needs the Parties to hold the data even if the Parties no longer require it as the user needs it to establish, exercise or defend legal claims.
-
A user has objected to the use of their data but the Parties need to verify whether it has overriding legitimate grounds to use it.
-
-
Request the transfer of their personal data to themselves or to a third party. The Parties will provide to the user, or the chosen third party, the users personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which a user initially provided consent for the Parties to use or where the Parties used the information to perform a contract with the user.
-
Withdraw consent at any time where the Parties are relying on consent to process a user’s personal data. However, this will not affect the lawfulness of any processing carried out before a user withdraws their consent. If a user withdraws their consent, the Parties may not be able to provide certain services to the user. The Parties will advise the user if this is the case at the time a user withdraws their consent.
If a user wishes to exercise any of the rights set out above, please contact jtrigg@nextgendirectors.co.uk
No fee usually required
A user will not have to pay a fee to access their personal data (or to exercise any of the other rights). However, the Parties may charge a reasonable fee if the request is clearly unfounded, repetitive or excessive. Alternatively, the Parties could refuse to comply with your request in these circumstances.
What the Parties may require from a user
The Parties may need to request specific information to help confirm a user’s identity and ensure their right to access their personal data (or to exercise any of their other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. The Parties may also contact a user to ask for further information in relation to the request to speed up the Parties’ response.
Response Times
The Parties will aim to respond to all legitimate requests within one month. Occasionally it could take longer than a month if the request is particularly complex or the user has made a number of requests. In this case, the Parties will notify the user and keep the user updated.
Amendments
The Parties may change this policy from time to time by updating this page. User’s should check this page from time to time to ensure that they are happy with any changes. This policy is effective from 1 July 2024.