Click on the relevant link below to access our Privacy Notices:
Mourant Group - Privacy Notice
Mourant Services (Jersey) Limited - Client Feedback Privacy Notice
Mourant Governance Services (Jersey) Limited – Client Administered Entities Privacy Notice
Mourant Group - Privacy Notice
General
This Privacy Notice sets out how the Mourant Group processes data, whether on individuals (including personal data in respect of individuals who are clients, intermediaries or other third parties the Mourant Group interact with, or any individual who is connected to those parties) or otherwise. Where the data held are on individuals, this document also sets out the rights of those individuals in respect of that personal data.
Any questions in relation to this Privacy Notice or requests in respect of personal data should be directed to dataprotection@mourant.com in the first instance.
Who we are
The Mourant Group is an international law firm, governance services provider and a regulatory and compliance consulting business operating in six jurisdictions globally.
The relevant Mourant Group entity with the primary relationship will be confirmed in an engagement letter in relation to any client relationship.
Our offices include jurisdictions outside the European Union which have not been deemed adequate for European Union Data Protection purposes (namely the Cayman Islands, British Virgin Islands and Hong Kong). However, please note that the Mourant Group operates a global Data Protection Policy, and those offices are required to meet the same standard as our other offices.
Details of the Mourant Group entities are provided at the end of this Privacy Notice.
The data we hold
The Mourant Group processes data in order to provide legal, governance, regulatory and consultancy services. The type of data we may collect and process includes:
• Contact details (including names, postal addresses, email addresses and telephone numbers);
• Information required for the Mourant Group to meet legal and regulatory requirements, in particular in respect of anti-money laundering legislation, including information on source of funds and source of wealth;
• Information provided in the course of the provision of legal, governance, regulatory and consultancy services (for example, information on professional relationships and background, financial wealth and assets held, transactions entered into, tax status, disputes and court proceedings engaged in);
• Financial information, such as payment related information;
• Professional interests and events attended (including images or video obtained during visits to events hosted by us or at our offices);
• Meetings attended and visits to our offices;
• Any other information you may provide to us.
Purposes of processing
We use data (including personal data of individuals) for the following purposes (the below also confirming the lawful basis we are relying on in each case):
Purpose
Lawful Basis for Processing
To enter into client relationships and provide legal, governance, regulatory and consultancy services
Any one or more of the following:
The legitimate interests of the Mourant Group as a provider of legal, governance, regulatory and consultancy services to process personal data for the purpose of providing those services
In instances where an individual has been provided with this Privacy Notice and provides personal data thereafter, the processing may be carried out on the basis of consent. Consent may be withdrawn at any time by writing to dataprotection@mourant.com
The processing is necessary for legal proceedings, the obtaining of legal advice or establishing, exercising or defending legal rights (including conflicts of interest checks, anti-financial crime procedures, client and matter management including billing and debt collection)
Where the client is an individual: to fulfil the contract we have entered into with the individual to provide legal and/or governance, regulatory and/or consultancy services
To manage our client, intermediary and other business relationships
The legitimate interests of the Mourant Group to seek to ensure its business is conducted efficiently and with a view to enhancing client service
To ensure the security of Mourant systems, staff and premises (including the use of CCTV equipment)
The legitimate interests of the Mourant Group in protecting its systems, staff and premises from being misused or the victim of any criminal activity
To provide access to our Client Portal, Law Portal or Economic Substance Classification Portal
The legitimate interests of the Mourant Group and the user of the Portal for the communication and storage of relevant material or use of the Economic Substance Classification Portal (such use being subject to the terms and conditions of the relevant Portal)
In instances where any user of any Portal has been provided with this Privacy Notice and provides personal data thereafter, the processing may be carried out on the basis of consent. Consent may be withdrawn at any time by writing to dataprotection@mourant.com
To provide our contacts with marketing material, to invite contacts to events which may be of interest to them and to participate in competitions and to manage such mailings and events
Where permitted by legislation the legitimate interests of the Mourant Group as a provider of legal, governance, regulatory and consultancy services to process personal data to communicate with persons on topics and events which may be of interest to those individuals.
The right of those individuals to unsubscribe from mailings and/or manage preferences will be noted within all mailings and any requests to unsubscribe may be made via links available in the mailings or by writing to enquiries@mourant.com
To meet all legal, regulatory and ethical obligations applicable to the Mourant Group (including in respect of managing potential conflicts of interest)
Where permitted by legislation the legitimate interests of the Mourant Group as a provider of legal, governance, regulatory and consultancy services to process data to the extent necessary to ensure it meets all legal, regulatory and ethical obligations incumbent on it. This may include but not be limited to;
• the assessment of legal, regulatory and financial risks
• internal financial and marketing analysis
• service providers, including, but not limited to our auditors, advisers, insurers and providers of telecommunications and information technology facilities
In certain instances, the processing of data may also be necessary for the exercise of functions of public authorities and/or necessary for compliance with a legal obligation to which the Mourant Group is subject
For the purposes of internal know-how and training
The legitimate interests of the Mourant Group as a provider of legal, governance, regulatory and consultancy services to process data for the purposes of internal know-how and staff training. The Mourant Group will use reasonable endeavours to ensure any personal data contained in the material which is not integral to the understanding of the material is redacted.
In certain instances, personal data processed may include "Special Category Data" (which includes information on a person's race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data processed for the purpose of uniquely identifying a natural person, health data, data on a person's sex life or sexual orientation or data relating to a person's criminal record or alleged criminal activity). In such instances, legal bases for processing that data may include explicit consent (where the Special Category Data has been provided to the Mourant Group by the data subject for any of the above-listed purposes) or the processing being necessary for compliance with a legal obligation or the purposes of legal proceedings or legal advice.
Sources and Recipients of data
The sources of data may include clients, intermediaries, data subjects directly, third parties contracted to obtain and confirm verification of identity, third parties connected to the data subject (for example, their employer or another service provider who provides services to the data subject) or open-source material.
The provision of data to one entity in the Mourant Group may result in that data being accessible by all other members of the Mourant Group. Reasonable endeavours are made to ensure that data is only accessible by those with a need for access to fulfil the purposes set out above. Requests for access to be restricted in any particular manner should be made to dataprotection@mourant.com and will be considered and, where possible with reference to legal and regulatory obligations, actioned.
The following is a list of potential recipients of data (in each case including respective employees, directors and officers):
• Other members of the Mourant Group;
• Other providers of services (legal, governance or otherwise, including any bank or financial institution providing services in relation to any matter on which the Mourant Group is instructed) where disclosure to that provider of services is considered necessary to fulfil the purposes set out above;
• Any sub-contractors, agents or service providers of the Mourant Group, including connection with meeting our regulatory requirements for acceptance of business and debt collection ;
• Courts or tribunals;
• Third parties with whom the Mourant Group engages for the hosting of events or other marketing initiatives;
• Law enforcement agencies where considered necessary for the Mourant Group to fulfil legal obligations applicable to it;
• Regulators or other governmental or supervisory bodies with a legal right to the material or a legitimate interest in any material;
• Any registrar of a public register where the data is to be included in a public registry;
• Potential parties with whom the Mourant Group intends to merge or sell any part of the Mourant Group.
Where the Mourant Group is entering into an engagement with a third party pursuant to which data may be processed by that third party, we will seek to enter into an agreement with that third party setting out the respective obligations of each party and will seek to be reasonably satisfied that the third party has measures in place to protect data against unauthorised or accidental use, access, disclosure, damage, loss or destruction.
In the event that we transfer personal data from one jurisdiction to another, we will ensure, prior to carrying out the transfer, that the third party recipient meets the relevant data protection requirements applicable to the data being transferred. This may include only transferring the data where we are satisfied that:
• the jurisdiction to which the data is being transferred has Data Protection laws similar to those applicable to the data being transferred;
• the recipient has agreed through contract to protect the information in accordance with the Data Protection standards applicable to the data being transferred;
• we have obtained consent from relevant data subjects to the transfer.
Rights of data subjects
Data subjects who have data held by the Mourant Group may have certain rights in respect of their personal data.
Any such data subject wishing to exercise any rights under applicable data protection laws (including the right to withdraw any consent to processing previously given; the right of access to data; or to have data corrected, updated, rectified or erased; or for access to data to be restricted or provided to any third party; or to object to any particular processing) should send the request in the first instance to dataprotection@mourant.com.
In any case in which a data subject chooses not to provide any personal data or where any of the rights set out above are exercised to limit the processing of personal data the Mourant Group may be unable to provide relevant services, or there may be a restriction on the services which can be provided.
Retention
The Mourant Group only keeps data for as long as necessary to fulfil the purposes (as set out above) for which we collected it. The Mourant Group policy is to retain data in relation to a client matter for 11 years from the conclusion of that matter. This is subject to certain exceptions (including where the matter relates to wills & probate, property and conveyancing (in Jersey and Guernsey only) and trusts (where, in each case, records may be kept indefinitely) or in instances where the personal data is relevant to a dispute after closure of the matter or where the data cannot be deleted for legal, regulatory or technical reasons).
Any requests for further information in relation to the continued processing of specific data, and requests for destruction of data, should be made to dataprotection@mourant.com.
Mourant Group Entities
Full details of all Mourant Group entities are included in the Legal and Regulatory Notice and Disclaimer section of our website.
Mourant LP is the ultimate data controller for the Mourant Group. In addition, the below lists the primary operating entities within the Mourant Group which are also registered as a data controller in the listed jurisdictions. In respect of any instruction with the Mourant Group, the primary data controller will be the entity issuing the engagement letter:
Jersey:
Mourant LP, Mourant Ozannes (Jersey) LLP, Mourant Governance Services (Jersey) Limited, Mourant Consulting Limited and Mourant Services (Jersey) Limited each of which is a registered data controller with the Data Protection Authority in Jersey. Any complaint may be brought to the attention of the Authority.
Guernsey:
Mourant LP, Mourant Ozannes (Guernsey) LLP and Mourant Governance Services (Guernsey) Limited, each of which is a registered data controller with the Office of the Data Protection Authority in Guernsey. Any complaint or appeal may be brought to the attention of the Authority.
London:
Each of Mourant LP, Mourant Ozannes and Mourant Governance Services (UK) Limited are registered as data controllers with the Information Commissioner's Office in the UK. Any complaint may be brought to the attention of the Information Commissioner.
Cayman/BVI/Hong Kong:
The above offices are not required to register as a data controller in their respective jurisdictions. As noted above, these offices are, however, subject to the Mourant Group Data Protection Policy and so apply the same data protection standards as the other offices.
In respect of BVI; Mourant Ozannes any complaint may be brought to the attention of the Office of the Information Commissioner (currently subject to appointment).
In respect of Cayman; Mourant Ozannes, Mourant LP and Mourant Governance Services (Cayman) Limited, are subject to the Data Protection Act, 2017. Any complaint may be brought to the attention of the Office of the Ombudsman.
In respect of Hong Kong; Mourant Ozannes, Mourant LP and Mourant Governance Services (Hong Kong) Limited, are subject to The Personal Data (Privacy) Ordinance. Any complaint may be brought to the attention of the Commissioner.
Contact Details
The Mourant Group has a Data Protection Officer and all enquiries in respect of this Privacy Notice or any request to exercise any of the rights set out above should be directed to the Data Protection Officer via dataprotection@mourant.com or by post at:
Data Protection Officer, Mourant Ozannes, 22 Grenville Street, St. Helier, Jersey, JE4 8PX, Channel Islands
Changes to this Privacy Notice
We keep this Privacy Notice under review and any updates will appear on our website at www.mourant.com.
We last updated this Privacy Notice on 10 August 2021.
How to contact us
If you have any questions about this Privacy Notice or any data which we hold about you, please contact: dataprotection@mourant.com.
If we are unable to address your questions or concerns to your satisfaction, you may be able to make a complaint to a data protection regulatory body, who is an independent regulator. This is subject to there being such a body within the relevant jurisdiction. Please see below for jurisdictional contact details.
Cayman Islands Contact Details
Office of the Ombudsman
5th Floor, Anderson Square
64 Shedden Road
PO Box 2252
George Town
Grand Cayman KYI-1107
Cayman Islands
Jersey Contact details
Jersey Office of the Information Commissioner
2nd Floor
5 Castle Street
St. Helier
Jersey
JE2 3BT
+44 (0) 1534 716530
Guernsey Contact details
Office of the Data Protection Authority
St Martin’s House
Le Bordage
St. Peter Port
Guernsey
GY1 1BR
+44 (0) 1481 742074
UK Contact details
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
0303 123 1113
Hong Kong contact details
Room 1303, 13/F, Sunlight Tower,
248 Queen's Road East,
Wanchai,
Hong Kong.
2827 2827
British Virgin Islands contact details
To be advised
Mourant Services (Jersey) Limited - Client Feedback Privacy Notice
About this feedback programme
This feedback programme is commissioned by Mourant Services (Jersey) Limited, 22 Grenville Street, St. Helier, Jersey, JE4 8PX, Channel Islands (“Mourant”), who is the Data Controller of this work. It is facilitated and operated by Acuigen Ltd, an independent client feedback company, based in the UK who (as the Data Processor) is working on behalf of Mourant. www.customserve.com is a domain operated and managed by Acuigen to facilitate the project.
Mourant is part of the Mourant Group, which is an international law firm and governance services provider operating in six jurisdictions globally.
It is the Data Controller that determines the purposes and means of processing your personal data collected by Acuigen, and Acuigen will only process your personal data on the documented instructions of Mourant.
This document gives a summary of how Mourant manages privacy in respect to this project. If you have any further questions regarding the processing of your personal data, please see Mourant’s full Privacy Notice available at https://www.mourant.com/footer/privacy-notice.aspx. Any questions in relation to this Privacy Notice Summary or requests in respect of personal data should be directed to dataprotection@mourant.com.
Your participation in this programme is entirely voluntary and you can always withdraw from it.
What data do you collect from me?
Mourant collects answers to questions that are asked in the client feedback survey, which includes information about your professional relationship with the firm or work undertaken on your behalf.
What is the purposes of processing this information?
Mourant will use the feedback and data you provide to evaluate client relationships and service delivery to you and other clients in order to improve its services to you, which is within Mourant's legitimate interests.
Mourant use data (including personal data of individuals) for the following purposes:
• Collecting and processing your personal data (using the CustomServe website, managed by Acuigen) to conduct and process the feedback information.
• To better understand you and your organisation’s needs and provide you with better service;
• To share information with you that is interesting or relevant to you, or respond to comments that you may make in the survey.
Who is the information shared with?
The provision of data to one entity in the Mourant Group may result in that data being accessible by all other members of the Mourant Group. Reasonable endeavours are made to ensure that data is only accessible by those with a need for access to fulfil the purposes set out above.
Requests for access to be restricted in any particular manner should be made to dataprotection@mourant.com and will be considered and, where possible with reference to legal and regulatory obligations, actioned by Mourant.
Neither Mourant nor Acuigen will otherwise share your information with third parties without your prior consent.
Rights of data subjects
Data subjects have certain rights in respect of their personal data.
Any such data subject wishing to exercise any rights under applicable data protection laws (including the right to withdraw any consent to processing previously given; the right of access to data; or to have data corrected, updated, rectified or erased; or for access to data to be restricted or provided to any third party; or to object to any particular processing) should send the request in the first instance to dataprotection@mourant.com.
In any case in which a data subject chooses not to provide any personal data or where any of the rights set out above are exercised to limit the processing of personal data the Mourant Group may be unable to provide relevant services, or there may be a restriction on the services which can be provided.
If you have concerns about how Acuigen processes your personal data, you can lodge a complaint with the Information Commissioner Office at https://ico.org.uk. If you have concerns about how Mourant processes your personal data, you can lodge a complaint with the Jersey Office of the Information Commissioner at https://jerseyoic.org/.
Retention
Mourant (and Acuigen on Mourant’s behalf) will retain personal data you have provided as part of your feedback for the duration of the Mourant client feedback programme with the purpose of analysing the results of survey and trends over several years whilst the feedback has commercial value to Mourant, or as required by the applicable law, and as long as you agree to participate in the programme.
We will use secure methods to delete your personal data.
Mourant Governance Services (Jersey) Limited – Client Administered Entities Privacy Notice
General
This privacy notice sets out what personal data we collect and how we collect and use it. It also sets out the rights you have in relation to your personal data.
Who is providing this notice?
This privacy notice is made on behalf of each entity administered by Mourant Governance Services (Jersey) Limited unless such entity has adopted its own privacy notice. The terms "we", "us" and "our" in this privacy notice should be construed accordingly.
What kind of personal data do we collect?
Personal data means any data relating an identified or identifiable, natural person (a data subject). We collect and process the following types of personal data:
- Name, address, email address, telephone number and other contact information;
- Date and place of birth;
- Gender;
- Employment details;
- Copies of identity documents (such as passport, national ID card, driver's license, employee identification numbers);
- Utility bills and/or bank statements;
- Source of wealth;
- Tax residency;
- Details of shareholdings and other assets which are legally or beneficially owned by the data subject;
- Details of directorships and information required to be held under applicable companies legislation; and
- Details of people or organisations which may be connected to the data subject (by family or otherwise).
Please note that the list is not exhaustive and that we may also collect and process personal data to the extent that it is useful or necessary for the provision of our services.
Purposes of processing
We use data (including personal data of data subjects) in order to meet all legal, regulatory and ethical obligations applicable to us and in order to perform the services that we have agreed with you to provide.
Lawful basis for processing
We may also process data (including personal data of data subjects) for the purposes of our legitimate interests. Such interests include the business of running the company and in order to comply with all legal or regulatory obligations to which we are subject.
To whom do we provide personal data?
We may disclose or transfer personal data collected by us to the Mourant Group for the duration of their appointment by us as a service provider. The Mourant Group is an international law firm and governance services provider operating in six jurisdictions globally. The Mourant Group Privacy Notice can be accessed here and contains details of the members of the Mourant Group.
We may also disclose or transfer personal data to subcontractors, intermediaries or external advisors for the purpose of the proper performance of our services.
International transfers
In the event that we transfer personal data from one jurisdiction to another, we will ensure, prior to carrying out the transfer, that the third party recipient meets the relevant data protection requirements applicable to the data being transferred.
Retention
We will process and store the relevant personal data for as long as it is necessary or required in order to fulfil our legal, contractual or statutory obligations and/or for the establishment, exercise or defence of legal claims.
Your rights
You have the following rights:
Access to your information:
You have the right to access the personal data that we hold about you at any time.
Correction of personal information:
You have the right to ask us to update and correct any out-of-date or incorrect personal data that we would hold about you.
Right to be forgotten:
You have the right to ask us to delete your personal information, to the extent that we have no legal and/or regulatory obligations to keep such personal data.
Restriction of processing of your personal information:
You have the right to ask us to restrict the processing of your personal data.
Data portability:
You may ask us to provide you with a copy of the personal data that we hold about you.
Right to object:
You have the right to object at any time to the processing of your personal data.
Changes to this privacy notice
We keep this privacy notice under review and any updates will appear on the Mourant Group website (www.mourant.com) from time to time.
How to contact us
Please note that we do not have a designated point of contact for data protection queries. If you have any questions about this privacy notice or any data which we hold about you, please e-mail MourantGS-DP@mourant.com and your query will be forwarded to an officer of the company.
If we are unable to address your questions or concerns to your satisfaction, you may be able to make a complaint to a data protection regulatory body, who is an independent regulator. Please see below for jurisdictional contact details:
Jersey contact details:
Jersey Office of the Information Commissioner
2nd Floor
5 Castle Street
St. Helier
Jersey
JE2 3BT
+44 (0) 1534 716530
enquiries@jerseyoic.org
