Ogier is an international law firm and corporate services provider which operates through a number of separate legal entities or partnerships in nine international locations being BVI, Cayman, Guernsey, Hong Kong, Jersey, London, Luxembourg, Shanghai and Tokyo.
References to Ogier, "we", "our" "us" and "the firm" within this statement means the relevant entity or partnership in the Ogier Group responsible for processing your data. The entity or partnership with which you contract will be set out in any engagement letter or email. A list of the Ogier entities within the Ogier Group is set out within our Legal Notice.
Who do we collect information on?
This privacy notice applies to the following individuals whom we collect personal information from or about:
- those who have entered into, or are contemplating entering into, a contract for the provision of services (Individual Client); those who are connected to Individual Clients (such as family members); and those who are connected to a client who is not an Individual Client (such as owners, investors, controllers, employees, directors and officers of a corporate client or other legal or non-legal body) (together Clients);
- third parties with whom we interact as part of providing our services to our Clients (Intermediaries);
- those who may be party to, or connected to party to, a legal transaction or legal proceedings involving our Client and/or the services which we have been engaged to provide to our Clients;
- those who are, work for or are agents of, suppliers or service providers who provide goods and services to us;
- those who apply for or express an interest in an employment or other similar position with Ogier, whether existing at the time or not;
- those who request newsletters, marketing material or other publications from us; and
- visitors to our website www.ogier.com.
What is Personal Information?
Personal information means any information about you from which you can be identified. This includes but is not limited to, name, address, date of birth and gender. There are "special categories" of more sensitive personal information which require a higher level of protection. These include information regarding race, health, genetic information and biometric data, religious beliefs, sexual orientation, criminal convictions and political opinions.
How do we collect and use information about you
We collect personal information either directly from you when you engage us to provide services or through your use of our website or client portals, or indirectly from other members of the Ogier Group, our Clients, Intermediaries, providers of independent or background checks or publicly available sources.
General visitors to the website
Personal information provided via the website
In certain areas of our Website, you can choose to provide personal information by completing any of the forms or using any of the email addresses which are included in the following pages:
- News and Publications
- Contact Us
The Personal Information we hold
We collect a variety of information from you and about you. The extent of the information collected will depend on a variety of factors including the nature of the relationship between us and the extent of the contact with you.
The type of information we may process are set out below:
- your contact details including (but not limited to) your full name, postal address, email or other electronic communication addresses and telephone numbers. In certain circumstances we may also record your job title and other identification information as set out below.
- KYC information and documentation which is required for Ogier to fulfil its legal and regulatory requirements. This may include, but is not limited to, identity information such as your passport or other identity document details, date of birth, nationality, place of birth and country of residence, job title, source of wealth or funds and other information concerning your background (which may include sensitive information such as criminal records);
- information provided in the course of the provision of legal and corporate services for example information on professional relationships and background, your business dealings with any the Ogier Group or any of our Clients which we manage or administer, financial wealth and assets held, transactions entered into, legal advice given (and any actions taken as a result of such advice) tax status, disputes and court proceedings engaged in which may also include sensitive information such as marital status, mental and physical health and criminal allegations or convictions;
- financial information such as payment related information;
- professional interests and preferences with respect to marketing interactions, attendance at conferences, events or seminars;
- information provided to us in respect of an application for, or expression interest in, a job with Ogier such as personal information relating to your education and employment history, any professional qualifications, your nationality, your immigration, right to work or residential status. We may also collect information from third parties. This may include information such as references, or background checks provided by agencies such as credit reference agencies. In addition we may also obtain information about you from public sources, such as information published on social media accounts;
- any other information which you may provide to us.
How and Why Do We Use Personal Information?
For each of the purposes for which we process information, we rely on one or more of the following five legal justifications:
- Contractual Necessity. Personal information is processed in order for us to discharge our contractual relationship with our Client.
- Legitimate Business Interest. Personal information is processed in circumstances where can balance our legitimate interests with your own legitimate interests. We consider our legitimate interests to include: (a) providing legal and corporate services; (b) carrying out such services effectively; and (c) communicating with you in respect of those aspects of our services which we consider to be of relevance to you.
- Legal and Regulatory Requirement. Personal information is processed in order for us to comply with a legal obligation (other than one imposed by a contract).
- Consent. Personal information is processed on the basis of consent given by you. We will only seek to rely upon your consent where no other legal justification is available to us.
- Legal proceedings, etc. Personal information is processed on the basis that it is necessary for (a) any legal proceedings; (b) obtaining legal advice; or (c) establishing, exercising or defending legal rights.
We process personal information for the following purposes.
Purpose: Provision of services (including client relationship management) and developing those services.
- delivering our services to our Clients, developing those services and managing, maintaining and developing our relationships with our Clients;
- performing the service which we have been engaged to provide;
- facilitating effective client and matter management including collation of know-how materials, and generating internal financial and marketing reports; facilitate administrative or operational processes within our business, for example assessing legal and financial risks to our business and debt management including credit control and collecting debt;
- engaging other service providers to provide services to you where necessary to facilitate the provisions of services to you in connection with the engagement;
- improving and developing our products and services including carrying out analysis on Ogier's performance to ensure that our client care is of the highest standard;
- respond to requests, enquiries or complaints received; and
- providing access to our online services including those at this link.
Legal justification: contractual necessity and legitimate interests.
Purpose: Legal and regulatory requirements.
- undertaking internal conflict of interest checks; and
- respond to requests, enquiries or complaints received.
Legal justification: Legal and Regulatory Requirements.
to promote Ogier's services and provide newsletters, marketing material or other publications to our contacts and to invite you to conferences, events or seminars which may be of interest to you. This may involve contacting you or, where applicable, individuals within your organisation using the contact details that you have provided to us;
- to manage Ogier's circulation lists for such marketing material and events; and.
- to compile anonymous statistics, for example, website usage statistics.
Legal justification: Legitimate interests.
Individuals have the right to unsubscribe from mailings or manage their preferences via a link in such marketing material or by emailing DPO@ogier.com at any time.
Purpose: To review and process CVs or applications for positions with Ogier (whether available now or in the future).
Legal justification: Consent, Legitimate Interest, Contractual Necessity.
Purpose: To ensure security of Ogier's systems, staff and premises. Crime prevention
- CCTV at Ogier's premises; and
- undertake maintenance, testing or development of any of our systems or processes
Legal justification: Legal proceedings and legitimate interest of protecting Ogier Group's business, staff, systems.
Automated Decision Making
Ogier does not have systems or procedures that make a decision without human intervention. Therefore there are no circumstances where decisions will be taken about you using fully automated means.
Transfer of information within the Ogier Group and with third parties
We may transfer your Personal Information to others where it is necessary to fulfil one or more of the purposes outlined above and this may also include sharing your information with a third party as part of an outsourcing or other data processing arrangement. Where we share your Personal Information, whether internally or externally, we will ensure that the sharing of such data is kept to the minimum necessary.
The following is a list of the potential recipients of your information:
- another member of the Ogier Group;
- any sub-contractors, agents or service providers providing services to any member of Ogier, including without limitation, our information technology and telecommunications providers, auditors, consultants, insurers, providers of background checks and business risk screening, third parties for marketing or business development purposes and so on;
- other professional advisers, agents or third parties providing services in relation to any matter on which the Ogier Group has been instructed or in respect of which the Ogier Group is providing corporate services. This may include those who may be party to, or connected to party to, a legal transaction or legal proceedings involving you and/or the services which we have been engaged to provide to our Clients;
- other members or associates of your organisation;
- any registrar of a public register where the data is to be held in a public registry;
- a regulatory, governmental or judicial authority with whom we are legally obliged to share your information.
We reserve the right to share your information with other third parties in the context of a possible sale or restructuring of the business or part thereof.
We will seek to ensure that our suppliers and service providers are contractually bound to process your personal information in line with our policies and that they have adequate measures in place to protect your information from unauthorised access, disclosure, loss or destruction. We do not allow our third party service providers to use your personal information for their own purposes. We only permit them to process your personal information only in accordance with our instructions.
We have a data sharing agreement in place between the Ogier Group partnerships and entities to enable information to be shared across the businesses in accordance with the applicable data protection laws. In such circumstances different Ogier entities may be joint controllers of your personal information. We have a robust Data Protection Policy to which all partners and employees of Ogier must adhere to ensure appropriate and legitimate data access and processing.
Transfer of Information
As part of the transfer of information within the Ogier Group or with third parties, your Personal Information may be transferred to or accessed by the recipients described above from countries located anywhere in the world. Such countries may not be the subject of an adequacy decision under Article 45 of the GDPR and therefore may not have the same level or type of statutory (or other legal) protection as countries within the European Economic Area, or your respective local data protection laws. Where we share your Personal Information we will seek to ensure that transfers of such data complies with all applicable laws and regulations by ensuring that either:
- you have expressly consented to the cross border transfer; or
- the recipient is in a country which has been deemed to have an adequate level of protection under GDPR or equivalent legislation or if the recipient is in the United States of America, that they are part of the Privacy Shield; or
- the recipient is contractually bound to protect the information to the same or higher standards applicable to the data being transferred.
Whilst we operate in jurisdictions (Cayman Islands, British Virgin Islands, Hong Kong, Shanghai and Tokyo) which have not been deemed adequate for Article 45 of GDPR, we have a global Data Protection Policy which means all of our entities or partnerships operating in these jurisdictions are required to meet the same standard as our other offices.
Where it is necessary we will enter into the relevant form of EU standard contractual clauses to ensure that any transfers of Personal Information to our entities outside of Europe (pursuant to GDPR or equivalent legislation) or outside of the Cayman Islands (pursuant to the Data Protection Law 2017) continues to be protected to the relevant standards.
Addendums or other amendments where we act as Data Processor
Where we provide legal services, directors services, AML Services and similar services we consider each of our partnerships and other entities to be a 'controller' in their own right for the purpose of the applicable data protection law and we will not agree to enter into addendums or agreements which seek to impose the requirement of Article 28 of GDPR or equivalent legislation on us. However where we provide registered office, formation/ incorporation, secretarial or corporate administration or similar services where we exercise little or no autonomy or discretion in the role we perform in connection with the provision of such services and as such are acting as a data processor under the applicable data protection law, our Data Processing Addendum, which sets out our obligations, will be deemed to be incorporated into the respective client engagement agreement.
Rights of Data Subjects
You may have certain legal rights in respect of the Personal Information which is processed by Ogier pursuant to applicable data protections laws including the rights of access; right to have your data corrected, updated, rectified or erased; right to object to the processing of or restrict the processing of your data; right to withdraw your consent previously given to processing of your data; and to request the transfer of your data to another party. Should you wish to exercise any of your rights you should send your request to DPO@ogier.com.
Please note that the rights set out above are subject to certain exemptions and conditions. We may decline to comply with any request to delete or restrict the use of your information if we still require that information for any legal or contractual reasons. Where we are processing your information on the basis of Contractual Necessity or Legal and Regulatory Requirement, it is likely that the provision and processing of such information will be mandatory. In addition, in the event that you choose not to provide any personal information or to exercise one or more of the rights above to restrict the processing of your information, this may restrict the services which Ogier is able to provide or we may have to decline to act on your behalf.
The Ogier Group takes its responsibility to secure your information very seriously. We have put in place robust systems and policies and procedures to prevent and detect any incidents where your information may be subject to an unauthorised access, use or disclosure.
In the unlikely event that there is a security breach, we will take all necessary steps to identify the cause and mitigate the effects. Where necessary, we will also notify you of such a breach in accordance with our obligations under the applicable data protection law.
The Ogier Group will keep your personal information for at least as long as necessary to fulfil the purpose for which we have collected it. In relation to client matters it is Ogier Group policy to retain data for 11 years from the conclusion of the matter subject to the following exceptions:
- where the matter relates to trust, wills and probate, or property in which case the data may be kept indefinitely;
- where we consider it necessary to protect ourselves from a legal claim or potential dispute in connection with any services we have provided, we will keep the data for the relevant limitation period; or
- where the data cannot be deleted for legal, regulatory or technical reasons.
Who can I contact
If you are dissatisfied with our response and you wish to make a formal complaint to the data protection authority of the country where the relevant Ogier entity is located:
Data Protection Commissioner
Information Centre, North Esplanade, St Peter Port, Guernsey GY1 2LQ
Office of the Information Commissioner
Brunel House, Old Street, St Helier, Jersey, JE2 3RG
The Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
National Commission for Data Protection
1, avenue du Rock'n'Roll, L-4361 Esch-sur-Alzette, Luxembourg
PO Box 2252, Grand Cayman, KY1-1107, Cayman Islands
If you would like to learn more about cookies you can visit www.allaboutcookies.org for more information.
Whilst we do our best to safeguard your Information we cannot ensure or warrant the security of any information that you may transmit to us.
Where necessary under legislation the relevant Ogier entity has been registered with the relevant authority as a "Data Controller". Details of those entities are listed below.
Ogier Legal Limited Partnership, Ogier Legal Shared Services Limited, Ogier (a Jersey law partnership), Ogier Global Officers (Jersey) Limited (formerly Ogier Legal (Jersey) Limited), Ogier Executor & Trustee Company Limited, Ogier Corporate Finance Limited and Ogier Global (Jersey) Limited are each registered as a data controller with the Office of the Information Commissioner in Jersey.
Ogier (Guernsey) LLP and Ogier Global (Guernsey) Limited are each registered as a data controller with the Office of the Data Protection Commissioner in Guernsey.
Ogier LLP is registered as a data controller with the Information Commissioner's Office.
Data controllers are the persons who are responsible for determining the purposes for which and the manner in which any personal information is, or is to be processed.
The data controller for this website is Ogier Legal Shared Services Limited. Certain other Ogier websites may be operated under separate agreements having additional terms and conditions.