Ogier is an international law firm and corporate services provider which operates through a number of separate legal entities or partnerships in nine international locations BVI, Cayman, Guernsey, Hong Kong, Jersey, London, Luxembourg, Shanghai and Tokyo. Some of these jurisdictions are outside of the European Union and have not been deemed to have an adequate level of protection under GDPR or equivalent legislation. However Ogier operates a global Data Protection Policy which means all of our entities and partnerships operating in these jurisdictions are required to meet the same standard as offices based in the EEA or those with deemed equivalence.
The data controller for this website is Ogier Legal Shared Services Limited. Certain other Ogier websites may be operated under separate agreements having additional terms and conditions.
Who do we collect information on?
This privacy notice applies to the following individuals whom we collect personal information from or about:
- those who have entered into, or are contemplating entering into, a contract for the provision of services (Individual Client); those who are connected to Individual Clients (such as family members); and those who are connected to a client who is not a Individual Client (such as owners, investors, controllers, employees, directors and officers of a corporate client or other legal or non-legal body) (together Clients);
- third parties with whom we interact as part of providing our services to our Clients (Intermediaries);
- those who may be party to, or connected to party to, a legal transaction or legal proceedings involving our Client and/or the services which we have been engaged to provide to our Clients.
- those who are, work for or are agents of, suppliers or service providers who provide goods and services to us;
- those who apply for or express an interest in an employment or other similar position with Ogier, whether existing at the time or not;
- those who request newsletters, marketing material or other publications from us; and
- visitors to our website www.ogier.com.
What is Personal Information?
Personal information, means any information about you from which you can be identified. This includes but is not limited to, name, address, date of birth and gender. There are "special categories" of more sensitive personal information which require a higher level of protection. These include information regarding race, health, genetic information and biometric data, religious beliefs, sexual orientation, criminal convictions and political opinions.
How do we collect and use information about you
We collect personal information either directly from you when you engage us to provide services or through your use of our website or client portals, or indirectly from other members of the Ogier Group, our Clients, Intermediaries, providers of independent or background checks or publicly available sources.
General visitors to the website
Personal information provided via the website
In certain areas of our Website, you can choose to provide personal information by completing any of the forms or using any of the email addresses which are included in the following pages:
- News and Publications
- Contact Us
The Personal Information we hold
We collect a variety of information from you and about you. The extent of the information collected will depend on a variety of factors including the nature of the relationship between us and the extent of the contact with you.
The type of information we may process are set out below:
- Your contact details including (but not limited to) your full name, postal address, email or other electronic communication addresses and telephone numbers. In certain circumstances we may also record your job title and other identification information as set out below.
- KYC information and documentation which is required for Ogier to fulfil its legal and regulatory requirements. This may include, but is not limited to, identity information such as your passport or other identity document details, date of birth, nationality, place of birth and country of residence, job title, source of wealth or funds and other information concerning your background (which may include sensitive information such as criminal records);
- Information provided in the course of the provision of legal and corporate services for example information on professional relationships and background, financial wealth and assets held, transactions entered into, legal advice given (and any actions taken as a result of such advice) tax status, disputes and court proceedings engaged in which may also include sensitive information such as marital status, mental and physical health and criminal allegations or convictions;
- Financial information such as payment related information;
- Professional interests and preferences with respect to marketing interactions, attendance at conferences, events or seminars;
- Information provided to us in respect of an application for, or expression interest in, a job with Ogier such as personal information relating to your education and employment history, any professional qualifications, your nationality, your immigration, right to work or residential status. We may also collect information from third parties. This may include information such as references, or background checks provided by agencies such as credit reference agencies. In addition we may also obtain information about you from public sources, such as information published on social media accounts;
- Any other information which you may provide to us.
How and Why Do We Use Personal Information?
For each of the purposes for which we process information, we rely on one or more of the following five legal justifications:
- Contractual Necessity. Personal information is processed in order for us to discharge our contractual relationship with our Client.
- Legitimate Business Interest. Personal information is processed in circumstances where can balance our legitimate interests with your own legitimate interests. We consider our legitimate interests to include: (a) providing legal and corporate services; (b) carrying out such services effectively; and (c) communicating with you in respect of those aspects of our services which we consider to be of relevance to you.
- Legal and Regulatory Requirement. Personal information is processed in order for us to comply with a legal obligation (other than one imposed by a contract).
- Consent. Personal information is processed on the basis of consent given by you.
- Legal proceedings, etc. Personal information is processed on the basis that it is necessary for (a) any legal proceedings; (b) obtaining legal advice; or (c) establishing, exercising or defending legal rights.
We process personal information for the following purposes.
Purpose: Provision of services (including client relationship management) and developing those services
- delivering our services to you, developing those services and managing, maintaining and developing our relationships with our Clients.
- Performing the service which we have been engaged to provide.
- Facilitating effective client and matter management including collation of know-how materials, and generating internal financial and marketing reports; facilitate administrative or operational processes within our business, for example assessing legal and financial risks to our business and debt management including credit control and collecting debt;
- engaging other service providers to provide services to you where necessary to facilitate the provisions of services to you in connection with the engagement;
- improving and developing our products and services including carrying out analysis on Ogier's performance to ensure that our client care is of the highest standard
- respond to requests, enquiries or complaints received
- Providing access to our online services including those at this link
Legal justification: contractual necessity and legitimate interests
Purpose: Legal and regulatory requirements
- undertaking internal conflict of interest checks
- Respond to requests, enquiries or complaints received.
Legal justification: Legal and Regulatory Requirements
- To promote Ogier's services and provide newsletters, marketing material or other publications to our contacts and to invite you to conferences, events or seminars which may be of interest to you. This may involve contacting you or, where applicable, individuals within your organisation using the contact details that you have provided to us;
- To manage Ogier's circulation lists for such marketing material and events.
- To compile anonymous statistics, for example, website usage statistics;
Legal justification: Legitimate interests.
Individuals have the right to unsubscribe from mailings or manage their preferences via a link in such marketing material or by emailing DPO@ogier.com at any time.
Purpose: To review and process CVs or applications for positions with Ogier (whether available now or in the future).
Legal justification: Consent, Legitimate Interest, Contractual Necessity
Purpose: To ensure security of Ogier's systems, staff and premises. Crime prevention
- CCTV at Ogier's premises
- undertake maintenance, testing or development of any of our systems or processes
Legal justification: Legal proceedings and legitimate interest of protecting Ogier Group's business, staff, systems
Automated Decision Making
Ogier does not have systems or procedures that make a decision without human intervention. Therefore there are no circumstances where decisions will be taken about you using fully automated means.
Transfer of information within the Ogier Group and with third parties
We may transfer your Personal Information to others where it is necessary to fulfil one or more of the purposes outlined above and this may also include sharing your information with a third party as part of an outsourcing or other data processing arrangement.
The following is a list of the potential recipients of your information:
- another member of the Ogier Group;
- any sub-contractors, agents or service providers providing services to any member of Ogier, including without limitation, our information technology and telecommunications providers, auditors, consultants, insurers, providers of background checks and business risk screening, third parties for marketing or business development purposes and so on;
- other professional advisers, agents or third parties providing services in relation to any matter on which the Ogier Group has been instructed or in respect of which the Ogier Group is providing corporate services.This may include those who may be party to, or connected to party to, a legal transaction or legal proceedings involving you and/or the services which we have been engaged to provide to you.
- Other members or associates of your organisation;
- A regulatory, governmental or judicial authority with whom we are legally obliged to share your information.
We reserve the right to share your information with other third parties in the context of a possible sale or restructuring of the business or part thereof.
We will seek to ensure that our suppliers and service providers are contractually bound to process your personal information in line with our policies and that they have adequate measures in place to protect your information from unauthorised access, disclosure, loss or destruction. We do not allow our third party service providers to use your personal information for their own purposes. We only permit them to process your personal information only in accordance with our instructions.
We have a data sharing agreement in place between the Ogier Group partnerships and entities to enable information to be shared across the businesses in accordance with the applicable data protection laws. In such circumstances different Ogier entities may be joint controllers of your personal information. We have a robust Data Protection Policy to which all partners and employees of Ogier must adhere to ensure appropriate and legitimate data access and processing. A list of the Ogier entities is available on our Legal Notice
Transfer of Information outside of Europe
As part of the transfer of information within the Ogier Group or with third parties, your Personal Information may be transferred to or accessed from countries who may not be the subject of an adequacy decision under Article 45 of the GDPR and therefore may not have the same level or type of statutory (or other legal) protection as countries within the European Economic Area (EEA). We will seek to ensure that transfers of data outside of the EEA comply with all applicable laws and regulations by ensuring that:
- you have expressly consented to the cross border transfer;
- the recipient is in a country which has been deemed to have an adequate level of protection under GDPR or equivalent legislation or if the recipient is in the United States of America, that they are part of the Privacy Shield; or
- the recipient is contractually bound to protect the information to the same or higher standards as those within the EEA.
Whilst we operate in jurisdictions (Cayman Islands, British Virgin Islands, Hong Kong, Shanghai and Tokyo) which have not been deemed adequate for Article 45 of GDPR, we have a global Data Protection Policy which means all of our entities operating in these jurisdictions are required to meet the same standard as our offices based in the EEA (namely our offices in Luxembourg, London, Jersey and Guernsey).
Rights of access, correction, erasure, and restriction
Under GDPR and equivalent legislation you have the right to:
- Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it. You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to processing of your personal information where we are relying on our legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it. You can also object to us using your information for direct marketing purposes.
- Request the transfer of your personal information to another party.
- Right to withdraw consent. In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification in writing that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
Please note that the rights set out above are subject to certain exemptions and conditions. We may decline to comply with any request to delete or restrict the use of your information if we still require that information for any legal or contractual reasons. Where we are processing your information on the basis of Contractual Necessity or Legal and Regulatory Requirement, it is likely that the provision and processing of such information will be mandatory. In addition, in the event that you choose not to provide any personal information or to exercise one or more of the rights above to restrict the processing of your information, this may restrict the services which Ogier is able to provide or we may have to decline to act on your behalf.
The Ogier Group takes its responsibility to secure your information very seriously. We have put in place robust systems and policies and procedures to prevent and detect any incidents where your information may be subject to an unauthorised access, use or disclosure.
In the unlikely event that there is a security breach, we will take all necessary steps to identify the cause and mitigate the effects. Where necessary, we will also notify you of such a breach in accordance with our obligations under GDPR or equivalent legislation.
The Ogier Group will keep your personal information for at least as long as necessary to fulfil the purpose for which we have collected it. In relation to client matters it is Ogier Group policy to retain data for 11 years from the conclusion of the matter subject to the following exceptions:
- where the matter relates to trust, wills and probate, or property in which case the data may be kept indefinitely;
- where we consider it necessary to protect ourselves from a legal claim or potential dispute in connection with any services we have provided, we will keep the data for the relevant limitation period;
- where the data cannot be deleted for legal, regulatory or technical reasons.
Who can I contact
If you are dissatisfied with our response and you wish to make a formal complaint to the data protection authority of the country where the relevant Ogier entity is located:
Data Protection Commissioner
Information Centre, North Esplanade, St Peter Port, Guernsey GY1 2LQ
Office of the Information Commissioner
Brunel House, Old Street, St Helier, Jersey, JE2 3RG
The Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
National Commission for Data Protection
1, avenue du Rock'n'Roll, L-4361 Esch-sur-Alzette, Luxembourg
If you would like to learn more about cookies you can visit www.allaboutcookies.org for more information.
Addendums or other amendments
As stated above, we consider each of our partnerships and other entities that provide services to be a 'controller'. On this basis we do not enter into addendums or agreements which seek to impose the requirement of Article 28 of GDPR on us.
Whilst we do our best to safeguard your Information we cannot ensure or warrant the security of any information that you may transmit to us.
Ogier Data Controllers
Full details of Ogier Group entities are included in the Legal Notice section of our website. Set out below are details of the various Ogier group entities and partnerships which are registered for data protection purposes.
Ogier Legal Limited Partnership, Ogier Legal Shared Services Limited, Ogier (a Jersey law partnership), Ogier Global Officers (Jersey) Limited (formerly Ogier Legal (Jersey) Limited), Ogier Executor & Trustee Company Limited, Ogier Corporate Finance Limited and Ogier Global (Jersey) Limited are each registered as a data controller with the Office of the Information Commissioner in Jersey.
Ogier (Guernsey) LLP and Ogier Global (Guernsey) Limited are each registered as a data controller with the Office of the Data Protection Commissioner in Guernsey.