Ogier is an international law firm and corporate services provider which operates through a number of separate legal entities or partnerships in nine international locations being BVI, Cayman, Guernsey, Hong Kong, Jersey, London, Luxembourg, Shanghai, Tokyo and Singapore.
Ogier is committed to protecting the privacy and security of your Personal Information (defined below). The following statement sets out our privacy statement which is issued on behalf of the Ogier Group and gives an explanation of how we process your data as part of conducting our business.
References to "Ogier", "we", "our" "us" and "the firm" within this statement means the relevant entity or partnership in the Ogier Group responsible for processing your data. The entity or partnership with which you contract will be set out in any engagement letter or email. A list of the Ogier entities within the Ogier Group is set out within our Legal Notice.
For the purposes of this statement, "Data Protection Legislation" means all applicable legislation relating to privacy or data protection in force from time to time including any statute or statutory provision which amends, extends, implements, consolidates or replaces the same, including without limitation, the EU General Data Protection Regulation 2016/679 ("GDPR"), and the Personal Data Protection Act 2012 (No. 26 of 2012) of Singapore, and a "controller" or "processor" shall have the same or equivalent meaning as given to it under applicable Data Protection Legislation.
Who do we collect information on?
This privacy notice applies to the following individuals whom we collect Personal Information from or about:
- those who have entered into, or are contemplating entering into, a contract for the provision of services (Individual Client); those who are connected to Individual Clients (such as family members); and those who are connected to a client who is not an Individual Client (such as owners, investors, controllers, employees, directors and officers of a corporate client or other legal or non-legal body) (together Clients);
- third parties with whom we interact as part of providing our services to our Clients (Intermediaries);
- those who may be party to, or connected to party to, a legal transaction or legal proceedings involving our Client and/or the services which we have been engaged to provide to our Clients;
- those who are, work for or are agents of, suppliers or service providers who provide goods and services to us;
- those who apply for or express an interest in an employment or other similar position with Ogier, whether existing at the time or not;
- those who request newsletters, marketing material or other publications from us; and
- visitors to our website www.ogier.com.
What is Personal Information?
Personal Information means any information about you from which you can be identified. This includes but is not limited to, name, address, date of birth and gender. There are "special categories" of more sensitive Personal Information which may only be collected for specific reasons and/or require a higher level of protection under applicable Data Protection Legislation (e.g. where it is necessary to accurately establish or verify an individual's identity to a high degree of fidelity). These include information regarding race, health, genetic information and biometric data, religious beliefs, sexual orientation, criminal convictions, political opinions and national identity or passport or numbers.
How do we collect and use Personal Information about you
We collect Personal Information either directly from you when you engage us to provide services or through your use of our website or client portals, or indirectly from other members of the Ogier Group, our Clients, Intermediaries, providers of independent or background checks or publicly available sources or third parties who we work closely with (including, for example, business partners, sub-contractors or service providers in technical, payment and delivery services, advertising networks, analytics providers and search information providers).
By using our website or otherwise contacting us, obtaining services from us or by providing your Personal Information to us via the forms or contact options on this website you acknowledge that you have read and understood this privacy statement.
General visitors to the website
No Personal Information is collected about general visitors to our website. However, in addition to the information collected by us in accordance with this privacy statement, your browser supplies some basic information about your visit. The collection of this information is common practice and is used to analyse and understand how the website is being used. The following information is logged:
- technical information, including the Internet protocol (IP") address (the internet address of your computer) used to connect your computer to the Internet, your login information, the type of computer you are using, the type and version of the browser, operating system and platform you are using, time zone setting, browser plug-in types and version;
- information about your visit (e.g. date and time of your visit), including the Uniform Resource Locators (URLs) of websites that referred you to the website and the path you take through the website, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks and mouse-overs), methods used to browse away from the page, and any phone number used to connect with us; and
- location data – we collect information through our website as to your real time location to provide location services, where requested or agreed to by you, in order to allow check-in, or to deliver content or advertising that are dependent on knowing where you are. This information may also be collected in combination with an identifier associated with your device to enable us to recognise your mobile browser or device when you return to our website.
Delivery of location services will involve reference to one or more of the following:
- The coordinates (latitude/longitude) of your location.
- Look-up of your country of location by reference to your IP address against public sources; and/or your Identifier for Advertisers (IFA) code for your Apple device, or the Android ID for your Android device, or a similar device identifier.
Personal Information provided via the website
In certain areas of our website, you can choose to provide Personal Information by completing any of the forms or using any of the email addresses which are included in the following pages:
- News and Publications
- Contact Us
The Personal Information we hold
We collect a variety of Personal Information from you and about you. The extent of the Personal Information collected will depend on a variety of factors including the nature of the relationship between us and the extent of the contact with you.
The types of Personal Information we may process are set out below:
- your contact details including (but not limited to) your full name, postal address, email or other electronic communication addresses and telephone numbers. In certain circumstances we may also record your job title and other identification information to the extent permitted under application Data Protection Legislation as set out below. Please note that, in some jurisdictions, your business contact information is not treated as Personal Information in accordance with applicable Data Protection Legislation (unless such information is provided by you solely for your personal purposes), and therefore your rights in relation to such information may be different to those set out in this statement;
- KYC information and documentation which is required for Ogier to fulfil its legal and regulatory requirements. This may include, but is not limited to, identity information such as your passport or other identity document details, date of birth, nationality, place of birth and country of residence, job title, source of wealth or funds and other information concerning your background (which may include sensitive information such as criminal records) and for certain types of Personal Information, only where this is necessary to enable us to carry out appropriate checks in relation to contracts with you or someone else that you work for or are otherwise related to, or to accurately establish or verify your identity to a high degree of fidelity and to the extent permitted under application Data Protection Legislation;
- Personal Information provided in the course of the provision of legal and corporate services, for example, information on professional relationships and background, your business dealings with any the Ogier Group or any of our Clients which we manage or administer, financial wealth and assets held, transactions entered into, legal advice given (and any actions taken as a result of such advice) tax status, disputes and court proceedings engaged in which may also include sensitive information such as marital status, mental and physical health and criminal allegations or convictions;
- financial information such as payment related information;
- professional interests and preferences with respect to marketing interactions, attendance at conferences, events or seminars;
- Personal Information provided to us in respect of an application for, or expression interest in, a job with Ogier such as Personal Information relating to your education and employment history, any professional qualifications, your nationality, your immigration, right to work or residential status. We may also collect information from third parties. This may include information such as references, or background checks provided by agencies such as credit reference agencies. In addition, we may also obtain information about you from public sources, such as information published on social media accounts; and
- any other Personal Information which you may provide to us.
How and Why Do We Use Personal Information?
For each of the purposes for which we process information, we rely on one or more of the following legal justifications:
- Contractual Necessity. Personal Information is processed in order for us to discharge our contractual relationship with our Client.
- Legitimate Interest and/or Business Improvement. Personal Information is processed in circumstances which can balance our legitimate interests with your own legitimate interests and in accordance with applicable Data Protection Legislation. We consider our legitimate interests to include: (a) providing legal and corporate services; (b) carrying out such services effectively; and (c) communicating with you in respect of those aspects of our services which we consider to be of relevance to you.
- Legal and Regulatory Requirement. Personal Information is processed in order for us to comply with a legal obligation (other than one imposed by a contract).
- Consent. Personal Information is processed on the basis of consent given by you (where legally required). We will only seek to rely upon your consent where no other legal justification is available to us.
- Legal proceedings, etc. Personal Information is processed on the basis that it is necessary for (a) any legal proceedings; (b) obtaining legal advice; or (c) establishing, exercising or defending legal rights, and in accordance with applicable Data Protection Legislation.
We process Personal Information for the following purposes.
Purpose: Provision of services (including client relationship management) and developing those services, including:
- delivering our services to our Clients, developing those services and managing, maintaining and developing our relationships with our Clients;
- performing the service which we have been engaged to provide;
- facilitating effective client and matter management including collation of know-how materials, and generating internal financial and marketing reports; facilitate administrative or operational processes within our business, for example assessing legal and financial risks to our business and debt management including credit control and collecting debt;
- engaging other service providers to provide services to you where necessary to facilitate the provisions of services to you in connection with the engagement;
- improving and developing our products and services including carrying out analysis on Ogier's performance to ensure that our client care is of the highest standard;
- respond to requests, enquiries or complaints received; and
- providing access to our online services including those at this link.
Legal justification: contractual necessity and legitimate interests.
Purpose: Legal and regulatory requirements.
- undertaking internal conflict of interest checks;
- responding to requests, enquiries or complaints received; and
- accurately establishing or verifying your identity to a high degree of fidelity as part of our checks in relation to anti-money laundering, compliance screening and to prevent fraud and other crimes.
Legal justification: Legal and Regulatory Requirements.
To promote Ogier's services and provide newsletters, marketing material or other publications to our contacts and to invite you to conferences, events or seminars which may be of interest to you to the extent permitted under applicable Data Protection Legislation. This may involve contacting you or, where applicable, individuals within your organisation using the contact details that you have provided to us
- to manage Ogier's circulation lists for such marketing material and events; and
- to compile anonymous statistics, for example, website usage statistics.
Legal justification: Consent, legitimate interests and/or business improvement (to the extent permitted under applicable Data Protection Legislation).
Individuals have the right to unsubscribe from mailings or manage their preferences via a link in such marketing material or by emailing DPO@ogier.com at any time.
Purpose: To review and process CVs or applications for positions with Ogier (whether available now or in the future).
Legal justification: Consent, Legitimate Interest, Contractual Necessity.
Purpose: To ensure security of Ogier's systems, staff and premises and crime prevention
- recordings on CCTVs at Ogier's premises; and
- undertaking maintenance, testing or development of any of our systems or processes.
Legal justification: Legal proceedings and legitimate interest of protecting Ogier Group's business, staff, systems.
Automated Decision Making
Ogier does not have systems or procedures that make a decision without human intervention. Therefore there are no circumstances where decisions will be taken about you using fully automated means.
Transfer of information within the Ogier Group and with third parties
We may transfer your Personal Information to others where it is necessary to fulfil one or more of the purposes outlined above and this may also include sharing your information with a third party as part of an outsourcing or other data processing arrangement. Where we share your Personal Information, whether internally or externally, we will ensure that the sharing of such data is kept to the minimum necessary.
The following is a list of the potential recipients of your information:
- another member of the Ogier Group. If any of these parties are using your information for direct marketing purposes, we will only transfer the information to them for that purpose in accordance with any legal justification under applicable Data Protection Legislation (including but not limited to consent to the extent that such consent is required under applicable Data Protection Legislation);
- any sub-contractors, agents or service providers providing services to any member of the Ogier Group, including without limitation, our information technology and telecommunications providers, auditors, consultants, insurers, providers of background checks and business risk screening, third parties for marketing or business development purposes and so on;
- other professional advisers, agents or third parties providing services in relation to any matter on which the Ogier Group has been instructed or in respect of which the Ogier Group is providing corporate services. This may include those who may be party to, or connected to party to, a legal transaction or legal proceedings involving you and/or the services which we have been engaged to provide to our Clients;
- other members or associates of your organisation;
- any registrar of a public register where the data is to be held in a public registry;
- a regulatory, governmental or judicial authority with whom we are legally obliged to share your information;
- In relation to information obtained via our website and/or business systems/applications (where applicable):
To the extent permitted under applicable Data Protection Legislation, we reserve the right to share your information with other third parties in the context of a possible sale or restructuring of the business or part thereof.
We will seek to ensure that our suppliers and service providers are contractually bound to process your Personal Information in line with our policies and in accordance with applicable Data Protection Legislation (including incorporating adequate contractual provisions under Data Protection Legislation into services or supply agreements) and ensure that they have adequate measures in place to protect your information from unauthorised access, disclosure, loss or destruction. We do not allow our third party service providers to use your Personal Information for their own purposes. We only permit them to process your Personal Information only in accordance with our instructions.
We have a data sharing agreement in place between the Ogier Group partnerships and entities to enable information to be shared across the businesses in accordance with applicable Data Protection Legislation. In such circumstances, different Ogier entities may be joint controllers of your Personal Information. We have a robust Data Protection Policy to which all partners and employees of Ogier must adhere to ensure appropriate and legitimate data access and processing.
Transfer of Information
As part of the transfer of information within the Ogier Group or with third parties, your Personal Information may be transferred to or accessed by the recipients described above from countries located anywhere in the world.
These countries may have differing (and potentially less stringent) laws relating to the degree of protection afforded to Personal Information.
Where your information is processed outside of your local jurisdiction or region, we (or our permitted third parties) will take steps to ensure that your Personal Information is protected in accordance with applicable Data Protection Legislation by ensuring that either:
- you have expressly consented to the cross border transfer (where legally required); or
- the recipient is in a country which has been deemed to have an adequate level of protection under applicable Data Protection Legislation or if the recipient is in the United States of America, that they are part of the Privacy Shield; or
- the recipient is contractually bound to protect the information to the same or higher standards under applicable Data Protection Legislation applicable to the data being transferred.
Whilst we operate in jurisdictions which have not been deemed to provide an adequate level of protection under applicable Data Protection Legislation, we have a global Data Protection Policy which means all of our entities or partnerships operating in these jurisdictions are required to meet the same standard as our other offices.
Where necessary, we may implement organisational, contractual and legal measures (e.g. through the implementation of an intra-group data transfer agreement) to ensure that your Personal Information is protected to the standard required in your local jurisdiction/region.
Addendums or other amendments where we act as Data Processor
Where we provide legal services, directors services, AML Services and similar services, we consider each of our partnerships and other entities to be a 'controller' in their own right for the purpose of applicable Data Protection Legislation, and we will not agree to enter into addendums or agreements which seek to impose the obligations of a data processor under applicable Data Protection Legislation on us. However where we provide registered office, formation/ incorporation, secretarial or corporate administration or similar services where we exercise little or no autonomy or discretion in the role we perform in connection with the provision of such services and as such are acting as a data processor under the applicable Data Protection Legislation, our Data Processing Addendum, which is attached here sets out our obligations, will be deemed to be incorporated into the respective client engagement agreement to the extent that such agreement does not already set out the data protection obligations of the parties.
Rights of Data Subjects
You may have certain legal rights in respect of the Personal Information which is processed by Ogier pursuant to applicable Data Protection Legislation including the rights of access; right to have your data corrected, updated, rectified or erased; right to object to the processing of or restrict the processing of your data; right to withdraw your consent previously given to processing of your data; and to request the transfer of your data to another party.
Please note that the rights set out above are subject to certain exemptions and conditions. We may decline to comply with any request to access, correct, delete or restrict the use of your information if there is a specific legal ground or exemption.
Where we are processing your information on the basis of contractual necessity or legal and regulatory requirement, it is likely that the provision and processing of such information will be mandatory. In addition, where the provision of your Personal Information is generally a contractual or legal requirement, or is a requirement in order for us to enter into a contract, in the event that you choose not to provide any Personal Information or to exercise one or more of the rights above to restrict the processing of your information, this may restrict the services which Ogier is able to provide or we may have to decline to act on your behalf.
You may also withdraw consent to the processing of your Personal Information. However, if there is another legitimate basis for processing your Personal Information or if there is another legitimate basis for processing information in accordance with Data Protection Legislation, the same information may be processed without your consent. Do note that you may be allowed to withdraw consent for any optional purposes that your Personal Information is collected, processed and transferred without concurrently withdrawing consent for the necessary purposes that your Personal Information is collected, processed and transferred (e.g. for the provision of products/services that we offer).
Should you wish to exercise any of your rights you should send your request to DPO@ogier.com. We will respond to your request in accordance with Data Protection Legislation.
We reserve the right to ask for proof of your identity and address (such as a copy of your driving licence or passport - please do not send any original documents) and we also further reserve the right, in accordance with Data Protection Legislation, to request for additional information reasonably required to identify the specific information being requested or referred to, or any additional information reasonably required to confirm your identity.
To the extent permitted by Data Protection Legislation, we further reserve the right to charge you a reasonable fee for you to access your Personal Information, and for any additional copies of the materials provided, or to refuse to comply with the request.
The Ogier Group takes its responsibility to secure your information very seriously. We have put in place robust systems and policies and procedures to prevent and detect any incidents where your information may be subject to an unauthorised access, use or disclosure.
All third-party service providers and other entities within our group are required to take appropriate security measures to protect Personal Information in line with our policies. They are only permitted to process Personal Information for specified purposes and where appropriate, in accordance with our instructions.
In the unlikely event that there is a security breach, we will take all necessary steps to identify the cause and mitigate the effects. Where necessary, we will also notify you of such a breach in accordance with our obligations under the applicable Data Protection Legislation.
The Ogier Group will keep your Personal Information for at least as long as necessary to fulfil the purpose for which we have collected it or as required to comply with any legal obligations to which we are subject. This will involve us regularly reviewing our files to check that information is accurate and up-to-date and still required. In relation to client matters, it is the Ogier Group's policy to retain data for 7 - 11 years depending on amongst others, the nature of the Personal Information and applicable laws pertaining to the retention of such Personal Information from the conclusion of the matter subject to the following exceptions:
- where the matter relates to trust, wills and probate, or property in which case the Personal Information may be kept indefinitely;
- where we consider it necessary to protect ourselves from a legal claim or potential dispute in connection with any services we have provided, we will keep the Personal Information for the relevant limitation period; or
- where the Personal Information cannot be deleted for legal, regulatory or technical reasons.
Who can I contact
If you have any questions in respect of this privacy statement, or the processing of your Personal Information, or you wish to exercise any of your rights referred to above please contact us by email to DPO@ogier.com.
If you are dissatisfied with our response and you wish to make a formal complaint to the data protection authority of the country where the relevant Ogier entity is located:
Data Protection Commissioner
Information Centre, North Esplanade, St Peter Port, Guernsey GY1 2LQ
Office of the Information Commissioner
Brunel House, Old Street, St Helier, Jersey, JE2 3RG
The Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
National Commission for Data Protection
1, avenue du Rock'n'Roll, L-4361 Esch-sur-Alzette, Luxembourg
PO Box 2252, Grand Cayman, KY1-1107, Cayman Islands
Personal Data Protection Commission
10 Pasir Panjang Road, #03-01 Mapletree Business City, Singapore
If you would like to learn more about cookies you can visit www.allaboutcookies.org for more information.
The Ogier Group does not control and is not responsible for the privacy statement of any website or organisation to which this website provides links. By including references, hyperlinks or other connections to such third party websites we do not imply any endorsement of them or any association with their owners or operators.
Unfortunately, the transmission of information via the internet is not completely secure. Whilst we do our best to safeguard your Personal Information, we cannot ensure or warrant the security of any information that you may transmit to us and any transmission is at your own risk. Once we have received your Personal Information, we will use strict procedures and security features to prevent unauthorised access.
Where necessary under application Data Protection Legislation, the relevant Ogier entity has been registered with the relevant authority as a "Data Controller". Details of those entities are listed below.
Ogier Legal Limited Partnership, Ogier Legal Shared Services Limited, Ogier (Jersey) LLP, Ogier Global Officers (Jersey) Limited (formerly Ogier Legal (Jersey) Limited), Ogier Executor & Trustee Company Limited, Ogier Corporate Finance Limited and Ogier Global (Jersey) Limited are each registered as a data controller with the Office of the Information Commissioner in Jersey.
Ogier (Guernsey) LLP and Ogier Global (Guernsey) Limited are each registered as a data controller with the Office of the Data Protection Commissioner in Guernsey.
Ogier LLP is registered as a data controller with the Information Commissioner's Office.
Data controllers are the persons who are responsible for determining the purposes for which and the manner in which any Personal Information is, or is to be processed.
The data controller for this website is Ogier Legal Shared Services Limited. Certain other Ogier websites may be operated under separate agreements having additional terms and conditions.
Changes to this Privacy Statement
This privacy statement may be updated from time to time and any updates will be published on our website at www.ogier.com.
We last updated this privacy statement on 18 August 2021.