Privacy Notice

At ZEDRA, we take the protection of your personal data privacy very seriously and maintaining the integrity and confidentiality of your personal data is very important to us.

In respect of the provision of trust, fiduciary, foundation, fund administration, fiduciary investment and certain corporate services (the “Services”).

Read the below privacy notice here.

Read the US privacy notice here.

Read the Hong Kong privacy notice here.

You can also find the Privacy Notice for ZEDRA Global Services (UK) Limited, ZEDRA Client Accounts (UK) Limited, ZEDRA Corporate Reporting Services (UK) Limited and any other subsidiary within this group of companies here, and security notice here.

At ZEDRA, we take the protection of your personal data privacy very seriously and maintaining the integrity and confidentiality of your personal data is very important to us. This Privacy Notice sets out how those members of the ZEDRA Group of companies (“the Zedra Group”) that are subject to the General Data Protection Regulation of the European Union (the ”GDPR”) and/or local legislation on data protection (altogether, (the “Law”) collect, use and disclose your personal data, and your rights as a data subject in relation to your personal data which is processed by a member of Zedra Group (a “Zedra Company”), in the course of providing services to you. The main purpose of the Law is to ensure transparent processing of personal data and to protect your rights and freedoms as a data subject.

This Privacy Notice confirms how the Zedra Group looks after your personal data and your rights as a data subject. We promise to protect the privacy of your personal data, not to sell your personal data and to implement procedures to enable you to exercise your rights as a data subject under the Law. The Zedra Group protects your personal data with up-to-date storage and security techniques.

In this Privacy Notice, “us”, “we” and “our” refers to the Zedra Group. More information on the Zedra Group may be found at zedra.com. “Processing” means any operation performed on your personal data

The Zedra Company which is engaged to provide the Services to you is the controller of your personal data and determines the purposes and means by which your personal data is processed and is ultimately responsible for the processing of that personal data. The controller may appoint a third party to process your personal data, including another Zedra Company, which will process that personal data on the instructions of the controller, and will be placed under a duty of confidentiality and obliged to implement appropriate technical and organisational measures to ensure the security of your data. In certain circumstances, there may be joint controllers who will agree their respective responsibilities for compliance with the Law including which controller is obliged to respond to a data subject who wishes to exercise any rights under the Law, although the data subject may exercise any rights against either controller.

If you wish to receive details regarding the controller and any third party that has been engaged to assist the controller in delivering services to you and with whom the controller may have shared your personal data, or of any joint controllers, and the arrangements made between the joint controllers to comply with the Law, please contact the Data Protection Officer.

We may amend this Privacy Notice from time to time to reflect any changes in the way that we process your personal data, and the current Privacy Notice will always be available on our website. This Privacy Notice supersedes any previous privacy notice with which you may have been provided, as well as anything to the contrary contained in any agreement between us.

Lawfulness of Processing

The Law provides that we may only process your personal data in certain circumstances. These are:

When we have a legitimate interest for processing.
When you have given your consent.
To fulfil a contract to which you are party.
To comply with a legal obligation to which we are subject.

The nature of the Services requires us to have a knowledge and understanding of our clients’ circumstances, needs and requirements. For example, when acting as trustees, we are legally obliged to consider the interests and requirements of beneficiaries before exercising our powers, such as when making distributions and investing trust assets, or when administering employee benefit trusts.

Similar obligations may apply when administering other structures, such as companies and funds, where the needs and requirements of beneficial owners and investors are our concern. If we do not process personal data, we cannot discharge our obligations. Therefore, when providing our Services, we will process your personal data on the basis that it is in our legitimate interests to do so and these interests are not over-ridden by your interests or fundamental rights and freedoms as a data subject, as there is a clear benefit to you in the processing, and the collection, processing and disclosure of personal data is necessary or desirable to provide the Services. Such personal data will be processed for the following purposes:

To prepare preliminary information or a proposal for you regarding our Services.
To provide you with the Services as set out in our engagement letter, the Law, any other documentation such as a trust instrument or administration agreement or as otherwise agreed from time to time.
To correspond with you and provide you with information on Zedra i.e., changes in personnel.
To fulfil our regulatory and other legal obligations.
To deal with any complaints or feedback that you may have.
For any other purpose for which you provide us with your personal data.
To develop and improve our services.

When processing on the basis that it is in our legitimate interests to do so, we may collect and share your personal data from and with the following:

Your advisers or agents or employees of firms with which you are associated.
Third parties who require the personal data in order to provide a service to us in connection with the provision of the Services including other Zedra Companies, such as directors, officers, consultants, agents or contractors and delegates or sub-delegates, internet service providers and data storage providers, in respect of which Services are provided, or which provide services to us, and/or in respect of which you are connected or have an interest; or to a new service provider who will be providing the services and the directors and/or employees of such third parties.
Our advisers who provide us with advice or assistance.
Third parties and service providers such as banks, bankers, intermediaries, insurance companies, fund managers, investment advisers and managers, property managers, tax advisers, lawyers, and any other entity which provide services to us in respect of the Services and/or in respect of which you are connected or have an interest.
Government bodies, quasi government bodies, regulators and other authorities in any jurisdiction.
Any third party who requires personal data as a result of any assignment, transfer or novation of our rights and obligations or any merger, restructure, sale or acquisition of the Zedra Group or any part thereof or to any party to whom we may transfer our rights and/or obligations.
Other Zedra Companies in connection with the proper management of the Zedra Group.

You may object at any time to our processing of any or all of your personal data on this ground by contacting the Data Protection Officer and the processing of personal data may be restricted while those legitimate interests are considered, and, if it is decided that we do not have a legitimate interest to process that personal data, can be erased.

Under the Law, certain kinds of personal data such as data relating to health, racial or ethnic origin, political opinions, religious and philosophical beliefs, trade union membership, genetic or biometric data, sex life or sexual orientation is considered to be a special category of personal data (“Special Data”) and can only be processed in certain circumstances, including with your explicit consent. We will only process any Special Data with your explicit consent. Special Data will be processed for the same purposes and shared with the same entities as personal data processed in our legitimate interests. You will be asked to complete a consent form to evidence that your explicit consent has been given to the processing of Special Data. This consent can be withdrawn at any time by contacting the Data Protection Officer who will advise you of the procedure to be followed in order to withdraw your consent to the processing of Special Data The withdrawal of your consent will not affect the lawfulness of any processing up to that point. However, if your consent is withdrawn, the nature of the Services may mean that we can no longer provide some or all of the Services to you.

Biometric data is Special Data, and we may use biometric data for the purpose of verifying your identity. You will be asked to confirm that you have read this Privacy Notice before downloading the software enabling us to do so. By giving the confirmation, we will consider that you have given your explicit consent to Zedra obtaining and using the biometric information provided by you for the purpose of verifying your identity and that you are aware of your rights under data protection legislation and Zedra’s obligations to you as set out in the Privacy Notice. Please contact the Data Protection Officer regarding the provision of the biometric data of children.

In addition to processing carried out to fulfil our legitimate purposes, and processing of Special Data with consent, we may also process your data in order to comply with a legal obligation to which we are subject. Each Zedra Company is regulated and must comply with legal and regulatory obligations such as to ‘know your client’ and to detect the proceeds of crime. Personal data processed to comply with a legal obligation will be processed for the following purposes:

To manage risk, meet our legal, compliance and regulatory obligations, such as those required to comply with anti-money laundering, drug trafficking, or countering terrorist financing laws and with tax and beneficial ownership reporting requirements.
To manage our business in an efficient and proper way including monitoring corporate governance and audit.

When processing in order to comply with a legal obligation, we may collect and share your personal data from and with the following:

Our advisers where it is necessary for us to obtain their advice or assistance.
Our accountants and auditors where it is necessary as part of their functions.
Third parties who assist us in conducting background checks about you, such as checking to see if you are on sanctions lists.
Fraud prevention agencies who will use it to prevent money laundering, to verify your identity and to prevent fraud.
Courts, regulatory authorities, tax authorities, ombudsmen, law enforcement agencies, credit reference agencies or similar bodies in any jurisdiction whether or not such requirements have the force of law or whether not such disclosure may be enforced on us or any Zedra Company.
Any party to which we may wish to sell, transfer or merge all or part of our business.

How we collect your data

We may collect your personal data in a number of ways, for example:

From the information and documentation that you provide at any time and from time to time including information and documentation provided at meetings.
When you communicate with us or when we communicate with you by telephone, fax, email or other forms of electronic communication. In this respect, we may monitor, record and store any personal data.
From information contained within client on-boarding documents provided by you, or by another person on your behalf.
From other Zedra Companies.
From your agents or advisers and employees of firms and intermediaries with which you are associated or who introduce you to us.
From publicly available sources or from third parties where we need to conduct background checks about you.

The categories of the data we collect

We may collect the following categories of personal data about you:

Your name, date of birth, passport or national identity card details.
Country of birth, domicile and citizenship, gender, marital status, racial or ethnic origin, religious, or other beliefs.
Contact information such as residential or business address, email address and telephone number.
Information about your employment, education, family, personal circumstances, and interests.
Information relating to your tax affairs including tax identification number.
Information relating to your financial situation such as income, expenditure, assets and liabilities, sources of wealth and your bank account details.
Information about your investment knowledge and experience.
Information regarding your goals and objectives in connection with your wealth.
Information regarding your personal or family circumstances, including future requirements and possible needs.
Information to assess whether you may represent a money laundering or terrorist financing risk, including whether you are a politically exposed person, or have had previous criminal convictions or regulatory sanctions imposed.

Zedra does not use personal data to make automated decisions.

International data transfers

In sharing your personal data for the reasons set out in this Privacy Notice, we may need to transfer it to other entities, including other Zedra Companies, located in the European Union, all of which will apply the GDPR, as well as to entities in jurisdictions which are considered to provide an adequate level of protection for your personal data as is provided under the GDPR.

If we transfer your personal data to entities in countries outside the European Union which do not provide an adequate level of protection for your personal data, including Zedra Companies, we will ensure that your personal data will always be protected by appropriate safeguards to give you enforceable rights and legal remedies. You may ask us at any time what safeguards have been put in place to protect such personal data.

Retention of your data

We will retain your personal data for a period of at least ten years after the termination of our relationship with you in order to meet our regulatory and legal obligations but may retain your personal data for a longer period where necessary for other legal or regulatory reasons, to respond to questions or complaints, and to defend any legal claims.

Is it necessary to provide personal data to receive the Services?

It is necessary for you to provide us with the personal data that we request to enable us to provide the Services. Without these details, we will be unable to provide some or all of our Services to you. If you decide not to provide us with your personal data, or object to the processing of personal data, and the legitimate purposes for processing cannot be justified, or you subsequently withdraw your consent to the processing of your Special Data, then we may not be able to provide some or all of our Services to you.

Your rights as a data subject

You have the following specific rights (the “Rights”) under the Law:

To request confirmation as to whether we are processing personal data about you and, if so, to make a subject access request (a “SAR”) for information about the processing of that personal data.
To request rectification of inaccurate or incomplete personal data concerning you.
To require us to erase or restrict the processing of your personal data in certain circumstances.
To request copies of any personal data which is being processed by automated means with your consent or under contract in a machine-readable format.
To object to the processing of personal data which is being processed in the public interest or to pursue the legitimate interests of the controller.
To object to processing for direct marketing purposes.

Please note that the Rights are not absolute, and the controller may be entitled to refuse requests where exemptions apply. You will be advised of any exemptions that we depend upon.

Data Protection Officer

If you have any questions about the processing of your personal data, or you wish to make a SAR or exercise any of the other Rights, please contact the Data Protection Officer at:

Zedra Data Protection Officer

By post – 50 La Colomberie, St. Helier, Jersey, JE2 4QB

By email – dataprotection@zedra.com

By telephone – +44 1534 844245

You will be asked to provide identification to ensure that another person is not attempting to fraudulently exercise your Rights and to confirm which of the Rights you wish to exercise to enable the controller to deal with your request without delay.

If you are not satisfied with our processing of your personal data, or how we respond to, or deal with, the exercise of any of your Rights, you can make a complaint to the local regulator. The Data Protection Officer will provide you with contact details.

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
viewed_cookie_policy	1 year	The cookie is set by the GDPR Cookie Consent plugin to store whether or not the user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
loglevel	never	Maintains settings and outputs when using the Developer Tools Console on current session.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gat_gtag_UA_*	1 minute	Google Analytics sets this cookie to store a unique user ID.
_gat_UA-72517361-1	1 minute	A variation of the _gat cookie set by Google Analytics and Google Tag Manager to allow website owners to track visitor behaviour and measure site performance. The pattern element in the name contains the unique identity number of the account or website it relates to.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
_hjAbsoluteSessionInProgress	30 minutes	Hotjar sets this cookie to detect the first pageview session of a user. This is a True/False flag set by the cookie.
_hjFirstSeen	30 minutes	Hotjar sets this cookie to identify a new user’s first session. It stores a true/false value, indicating whether it was the first time Hotjar saw this user.
_hjIncludedInPageviewSample	2 minutes	Hotjar sets this cookie to know whether a user is included in the data sampling defined by the site's pageview limit.
_hjSession_794771	30 minutes	This is a Hotjar cookie that holds the current session data.
_hjSessionUser_794771	1 year	Set when a user first lands on a page. Persists the Hotjar User ID which is unique to that site. Ensures data from subsequent visits to the same site are attributed to the same user ID.
_hjTLDTest	session	To determine the most generic cookie path that has to be used instead of the page hostname, Hotjar sets the _hjTLDTest cookie to store different URL substring alternatives until it fails.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
cusid	30 minutes	ClickDimensions sets this cookie to establish and continue a user session with the site.
cuvon	30 minutes	ClickDimensions sets this cookie to store the last time a visitor viewed a page.
undefined	never	Wistia sets this cookie to collect data on visitor interaction with the website's video-content, to make the website's video-content more relevant for the visitor.
vuid	2 years	Vimeo installs this cookie to collect tracking information by setting a unique ID to embed videos to the website.

Cookie	Duration	Description
first_session	1 month 1 day	Determines whether the user is new or returning, in order to display relevant ads by matching preferences from potential earlier visits.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.