This Privacy Notice applies to clients, investors, shareholders, limited partners, beneficiaries and other trust or foundation parties, service providers, business referrers, intermediaries and other contacts of HFL (whether current, prospective, declined, exited or former) and users of our website (“you” and “your” as the context permits).
This Privacy Notice sets out how we obtain and use personal data about you before, during and after your relationship with us, in accordance with the Data Protection (Bailiwick of Guernsey) Law, 2017 (“the Guernsey DP Law”) and in accordance with the European Union General Data Protection Regulation (2016/679) (“GDPR”). We may update this Privacy Notice from time to time.
HFL is a “data controller”. This means that we are responsible for deciding how we hold and use your personal data. We are required under the data protection legislation detailed above to notify you of the information contained in this Privacy Notice.
Any questions in relation to this Privacy Notice or requests in respect of personal data should be directed to firstname.lastname@example.org in the first instance.
Who we are
HFL Limited is a regulated trust, foundation and corporate service provider and an investment services business. HFL, “we” for the purposes of this Privacy Notice, includes HFL Limited and its subsidiary companies (Adelphi Limited, Barnham Limited, Cavendish Securities Limited, Elan Holdings and Investment Limited, Forest Securities Limited, Heritage Property Holdings Limited, Heritage Trust Limited and Wigmore Secretaries Limited and any other subsidiary or associated companies), and companies administered by HFL including Heritage Fund Managers Limited and Heritage Investment Fund Limited. The relevant entity with the primary relationship with you will be confirmed in either an engagement letter, a partnership agreement or other written agreement in relation to any client relationship.
The data we obtain, store and use
HFL processes data in order to provide trust, foundation, corporate and investment services. The type of data we may collect and process includes:
Contact details (including names, postal and email addresses, telephone numbers and website URL)
Information required for HFL to meet legal and regulatory requirements in particular in respect of anti-money laundering legislation, including identification data (date and place of birth, nationality, identity number, copies of your passport or other identification document) and information regarding source of funds and source of wealth
Information required for HFL to meet its reporting obligations for example: tax reporting including tax status, tax number, tax residency and financial information
Information required for us to provide the services including financial information to process payments, background information including employment details and details of dependents
Any other information you may provide to us
We may also collect, store and use Special Category Data including:
Information about your race or ethnicity, religious beliefs, sexual orientation and political opinion
Information about your health, including medical, health and sickness records
Information about your health, including any medical condition, health and sickness records
Data relating to a person’s criminal record or alleged criminal activity
Special Category Data requires a higher level of protection and will only be processed where we have received explicit consent or the processing is necessary for compliance with a legal obligation.
Purposes of processing
We use data, including personal data, for the following purposes, this table also confirms the lawful basis we are relying on in each case:
Lawful Basis for Processing
To provide trust, corporate and foundation management and administration services including bookkeeping and accounting services
The legitimate interests of HFL as a provider of trust, foundation and corporate management and administration services.
The legitimate interests of HFL's clients and their underlying and connected persons.
To provide investment management and other investment services
The legitimate interests of HFL as a provider of investment services.
The legitimate interests of investors and investment business clients.
To administer any contract we have entered into with you or where a party related to an entity for which we are contracted to provide services
To fulfil the contract we have entered into.
Making arrangements for the termination of our business relationship
The legitimate interests of HFL to seek to ensure that business relationships are terminated efficiently and effectively.
To manage our client, intermediary and other business relationships
The legitimate interests of HFL to seek to ensure that its business is conducted efficiently and with a view to enhancing business services.
To obtain legal and/or tax advice or representation
The legitimate interests of HFL and its clients to ensure that it is able to engage relevant tax or legal advisers and/or representation.
To ensure the security of HFL systems and staff and prevent fraud
The legitimate interest if HFL in protecting its systems and staff from being misused or the victim of criminal activity.
To meet all legal and regulatory obligations applicable to HFL including in respect of managing conflicts of interest
The legitimate interests of HFL as a financial services provider to process data to the extent necessary to meet all legal and regulatory obligations incumbent on it.
The processing is necessary for compliance with a legal obligation to which HFL is subject for example: relevant anti-money laundering and countering the financing of terrorism legislation.
The data sought will vary and the purposes for processing will overlap depending on the type of services provided.
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonable consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note: we may process your personal data in compliance with the above policies without your knowledge or consent where this is required or permitted by law.
Failure to provide personal data
If you fail to provide certain personal information to us or fail to notify us when information provided has been updated, we may not be able to fulfil the contract we have entered into for you, or on your behalf, or provide the services requested or we may be prevented from complying with our legal obligations.
Sources of personal data
The sources of data may include clients, data subjects directly, introducers, intermediaries, advisers, third parties connected to the data subject (for example: family member, employer or another service provider who provides services to the data subject) or open-source material.
We collect personal data via the completion of forms provided to you and completed by you, from documents provided including due diligence documents, from correspondence including email, from meetings and telephone conversations.
We will collect personal data throughout the course of our business relationship or while we provide services to clients connected to you.
Recipients of personal data
We share information with third parties, including third party service providers, where it is required by law, where it is necessary to administer our business relationship, where it is necessary for us to provide the services to you or where we have another legitimate interest in doing so.
The following are potential recipients of personal data (in each case including respective employees, director and officers):
Sub-contractors, agents, consultants or service providers such as insurance brokers, compliance, IT firms or other professional advisers of HFL or its clients and their clients and associated parties
Bankers, auditors, accountants, investment brokers, managers or advisers, legal and other professional advisers
Company formation agencies and registries
Land or property agents and registries
Guernsey and overseas regulators, or other government or supervisory body and tax authorities when required by law
Law enforcement agencies where considered necessary for HFL to fulfil legal obligations applicable to it
When HFL engages a third party to process your personal data, we will require them to process your personal data in accordance with our instructions and protect the data against unauthorised or accidental use, access, disclosure, loss or destruction. We do not allow them to use your personal data for their own purposes. They will only be permitted to process your personal data for a specified purpose and in accordance with our instructions. Where they no longer need to your personal data to fulfil the contract, they will need to transfer the data back to us and/or destroy or delete any data held by them.
Transferring data outside of Guernsey and the European Union
In the event any of the third parties detailed above are outside of Guernsey or the European Union and where we are transferring personal data which would be protected under the Guernsey DP Law or GDPR we will ensure that we meet the relevant requirements prior to carrying out such a transfer. This may include only transferring the data where we are satisfied that:
You have been informed whether the relevant non-European Union country has an adequacy decision in force or if it is a designated jurisdiction for the purposes of the Guernsey DP Law
The non-European Union country has data protection laws similar to the laws in Guernsey and the European Union
The recipient has agreed through contract to protect the information to the same data protection standards as Guernsey and the European Union
We have obtained consent from the relevant data subjects to the transfer or
If transferred to the United States of America, the transfer will be to organisations that are part of the Privacy Shield
We have put in place appropriate security measure to prevent your personal data from being accidentally lost, altered, disclosed, used or accessed without authorisation. In addition, we restrict access to your personal data to those employees, agents, contractors, consultants and other third parties who have a business need to access the data. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have in place procedures to deal with any suspected data security breach and will notify you and/or any applicable regulator of any actual or suspected breach where we are legally obliged to do so.
We only keep data for as long as is necessary to fulfil the purposes (as set out above) for which we collected it. Details of retention periods for different aspects of your personal data are available in our retention policy which is available on request from the Data Protection Representative. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential for harm from unauthorised use or disclosure of the data, the purposes for which we process the personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Once our business relationship ends, we will retain and securely destroy your personal data in accordance with our record retention and destruction policy, applicable legislation and/or regulatory requirements.
Data subject's rights
As a data subject you have certain rights in respect of your personal data. You have the following rights:
Right of access - you have the right to request a copy of the personal data that we hold about you and to check that we are lawfully processing that data. You will not have to pay a fee to access your personal data (or exercise any of the other rights) unless your request is clearly unfounded or excessive in which case we may charge a reasonable fee
Right of rectification - you have the right to correct data that we hold about you which is inaccurate or incomplete
Right of erasure - of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us to continue to process it
Right to restrict processing - this enables you to ask us to suspend the processing of your personal data for example: if you want us to establish its accuracy or the reasons for processing it
Right of portability - a person has the right to have the personal data we hold about them transferred to another organisation
Right to object - you have the right to object to certain types of processing including direct marketing (N.b. HFL does not undertake direct marketing using personal data). You also have the right to ask us to delete or remove personal data where you have exercised your right to object
Right to withdraw consent - where we are processing your data on the basis of your consent, you have the right to withdraw that consent at anytime
Right to object to automated processing including profiling - you have the right not to be subject to decisions based on automated processing or profiling. HFL does not currently undertake any automated processing or profiling
If you wish to exercise these rights you should send the request in the first instance to: email@example.com.
This Privacy Notice sets out our current policy as regards the maintenance and processing of personal data. It does not form, and should in no way be construed as, a contract and no contractual rights or causes of action shall arise in relation to or in consequence of the content of this Privacy Notice.
Changes to this Privacy Notice
We keep this Privacy Notice under review and any updates will appear on our website. We last updated this Privacy Notice on 24/09/2021.
HFL has a Data Protection Representative and all enquiries in respect of this Privacy Notices, any complaints about the way in which your personal data is being processed, or any request to exercise any of the rights set out above should be directed to the Data Protection Representative via email at firstname.lastname@example.org, telephone +44 (0)1481 722066 or by post at:
Suite 1, First Floor, The Energy Centre, Admiral Park, St Peter Port, Guernsey, GY1 2BB
In the event you wish to make a complaint about how your personal data is being processed or how your complaint has been handled you have the right to lodge a complaint directly with the Guernsey Data Protection Commissioner either via their website www.odpa.gg/for-individuals/make-a-complaint, email email@example.com or by post at:
The Office of the Data Protection Commissioner, Guernsey Information Centre, St Martin's House, Le Bordage, St. Peter Port, Guernsey, GY1 1BR.
How to contact us
If you have any questions about this Privacy Notice or any data which we hold about you, please contact: firstname.lastname@example.org,
Website Privacy & and Cookies Policy
This Website Privacy and Cookies Policy (“Policy”) sets out how HFL Limited ("HFL", "we" or "us") uses and protects any information that you give us when you use our website.
HFL is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using our website, then you can be assured that it will only be used in accordance with this Policy. HFL may change this Policy from time to time.
Personally identifiable information
We may collect the following personally identifiable information, only when you explicitly provide it to us:
Contact information including email address
Marketing preferences, personal and business interests
Other information relevant to any surveys we may ask you to complete
Non-personally identifiable information
We may collect the following non-personally identifiable information (information cannot be related back to you). More information on how we use this is provided below:
What we do with the information we gather
We require this information to understand your needs and provide you with a better service. If you would like your data held by us to be removed, please send an email to email@example.com
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information, which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
A cookie is a small file, which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.