Group Privacy Policy

MJH Group Holdings Limited, its subsidiaries and associated businesses (MJ Hudson and we) is committed to protecting your personal data and your privacy. We endeavour to ensure that any personal data we collect about you will be held and processed strictly in accordance with applicable data protection legislation, including on and from 25 May 2018, the European General Data Protection Regulation (GDPR) and any applicable local laws implementing or adopting the GDPR including the Data Protection Act 2018 in the UK, the Data Protection (Jersey) Law 2018 and Data Protection (Bailiwick of Guernsey) Law, 2017 (Applicable Local Laws). The terms Personal Data, Data Controller and processing have the meanings given to them in the GDPR (which can be accessed here), unless otherwise indicated.

Which policy is relevant to your situation?

At MJ Hudson, we collect and process Personal Data in a number of ways.  To help you find the information that is most relevant to your situation, we have separated our policy into a number of sections.  Please click on the heading below that is appropriate for your situation to find out more.

This Privacy Policy demonstrates how MJ Hudson handle the Personal Data you provide to us, or which we collect about you, in the following ways (Your Data):

  • by you submitting information to us through our websites www.mjhudson.com or www.mjhudson-allenbridge.com for example, when you subscribe to our newsletter (Website User Data);
  • by you submitting information to us when you complete one of our surveys (Survey Data);
  • through your use of our other marketing resources, such as events or webinars which we run or sponsor (Marketing Data);
  • from what we learn about you from your visit to our websites (Website Background Data);
  • by you otherwise interacting with us a prospective, current or former customer, (for example, where you provide your business card to us) other than in connection with ongoing legal services we are providing to you or your organisation (Prospect Data).
  • by you providing your details to us, or your employer providing your details to us, in connection with a service you or your employer provides to MJ Hudson (Supplier Data); and/or
  • by you contacting us or otherwise providing your personal data to us (Other Data).

This statement does not apply to:

  • the collection and processing of Personal Data in the course of our providing legal or other services to our clients. For information about privacy in the context of services provided by us to our clients, please contact the relevant MJ Hudson partner or person responsible for your matter.
  • the collection and processing of Personal Data about our employees or contractors. For information about privacy in the context of doing work for MJ Hudson, please see the employee handbook.
  • the collection and processing of Personal Data in relation to job candidates or applications for roles advertised on our Websites. For information about privacy in this context, click here.

For the purposes of the DPA and the GDPR, MJ Hudson is the controller of Your Data.  If you have any queries regarding this policy or complaints about our use of Your Data, please contact us at data-processing@mjhudson.com or at the address below and we will do our best to deal with your complaint or query as soon as possible.

MJ Hudson Limited
8 Old Jewry,
London
EC2R 8DN

FAO: Data Processing

The table below sets out the purposes for which we may process Your Data and the legal basis for the processing:

Data Purpose Legal Basis
Website User Data

Marketing Data

Prospect Data

Supplier Data

Other Data

 

To keep you informed of any activities undertaken by us which we believe may be of interest to you and this use may include sending you email and postal marketing from time to time or requests to respond to a survey

 

Consent – this will be requested either when you submit Your Data to us or, if we have received Your Data indirectly, by way of an email sent prior to us sending you any marketing communications.

 

Website User Data

Website Background Data

 

Website analytic purposes.  For further details on the technology we use in order to analyse our website’s performance, please see our cookies policy here.

 

Consent – this will be obtained when you click on the banner at the top of our website to accept certain cookies.

Legitimate interest of MJ Hudson (see our cookies policy for further information)

 

Website User Data

Marketing Data

Prospect Data

 

To provide you with the newsletter(s) or information you have requested

 

Performance of a contract

 

Website User Data

Marketing Data

Prospect Data

Website Background Data

Prospect Data

Survey Data

 

To respond to requests for information from regulated bodies or government agencies

 

Compliance with a legal obligation

 

Website User Data

Prospect Data

 

To respond to an enquiry you have submitted

 

Legitimate interest of MJ Hudson – it may be necessary for us to process Your Data in order to reply or respond to your enquiry

 

Survey Data

 

To gather and analyse information on the market for our internal purposes which may be used to publish a report

 

Consent – this will be requested when you submit Survey Data to us.

 

Survey Data

 

To provide perception study services to our clients

 

Performance of a contract

 

Please note that we may on occasion be required to share your information with the following categories of recipients:

  • MJ Hudson offices and branches and our associated firms. A full list of all of the entities within the MJ Hudson group is listed on our website.
  • Third parties who provide services on our behalf. For example, we use third parties such as MailChimp and GSuite to provide marketing automation services and Worldpay to provide payment processing services on our MJHudson-Allenbridge website. Our A full list of all our third party service providers is available on request.

We have taken steps to ensure that all such entities keep Your Data confidential and secure and only use it for the purposes that we have specified and have informed you of.  Our service providers are subject to data processing agreements which have been, or are in the process of being, updated to become, compliant with the requirements set out in the GDPR and/or Applicable Local Laws.  Further details regarding any third parties who are located outside the EEA are set out in paragraph 5 below.

In relation to any other third parties, we will only disclose your information in the following circumstances:

  • where you have given your consent;
  • where we are required to do so by law or enforceable request by a regulatory body;
  • where it is necessary for the purpose of, or in connection with legal proceedings or in order to exercise or defend legal rights; and
  • if we sell our business, go out of business, or merge with another company.

In certain circumstances, we may transfer Your Data to countries outside the EEA, which may not adhere to the same levels of data protection to which countries within the EEA are subject.  Any such transfers are, at all times, made in accordance with the GDPR and/or Applicable Local Laws.  Details of the circumstances and mechanisms in place to ensure compliance are set out below:

    • MJ Hudson Group Companies in the Channel Islands and South Africa

    We have offices in Jersey and Guernsey in the Channel Islands.  Our central servers are also located in Jersey. The European Commission has ruled that both Jersey and Guernsey offer adequate levels of data protection in their domestic legislation and transfers to these jurisdictions are, therefore, permitted under the GDPR and/or Applicable Local Laws.

    We also have an office in South Africa.  All Personal Data used by this office is held on MJ Hudson’s central servers located in Jersey.

    • Think Studio

    We use Think Systems UK Limited (t/a Think Studio) to host and manage our Websites and to provide us with marketing automation services. Think Studio is based in the United Kingdom but use Campaign Monitor Pty Limited, located in Australia, to provide our marketing automation services.  If you have consented to us using Your Data to send you marketing communications, Your Data may be transferred to servers located in Australia.  Any such transfer outside the EEA is made in accordance with the Standard Contractual Clauses approved by the European Commission.    Think Studio’s privacy policy can be viewed here and Campaign Monitor’s privacy policy can be viewed here.

    • SurveyMonkey

    We use SurveyMonkey to carry out our online surveys.  SurveyMonkey stores survey data on its servers in the United States.  SurveyMonkey Inc. (and its subsidiary company, Infinity Box Inc.) participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework.  Transfers of Personal Data to SurveyMonkey in the United States are therefore made subject to appropriate safeguards in accordance with the GDPR and/or Applicable Local Laws. We have also put in place a Data Processing Agreement based on the Standard Contractual Clauses approved by the European Commission to provide enhanced protection for Your Data. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield website: https://www.privacyshield.gov/welcome.  SurveyMonkey’s privacy policy can be viewed here.

    • MailChimp

    We use MailChimp to provide marketing automation services in relation to our MJ Hudson Allenbridge subscribers. If you subscribed through our MJ Hudson Allenbridge website or have consented to MJ Hudson Allenbridge using Your Data to send you marketing communications, Your Data may be transferred to MailChimp’s servers in the United States.  The company that operates MailChimp, The Rocket Science Group LLC, participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework. Transfers of Personal Data to MailChimp in the United States are therefore made subject to appropriate safeguards in accordance with the GDPR and/or Applicable Local Laws. MailChimp’s privacy policy can be viewed here.

    • GSuite

    We use Google’s GSuite to provide some marketing automation services in relation to our MJ Hudson Allenbridge subscribers.  If you subscribed through our MJ Hudson Allenbridge website or have consented to MJ Hudson Allenbridge using Your Data to send you marketing communications, Your Data may be transferred to Google’s servers in the Americas or Asia. Google, (including Google LLC and its wholly-owned US subsidiaries) participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework.  Transfers of Personal Data to Google in the United are therefore made subject to appropriate safeguards in accordance with the GDPR and/or Applicable Local Laws. We are also in the process of putting in place a Data Processing Agreement based on the Standard Contractual Clauses approved by the European Commission to provide enhanced protection for Your Data. Google’s privacy policy can be viewed here.

  • Your Data will be stored for a period of 7 years from our latest interaction with you. After this time it will be destroyed unless we have identified a lawful purpose(s) for which we need to keep Your Data longer or you request that we keep it for longer. If we feel that we may need to keep Your Data for longer than the lawful purposes for which it was obtained, we will contact you to obtain your consent to such longer period.
  • Under the GDPR and/or Applicable Local Laws, you will have the following rights in relation to how we process Your Data:
    • right to request access – you may obtain confirmation from us as to whether or not Your Data is being processed and, where that is the case, access to Your Data;
    • right to rectification – you have the right to obtain rectification of inaccurate personal data we hold concerning you;
    • right to erasure – you have the right to obtain the erasure of Your Data without undue delay in certain circumstances
    • right to restriction of processing or to object to processing – you may require us to restrict the processing we carry out on Your Data in certain circumstances or to object to us processing Your Data;
    • right to data portability – you have the right to receive Your Data in a structured, commonly used and machine-readable format;
    • right to withdraw consent – where you have provided your consent to us processing Your Data (for example, for marketing purposes), you have the right to withdraw your consent at any time. This can be done by emailing data-processing@mjhudson.com at any time or by clicking the “unsubscribe” link on any marketing communications you receive from us;
    • right to lodge a complaint – you may lodge a complaint with any supervisory authority in the EU. The relevant supervisory authorities for the UK, Jersey, Guernsey and Luxembourg are set out below and their websites contain the relevant contact details:
      • United Kingdom – the Information Commissioner’s Office whose contact details can be found on their website which can be viewed here – https://ico.org.uk/
      • Jersey – the Office of the Information Commissioner whose contact details can be found on their website which can be viewed here – https://oicjersey.org/
      • Guernsey – the Office of the Guernsey Data Protection Commissioner whose contact details can be found on their website which can be viewed here -https://dataci.gg/
      • Luxembourg – the National Commission for Data whose contact details can be found on their website which can be viewed here – https://cnpd.public.lu/en.html.

For further information on your rights, please see the relevant supervisory authority’s website.

  • There is no statutory or contractual requirement for you to provide Your Data to us and you are not obliged to do so. Please note, however, that we may not be able to provide you with the services you have requested, such as to receive our newsletter, if you do not provide your contact details.  As set out in our cookies policy, our Websites may not be able to function fully if you do not agree to certain cookies being set on your computer.
  • We do not undertake automated decision-making or profiling on Your Data.
  • We keep our privacy policy under constant review and may change it from time to time to reflect our practices or to remain compliant with relevant legislation. We will notify you of any material changes to our privacy policy which may be via a notification on our Websites. Your continued interaction with us, following the posting of changes to these terms, will mean you accept these changes

We recognise the need to ensure that personal information gathered via our Websites or otherwise remains secure. Our site has security measures in place to protect against the loss, misuse and alteration of the personal information under our control. Our security measures include the use of a hardware firewall to prevent unauthorised access. You acknowledge that although we exercise adequate care and security there remains a risk that information transmitted over the Internet and stored by computer may be intercepted or accessed by an unauthorised third party.

Participation in our surveys is entirely voluntary and, by submitting your responses, you are consenting to use collecting and processing Your Data in accordance with this Privacy Policy.  We will never share Survey Data with third parties (other than SurveyMonkey as set out in section E above) and all data is amalgamated and anonymised before the results of the survey are published. In most circumstances, we do not collect the name or contact details of our respondents and this is only provided voluntarily by the respondent if they wish to be entered into a prize draw, so that we can contact them with their prize.

Some of your responses to our surveys may include Personal Data which falls within the definition of “Special Category Data” for the purposes of the GDPR.  For example, your responses may reveal your ethnicity or race or your political opinions. Where a question requires an answer that may include Special Category Data, we will request your explicit consent to our processing this data in accordance with this Privacy Policy, before you submit your response.

Please note that in certain circumstances, we also undertake surveys on behalf of our clients (Client Surveys).  The Personal Data we collect through Client Surveys is held in accordance with this Privacy Policy and is anonymised prior to us creating our report.  We never share your Survey Data with our clients.

In some circumstances, we may obtain Personal Data about you from other sources.  This information may include your name, contact details and job title, which we obtain from third party sources such as Preqin, organisers of events we sponsor or other publicly available sources, such as your company’s website.

Our Websites contain links to other websites belonging to third parties. We do not control the privacy practices of these other websites. You should therefore make sure when you leave our Websites that you have read that website’s privacy policy.

Scope

This Privacy Policy demonstrates how MJ Hudson handles the Personal Data we obtain about you in the course of us providing one of the following services to you or the organisation you work for (Your Data):

To help you find the information that is most relevant to your situation, we have separated this policy into sections applicable to each type of service we provide.  Please click on the heading above that is most appropriate for your situation to find out more regarding what we do with Your Data.  General information applicable to all of our services is set out below.

This statement does not apply to:

  • the collection and processing of Personal Data submitted through our Websitess or from marketing events or provided to us by prospective, current or former customers, other than in the course of us providing legal or other services. For information about privacy in this context, click here.
  • the collection and processing of Personal Data about our employees . For information about privacy in the context of doing work for MJ Hudson, please see the Employee handbook.
  • the collection and processing of Personal Data in relation to job candidates or applications for roles advertised on our Websites. For information about privacy in this context, click here .

Identity and Contact Details of Data Controller

For the purposes of Applicable Local Laws and the GDPR, the MJ Hudson entity (or affiliate) named on your engagement letter or other agreement with us is the controller of Your Data.  The ‘Data Controller’ is the entity that is responsible for deciding how we hold and use your personal data.

If you have any queries regarding this policy or complaints about our use of Your Data, please contact us at data-processing@mjhudson.com or at the address below and we will do our best to deal with your complaint or query as soon as possible.

MJ Hudson

8 Old Jewry,

London

EC2R 8DN

FAO: Data Processing

Retention Period

  • Unless otherwise indicated below, Your Data will be stored for the duration of our contract with you plus a maximum period of 7 years. After this time it will be destroyed unless we have identified a lawful purpose(s) for which we need to keep Your Data longer or you request that we keep it for longer. If we feel that we may need to keep Your Data for longer than the lawful purposes for which it was obtained, we will contact you to obtain your consent to such longer period.

Your Rights in relation to Your Data

  • Under the GDPR and/or Applicable Local Laws, you will have the following rights in relation to how we process Your Data:
    • right to request access – you may obtain confirmation from us as to whether or not Your Data is being processed and, where that is the case, access to Your Data;
    • right to rectification – you have the right to obtain rectification of inaccurate personal data we hold concerning you;
    • right to erasure – you have the right to obtain the erasure of Your Data without undue delay in certain circumstances
    • right to restriction of processing or to object to processing – you may require us to restrict the processing we carry out on Your Data in certain circumstances or to object to us processing Your Data;
    • right to data portability – you have the right to receive Your Data in a structured, commonly used and machine-readable format;
    • right to withdraw consent – where you have provided your consent to us processing Your Data (for example, for marketing purposes), you have the right to withdraw your consent at any time. This can be done by emailing data-processing@mjhudson.com at any time or by clicking the “unsubscribe” link on any marketing communications you receive from us;
    • right to lodge a complaint – you may lodge a complaint with any supervisory authority in the EU. The relevant supervisory authorities for the UK, Jersey, Guernsey and Luxembourg are set out below and their websites contain the relevant contact details:
      • United Kingdom – the Information Commissioner’s Office whose contact details can be found on their website which can be viewed here – https://ico.org.uk/
      • Jersey – the Office of the Information Commissioner whose contact details can be found on their website which can be viewed here – https://oicjersey.org/
      • Guernsey – the Office of the Guernsey Data Protection Commissioner whose contact details can be found on their website which can be viewed here -https://dataci.gg/
      • Luxembourg – the National Commission for Data whose contact details can be found on their website which can be viewed here – https://cnpd.public.lu/en.html.

For further information on your rights, please see the relevant supervisory authority’s website.

  1. Data Security

We have put in place appropriate security measure to prevent your personal data from being accidentally lost, altered, disclosed, used or accessed without authorisation. In addition, we restrict access to your personal data to those employees, agents, contractors, consultants and other third parties who have a business need to access the data.  They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally obliged to do so.

Additional Information

  • There is no statutory or contractual requirement for you to provide Your Data to us and you are not obliged to do so. Please note, however, that we may not be able to provide you with the services you have requested, if you do not provide the information that we require.  We do not undertake automated decision-making or profiling on Your Data.
  • This Privacy Notice sets out our current policy as regards the maintenance and processing of personal data. It does not form, and should in no way be construed as, a contract and no contractual rights or causes of action shall arise in relation to or consequence of the content of this Notice.
  • We keep our privacy policy under constant review and may change it from time to time to reflect our practices or to remain compliant with relevant legislation. We will notify you of any material changes to our privacy policy , which may be via a notification on our Websites. Your continued use of our services, following the posting of changes to these terms, will mean you accept these changes.

This privacy policy was last updated on 24th May 2018.

  • The kind of information we hold about you

MJ Hudson provide legal services including advice in relation M&A, Hedge Funds, Venture Capital and Private Funds (Legal Services). Legal services are provided by MJ Hudson Limited (company number 08607159 and ICO registration number ZA031740), MJH Services (Guernsey) Limited, Jonathan Fraser Bale t/a MJ Hudson (OIC notification number 58059) and their subsidiary companies. If you engage us to provide Legal Services to you, we may collect, store, and use the following categories of Personal Data about you:

  • name;
  • business postal address;
  • business email address;
  • telephone number;
  • date of birth;
  • nationality;
  • job title;
  • fax number;
  • mobile telephone number;
  • copy of your passport or other form of photographic ID;
  • corporate bank details;
  • source of wealth and source of funds;
  • criminal convictions;
  • whether you are a politically exposed persons;
  • whether you are on a sanctioned or watch list; and
  • other information about you which you may provide to us in the course of us providing legal services.

Note that, in certain circumstances, the information we hold about you may include Special Category Data (as defined in the GDPR), including data which reveals your ethnicity, your political opinions, your health or your criminal convictions.

How Your Data is collected

We collect Your Data from the following sources:

  • directly from you during our client inception and on-boarding process and our ongoing client relationship;
  • background check providers, from which we collect the following categories of data:
    • whether you are on a sanctioned or watch list;
    • details of criminal convictions; and
    • whether you are a politically exposed persons
  • your professional reference from whom we collect confirmation of your name and address; and
  • other service providers to you, such as your company’s administrator or company secretary, who may provide us with copies of your passport or other ID.

What we use Your Data for

We use Your Data for the following purposes:

  • in order to provide legal services pursuant to our contract with you;
  • in order to comply with our legal obligation such as to carry out Anti-Money Laundering Checks on our clients;
  • in order to provide marketing communications to you (but only where we have obtained your consent to do so). Please see here for further details of how we use your data for marketing purposes; and
  • for our legitimate business interests such as for internal record keeping purposes or to manage our client relationship with you.

Any Special Category Data we hold about you will only be processed so far as necessary in order to comply with our legal requirements.

Who we share Your Data with

We will never sell Your Data and we will only disclose Your Data to other parties where necessary in order to provide our services or where we are legally obliged to do so.  Details of the organisations we may share Your Data with are set out below:

  • MJ Hudson Group Companies

We may share Your Data with other members of MJ Hudson for the purposes set out in this Policy.  All members of MJ Hudson will process Your Data in accordance with this Privacy Policy and subject to the requirements of the Applicable Local Laws or the GDPR, as applicable.

  • Your other advisors or lawyers

It is sometimes necessary to share information, including Your Data, with third parties who are providing you with advice or other professional services ancillary to the legal services we are providing.  For example, if we are providing legal advice to a fund, we may share certain information with the fund administrator or fund manager, in order to provide our services or to permit them to provide theirs.

  • Our Consultants

We use consultants to provide certain of our services to our Legal clients. These consultants are not employees of MJ Hudson and are, therefore, considered third party processors for the purposes of the GDPR and/or Applicable Local Laws but they are subject to the same policy and procedure requirements as all of our staff in relation to how they handle personal data.

  • Third party service providers

We use carefully selected third parties to provide certain services to us, such as our IT Infrastructure or document management systems. By the nature of the service they provide, some such third party service providers may have limited access to Your Data for support purposes.  All of our service providers have entered into contracts which contain strict confidentiality and data processing provisions.  A full list of all of the third party service providers we use is available on request.

  • Auditors

We may need to share limited information regarding our clients with our auditors, including, in some instances, Your Data.  Our auditors are subject to strict confidentiality provisions in their contract with us.

  • Regulatory Bodies/Government Agencies

We may disclose Your Data to certain regulatory bodies or government agencies where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose Your Data where such disclosure is necessary for the establishment, exercise or defence of legal claims.

In relation to any other categories of recipients not listed above, we will only disclose your information in the following circumstances:

  • where you have given your consent;
  • where it is necessary for the purpose of, or in connection with legal proceedings or in order to exercise or defend legal rights; and
  • if we sell our company, go out of business, or merge with another company.
  • International Transfers

In certain circumstances, we may transfer Your Data to countries outside the EEA, which may not adhere to the same levels of data protection to which countries within the EEA are subject.  Any such transfers are, at all times, made in accordance with the Applicable Local Laws and the GDPR.  Details of the circumstances and mechanisms in place to ensure compliance are set out below:

  • MJ Hudson Group Companies in the Channel Islands and South Africa

We have offices in Jersey and Guernsey in the Channel Islands.  Our central servers are also located in Jersey. The European Commission has ruled that both Jersey and Guernsey offer adequate levels of data protection in their domestic legislation and transfers to these jurisdictions are, therefore, permitted under the Applicable Local Laws and GDPR.

We also have an office in South Africa.  All Personal Data used by this office is held on MJ Hudson’s central servers located in Jersey.

  • Your other advisors

In some instances, you may have instructed other lawyers or advisors who are based outside the EEA and who we need to share information with, in order to provide our services to you. In these circumstances, we ensure that any personal data transferred is limited to that which is required for us to perform our contract with you and the transfer is made in accordance with the GDPR and/or Applicable Local Laws.

  • Netdocuments in the United States

We use a document management system called NetDocuments to store some of our client files and this may include Your Data.  NetDocuments is operated by NetVoyage Corporation in the United States.  NetVoyage Corporation participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework.  Transfers of Personal Data to NetDocuments in the United States are therefore made subject to appropriate safeguards in accordance with the Applicable Local Laws and the GDPR. To learn more about the Privacy Shield Frameworks, visit the U.S. Department of Commerce’s Privacy Shield website: https://www.privacyshield.gov/welcome.  NetDocuments’s privacy policy can be viewed here.

Data Retention

MJ Hudson only keeps data for as long as is necessary to fulfil the purposes (as set out above) for which we collected it. Please note that, in Jersey and Guernsey, local law requires us to retain records for a period of 10 years and we may, therefore, retain Your Data for this period

MJ Hudson provide third party compliance services regulating firms on behalf of the Financial Conduct Authority and Commission de Surveillance du Secteur Financier, as well as fund management, administration and operation services (Fund Management Solutions). Fund Management Solutions are provided by MJ Hudson Fund Management Limited (FRN: 193171) and MJ Hudson Advisers Limited (FRN: 692447) in the UK, and MJ Hudson Management S.A. (CSSF ID: A00002036) in Luxembourg.

The kind of information we hold about you

If you engage us to provide Fund Management Solutions to you, we may collect, store, and use the following categories of Personal Data about you:

  • name;
  • business postal address;
  • residential address;
  • business email address;
  • telephone number;
  • date of birth;
  • nationality;
  • job title;
  • fax number;
  • mobile telephone number;
  • copy of your passport or other form of photographic ID;
  • corporate Bank Details;
  • source of wealth and source of funds;
  • FCA registration number (if applicable);
  • list of directorships;
  • employment history;
  • criminal convictions;
  • credit reports/ratings;
  • whether you are a politically exposed persons;
  • whether you are on a sanctioned or watch list; and
  • other information about you which you may provide to us in the course of us providing Fund Management Solutions.

Note that, in certain circumstances, the information we hold about you may include Special Category Data (as defined in the GDPR), including data which reveals your ethnicity, your political opinions, your health or your criminal convictions

How Your Data is collected

We collect Your Data from the following sources:

  • directly from you during our client inception and on-boarding process and our ongoing client relationship;
  • background check providers, from which we collect the following categories of data:
    • whether you are on a sanctioned or watch list;
    • details of criminal convictions;
    • whether you are a politically exposed persons; and
    • a credit report.
  • Companies House or other local public company registers, as applicable; and
  • other service providers to you, such as your company’s administrator, who may provide us with copies of your passport or other ID.

What we use Your Data for

We use Your Data for the following purposes:

  • in order to provide Fund Management Solutions pursuant to our contract with you;
  • in order to comply with our legal obligation such as to carry out Anti-Money Laundering Checks on our clients and to comply with our obligations to the Financial Conduct Authority;
  • in order to provide marketing communications to you (but only where we have obtained your consent to do so). Please see here for further details of how we use your data for marketing purposes;
  • for our legitimate business interests such as for internal record keeping purposes or to manage our client relationship with you;

Any Special Category Data we hold about you will only be processed so far as necessary in order to comply with our legal requirements.

Who we share Your Data with

We will never sell Your Data and we will only disclose Your Data to other parties where necessary in order to provide our services or where we are legally obliged to do so.  Details of the organisations we may share Your Data with are set out below:

  • MJ Hudson Group Companies

We may share Your Data with other members of MJ Hudson for the purposes set out in this Policy.  All members of MJ Hudson will process Your Data in accordance with this Privacy Policy and subject to the requirements of  Applicable Local Laws or the GDPR, as applicable.

  • Your other advisors, service providers or fund investors

It is sometimes necessary to share information, including Your Data, with third parties who are providing you with advice or other professional services ancillary to the services we are providing.  For example, if we are providing services to a fund, we may share certain information with the fund, the investors, the fund administrator, fund auditor,  fund manager, bank or depository, in order to provide our services or to permit them to provide theirs.

  • Third party service providers

We use carefully selected third parties to provide certain services to us, such as our IT Infrastructure or document management systems. By the nature of the service they provide, some such third party service providers may have limited access to Your Data for support purposes.  All of our service providers have entered into contracts which contain strict confidentiality and data processing provisions.  A full list of all of the third party service providers we use is available on request

  • Background Check providers

As detailed under paragraph 2.2 above, we may obtain certain personal data about you from third party background check providers.  In order to obtain such information we need to share some of Your Data with those background check providers.  We have data processing agreements with all background check providers with whom we share personal data.

  • Auditors

We may need to share limited information regarding our clients with our auditors, including, in some instances, Your Data.  Our auditors are subject to strict confidentiality provisions in their contract with us.

  • Regulatory Bodies/Government Agencies

We may disclose Your Data to certain regulatory bodies or government agencies where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose Your Data where such disclosure is necessary for the establishment, exercise or defence of legal claims.

In relation to any other categories of recipients not listed above, we will only disclose your information in the following circumstances:

  • where you have given your consent;
  • where it is necessary for the purpose of, or in connection with legal proceedings or in order to exercise or defend legal rights; and
  • if we sell our company, go out of business, or merge with another company.

International Transfers

In certain circumstances, we may transfer Your Data to countries outside the EEA, which may not adhere to the same levels of data protection to which countries within the EEA are subject.  Any such transfers are, at all times, made in accordance with the Applicable Local Laws and the GDPR.  Details of the circumstances and mechanisms in place to ensure compliance are set out below:

  • MJ Hudson Group Companies in the Channel Islands and South Africa

We have offices in Jersey and Guernsey in the Channel Islands.  Our central servers are also located in Jersey. The European Commission has ruled that both Jersey and Guernsey offer adequate levels of data protection in their domestic legislation and transfers to these jurisdictions are, therefore, permitted under the Applicable Local Laws and GDPR.

We also have an office in South Africa.  All Personal Data used by this office is held on MJ Hudson’s central servers located in Jersey.

  • Your other advisors

In some instances, you may have instructed other lawyers or advisors who are based outside the EEA and who we need to share information with, in order to provide our services to you. In these circumstances, we ensure that any personal data transferred is limited to that which is required for us to perform our contract with you and the transfer is made in accordance with the GDPR and/or Applicable Local Laws.

  • Sharepoint in the United States

We use Sharepoint to store some of our client files and this may include Your Data.  Sharepoint is operated by Microsoft in the United States.  Microsoft participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework.  Transfers of Personal Data to Sharepoint in the United States are therefore made subject to appropriate safeguards in accordance with the Applicable Local Laws and the GDPR. We have also put in place a Data Processing Agreement based on the Standard Contractual Clauses approved by the European Commission to provide enhanced protection for Your Data. To learn more about the Privacy Shield Frameworks, visit the U.S. Department of Commerce’s Privacy Shield website: https://www.privacyshield.gov/welcome.  Microsoft’s privacy policy can be viewed here.

  • Sterling Talent Solutions in Canada and the United States

We use Sterling Talent Solutions UK Limited (Sterling) as a background check service provider. Sterling stores personal data in Canada and the United States.

The European Commission has ruled that Canada offers adequate levels of data protection in their domestic legislation and transfers to these jurisdictions are, therefore, permitted under the GDPR and Applicable Local Laws.

Sterling’s US entities, Sterling Infosystems Inc. and its U.S. affiliates and subsidiaries, participate in and have certified their compliance with the EU-U.S. Privacy Shield Framework.  Transfers of Personal Data to Sterling in the United States are therefore made subject to appropriate safeguards in accordance with the Applicable Local Laws and the GDPR. Sterling’s privacy can be viewed here.

Data Retention

MJ Hudson only keeps data for as long as is necessary to fulfil the purposes (as set out above) for which we collected it. Please note that, in Jersey and Guernsey, local law requires us to retain records for a period of 10 years and we may, therefore, retain Your Data for this period.

MJ Hudson’s International Administration team provide trust and corporate services or investment management and administration services (International Administration Services). International Administration Services are provided by MJ Hudson Fiduciaries Limited (GFSC reference 2265283 Data Protection reference 54017), MJ Hudson Fund Management Guernsey Limited (GFSC reference 2293292 Data Protection reference 58843), Tower Managers Limited (GFSC reference 2291851 Data Protection reference 58853), Tower Gate GP II Limited, VFS Trustees Limited (GFSC reference 2265380  Data Protection reference 54017), VFS Nominees Limited (GFSC reference 2265383 Data Protection reference 54017), VFS Directors 1 Limited (GFSC reference 2265378  Data Protection reference 54017) and VFS Directors 2 Limited (GFSC reference 2265379 Data Protection reference 54017).   If you engage us to provide trust and corporate services or investment management and administration services to you, we may collect, store, and use the following categories of Personal Data about you:

The kind of information we hold about you

If you engage us to provide International Administration Services to you, we may collect, store, and use the following categories of Personal Data about you:

  • contact details (including names, postal and email addresses, telephone numbers and website URL)
  • information required for MJ Hudson to meet legal and regulatory requirements in particular in respect of anti-money laundering legislation, including identification data (date and place of birth, nationality, identity number, copies of your passport or other identification document), and information regarding source of funds and source of wealth and beneficial ownership disclosure requirements
  • information required for MJ Hudson to meet its reporting obligations for example: tax reporting including tax status, tax number, tax residency and financial information
  • information required for us to provide the services including financial information to process payments, background information including employment details and details of dependents
  • any other information you may provide to us

We may also collect, store and use Special Category Data including:

  • information about your race or ethnicity, religious beliefs, sexual orientation and political opinions
  • information about your health, including any medical condition, health and sickness records
  • data relating to a person’s criminal record or alleged criminal activity

Special Category Data requires a higher level of protection and will only be processed where we have received explicit consent or the processing is necessary for compliance with a legal obligation.

How Your Data is collected

The sources of Your Data may include clients, data subjects directly, introducers, intermediaries, advisers, third parties connected to the data subject (for example: family member, employer or another service provider who provides services to the data subject) or open-source material.

We collect personal data via the completion of forms provided to you and completed by you, from documents provided including due diligence documents, from correspondence including email, from meetings and telephone conversations.

We will collect personal data throughout the course of our business relationship or while we provide services to clients connected to you.

What we use Your Data for

We use Your Data for the following purposes.  This table also confirms the lawful basis we are relying on in each case:

Purpose Lawful Basis for Processing
To provide trust, corporate and foundation management and administration services including bookkeeping and accounting services The legitimate interests of MJ Hudson as a provider of trust, foundation and corporate management and administration services.

 

The legitimate interests of MJ Hudson’s clients and their underlying and connected persons.

 

To provide investment management and administration services including registrar services The legitimate interests of MJ Hudson as a provider of investment management and administration services.

 

The legitimate interests of MJ Hudson’s clients and their underlying and connected persons.

To administer any contract we have entered into with you or where a party related to an entity for which we are contracted to provide services To fulfil the contract we have entered into.
Making arrangements for the termination of our business relationship The legitimate interests of MJ Hudson to seek to ensure that business relationships are terminated efficiently and effectively
To manage our client, intermediary and other business relationships The legitimate interests of MJ Hudson to seek to ensure that its business is conducted efficiently and with a view to enhancing business services
To obtain legal and/or tax advice or representation The legitimate interests of MJ Hudson and its clients to ensure that it is able to engage relevant tax or legal advisers and/or representation
To ensure the security of MJ Hudson systems and staff and prevent fraud The legitimate interest of MJ Hudson in protecting its systems and staff from being misused or the victim of criminal activity
To meet all legal and regulatory obligations applicable to MJ Hudson including in respect of managing conflicts of interest The legitimate interests of MJ Hudson as a financial services provider to process data to the extent necessary to meet all legal and regulatory obligations incumbent on it

 

The processing is necessary for compliance with a  legal obligation to which MJ Hudson is subject for example: relevant anti-money laundering and countering the financing of terrorism legislation

To provide marketing communications to you Where consent has been provided. Please see here  for further details of how we use your data for marketing purposes.

Any Special Category Data we hold about you will only be processed so far as necessary in order to comply with our legal requirements.

The data sought will vary and the purposes for processing will overlap depending on the type of services provided

Who we share Your Data with

We share information with third parties including third party service providers where required by law, where it is necessary to administer our business relationship, where it is necessary for us to provide the services to you or where we have another legitimate interest in doing so.

The following are potential recipients of personal data (in each case including respective employees, director and officers):

  • sub-contractors, agents, consultants or service providers such as insurance brokers, compliance, IT firms or other professional advisers of MJ Hudson or its clients and their clients and associated parties;
  • other parts of MJ Hudson where it is relevant for the services we are providing to you. A full list of all MJ Hudson group entities and affiliates is available on the Group Privacy Policy page of our Websites;
  • bankers, auditors, accountants, investment brokers, managers or advisers, legal and other professional advisers;
  • company formation agencies and registries;
  • land or property agents and registries;
  • Guernsey and overseas regulators, or other government or supervisory body and tax authorities when required by law; and
  • law enforcement agencies where considered necessary for MJ Hudson to fulfil legal obligations applicable to it.

When we engage a third party to process your personal data, we will require them to process your personal data in accordance with our instructions and protect the data against unauthorised or accidental use, access, disclosure, loss or destruction. We do not allow them to use your personal data for their own purposes.  They will only be permitted to process your personal data for a specified purpose and in accordance with our instructions.  Where they no longer need to your personal data to fulfil the contract, they will need to transfer the data back to us and/or destroy or delete any data held by them.

International Transfers

In the event any of the third parties detailed above are outside of Guernsey and the EU and where we are transferring personal data which would be protected under Applicable Local Law or GDPR we will ensure that we meet the relevant requirements prior to carrying out such a transfer.  This may include only transferring the data where we are satisfied that:

  • the non-European Union country has Data Protection laws similar to the Laws in Guernsey and the European Union
  • the recipient has agreed through contract to protect the information to the same Data Protection standards as Guernsey and the European Union
  • we have obtained consent from the relevant data subjects to the transfer, or
  • if transferred to the United States of America, the transfer will be to organisations that are part of the Privacy Shield.

Data Retention

MJ Hudson only keeps data for as long as is necessary to fulfil the purposes (as set out above) for which we collected it. Details of retention periods for different aspects of your personal data is available in our retention policy which is available on request using the contact details set out at the beginning of this policy.  To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential for harm from unauthorised use or disclosure of the data, the purposes for which we process the personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Once our business relationship ends, we will retain and securely destroy your personal data in accordance with our record retention and destruction policy, applicable legislation and/or regulatory requirements.

 

 

MJ Hudson’s Investment Advisory team operates under the MJ Hudson Allenbridge name.  MJ Hudson Allenbridge provide independent investment advisory, consulting, analytical, due diligence, governance,  and investment research, introductions, and execution-only brokerage services (“Investment Advisory Services”).

The kind of information we hold about you

If you engage us to provide Investment Advisory Services to you, we may collect, store, and use the following categories of Personal Data about you:

  • name;
  • postal address;
  • email address;
  • telephone number;
  • IP address;
  • date of birth/age;
  • job title;
  • company;
  • information about your professional and educational background and experience;
  • copy of your passports or other form of photographic ID;
  • corporate bank details;
  • criminal convictions;
  • whether you are a politically exposed persons;
  • whether you are on a sanctioned or watch list;
  • other information about you which you or other controllers of your personal data may provide to us in the course of us providing Investment Advisory Services.

Note that, in certain circumstances, the information we hold about you may include Special Category Data (as defined in the GDPR), including data which reveals your ethnicity, your political opinions, your health or your criminal convictions

How Your Data is collected

We collect Your Data from the following sources:

  • directly from you during our client inception and on-boarding and our ongoing client relationship;
  • background check providers, from which we collect the following categories of data:
    • whether you are on a sanctioned or watch list;
    • details of criminal convictions; and
    • whether you are a politically exposed persons
  • Companies House or other local public company registers, as applicable; and
  • your employer or agent;
  • references you have provided;
  • administrative sources such as receiving agents and custodians (if we provide you with execution only services;
  • proprietary database system, such as AdvantageIQ;
  • other business contacts who may refer you to us; and
  • third party/publicly available sources such as Smart Search AML, Blue Book, Bloomberg, Alternative Soft, your company’s website, trade websites and LinkedIn.

What we use Your Data for

We use Your Data for the following purposes:

  • in order to provide Investment Advisory Services pursuant to our contract with you;
  • in order to comply with our legal obligations such as to carry out Anti-Money Laundering Checks on our clients;
  • in order to provide marketing communications to you (but only where we have obtained your consent to do so). Please see here  for further details of how we use your data for marketing purposes; and
  • for our legitimate business interests such as for internal record keeping purposes or to manage our client relationship with you.

Any Special Category Data we hold about you will only be processed so far as necessary in order to comply with our legal requirements.

Who we share Your Data with

We will never sell Your Data and we will only disclose Your Data to other parties where necessary in order to provide our services or where we are legally obliged to do so.  Details of the organisations we may share Your Data with are set out below:

  • MJ Hudson Group Companies

We may share Your Data with other members of MJ Hudson for the purposes set out in this Policy.  All members of MJ Hudson will process Your Data in accordance with this Privacy Policy and subject to the requirements of  Applicable Local Laws or the GDPR, as applicable.

  • Your other advisors or service providers

It is sometimes necessary to share information, including Your Data, with third parties who are providing you with advice or other professional services ancillary to the Investment Advisory Services we are providing.  For example, if we are providing Investment Advisory Services to a pension fund, we may share certain information with the trustees of the fund, in order to provide our services or to permit them to provide theirs. We may also share the results of our reports (which may contain personal data) with certain third parties with whom you (or your company) authorise us to share such data.

  • Consultants and our Senior Advisors

We use consultants and Senior Advisors to provide certain of our services to our Investment Advisory clients. These consultants and Senior Advisors are not employees of MJ Hudson and are, therefore, considered third party processors for the purposes of the GDPR and/or Applicable Local Laws but they are subject to the same policy and procedure requirements as all of our staff in relation to how they handle personal data.

  • Third party service providers

We use carefully selected third parties to provide certain services to us, such as our IT Infrastructure or document management systems. By the nature of the service they provide, some such third party service providers may have limited access to Your Data for support purposes.  All of our service providers have entered into contracts which contain strict confidentiality and data processing provisions.  A full list of all of the third party service providers we use is available on request

  • Auditors

We may need to share limited information regarding our clients with our auditors, including, in some instances, Your Data.  Our auditors are subject to strict confidentiality provisions in their contract with us.

  • Regulatory Bodies/Government Agencies

We may disclose Your Data to certain regulatory bodies or government agencies where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose Your Data where such disclosure is necessary for the establishment, exercise or defence of legal claims.

In relation to any other categories of recipients not listed above, we will only disclose your information in the following circumstances:

  • where you have given your consent;
  • where it is necessary for the purpose of, or in connection with legal proceedings or in order to exercise or defend legal rights; and
  • if we sell our company, go out of business, or merge with another company.

International Transfers

In certain circumstances, we may transfer Your Data to countries outside the EEA, which may not adhere to the same levels of data protection to which countries within the EEA are subject.  Any such transfers are, at all times, made in accordance with the Applicable Local Laws and the GDPR.  Details of the circumstances and mechanisms in place to ensure compliance are set out below:

  • MJ Hudson Group Companies in the Channel Islands and South Africa

We have offices in Jersey and Guernsey in the Channel Islands.  Our central servers are also located in Jersey. The European Commission has ruled that both Jersey and Guernsey offer adequate levels of data protection in their domestic legislation and transfers to these jurisdictions are, therefore, permitted under the Applicable Local Laws and GDPR.

We also have an office in South Africa.  All Personal Data used by this office is held on MJ Hudson’s central servers located in Jersey.

  • Your other advisors

In some instances, you may have instructed other lawyers or advisors who are based outside the EEA and who we need to share information with, in order to provide our services to you. In these circumstances, we ensure that any personal data transferred is limited to that which is required for us to perform our contract with you and the transfer is made in accordance with the GDPR and/or Applicable Local Laws.

  • Sharepoint in the United States

We use Sharepoint to store some of our client files and this may include Your Data.  Sharepoint is operated by Microsoft in the United States.  Microsoft participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework.  Transfers of Personal Data to Sharepoint in the United States are therefore made subject to appropriate safeguards in accordance with the Applicable Local Laws and the GDPR. We have also put in place a Data Processing Agreement based on the Standard Contractual Clauses approved by the European Commission to provide enhanced protection for Your Data. To learn more about the Privacy Shield Frameworks, visit the U.S. Department of Commerce’s Privacy Shield website: https://www.privacyshield.gov/welcome.  Microsoft’s privacy policy can be viewed here.

  • MailChimp

We use MailChimp to provide marketing automation services in relation to our MJ Hudson Allenbridge subscribers. If you subscribed through our MJ Hudson Allenbridge website or have consented to MJ Hudson Allenbridge using Your Data to send you marketing communications, Your Data may be transferred to MailChimp’s servers in the United States.  The company that operates MailChimp, The Rocket Science Group LLC, participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework. Transfers of Personal Data to MailChimp in the United States are therefore made subject to appropriate safeguards in accordance with the GDPR and/or Applicable Local Laws. MailChimp’s privacy policy can be viewed here.

  • GSuite

We use Google’s GSuite to provide some marketing automation services in relation to our MJ Hudson Allenbridge subscribers.  If you subscribed through our MJ Hudson Allenbridge website or have consented to MJ Hudson Allenbridge using Your Data to send you marketing communications, Your Data may be transferred to Google’s servers in the Americas or Asia. Google, (including Google LLC and its wholly-owned US subsidiaries) participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework.  Transfers of Personal Data to Google in the United are therefore made subject to appropriate safeguards in accordance with the GDPR and/or Applicable Local Laws. We are also in the process of putting in place a Data Processing Agreement based on the Standard Contractual Clauses approved by the European Commission to provide enhanced protection for Your Data. Google’s privacy policy can be viewed here.

 

 

MJ Hudson provides investor relationship and marketing solutions including perception studies, advice in relation to fundraising and marketing materials, branding and communications (IR & Marketing Solutions).

The kind of information we hold about you

If you engage us to provide IR & Marketing Solutions to you, we may collect, store, and use the following categories of Personal Data about you:

  • name;
  • business postal address;
  • business email address;
  • telephone number;
  • date of birth/age;
  • job title;
  • company;
  • corporate bank details;
  • whether you are a politically exposed persons;
  • whether you are on a sanctioned or watch list;
  • other information about you which you may provide to us in the course of us providing IR & Marketing Solutions.

Note that, in certain circumstances, the information we hold about you may include Special Category Data (as defined in the GDPR), including data which reveals your ethnicity, your political opinions, your health or your criminal convictions

How Your Data is collected

We collect Your Data from the following sources:

  • directly from you during our client inception and on-boarding process and our ongoing client relationship;
  • background check providers, from which we collect the following categories of data:
    • whether you are on a sanctioned or watch list;
    • details of criminal convictions; and
    • whether you are a politically exposed persons
  • publicly available sources such as electronic databases and lists.
  • What we use Your Data for

We use Your Data for the following purposes:

  • in order to provide IR & Marketing Solutions pursuant to our contract with you;
  • in order to provide marketing communications to you (but only where we have obtained your consent to do so). Please see here  for further details of how we use your data for marketing purposes; and
  • for our legitimate business interests such as for internal record keeping purposes or to manage our client relationship with you.

Any Special Category Data we hold about you will only be processed so far as necessary in order to comply with our legal requirements.

Who we share Your Data with

We will never sell Your Data and we will only disclose Your Data to other parties where necessary in order to provide our services or where we are legally obliged to do so.  Details of the organisations we may share Your Data with are set out below:

  • MJ Hudson Group Companies

We may share Your Data with other members of MJ Hudson for the purposes set out in this Policy.  All members of MJ Hudson will process Your Data in accordance with this Privacy Policy and subject to the requirements of  Applicable Local Laws or the GDPR, as applicable.

  • Third party service providers

We use carefully selected third parties to provide certain services to us, such as our IT Infrastructure or document management systems. By the nature of the service they provide, some such third party service providers may have limited access to Your Data for support purposes.  All of our service providers have entered into contracts which contain strict confidentiality and data processing provisions.  A full list of all of the third party service providers we use is available on request

  • Auditors

We may need to share limited information regarding our clients with our auditors, including, in some instances, Your Data.  Our auditors are subject to strict confidentiality provisions in their contract with us.

  • Regulatory Bodies/Government Agencies

We may disclose Your Data to certain regulatory bodies or government agencies where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose Your Data where such disclosure is necessary for the establishment, exercise or defence of legal claims.

In relation to any other categories of recipients not listed above, we will only disclose your information in the following circumstances:

  • where you have given your consent;
  • where it is necessary for the purpose of, or in connection with legal proceedings or in order to exercise or defend legal rights; and
  • if we sell our company, go out of business, or merge with another company.

International Transfers

In certain circumstances, we may transfer Your Data to countries outside the EEA, which may not adhere to the same levels of data protection to which countries within the EEA are subject.  Any such transfers are, at all times, made in accordance with the Applicable Local Laws and the GDPR.  Details of the circumstances and mechanisms in place to ensure compliance are set out below:

  • MJ Hudson Group Companies in the Channel Islands and South Africa

We have offices in Jersey and Guernsey in the Channel Islands.  Our central servers are also located in Jersey. The European Commission has ruled that both Jersey and Guernsey offer adequate levels of data protection in their domestic legislation and transfers to these jurisdictions are, therefore, permitted under the Applicable Local Laws and GDPR.

We also have an office in South Africa.  All Personal Data used by this office is held on MJ Hudson’s central servers located in Jersey.

  • Your other advisors

In some instances, you may have instructed other advisors or service providers who are based outside the EEA and who we need to share information with, in order to provide our services to you. In these circumstances, we ensure that any personal data transferred is limited to that which is required for us to perform our contract with you and the transfer is made in accordance with the GDPR and/or Applicable Local Laws.

  • SurveyMonkey in the United States

We use SurveyMonkey to carry out our online surveys.  SurveyMonkey stores survey data on its servers in the United States.  If you participate in one of our surveys, your personal data will be transferred to the United States.  SurveyMonkey Inc. (and its subsidiary company, Infinity Box Inc.) participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework.  Transfers of Personal Data to SurveyMonkey in the United are therefore made subject to appropriate safeguards in accordance with the GDPR and Applicable Local Laws. We have also put in place a Data Processing Agreement based on the Standard Contractual Clauses approved by the European Commission to provide enhanced protection for Your Data. To learn more about the Privacy Shield Frameworks, visit the U.S. Department of Commerce’s Privacy Shield website: https://www.privacyshield.gov/welcome.  SurveyMonkey’s privacy policy can be viewed here.

We may also transfer Your Data to such other service providers as may be necessary for the execution of the work you have contracted us to perform. In these circumstances, we ensure that any personal data transferred is limited to that which is required for us to perform our contract with you and the transfer is made in accordance with the GDPR and/or Applicable Local Laws.

You are being sent a copy of this privacy notice because you are applying for work with us (whether as an employee, worker or contractor).

“Personal data” means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

For the purposes of the GDPR and Applicable Local Laws, MJH Group Holdings Limited is the “data controller” in relation to your personal data.  This means that we are responsible for deciding how we hold and use personal information about you.

If you have any queries regarding this policy or complaints about our use of your personal Data, please contact us at data-processing@mjhudson.com or at the address below and we will do our best to deal with your complaint or query as soon as possible.

 

MJ Hudson

8 Old Jewry,

London

EC2R 8DN

FAO: Data Processing

We will comply with data protection law and principles, which means that your data will be:

  • Used lawfully, fairly and in a transparent way.
  • Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
  • Relevant to the purposes we have told you about and limited only to those purposes.
  • Accurate and kept up to date.
  • Kept only as long as necessary for the purposes we have told you about.
  • Kept securely.

In connection with your job application, we will collect, store, and use the following categories of personal information about you:

  • the information you have provided to us in your curriculum vitae (CV) and covering letter;
  • the information you have provided on our application form, including name, title, address, telephone number, personal email address, employment history, education history, qualifications, and employment references;
  • any information you provide to us during an interview;
  • the results of any tests we ask you to undertake and
  • documentation relating to your right to work in the jurisdiction in which the job is located including a copy of your passport or driving licence.
  • We may also collect, store and use the following “special categories” of more sensitive personal information:
  • Information about your race or ethnicity, religious beliefs, sexual orientation and political opinions.
  • Information about your health, including any medical condition, health and sickness records.
  • Information about criminal convictions and offences.

We collect data about you in a variety of ways including directly from you by way of the information you include in your CV or job application cover letter and notes made by our recruitment team during a recruitment interview.  Other details may be collected directly from you in the form of official documentation such as your driving licence, passport or other right to work evidence. In some cases, we will collect data about you indirectly from the following sources:

  • recruitment agencies;
  • your named referees;
  • background check providers; and
  • credit reference agencies.
  • Personal data is kept in personnel files or within the Company’s HR and IT systems.

We will use the personal information we collect about you to:

  • assess your skills, qualifications, and suitability for the role you are applying to;
  • carry out background and reference checks, where applicable;
  • communicate with you about the recruitment process;
  • keep records related to our hiring processes; and
  • comply with legal or regulatory requirements.

Once you submit your CV and covering letter and/or application form and test (where applicable) we will then process that information to decide whether you meet the basic requirements to be shortlisted for the role. If you do, we will decide whether your application is strong enough to invite you for an interview. If we decide to call you for an interview, we will use the information you provide to us at the interview to decide whether to offer you the role. If we decide to offer you the role, we will then take up references and/or carry out a criminal record checks.  We may also carry out other checks if necessary before confirming your appointment.

The law on data protection allows us to process your data for certain reasons only:

  • in order to perform a contract that we are party to;
  • in order to carry out legally required duties;
  • in order for us to carry out our legitimate interests;
  • to protect your interests; and
  • where something is done in the public interest.

We need to collect your personal data to ensure we are complying with legal requirements such as:

  • carrying out checks in relation to your right to work in the UK and
  • making reasonable adjustments for disabled employees.

 

We also process personal data so that we can carry out activities which are in our legitimate interests . We have set these out below:

  • making decisions about who to offer employment to;
  • making decisions about salary and other benefits;
  • assessing training needs; and
  • dealing with legal claims made against us.

If you are unsuccessful in obtaining employment, we may seek your consent to retain your personal data in case other suitable job vacancies arise within MJ Hudson for which we think you may wish to apply. You are free to withhold your consent to this and there will be no consequences for withholding consent.

We will use your particularly sensitive personal information in the following ways:

  • we will use information about your disability status to consider whether we need to provide appropriate adjustments during the recruitment process, for example whether adjustments need to be made during a test or interview;
  • we may use information about your race or national or ethnic origin, religious, philosophical or moral beliefs, trade union membership, or your sexual life or sexual orientation, to ensure meaningful equal opportunity monitoring and reporting.
  • genetic and biometric data for job applicants on a Tier 2 visa.

We do not need your consent if we use special categories of personal data in order to carry out our legal obligations or exercise specific rights under employment law. However, we may ask for your consent to allow us to process certain particularly sensitive data. If this occurs, you will be made fully aware of the reasons for the processing. As with all cases of seeking consent from you, you will have full control over your decision to give or withhold consent and there will be no consequences where consent is withheld. Consent, once given, may be withdrawn at any time. There will be no consequences where consent is withdrawn.

We will only collect criminal conviction data where it is appropriate given the nature of your role and where the law permits us. We will collect information about your criminal convictions history if we make you a job offer role (conditional on checks and any other conditions, such as references, being satisfactory). We are required to carry out a criminal records check in order to satisfy ourselves that there is nothing in your criminal convictions history which makes you unsuitable for the role. In particular we are legally required by the Solicitors Regulatory Authority and the Financial Conduct Authority to carry out criminal record checks for certain roles within the Company.

We have in place an appropriate policy document and safeguards which we are required by law to maintain when processing such data.

One of the reasons for processing your data is to allow us to carry out an effective recruitment process. Whilst you are under no obligation to provide us with your data, we may not able to process, or continue with (as appropriate), your application.

You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.

Why might we share your personal information with third parties?

We will only share your personal information with the following third parties for the purposes of processing your application:

  • Background check providers;
  • Other entities within the MJ Hudson group of entities;
  • Recruitment agencies
  • Hosted software providers (our HR system is hosted by an external provider, for example);
  • Contractors/consultants providing HR services to MJ Hudson
  • Third party service providers (for example, IT services).

All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

We may transfer the personal data we collect about you to the following countries outside the EU during the course of the application process:

  • Jersey

This is where our IT servers are located and your personal data will, therefore, be stored and processed in Jersey.  There is an adequacy decision by the European Commission in respect of Jersey. This means that it is deemed to provide an adequate level of protection for your personal data.

  • Guernsey

We have group entities in Guernsey and, whilst technical and organisational measures are in place to ensure that employee personal data is not accessed by anyone who does not strictly need it, it is possible that your personal data will be transferred to Guernsey (for example, if you are sent on secondment there).  There is an ‘adequacy decision’ in place from the European Commission in respect of Guernsey, which means that it is deemed to provide an adequate level of protection for your personal data.

  • South Africa

We have a group entity in South Africa.  While it is extremely unlikely your personal data would be transferred out of our central IT system, hosted in Jersey, we have nonetheless put in place a data processing agreement which contains contractual safeguards (in the form of the Standard Contractual Clauses approved by the European Commission) to ensure your personal data is protected in accordance with the law.

  • United States

Some of our third-party service providers, such as NetVoyage Corporation who operate NetDocuments and Microsoft Corporation who operate Sharepoint, are located in the United States.  All transfers of personal data to service providers in the Unites States are made on the basis of adequate safeguards in accordance with the law, either in the form of the ‘EU-US Privacy Shield’ or the Standard Contractual Clauses approved by the European Commission. To learn more about the Privacy Shield Frameworks, visit the U.S. Department of Commerce’s Privacy Shield website: https://www.privacyshield.gov/welcome.

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

How long will you use my information for?

We will retain your personal information for the period of time required in order to assess your application plus a further period of 9 (nine) months after the position for which you applied has been filled. We retain your personal information for that period so that we can show, in the event of a legal claim, that we have not discriminated against candidates on prohibited grounds and that we have conducted the recruitment exercise in a fair and transparent way. After this period, we will securely destroy your personal information in accordance with our data retention policy and applicable laws and regulations.

If we wish to retain your personal information on file, on the basis that a further opportunity may arise in future and we may wish to consider you for that, we will write to you separately, seeking your explicit consent to retain your personal information for a fixed period on that basis.

If your application is successful, your data will be kept and transferred to the systems we administer for employees. We have a separate privacy notice for employees, which will be provided to you following signature of your employment contract (or other contract, as relevant).

Your rights in connection with personal information

Under certain circumstances, by law you have the right to:

  • Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
  • Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
  • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your personal information to another party.
  • Lodge a complaint regarding our processing of your personal information. You may lodge a complaint with any supervisory authority in the EU. The relevant supervisory authorities for the UK, Jersey, Guernsey and Luxembourg are set out below and their website’s contain the relevant contact details:

United Kingdom – the Information Commissioner’s Office whose contact details can be found on their website which can be viewed here – https://ico.org.uk/

Jersey – the Office of the Information Commissioner whose contact details can be found on their website which can be viewed here – https://oicjersey.org/

Guernsey – the Office of the Guernsey Data Protection Commissioner whose contact details can be found on their website which can be viewed here -https://dataci.gg/

Luxembourg – the National Commission for Data whose contact details can be found on their website which can be viewed here – https://cnpd.public.lu/en.html.

If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact us using the contact details at the beginning of this policy.

In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact using the contact details set out at the beginning of this policy. Once we have received notification that you have withdrawn your consent, we will no longer process your personal data for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

Please refer to the privacy policy set out in your employee handbook for information on how we protect Personal Data relating to our employees and contractors.

Company Name Location Safeguard
Infomain (Pty) Ltd South Africa Standard Contractual Clauses
MJ Hudson Advisers Limited England N/A
MJ Hudson Allenbridge Holdings Limited England N/A
MJ Hudson Corporate Services Limited England N/A
MJ Hudson Fiduciaries Limited Guernsey Adequacy Decision by the European Commission
MJ Hudson Fund Management Guernsey Limited Guernsey Adequacy Decision by the European Commission
MJ Hudson Fund Management Limited England N/A
MJ Hudson Holdco Limited England N/A
MJ Hudson Investment Advisers Limited England N/A
MJ Hudson Investment Consulting Limited England N/A
MJ Hudson Investment Solutions Limited England N/A
MJ Hudson IQ Limited England N/A
MJ Hudson Limited England N/A
MJ Hudson Management S.A., Luxembourg N/A
MJ Hudson Services (Jersey) Limited Jersey Adequacy Decision by the European Commission
MJH Group Finance Limited Jersey Adequacy Decision by the European Commission
MJH Group Holdings Limited Jersey Adequacy Decision by the European Commission
MJH Services (Guernsey) Limited Guernsey Adequacy Decision by the European Commission
TG Far Blue II LP England N/A
TGC Investments Limited England N/A
Tower Gate Capital Limited England N/A
Tower Gate Guernsey GP II Limited Guernsey Adequacy Decision by the European Commission
Tower Gate Guernsey GP Limited Guernsey Adequacy Decision by the European Commission
Tower GP Scotland Limited Scotland N/A
Tower Managers Limited Guernsey Adequacy Decision by the European Commission
Verras Professional Services Limited Jersey Adequacy Decision by the European Commission