If you are an UK resident, please see our UK Group Privacy Policy to learn about your rights under the UK GDPR.
MJH Group Holdings Limited, its subsidiaries and associated businesses (“MJ Hudson” and “we”) is committed to protecting your personal data and informing you of your rights in relation to that data.
MJ Hudson is registered as a data controller under the Data Protection (Charges and Information) Regulations 2018 (the 2018 Regulations). Our registration details can be found via the Information Commissioner’s Office Search Register link here.
One of our responsibilities as a data controller is to be transparent in our processing of your personal data and to tell you about the different ways in which we collect and use your personal data. MJ Hudson will process your personal data in accordance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (UK) and the Data Protection (Jersey) Law 2018 and Data Protection (Bailiwick of Guernsey) Law, 2017 (Applicable Local Laws) this privacy notice is issued in accordance with the GDPR Articles 13 and 14.
We may update our privacy policy at any time. The current version of our privacy policy can be found below, and we encourage you to check here regularly to review any changes.
For the purposes of the GDPR and Applicable Local Laws, MJ Hudson is the controller of your data. If you have any queries regarding this policy or complaints about our use of your data, please contact the data processing team at data-processing@mjhudson.com or at the address below and we will do our best to deal with your complaint or query as soon as possible.
MJ Hudson
1 Frederick’s Place
London
EC2R 8AE
FAO: The Data Privacy Manager
Personal data is defined in the GDPR as information relating to a live, identifiable individual. It can also include special categories of data, which is information about your racial or ethic origin, religious or other beliefs, physical or mental health, the processing of which is subject to strict requirements. Similarly information about criminal convictions and offences is also subject to strict requirements. “processing” means any operation which we carry out using your personal data, for example obtaining, storing, transferring or deleting.
We only process data for specified purposes and if it is justified in accordance with data protection law. Details of each processing purpose and its legal basis are given within each privacy notice listed below – please consult the notice relevant to your relationship with MJ Hudson.
Unless specific time periods are given in the relevant privacy notice, your data will be kept in line with our Divisional data retention policies, please refer to the Terms and Conditions within your engagement letter or agreement for further information.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
If you require more detailed advice on how long your data will be kept for, please contact the data processing team.
You have the following rights in relation to your personal data processed by us:
We will ensure you have sufficient information to ensure that you’re happy about how and why we’re handling your personal data, and that you know how to enforce your rights.
We will provide information in the form of privacy notices. You can read all of our privacy notices online.
You have a right to see all the information that we hold about you. Where data is held electronically in a structured form, such as in a database, you have a right to receive that data in a common electronic format that allows you to supply that data to a third party – this is called “data portability”.
To make a request for your own information please contact the data processing team.
If we are holding data about you that is incorrect, you have the right to have it corrected.
Please email any related request to the data processing team.
You can ask that we delete your data and where this is appropriate we will take reasonable steps to do so.
Please email any related request to the data processing team.
If you think there is a problem with the accuracy of the data we hold about you, or you are of the opinion that we are using data about you unlawfully, you can request that any current processing is suspended until a resolution is agreed.
Please email any related request to the data processing team.
You have a right to opt out of direct marketing.
You have a right to object to how we use your data if we do so on the basis of “legitimate interests” or “in the performance of a task in the public interest” or “exercise of official authority” (a privacy notice will clearly state this to you if this is the case). Unless we can show a compelling case why our use of your data is justified, we have to stop using your data in the way that you’ve objected to.
Please email any related request to the data processing team.
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making as we do not use automated decision-making.
If we are relying on your consent to process your data, you may withdraw your consent at any time.
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact the data processing team. Once we have received notification that you have withdrawn your consent, we consider your request and where applicable, will no longer process your personal data for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
For more information on your rights, if you wish to exercise any right, for any queries you may have or if you wish to make a complaint, please contact our Data Privacy Manager.
You have a right to complain to the supervisory authority about the way in which we process your personal data.
You may lodge a complaint with any supervisory authority regarding our processing of your personal data. The relevant supervisory authorities are set out below:
Where, in relation to any personal data, MJ Hudson is the data processor under the terms of the agreement, for example, when MJ Hudson provide perception studies for clients upon their request, the data is provided by the client and used solely for the purpose of conducting the perception study on behalf of the client, the following provisions will apply.
For the purposes of Article 28.3 of the GDPR the subject matter of the processing is as follows:
MJ Hudson shall:
We shall be liable in respect of any breach of our obligations under the agreement and/or data protection legislation with respect to the processing of personal data other than where such breach is caused by or results from an act or omission by the data controller. We shall fully and effectively indemnify the data controller for any claim brought by a data subject and/or any competent authority or body arising from any action or omission by us with respect to the processing of their personal data other than to the extent that such action or omission resulted from compliance with the data controllers instructions.
Your personal data is securely stored. Our emails are stored on a Microsoft server within the EU. All other personal data is stored in our London and the EU, namely France and Holland based servers.
MJ Hudson Spring B.V are based in the Netherlands and the limited amount of personal data that they do hold is held within secure servers based onsite. These will be integrated into the wider MJ Hudson technology infrastructure in due course.
Third parties will only process your personal information on our instructions and where they have agreed to treat the information confidentially and securely.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, altered, disclosed, used or accessed without authorisation. In addition, we restrict access to personal data to those employees, agents, contractors, consultants and other third parties who have a business need to access the personal data. They will only process personal data on our instructions and they are also subject to a duty of confidentiality.
We have in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally obliged to do so.
This privacy policy and notices do not form, and should in no way be construed as, a contract and no contractual rights or causes of action shall arise in relation to or consequence of the content of this notice.
We keep our privacy policy under constant review and may change it from time to time to reflect our practices or to remain compliant with relevant legislation. We will notify you of any material changes to our privacy policy, which may be via a notification on our Websites. Your continued use of our services, following the posting of changes to these terms, will mean you accept these changes.
This privacy policy was last updated in July 2020. Previous versions of the privacy policy can be provided on request from the data processing team.
Please consult the privacy notice below that best fits your relationship with MJ Hudson.
This privacy notice demonstrates how we handle the personal data you provide to us, or which we collect about you, in the following ways:
This statement does not apply to:
What we use your data for
The table below sets out the purposes for which we may process your data and the legal basis for the processing:
Type of Data | Purpose of Use | Legal Basis for Use |
Website user data
Marketing data Prospect data Supplier data Other data |
To keep you informed of any activities undertaken by us which we believe may be of interest to you and this use may include sending you email and postal marketing from time to time or requests to respond to a survey | Consent – this will be requested either when you submit your data to us or, if we have received your data indirectly, by way of an email sent prior to us sending you any marketing communications. |
Website user data
Website background data |
Website analytic purposes. For further details on the technology we use in order to analyse our Websites’ performance, please see our cookies policy here. | Consent – this will be obtained when you click on the banner at the top of our Websites to accept certain cookies.
Legitimate interest of MJ Hudson (see our cookies policy for further information) |
Website user data
Marketing data Prospect data |
To provide you with the newsletter(s) or information you have requested | Performance of a contract |
Your data | To respond to requests for information from regulated bodies or government agencies | Compliance with a legal obligation |
Website user data
Prospect data |
To respond to an enquiry you have submitted | Legitimate interest of MJ Hudson – it may be necessary for us to process your data in order to reply or respond to your enquiry |
Survey data | To gather and analyse information on the market for our internal purposes which may be used to publish a report | Consent – this will be requested when you submit Survey Data to us. |
Survey data | To provide perception study services to our clients | Performance of a contract |
Supplier data | To contact you regarding the service you or your employer is providing to us | Performance of a contract |
Who we share your data with
Please note that we may on occasion be required to share your information with the following categories of recipients:
We have taken steps to ensure that all such third party providers keep your data confidential and secure and only use it for the purposes that we have specified and have informed you of. Our service providers are subject to data processing agreements which have been, or are in the process of being, updated to become, compliant with the requirements set out in the GDPR and/or Applicable Local Laws. Further details regarding any third parties who are located outside the EEA are set out below.
In relation to any other third parties, we will only disclose your information in the following circumstances:
International Transfers
In certain circumstances, we may transfer your data to countries outside the EEA, which may not adhere to the same levels of data protection to which countries within the EEA are subject. Any such transfers are, at all times, made in accordance with the GDPR and/or Applicable Local Laws. Details of the circumstances and mechanisms in place to ensure compliance are set out below:
We have offices in Jersey, Guernsey and Switzerland. Our central servers are located in London. The European Commission has ruled that Jersey, Guernsey and Switzerland offer adequate levels of data protection in their domestic legislation and transfers to these jurisdictions are, therefore, permitted under the GDPR and/or Applicable Local Laws.
We also have operations in the USA and Canada, we have put in place our Group Standard Contractual Clauses between us and our American and Canadian employees to safeguard EU data subject’s rights under the GDPR. All personal data used by staff in these locations is held on MJ Hudson’s central servers located in London. Emails are stored securely within Londonbased Microsoft servers.
We use Think Systems UK Limited (t/a Think Studio) to host and manage our Websites and to provide us with marketing automation services. Think Studio is based in the United Kingdom but use Campaign Monitor Pty Limited, located in Australia, to provide our marketing automation services. If you have consented to us using Your data to send you marketing communications, Your data may be transferred to servers located in Australia. Any such transfer outside the EEA is made in accordance with the Standard Contractual Clauses approved by the European Commission. Think Studio’s privacy policy can be viewed here and Campaign Monitor’s privacy policy can be viewed
We use SurveyMonkey to carry out our online surveys. SurveyMonkey stores survey data on its servers in the United States. SurveyMonkey Inc. (and its subsidiary company, Infinity Box Inc.) participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework. Transfers of Personal Data to SurveyMonkey in the United States are therefore made subject to appropriate safeguards in accordance with the GDPR and/or Applicable Local Laws. We have also put in place a Data Processing Agreement based on the Standard Contractual Clauses approved by the European Commission to provide enhanced protection for Your data. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield website: https://www.privacyshield.gov/welcome. SurveyMonkey’s privacy policy can be viewed here.
We use DocSend to send and store some of our documents and this may include your data. DocSend is operated in the United States. DocSend participates in and has certified its compliance with both the EU-U.S. and the Swiss-U.S Privacy Shield Framework. Transfers of Personal Data to DocSend in the United States are therefore made subject to appropriate safeguards in accordance with the Applicable Local Laws and the GDPR. To learn more about the Privacy Shield Frameworks, visit the U.S. Department of Commerce’s Privacy Shield website: https://www.privacyshield.gov/welcome.
DocSend’s privacy policy can be viewed here.
Retention Period
Your data will be stored for a period of 7 years from our latest interaction with you. After this time, it will be destroyed unless we have identified a lawful purpose(s) for which we need to keep your data longer or you request that we keep it for longer. If we feel that we may need to keep your data for longer than the lawful purposes for which it was obtained, we will contact you to obtain your consent to such longer period.
Your rights in relation to your data
Under the GDPR and/or Applicable Local Laws, you will have the following rights in relation to how we process your data:
For further information on your rights, please see the relevant supervisory authority’s website.
Additional Information
There is no statutory or contractual requirement for you to provide your data to us and you are not obliged to do so. Please note, however, that we may not be able to provide you with the services you have requested, such as to receive our newsletter, if you do not provide us with your contact details. As set out in our cookies policy, our Websites may not be able to function fully if you do not agree to certain cookies being set on your computer.
We do not undertake automated decision-making or profiling on your data.
We keep our privacy policy under constant review and may change it from time to time to reflect our practices or to remain compliant with relevant legislation. We will notify you of any material changes to our privacy policy which may be via a notification on our Websites. Your continued interaction with us, following the posting of changes to these terms, will mean you accept these changes.
Security of personal information
We recognise the need to ensure that personal information gathered via our Websites or otherwise remains secure. Our site has security measures in place to protect against the loss, misuse and alteration of the personal information under our control. Our security measures include the use of a hardware firewall to prevent unauthorised access. You acknowledge that although we exercise adequate care and security there remains a risk that information transmitted over the Internet and stored by computer may be intercepted or accessed by an unauthorised third party.
Surveys
Participation in our surveys is entirely voluntary and, by submitting your responses, you are consenting to use collecting and processing your data in accordance with this privacy policy. We will never share Survey Data with third parties (other than SurveyMonkey as set out above and all data is amalgamated and anonymised before the results of the survey are published). In most circumstances, we do not collect the name or contact details of our respondents and this is only provided voluntarily by the respondent if they wish to be entered into a prize draw, so that we can contact them with their prize.
Some of your responses to our surveys may include personal data which falls within the definition of special category data for the purposes of the GDPR. For example, your responses may reveal your ethnicity or race or your political opinions. Where a question requires an answer that may include special category data, we will request your explicit consent to our processing this data in accordance with this privacy notice, before you submit your response.
Please note that in certain circumstances, we also undertake surveys on behalf of our clients. The personal data we collect through client surveys is held in accordance with this privacy policy and is anonymised prior to us creating our report. We never share your survey data with our clients.
Data obtained indirectly
In some circumstances, we may obtain personal data about you from other sources. This information may include your name, contact details and job title, which we obtain from third party sources such as Preqin, organisers of events we sponsor or other publicly available sources, such as your company’s website.
Links
Our websites contain links to other websites belonging to third parties. We do not control the privacy practices of these other websites. You should therefore make sure when you leave our websites that you have read that website’s privacy policy.
This privacy notice demonstrates how we handle the personal data we obtain about you in the course of us providing one of the following services to you:
To help you find the information that is most relevant to your situation, we have separated this policy into sections applicable to each type of service we provide. Please click on the heading above that is most appropriate for your situation to find out more regarding what we do with your data. General information applicable to all of our services is set out below.
To help you find the information that is most relevant to your situation, we have separated this policy into sections applicable to each type of service we provide. Please click on the heading above that is most appropriate for your situation to find out more regarding what we do with your data. General information applicable to all of our services is set out below.
This statement does not apply to:
Where the client is a data controller and MJ Hudson is a data processor
Where, in relation to any personal data, MJ Hudson is the data processor under the terms of the agreement, for example, when MJ Hudson provide perception studies for clients upon their request, the data is provided by the client and used solely for the purpose of conducting the perception study on behalf of the client, the following provisions will apply.
For the purposes of Article 28.3 of the GDPR the subject matter of the processing is as follows:
MJ Hudson shall:
We shall be liable in respect of any breach of our obligations under the agreement and/or Data Protection Legislation with respect to the processing of personal data other than where such breach is caused by or results from an act or omission by the data controller. We shall fully and effectively indemnify the data controller for any claim brought by a data subject and/or any competent authority or body arising from any action or omission by us with respect to the processing of their personal data other than to the extent that such action or omission resulted from compliance with the data controllers instructions.
Retention Period
Unless otherwise indicated below, your data will be stored for the duration of our contract with you plus a maximum period of 7 years. After this time, it will be destroyed unless we have identified a lawful purpose(s) for which we need to keep your data longer or you request that we keep it for longer. If we feel that we may need to keep your data for longer than the lawful purposes for which it was obtained, we will contact you to obtain your consent to such longer period.
The kind of information we hold about you
MJ Hudson provide legal services including advice in relation M&A, Hedge Funds, Venture Capital and Private Funds (Legal Services). Legal services are provided by MJ Hudson Limited (company number 08607159 and ICO registration number ZA031740), MJH Services (Guernsey) Limited, Jonathan Fraser Bale t/a MJ Hudson (OIC notification number 58059) and their subsidiary companies. If you engage us to provide Legal Services to you, we may collect, store, and use the following categories of Personal Data about you:
Note that, in certain circumstances, the information we hold about you may include Special Category Data (as defined in the GDPR), including data which reveals your ethnicity, your political opinions, your health or your criminal convictions.
How your data is collected
We collect your data from the following sources:
What we use your data for
We use your data for the following purposes:
Any special category data we hold about you will only be processed so far as necessary in order to comply with our legal requirements.
Who we share your data with
We will never sell your data and we will only disclose your data to other parties where necessary in order to provide our services or where we are legally obliged to do so. Details of the organisations we may share your data with are set out below:
We may share your data with other members of MJ Hudson for the purposes set out in this policy. All members of MJ Hudson will process your data in accordance with this privacy policy and subject to the requirements of the Applicable Local Laws or the GDPR, as applicable.
It is sometimes necessary to share information, including your data, with third parties who are providing you with advice or other professional services ancillary to the legal services we are providing. For example, if we are providing legal advice to a fund, we may share certain information with the fund administrator or fund manager, in order to provide our services or to permit them to provide theirs.
We use consultants to provide certain of our services to our Legal clients. These consultants are not employees of MJ Hudson and are, therefore, considered third party processors for the purposes of the GDPR and/or Applicable Local Laws but they are subject to the same policy and procedure requirements as all of our staff in relation to how they handle personal data.
We use carefully selected third parties to provide certain services to us, such as our IT Infrastructure or document management systems. By the nature of the service they provide, some such third party service providers may have limited access to your data for support purposes. All of our service providers have entered or will shortly enter into contracts which contain strict confidentiality and data processing provisions. A full list of all of the third party service providers we use is available on request.
We may need to share limited information regarding our clients with our auditors, including, in some instances, your data. Our auditors are subject to strict confidentiality provisions in their contract with us.
We may disclose your data to certain regulatory bodies or government agencies where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your data where such disclosure is necessary for the establishment, exercise or defence of legal claims.
In relation to any other categories of recipients not listed above, we will only disclose your information in the following circumstances:
International Transfers
In certain circumstances, we may transfer your data to countries outside the EEA, which may not adhere to the same levels of data protection to which countries within the EEA are subject. Any such transfers are, at all times, made in accordance with the Applicable Local Laws and the GDPR. Details of the circumstances and mechanisms in place to ensure compliance are set out below:
We have offices in Jersey, Guernsey and Switzerland. Our central servers are located in London. The European Commission has ruled that Jersey, Guernsey and Switzerland offer adequate levels of data protection in their domestic legislation and transfers to these jurisdictions are, therefore, permitted under the GDPR and/or Applicable Local Laws.
We also have operations in the USA and Canada, we have put in place our Group Standard Contractual Clauses between us and our American and Canadian employees to safeguard EU data subject’s rights under the GDPR. All Personal Data used by staff in these locations is held on MJ Hudson’s central servers located in London. Emails are stored within London based Microsoft servers.
In some instances, you may have instructed other lawyers or advisors who are based outside the EEA and who we need to share information with, in order to provide our services to you. In these circumstances, we ensure that any personal data transferred is limited to that which is required for us to perform our contract with you and the transfer is made in accordance with the GDPR and/or Applicable Local Laws.
We use a document management system called NetDocuments to store some of our client files and this may include your data. NetDocuments is operated by NetVoyage Corporation in the United States. NetVoyage Corporation participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework. Transfers of Personal Data to NetDocuments in the United States are therefore made subject to appropriate safeguards in accordance with the Applicable Local Laws and the GDPR. To learn more about the Privacy Shield Frameworks, visit the U.S. Department of Commerce’s Privacy Shield website: https://www.privacyshield.gov/welcome. NetDocuments’s privacy policy can be viewed here.
Data Retention
We only keep data for as long as is necessary to fulfil the purposes (as set out above) for which we collected it. Please note that, in Jersey and Guernsey, local law requires us to retain records for a period of 10 years and we may, therefore, retain your data for this period.
MJ Hudson provide third party compliance services regulating firms on behalf of the Financial Conduct Authority and Commission de Surveillance du Secteur Financier, as well as fund management, administration and operation services (Fund Management Solutions). Fund Management Solutions are provided by MJ Hudson Fund Management Limited (FRN: 193171) and MJ Hudson Advisers Limited (FRN: 692447) in the UK, and MJ Hudson Management S.A. (CSSF ID: A00002036) in Luxembourg.
The kind of information we hold about you
If you engage us to provide Fund Management Solutions to you, we may collect, store, and use the following categories of personal data about you:
In certain circumstances, the information we hold about you may include special category data (as defined in the GDPR), including data which reveals your ethnicity, your political opinions, your health or your criminal convictions
How your data is collected
We collect your data from the following sources:
What we use your data for
We use your data for the following purposes:
Who we share your data with
We will never sell your data and we will only disclose your data to other parties where necessary in order to provide our services or where we are legally obliged to do so. Details of the organisations we may share your data with are set out below:
We may share your data with other members of MJ Hudson for the purposes set out in this Policy. All members of MJ Hudson will process your data in accordance with this privacy policy and subject to the requirements of Applicable Local Laws or the GDPR, as applicable.
It is sometimes necessary to share information, including your data, with third parties who are providing you with advice or other professional services ancillary to the services we are providing. For example, if we are providing services to a fund, we may share certain information with the fund, the investors, the fund administrator, fund auditor, fund manager, bank or depository, in order to provide our services or to permit them to provide theirs.
We use carefully selected third parties to provide certain services to us, such as our IT Infrastructure or document management systems. By the nature of the service they provide, some such third party service providers may have limited access to your data for support purposes. All of our service providers have entered into contracts which contain strict confidentiality and data processing provisions. A full list of all of the third party service providers we use is available on request
As detailed above, we may obtain certain personal data about you from third party background check providers. In order to obtain such information we need to share some of your data with those background check providers.
One of the background check providers that we use is KYC6. KCY6 may have a list of our clients’ names on a database on some occasions after a search has been performed.
We have data processing agreements with all background check providers with whom we share personal data.
We may need to share limited information regarding our clients with our auditors, including, in some instances, your data. Our auditors are subject to strict confidentiality provisions in their contract with us.
We may disclose your data to certain regulatory bodies or government agencies where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your data where such disclosure is necessary for the establishment, exercise or defence of legal claims.
In relation to any other categories of recipients not listed above, we will only disclose your information in the following circumstances:
International Transfers
In certain circumstances, we may transfer your data to countries outside the EEA, which may not adhere to the same levels of data protection to which countries within the EEA are subject. Any such transfers are, at all times, made in accordance with the Applicable Local Laws and the GDPR. Details of the circumstances and mechanisms in place to ensure compliance are set out below:
We have offices in Jersey, Guernsey and Switzerland. Our central servers are also located in Jersey. The European Commission has ruled that Jersey, Guernsey and Switzerland offer adequate levels of data protection in their domestic legislation and transfers to these jurisdictions are, therefore, permitted under the GDPR and/or Applicable Local Laws.
We also have operations in the USA and Canada, we have put in place our Group Standard Contractual Clauses between us and our American and Canadian employees to safeguard EU data subject’s rights under the GDPR. All Personal Data used by staff in these locations is held on our central servers located in Jersey. Emails are stored within EU based Microsoft servers.
In some instances, you may have instructed other lawyers or advisors who are based outside the EEA and who we need to share information with, in order to provide our services to you. In these circumstances, we ensure that any personal data transferred is limited to that which is required for us to perform our contract with you and the transfer is made in accordance with the GDPR and/or Applicable Local Laws.
We use Sharepoint to store some of our client files and this may include your data. Sharepoint is operated by Microsoft in the United States. Microsoft participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework. Transfers of Personal Data to Sharepoint in the United States are therefore made subject to appropriate safeguards in accordance with the Applicable Local Laws and the GDPR. We have also put in place a Data Processing Agreement based on the Standard Contractual Clauses approved by the European Commission to provide enhanced protection for your data. To learn more about the Privacy Shield Frameworks, visit the U.S. Department of Commerce’s Privacy Shield website:
https://www.privacyshield.gov/welcome.
Microsoft’s privacy policy can be viewed here.
We use Sterling Talent Solutions UK Limited (Sterling) as a background check service provider. Sterling stores personal data in Canada and the United States.
The European Commission has ruled that Canada offers adequate levels of data protection in their domestic legislation and transfers to these jurisdictions are, therefore, permitted under the GDPR and Applicable Local Laws.
Sterling’s US entities, Sterling Info systems Inc. and its U.S. affiliates and subsidiaries, participate in and have certified their compliance with the EU-U.S. Privacy Shield Framework. Transfers of Personal Data to Sterling in the United States are therefore made subject to appropriate safeguards in accordance with the Applicable Local Laws and the GDPR. Sterling’s privacy can be viewed here.
We use DocSend to send and store some of our documents and this may include your data. DocSend is operated in the United States. DocSend participates in and has certified its compliance with both the EU-U.S. and the Swiss-U.S Privacy Shield Framework. Transfers of Personal Data to DocSend in the United States are therefore made subject to appropriate safeguards in accordance with the Applicable Local Laws and the GDPR. To learn more about the Privacy Shield Frameworks, visit the U.S. Department of Commerce’s Privacy Shield website: https://www.privacyshield.gov/welcome.
DocSend’s privacy policy can be viewed here.
We use Amazon Web Services to host personal data collected via our RegIQ platform.
Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855, Luxembourg, is the data controller of personal information collected or processed through AWS Offerings. Amazon Web Services EMEA SARL, is the authorised representative of Amazon Web Services, Inc. in the EEA. When Amazon transfer personal information outside the EEA they do so in accordance with the terms of their Privacy Notice and applicable data protection law. The AWS cloud storage that MJ Hudson use for the purposes of RegIQ is based within London.
The Amazon Web Service privacy policy can be viewed here.
Data Retention
MJ Hudson only keeps data for as long as is necessary to fulfil the purposes (as set out above) for which we collected it. Please note that, in Jersey and Guernsey, local law requires us to retain records for a period of 10 years and we may, therefore, retain your data for this period.
MJ Hudson Meyler provides investor relationship and marketing solutions including perception studies, advice in relation to fundraising and marketing materials, branding and communications to support Fund Managers and other clients (IR & Marketing Solutions ).
The kind of information we hold about you
If you engage us to provide IR & Marketing Solutions to you, we may collect, store, and use the following categories of personal data about you:
In certain circumstances, the information we hold about you may include special category data (as defined in the GDPR), including data which reveals your ethnicity, your political opinions, your health or your criminal convictions
How your data is collected
We collect your data from the following sources:
What we use your data for
We use your data for the following purposes:
Any special category data we hold about you will only be processed so far as necessary in order to comply with our legal requirements.
Who we share your data with
We will never sell your data and we will only disclose your data to other parties where necessary in order to provide our services or where we are legally obliged to do so. Details of the organisations we may share your data with are set out below:
We may share your data with other members of MJ Hudson for the purposes set out in this Policy. All members of MJ Hudson will process your data in accordance with this privacy policy and subject to the requirements of Applicable Local Laws or the GDPR, as applicable.
We use carefully selected third parties to provide certain services to us, such as our IT Infrastructure or document management systems. By the nature of the service they provide, some such third party service providers may have limited access to your data for support purposes. All of our service providers have entered or will shortly enter into contracts which contain strict confidentiality and data processing provisions. A full list of all of the third party service providers we use is available on request
We may need to share limited information regarding our clients with our auditors, including, in some instances, your data. Our auditors are subject to strict confidentiality provisions in their contract with us.
We may disclose your data to certain regulatory bodies or government agencies where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your data where such disclosure is necessary for the establishment, exercise or defence of legal claims.
In relation to any other categories of recipients not listed above, we will only disclose your information in the following circumstances:
International Transfers
In certain circumstances, we may transfer your data to countries outside the EEA, which may not adhere to the same levels of data protection to which countries within the EEA are subject. Any such transfers are, at all times, made in accordance with the Applicable Local Laws and the GDPR. Details of the circumstances and mechanisms in place to ensure compliance are set out below:
We have offices in Jersey, Guernsey and Switzerland. Our central servers are located in London. The European Commission has ruled that Jersey, Guernsey and Switzerland offer adequate levels of data protection in their domestic legislation and transfers to these jurisdictions are, therefore, permitted under the GDPR and/or Applicable Local Laws.
We also have operations in the USA and Canada, we have put in place our Group Standard Contractual Clauses between us and our American and Canadian employees to safeguard EU data subject’s rights under the GDPR. All personal data used by staff in these locations is held on MJ Hudson’s central servers located in London. Emails are stored within London based Microsoft servers.
In some instances, you may have instructed other advisors or service providers who are based outside the EEA and who we need to share information with, in order to provide our services to you. In these circumstances, we ensure that any personal data transferred is limited to that which is required for us to perform our contract with you and the transfer is made in accordance with the GDPR and/or Applicable Local Laws.
We use SurveyMonkey to carry out our online surveys. SurveyMonkey stores survey data on its servers in the United States. If you participate in one of our surveys, your personal data will be transferred to the United States. SurveyMonkey Inc. (and its subsidiary company, Infinity Box Inc.) participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework. Transfers of Personal Data to SurveyMonkey in the United States are therefore made subject to appropriate safeguards in accordance with the GDPR and Applicable Local Laws. We have also put in place a Data Processing Agreement based on the Standard Contractual Clauses approved by the European Commission to provide enhanced protection for Your data. To learn more about the Privacy Shield Frameworks, visit the U.S. Department of Commerce’s Privacy Shield website: https://www.privacyshield.gov/welcome. SurveyMonkey’s privacy policy can be viewed here.
We may also transfer your data to such other service providers as may be necessary for the execution of the work you have contracted us to perform. In these circumstances, we ensure that any personal data transferred is limited to that which is required for us to perform our contract with you and the transfer is made in accordance with the GDPR and/or Applicable Local Laws.
We use DocSend to send and store some of our documents and this may include your data. DocSend is operated in the United States. DocSend participates in and has certified its compliance with both the EU-U.S. and the Swiss-U.S Privacy Shield Framework. Transfers of Personal Data to DocSend in the United States are therefore made subject to appropriate safeguards in accordance with the Applicable Local Laws and the GDPR. To learn more about the Privacy Shield Frameworks, visit the U.S. Department of Commerce’s Privacy Shield website: https://www.privacyshield.gov/welcome.
DocSend’s privacy policy can be viewed here.
MJ Hudson’s International Administration team provide trust and corporate services or investment management and administration services (International Administration Services). International Administration Services are provided by MJ Hudson Fiduciaries Limited (GFSC reference 2265283 Data Protection reference 54017), MJ Hudson Fund Management Guernsey Limited (GFSC reference 2293292 Data Protection reference 58843), Tower Managers Limited (GFSC reference 2291851 Data Protection reference 58853), Tower Gate GP II Limited, VFS Trustees Limited (GFSC reference 2265380 Data Protection reference 54017), VFS Nominees Limited (GFSC reference 2265383 Data Protection reference 54017), VFS Directors 1 Limited (GFSC reference 2265378 Data Protection reference 54017) and VFS Directors 2 Limited (GFSC reference 2265379 Data Protection reference 54017). If you engage us to provide trust and corporate services or investment management and administration services to you, we may collect, store, and use the following categories of personal data about you:
The kind of information we hold about you
If you engage us to provide International Administration Services to you, we may collect, store, and use the following categories of personal data about you:
We may also collect, store and use special category data including:
Special category data requires a higher level of protection and will only be processed where we have received explicit consent or the processing is necessary for compliance with a legal obligation.
How your data is collected
The sources of your data may include clients, data subjects directly, introducers, intermediaries, advisers, third parties connected to the data subject (for example: family member, employer or another service provider who provides services to the data subject) or open-source material.
We collect personal data via the completion of forms provided to you and completed by you, from documents provided including due diligence documents, from correspondence including email, from meetings and telephone conversations.
We will collect personal data throughout the course of our business relationship or while we provide services to clients connected to you.
What we use your data for
We use your data for the following purposes. This table also confirms the lawful basis we are relying on in each case:
Purpose of use | Lawful Basis for Processing |
To provide trust, corporate and foundation management and administration services including bookkeeping and accounting services | The legitimate interests of MJ Hudson as a provider of trust, foundation and corporate management and administration services.
The legitimate interests of MJ Hudson’s clients and their underlying and connected persons.
|
To provide investment management and administration services including registrar services | The legitimate interests of MJ Hudson as a provider of investment management and administration services.
The legitimate interests of MJ Hudson’s clients and their underlying and connected persons. |
To administer any contract we have entered into with you or where a party related to an entity for which we are contracted to provide services | To fulfil the contract we have entered into. |
Making arrangements for the termination of our business relationship | The legitimate interests of MJ Hudson to seek to ensure that business relationships are terminated efficiently and effectively |
To manage our client, intermediary and other business relationships | The legitimate interests of MJ Hudson to seek to ensure that its business is conducted efficiently and with a view to enhancing business services |
To obtain legal and/or tax advice or representation | The legitimate interests of MJ Hudson and its clients to ensure that it is able to engage relevant tax or legal advisers and/or representation |
To ensure the security of MJ Hudson systems and staff and prevent fraud | The legitimate interest of MJ Hudson in protecting its systems and staff from being misused or the victim of criminal activity |
To meet all legal and regulatory obligations applicable to MJ Hudson including in respect of managing conflicts of interest | The legitimate interests of MJ Hudson as a financial services provider to process data to the extent necessary to meet all legal and regulatory obligations incumbent on it
The processing is necessary for compliance with a legal obligation to which MJ Hudson is subject for example: relevant anti-money laundering and countering the financing of terrorism legislation |
To provide marketing communications to you | Where consent has been provided. Please see here for further details of how we use your data for marketing purposes here. |
Any special category data we hold about you will only be processed so far as necessary in order to comply with our legal requirements.
The data sought will vary and the purposes for processing will overlap depending on the type of services provided.
Who we share your data with
We share information with third parties including third party service providers where required by law, where it is necessary to administer our business relationship, where it is necessary for us to provide the services to you or where we have another legitimate interest in doing so.
The following are potential recipients of personal data (in each case including respective employees, director and officers):
When we engage a third party to process your personal data, we will require them to process your personal data in accordance with our instructions and protect the data against unauthorised or accidental use, access, disclosure, loss or destruction. We do not allow them to use your personal data for their own purposes. They will only be permitted to process your personal data for a specified purpose and in accordance with our instructions. Where they no longer need to your personal data to fulfil the contract, they will need to transfer the data back to us and/or destroy or delete any data held by them.
International Transfers
In the event any of the third parties detailed above are outside of Guernsey and the EU and where we are transferring personal data which would be protected under Applicable Local Law or GDPR we will ensure that we meet the relevant requirements prior to carrying out such a transfer. This may include only transferring the data where we are satisfied that:
Data Retention
We only collect data for as long as is necessary to fulfil the purposes (as set out above) for which we collected it. Details of retention periods for different aspects of your personal data are available in our data management policy which is available on request. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential for harm from unauthorised use or disclosure of the data, the purposes for which we process the personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Once our business relationship ends, we will retain and securely destroy your personal data in accordance with our record retention and destruction policy, applicable legislation and/or regulatory requirements.
MJ Hudson’s Investment Advisory team operates under the MJ Hudson Allenbridge name. MJ Hudson Allenbridge provide independent investment advisory and consulting services, due diligence, governance, investment research, introductions, and execution-only brokerage services (“Investment Advisory Services”).
The kind of information we hold about you
If you engage us to provide Investment Advisory Services to you, we may collect, store, and use the following categories of Personal Data about you:
In certain circumstances, the information we hold about you may include special category data (as defined in the GDPR), including data which reveals your ethnicity, your political opinions, your health or your criminal convictions
How your data is collected
We collect your data from the following sources:
What we use your data for
We use your data for the following purposes:
Any special category data we hold about you will only be processed so far as necessary in order to comply with our legal requirements.
Who we share your data with
We will never sell your data and we will only disclose your data to other parties where necessary in order to provide our services or where we are legally obliged to do so. Details of the organisations we may share your data with are set out below:
We may share your data with other members of MJ Hudson for the purposes set out in this Policy. All members of MJ Hudson will process your data in accordance with this privacy policy and subject to the requirements of Applicable Local Laws or the GDPR, as applicable.
It is sometimes necessary to share information, including your data, with third parties who are providing you with advice or other professional services ancillary to the Investment Advisory Services we are providing. For example, if we are providing Investment Advisory Services to a pension fund, we may share certain information with the trustees of the fund, in order to provide our services or to permit them to provide theirs. We may also share the results of our reports (which may contain personal data) with certain third parties with whom you (or your company) authorise us to share such data.
We use consultants and Senior Advisors to provide certain of our services to our Investment Advisory clients. These consultants and Senior Advisors are not employees of MJ Hudson and are, therefore, considered third party processors for the purposes of the GDPR and/or Applicable Local Laws but they are subject to the same policy and procedure requirements as all of our staff in relation to how they handle personal data.
We use carefully selected third parties to provide certain services to us, such as our IT Infrastructure or document management systems. By the nature of the service they provide, some such third party service providers may have limited access to your data for support purposes. All of our service providers have entered or will shortly enter into contracts which contain strict confidentiality and data processing provisions. A full list of all of the third party service providers we use is available on request
We may need to share limited information regarding our clients with our auditors, including, in some instances, your data. Our auditors are subject to strict confidentiality provisions in their contract with us.
We may disclose your data to certain regulatory bodies or government agencies where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your data where such disclosure is necessary for the establishment, exercise or defence of legal claims.
In relation to any other categories of recipients not listed above, we will only disclose your information in the following circumstances:
International Transfers
In certain circumstances, we may transfer your data to countries outside the EEA, which may not adhere to the same levels of data protection to which countries within the EEA are subject. Any such transfers are, at all times, made in accordance with the Applicable Local Laws and the GDPR. Details of the circumstances and mechanisms in place to ensure compliance are set out below:
We have offices in Jersey, Guernsey and Switzerland. Our central servers are also located in Jersey. The European Commission has ruled that Jersey, Guernsey and Switzerland offer adequate levels of data protection in their domestic legislation and transfers to these jurisdictions are, therefore, permitted under the GDPR and/or Applicable Local Laws.
We also have operations in the USA and Canada, we have put in place our Group Standard Contractual Clauses between us and our American and Canadian employees to safeguard EU data subject’s rights under the GDPR. All Personal Data used by staff in these locations is held on MJ Hudson’s central servers located in Jersey. Emails are stored within EU based Microsoft servers.
In some instances, you may have instructed other lawyers or advisors who are based outside the EEA and who we need to share information with, in order to provide our services to you. In these circumstances, we ensure that any personal data transferred is limited to that which is required for us to perform our contract with you and the transfer is made in accordance with the GDPR and/or Applicable Local Laws.
We use Sharepoint to store some of our client files and this may include your data. Sharepoint is operated by Microsoft in the United States. Microsoft participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework. Transfers of personal data to Sharepoint in the United States are therefore made subject to appropriate safeguards in accordance with the Applicable Local Laws and the GDPR. We have also put in place a Data Processing Agreement based on the Standard Contractual Clauses approved by the European Commission to provide enhanced protection for your data.
To learn more about the Privacy Shield Frameworks, visit the U.S. Department of Commerce’s Privacy Shield website:
https://www.privacyshield.gov/welcome.
Microsoft’s privacy policy can be viewed here.
MJ Hudson Allenbridge provides a dedicated research service devoted to independent commentary on UK tax-advantaged investment products.
MJ Hudson Allenbridge provides a range of research services to wealth managers, IFAs and individual investors, across a wide spectrum of UK Tax-advantaged investment products. (“Tax-advantaged Investments”).
We have been analysing and advising on tax-advantaged investment products since 1985 and have received acclaim for our hard-hitting reports. Our basic research service is a subscription-based research service called the MJ Hudson Allenbridge Tax-advantaged Investments, used by subscribers across the country.
We offer a full range of independent in-depth reviews across Venture Capital Trusts (VCTs), Enterprise Investment Schemes (EISs), Seed Enterprise Investment Schemes (SEISs) and Business Relief (BR) and AIM Inheritance Tax Services.
The kind of information we hold about you
If you engage us to provide Investment Advisory Services to you, we may collect, store, and use the following categories of Personal Data about you:
In certain circumstances, the information we hold about you may include special category data (as defined in the GDPR), including data which reveals your ethnicity, your political opinions, your health or your criminal convictions
How your data is collected
We collect your data from the following sources:
What we use your data for
We use your data for the following purposes:
Any special category data we hold about you will only be processed so far as necessary in order to comply with our legal requirements.
Who we share your data with
We will never sell your data and we will only disclose your data to other parties where necessary in order to provide our services or where we are legally obliged to do so. Details of the organisations we may share your data with are set out below:
We may share your data with other members of MJ Hudson for the purposes set out in this Policy. All members of MJ Hudson will process your data in accordance with this privacy policy and subject to the requirements of Applicable Local Laws or the GDPR, as applicable.
It is sometimes necessary to share information, including your data, with third parties who are providing you with advice or other professional services ancillary to the Investment Advisory Services we are providing. For example, if we are providing Investment Advisory Services to a pension fund, we may share certain information with the trustees of the fund, in order to provide our services or to permit them to provide theirs. We may also share the results of our reports (which may contain personal data) with certain third parties with whom you (or your company) authorise us to share such data.
We use consultants and Senior Advisors to provide certain of our services to our Investment Advisory clients. These consultants and Senior Advisors are not employees of MJ Hudson and are, therefore, considered third party processors for the purposes of the GDPR and/or Applicable Local Laws but they are subject to the same policy and procedure requirements as all of our staff in relation to how they handle personal data.
We use carefully selected third parties to provide certain services to us, such as our IT Infrastructure or document management systems. By the nature of the service they provide, some such third party service providers may have limited access to your data for support purposes. All of our service providers have entered or will shortly enter into contracts which contain strict confidentiality and data processing provisions. A full list of all of the third party service providers we use is available on request
We may need to share limited information regarding our clients with our auditors, including, in some instances, your data. Our auditors are subject to strict confidentiality provisions in their contract with us.
We may disclose your data to certain regulatory bodies or government agencies where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your data where such disclosure is necessary for the establishment, exercise or defence of legal claims.
In relation to any other categories of recipients not listed above, we will only disclose your information in the following circumstances:
International Transfers
In certain circumstances, we may transfer your data to countries outside the EEA, which may not adhere to the same levels of data protection to which countries within the EEA are subject. Any such transfers are, at all times, made in accordance with the Applicable Local Laws and the GDPR. Details of the circumstances and mechanisms in place to ensure compliance are set out below:
We have offices in Jersey, Guernsey and Switzerland. Our central servers are located in London. The European Commission has ruled that Jersey, Guernsey and Switzerland offer adequate levels of data protection in their domestic legislation and transfers to these jurisdictions are, therefore, permitted under the GDPR and/or Applicable Local Laws.
We also have operations in the USA and Canada, we have put in place our Group Standard Contractual Clauses between us and our American and Canadian employees to safeguard EU data subject’s rights under the GDPR. All Personal Data used by staff in these locations is held on MJ Hudson’s central servers located in London. Emails are stored within London based Microsoft servers.
In some instances, you may have instructed other lawyers or advisors who are based outside the EEA and who we need to share information with, in order to provide our services to you. In these circumstances, we ensure that any personal data transferred is limited to that which is required for us to perform our contract with you and the transfer is made in accordance with the GDPR and/or Applicable Local Laws.
We use Sharepoint to store some of our client files and this may include your data. Sharepoint is operated by Microsoft in the United States. Microsoft participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework. Transfers of personal data to Sharepoint in the United States are therefore made subject to appropriate safeguards in accordance with the Applicable Local Laws and the GDPR. We have also put in place a Data Processing Agreement based on the Standard Contractual Clauses approved by the European Commission to provide enhanced protection for your data.
To learn more about the Privacy Shield Frameworks, visit the U.S. Department of Commerce’s Privacy Shield website:
https://www.privacyshield.gov/welcome.
Microsoft’s privacy policy can be viewed here.
MJ Hudson provides an independent, empirical view on the strengths and weaknesses of our clients, their service providers and their investment opportunities (Benchmarking and Consulting).
Benchmarking and Consulting Services are provided by Amaces Limited, Amaces Inc and MJ Hudson Allenbridge.
We help our clients benchmark, select and monitor service providers and investment products, with data that is unavailable elsewhere and using techniques and analysis tools that we have developed, in-house, over many years.
Our Benchmarking & Consulting team works with some of the world’s largest asset owners and asset managers to benchmark their custodian banks and FX providers in terms of the fees they charge and also the services they provide.
In the Venture & Tax-Advantaged Investments market, we provide independent reviews of investment managers and their products. We do this for wealth managers, financial advisers and private investors. Beyond these focus areas, we also conduct perception studies and other kinds of market research.
The kind of information we hold about you
If you engage us to provide Benchmarking and Consulting Services to you, we may collect, store, and use the following categories of personal data about you:
Note that, in certain circumstances, the information we hold about you may include Special Category Data (as defined in the GDPR), including data which reveals your ethnicity, your political opinions, your health or your criminal convictions
How your data is collected
We collect your data directly from you during our client inception and on-boarding process and our ongoing client relationship.
What we use your data for
We use your data for the following purposes:
Any special category data we hold about you will only be processed so far as necessary in order to comply with our legal requirements.
Who we share your data with
We will never sell your data and we will only disclose your data to other parties where necessary in order to provide our services or where we are legally obliged to do so. Details of the organisations we may share your data with are set out below:
We may share your data with other members of MJ Hudson for the purposes set out in this Policy. All members of MJ Hudson will process your data in accordance with this privacy policy and subject to the requirements of Applicable Local Laws or the GDPR, as applicable.
We use carefully selected third parties to provide certain services to us, such as our IT Infrastructure or document management systems. By the nature of the service they provide, some such third party service providers may have limited access to your data for support purposes. All of our service providers have entered or will shortly enter into contracts which contain strict confidentiality and data processing provisions. A full list of all of the third party service providers we use is available on request.
We may need to share limited information regarding our clients with our auditors, including, in some instances, your data. Our auditors are subject to strict confidentiality provisions in their contract with us.
We may disclose your data to certain regulatory bodies or government agencies where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your data where such disclosure is necessary for the establishment, exercise or defence of legal claims.
International Transfers
We may transfer your data to countries outside the EEA, which may not adhere to the same levels of data protection to which countries within the EEA are subject. Any such transfers are, at all times, made in accordance with the Applicable Local Laws and the GDPR. Details of the circumstances and mechanisms in place to ensure compliance are set out below:
We have offices in Jersey, Guernsey and Switzerland. Our central servers are located in London. The European Commission has ruled that Jersey, Guernsey and Switzerland offer adequate levels of data protection in their domestic legislation and transfers to these jurisdictions are, therefore, permitted under the GDPR and/or Applicable Local Laws.
We also have operations in the USA and Canada, we have put in place our Group Standard Contractual Clauses between us and our American and Canadian employees to safeguard EU data subject’s rights under the GDPR. All Personal Data used by staff in these locations is held on MJ Hudson’s central servers located in London. Emails are stored on London based Microsoft servers. Amaces Inc use gmail for their email purposes. Google mail is registered on the US Privacy Shield. Google mail stores personal data on its servers in the United States. Google mail participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework. Transfers of Personal Data to Google mail in the United States are therefore made subject to appropriate safeguards in accordance with the GDPR and Applicable Local Laws. To learn more about the Privacy Shield Frameworks, visit the U.S. Department of Commerce’s Privacy Shield website: https://www.privacyshield.gov/welcome.
In some instances, you may have instructed other advisors or service providers who are based outside the EEA and who we need to share information with, in order to provide our services to you. In these circumstances, we ensure that any personal data transferred is limited to that which is required for us to perform our contract with you and the transfer is made in accordance with the GDPR and/or Applicable Local Laws.
We use SurveyMonkey to carry out our online surveys. SurveyMonkey stores survey data on its servers in the United States. If you participate in one of our surveys, your personal data will be transferred to the United States. SurveyMonkey Inc. (and its subsidiary company, Infinity Box Inc.) participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework. Transfers of Personal Data to SurveyMonkey in the United States are therefore made subject to appropriate safeguards in accordance with the GDPR and Applicable Local Laws. We have also put in place a Data Processing Agreement based on the Standard Contractual Clauses approved by the European Commission to provide enhanced protection for your data. To learn more about the Privacy Shield Frameworks, visit the U.S. Department of Commerce’s Privacy Shield website: https://www.privacyshield.gov/welcome. SurveyMonkey’s privacy policy can be viewed here.
We may also transfer your data to such other service providers as may be necessary for the execution of the work you have contracted us to perform. In these circumstances, we ensure that any personal data transferred is limited to that which is required for us to perform our contract with you and the transfer is made in accordance with the GDPR and/or Applicable Local Laws.
MJ Hudson Spring B.V are experts in the integration of environmental, social and governance factors into investment strategy and activity. The team help businesses, fund managers and their investors mitigate risks and create value (ESG & Responsible Investing).
The kind of information we hold about you
If you engage us to provide ESG Reporting and Consulting Services to you, we may collect, store, and use the following categories of personal data about you
i.name;
ii. business postal address;
iii. business email address;
iv. telephone number;
v. job title;
vi. bank details.
How your data is collected
We collect your data directly from you during our client inception and on-boarding process and our ongoing client relationship.
What we use your data for
We use your data for the following purposes:
Any special category data we hold about you will only be processed so far as necessary in order to comply with our legal requirements.
Who we share your data with
We will never sell your data and we will only disclose your data to other parties where necessary in order to provide our services or where we are legally obliged to do so. Details of the organisations we may share your data with are set out below:
We may share your data with other members of MJ Hudson for the purposes set out in this Policy. All members of MJ Hudson will process your data in accordance with this privacy policy and subject to the requirements of Applicable Local Laws or the GDPR, as applicable.
We use carefully selected third parties to provide certain services to us, such as our IT Infrastructure or document management systems. By the nature of the service they provide, some such third party service providers may have limited access to your data for support purposes. All of our service providers have entered or will shortly enter into contracts which contain strict confidentiality and data processing provisions. A full list of all of the third party service providers we use is available on request.
We may need to share limited information regarding our clients with our auditors, including, in some instances, your data. Our auditors are subject to strict confidentiality provisions in their contract with us.
We may disclose your data to certain regulatory bodies or government agencies where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your data where such disclosure is necessary for the establishment, exercise or defence of legal claims.
International Transfers
We may transfer your data to countries outside the EEA, which may not adhere to the same levels of data protection to which countries within the EEA are subject. Any such transfers are, at all times, made in accordance with the Applicable Local Laws and the GDPR. Details of the circumstances and mechanisms in place to ensure compliance are set out below:
We have offices in Jersey, Guernsey and Switzerland. Our central servers are located in London. The European Commission has ruled that Jersey, Guernsey and Switzerland offer adequate levels of data protection in their domestic legislation and transfers to these jurisdictions are, therefore, permitted under the GDPR and/or Applicable Local Laws.
We also have operations in the USA and Canada, we have put in place our Group Standard Contractual Clauses between us and our American and Canadian employees to safeguard EU data subject’s rights under the GDPR. All Personal Data used by staff in these locations is held on MJ Hudson’s central servers located in London. Emails are stored on EU based Microsoft servers.
In some instances, you may have instructed other advisors or service providers who are based outside the EEA and who we need to share information with, in order to provide our services to you. In these circumstances, we ensure that any personal data transferred is limited to that which is required for us to perform our contract with you and the transfer is made in accordance with the GDPR and/or Applicable Local Laws.
We use SurveyMonkey to carry out our online surveys. SurveyMonkey stores survey data on its servers in the United States. If you participate in one of our surveys, your personal data will be transferred to the United States. SurveyMonkey Inc. (and its subsidiary company, Infinity Box Inc.) participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework. Transfers of Personal Data to SurveyMonkey in the United States are therefore made subject to appropriate safeguards in accordance with the GDPR and Applicable Local Laws. We have also put in place a Data Processing Agreement based on the Standard Contractual Clauses approved by the European Commission to provide enhanced protection for your data. To learn more about the Privacy Shield Frameworks, visit the U.S. Department of Commerce’s Privacy Shield website: https://www.privacyshield.gov/welcome. SurveyMonkey’s privacy policy can be viewed here.
MJ Hudson IQ Limited provides Regulatory Solutions which is tailored compliance support in addition to “plug and play” solutions for all types of investment businesses – buy side, sell side and everything in between. Our primary goal is to help you to do business whilst mitigating compliance risk (“Regulatory Solutions”).
We support clients with a wide range of needs that includes day to day support on all of your compliance needs, FCA authorisation, launching a new project, new regulation advice and bespoke training.
MJ Hudson’s regulatory solutions practice covers: Alternative Investment Fund Managers Directive (AIFMD); Directive on Undertaking for Collective Investment in Transferable Securities (UCITS); Market Abuse; financial crime; data protection; prudential and conduct rules amongst others. Please click here for more details.
The kind of information we hold about you
If you engage us to provide Regulatory Solutions to you, we may collect, store, and use the following categories of personal data about you:
In certain circumstances, the information we hold about you may include special category data (as defined in the GDPR), including data which reveals your ethnicity, your political opinions, your health or your criminal convictions
How your data is collected
We collect your data from the following sources:
What we use your data for
We use your data for the following purposes:
Who we share your data with
We will never sell your data and we will only disclose your data to other parties where necessary in order to provide our services or where we are legally obliged to do so. Details of the organisations we may share your data with are set out below:
We may share your data with other members of MJ Hudson for the purposes set out in this Policy. All members of MJ Hudson will process your data in accordance with this privacy policy and subject to the requirements of Applicable Local Laws or the GDPR, as applicable.
It is sometimes necessary to share information, including your data, with third parties who are providing you with advice or other professional services ancillary to the services we are providing. For example, if we are providing services to a fund, we may share certain information with the fund, the investors, the fund administrator, fund auditor, fund manager, bank or depository, in order to provide our services or to permit them to provide theirs.
We use carefully selected third parties to provide certain services to us, such as our IT Infrastructure or document management systems. By the nature of the service they provide, some such third party service providers may have limited access to your data for support purposes. All of our service providers have entered into contracts which contain strict confidentiality and data processing provisions. A full list of all of the third party service providers we use is available on request
We may need to share limited information regarding our clients with our auditors, including, in some instances, your data. Our auditors are subject to strict confidentiality provisions in their contract with us.
We may disclose your data to certain regulatory bodies or government agencies where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your data where such disclosure is necessary for the establishment, exercise or defence of legal claims.
In relation to any other categories of recipients not listed above, we will only disclose your information in the following circumstances:
International Transfers
In certain circumstances, we may transfer your data to countries outside the EEA, which may not adhere to the same levels of data protection to which countries within the EEA are subject. Any such transfers are, at all times, made in accordance with the Applicable Local Laws and the GDPR. Details of the circumstances and mechanisms in place to ensure compliance are set out below:
We have offices in Jersey, Guernsey and Switzerland. Our central servers are located in London. The European Commission has ruled that Jersey, Guernsey and Switzerland offer adequate levels of data protection in their domestic legislation and transfers to these jurisdictions are, therefore, permitted under the GDPR and/or Applicable Local Laws.
We also have operations in the USA and Canada, we have put in place our Group Standard Contractual Clauses between us and our American and Canadian employees to safeguard EU data subject’s rights under the GDPR. All Personal Data used by staff in these locations is held on our central servers located in London. Emails are stored within London based Microsoft servers.
In some instances, you may have instructed other lawyers or advisors who are based outside the EEA and who we need to share information with, in order to provide our services to you. In these circumstances, we ensure that any personal data transferred is limited to that which is required for us to perform our contract with you and the transfer is made in accordance with the GDPR and/or Applicable Local Laws.
We use Sharepoint to store some of our client files and this may include your data. Sharepoint is operated by Microsoft in the United States. Microsoft participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework. Transfers of Personal Data to Sharepoint in the United States are therefore made subject to appropriate safeguards in accordance with the Applicable Local Laws and the GDPR. We have also put in place a Data Processing Agreement based on the Standard Contractual Clauses approved by the European Commission to provide enhanced protection for your data. To learn more about the Privacy Shield Frameworks, visit the U.S. Department of Commerce’s Privacy Shield website:
https://www.privacyshield.gov/welcome.
Microsoft’s privacy policy can be viewed here.
Data Retention
MJ Hudson only keeps data for as long as is necessary to fulfil the purposes (as set out above) for which we collected it.
Our Transition Management Solutions business provides the tools and resources to ensure that transition events are executed smoothly, and the explicit and implicit costs of all portfolio changes are minimised (“Transition and Trading Solutions”).
Our Trading Solutions business supports independent assessment and selection of Outsourced Buyside Trading.
The kind of information we hold about you
If you engage us to provide Investment Advisory Services to you, we may collect, store, and use the following categories of Personal Data about you:
In certain circumstances, the information we hold about you may include special category data (as defined in the GDPR), including data which reveals your ethnicity, your political opinions, your health or your criminal convictions
How your data is collected
We collect your data from the following sources:
What we use your data for
We use your data for the following purposes:
Any special category data we hold about you will only be processed so far as necessary in order to comply with our legal requirements.
Who we share your data with
We will never sell your data and we will only disclose your data to other parties where necessary in order to provide our services or where we are legally obliged to do so. Details of the organisations we may share your data with are set out below:
We may share your data with other members of MJ Hudson for the purposes set out in this Policy. All members of MJ Hudson will process your data in accordance with this privacy policy and subject to the requirements of Applicable Local Laws or the GDPR, as applicable.
It is sometimes necessary to share information, including your data, with third parties who are providing you with advice or other professional services ancillary to the Investment Advisory Services we are providing. For example, if we are providing Investment Advisory Services to a pension fund, we may share certain information with the trustees of the fund, in order to provide our services or to permit them to provide theirs. We may also share the results of our reports (which may contain personal data) with certain third parties with whom you (or your company) authorise us to share such data.
We use consultants and Senior Advisors to provide certain of our services to our Transition and Trading Solutions clients. These consultants and Senior Advisors are not employees of MJ Hudson and are, therefore, considered third party processors for the purposes of the GDPR and/or Applicable Local Laws but they are subject to the same policy and procedure requirements as all of our staff in relation to how they handle personal data.
We use carefully selected third parties to provide certain services to us, such as our IT Infrastructure or document management systems. By the nature of the service they provide, some such third party service providers may have limited access to your data for support purposes. All of our service providers have entered or will shortly enter into contracts which contain strict confidentiality and data processing provisions. A full list of all of the third party service providers we use is available on request
We may need to share limited information regarding our clients with our auditors, including, in some instances, your data. Our auditors are subject to strict confidentiality provisions in their contract with us.
We may disclose your data to certain regulatory bodies or government agencies where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your data where such disclosure is necessary for the establishment, exercise or defence of legal claims.
In relation to any other categories of recipients not listed above, we will only disclose your information in the following circumstances:
International Transfers
In certain circumstances, we may transfer your data to countries outside the EEA, which may not adhere to the same levels of data protection to which countries within the EEA are subject. Any such transfers are, at all times, made in accordance with the Applicable Local Laws and the GDPR. Details of the circumstances and mechanisms in place to ensure compliance are set out below:
We have offices in Jersey, Guernsey and Switzerland. Our central servers are located in London. The European Commission has ruled that Jersey, Guernsey and Switzerland offer adequate levels of data protection in their domestic legislation and transfers to these jurisdictions are, therefore, permitted under the GDPR and/or Applicable Local Laws.
We also have operations in the USA and Canada, we have put in place our Group Standard Contractual Clauses between us and our American and Canadian employees to safeguard EU data subject’s rights under the GDPR. All Personal Data used by staff in these locations is held on MJ Hudson’s central servers located in London. Emails are stored within London based Microsoft servers.
In some instances, you may have instructed other lawyers or advisors who are based outside the EEA and who we need to share information with, in order to provide our services to you. In these circumstances, we ensure that any personal data transferred is limited to that which is required for us to perform our contract with you and the transfer is made in accordance with the GDPR and/or Applicable Local Laws.
We use Sharepoint to store some of our client files and this may include your data. Sharepoint is operated by Microsoft in the United States. Microsoft participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework. Transfers of personal data to Sharepoint in the United States are therefore made subject to appropriate safeguards in accordance with the Applicable Local Laws and the GDPR. We have also put in place a Data Processing Agreement based on the Standard Contractual Clauses approved by the European Commission to provide enhanced protection for your data.
To learn more about the Privacy Shield Frameworks, visit the U.S. Department of Commerce’s Privacy Shield website:
https://www.privacyshield.gov/welcome.
Microsoft’s privacy policy can be viewed here.
MJ Hudson provide Management and Administration services for offshore structures including trusts, companies, foundations and partnerships etc. We also provide tax compliance (FATCA/CRS Reporting) and accounting services to such entities. (International Administration (Jersey)).
International Administration (Jersey) services are provided by MJ Hudson Fiduciaries Jersey Limited, registered company number 92038.
Who do we collect data from
a) Clients;
b) Prospective client/customers;
c) Employees;
d) Job applicants;
e) Suppliers;
f) Prospective Trust beneficiaries;
g) Others with whom we interact in the course of our business.
The kind of information we hold about you
If you engage us to provide Administration services to you, we may collect, store, and use the following categories of personal data about you:
h) name;
i) business postal address;
j) business email address;
k) telephone number;
l) job title;
m) bank details;
n) identification details and documentation for KYC purposes;
o) criminal convictions.
Note that, in certain circumstances, the information we hold about you may include Special Category Data (as defined in the Data Protection (Jersey) Law 2018, European Union (United Kingdom Exit – Miscellaneous Amendments) (Jersey) Regulations 2019, the UK GDPR and the EU GDPR), including data which reveals your ethnicity, your political opinions, your health or your criminal convictions.
How your data is collected
We collect your data directly from you during our client inception and on-boarding process and our ongoing client relationship or from intermediaries and your advisors.
What we use your data for
We use your data for the following purposes:
Any special category data we hold about you will only be processed so far as necessary in order to comply with our legal requirements.
Who we share your data with
We will never sell your data and we will only disclose your data to other parties where necessary in order to provide our services or where we are legally obliged to do so. Details of the organisations we may share your data with are set out below:
We may share your data with other members of MJ Hudson for the purposes set out in this Policy. All members of MJ Hudson will process your data in accordance with this privacy policy and subject to the requirements of Applicable Local Laws or the UK GDPR/EU GDPR, as applicable.
We may share your data with Mackaw Limited, as some of the services that we provide to you as our client, are provided by Mackaw Limited, (accounting and book-keeping services)
We use carefully selected third parties to provide certain services to us, such as our IT Infrastructure or document management systems. By the nature of the service they provide, some such third-party service providers may have limited access to your data for support purposes. All of our service providers have entered or will shortly enter into contracts which contain strict confidentiality and data processing provisions. A full list of all of the third-party service providers we use is available on request.
We may need to share limited information regarding our clients with our auditors, including, in some instances, your data. Our auditors are subject to strict confidentiality provisions in their contract with us.
We may disclose your data to certain regulatory bodies or government agencies where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your data where such disclosure is necessary for the establishment, exercise or defence of legal claims.
a) where you have given your consent;
b) where it is necessary for the purpose of, or in connection with legal proceedings or in order to exercise or defend legal rights; and
c) if we sell our company, go out of business, or merge with another company.
International Transfers
We may transfer your data to countries outside the jurisdiction within which you have contracted services from MJ Hudson, which may not adhere to the same levels of data protection as MJ Hudson offers. Any such transfers are, at all times, made in accordance with the Applicable Local Laws and the UK GDPR and EU GDPR.
We may also transfer your data to such other service providers as may be necessary for the execution of the work you have contracted us to perform. In these circumstances, we ensure that any personal data transferred is limited to that which is required for us to perform our contract with you and the transfer is made in accordance with the GDPR and/or Applicable Local Laws.
The kind of information we hold about you
In connection with your job application, we will collect, store, and use the following categories of personal information about you:
We may also collect, store and use the following special categories of more sensitive personal information:
How is your personal information collected?
We collect data about you in a variety of ways including directly from you by way of the information you include in your CV or job application cover letter and notes made by our recruitment team during a recruitment interview. Other details may be collected directly from you in the form of official documentation such as your driving licence, passport or other right to work evidence. In some cases, we will collect data about you indirectly from the following sources:
How we will use information about you
We will use the personal information we collect about you to:
Once you submit your CV and covering letter and/or application form and test (where applicable) we will then process that information to decide whether you meet the basic requirements to be shortlisted for the role. If you do, we will decide whether your application is strong enough to invite you for an interview. If we decide to call you for an interview, we will use the information you provide to us at the interview to decide whether to offer you the role. If we decide to offer you the role, we will then take up references and/or carry out a criminal record checks. We may also carry out other checks if necessary before confirming your appointment.
Why we process your data
The law on data protection allows us to process your data for certain reasons only:
We need to collect your personal data to ensure we are complying with legal requirements such as:
We also process personal data so that we can carry out activities which are in our legitimate interests.
We have set these out below:
If you are unsuccessful in obtaining employment, we may seek your consent to retain your personal data in case other suitable job vacancies arise within MJ Hudson for which we think you may wish to apply. You are free to withhold your consent to this and there will be no consequences for withholding consent.
How we use particularly sensitive personal information
We will use your particularly sensitive personal information in the following ways:
We do not need your consent if we use special categories of personal data in order to carry out our legal obligations or exercise specific rights under employment law. However, we may ask for your consent to allow us to process certain particularly sensitive data. If this occurs, you will be made fully aware of the reasons for the processing. As with all cases of seeking consent from you, you will have full control over your decision to give or withhold consent and there will be no consequences where consent is withheld. Consent, once given, may be withdrawn at any time. There will be no consequences where consent is withdrawn.
Information about criminal convictions
We will only collect criminal conviction data where it is appropriate given the nature of your role and where the law permits us. We will collect information about your criminal convictions history if we make you a job offer role (conditional on checks and any other conditions, such as references, being satisfactory). We are required to carry out a criminal records check in order to satisfy ourselves that there is nothing in your criminal convictions history which makes you unsuitable for the role. In particular we are legally required by the Solicitors Regulatory Authority and the Financial Conduct Authority to carry out criminal record checks for certain roles within the Company.
We have in place an appropriate policy document and safeguards which we are required by law to maintain when processing such data.
If you do not provide your data to us
One of the reasons for processing your data is to allow us to carry out an effective recruitment process. Whilst you are under no obligation to provide us with your data, we may not able to process, or continue with (as appropriate), your application.
Automated decision-making
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making as we do not use automated decision-making.
Data sharing
Why might we share your personal information with third parties?
We will only share your personal information with the following third parties for the purposes of processing your application:
All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
International transfers
We may transfer the personal data we collect about you to the following countries outside the EU during the course of the application process:
We have group entities in Guernsey and, whilst technical and organisational measures are in place to ensure that employee personal data is not accessed by anyone who does not strictly need it, it is possible that your personal data will be transferred to Guernsey (for example, if you are sent on secondment there). There is an ‘adequacy decision’ in place from the European Commission in respect of Guernsey, which means that it is deemed to provide an adequate level of protection for your personal data.
We have group entities in Switzerland, whilst technical and organisational measures are in place to ensure that employee personal data is not accessed by anyone who does not strictly need it, it is possible that your personal data will be transferred to Switzerland (for example, if you are sent on secondment there). There is an ‘adequacy decision’ in place from the European Commission in respect of Switzerland, which means that it is deemed to provide an adequate level of protection for your personal data.
We have Group operations in the United States and Canada. Also, some of our third-party service providers, such as NetVoyage Corporation who operate NetDocuments and Microsoft Corporation who operate Sharepoint, are located in the United States. All transfers of personal data to service providers in the Unites States are made on the basis of adequate safeguards in accordance with the law, either in the form of the ‘EU-US Privacy Shield’ or the Standard Contractual Clauses approved by the European Commission.
To learn more about the Privacy Shield Frameworks, visit the U.S. Department of Commerce’s Privacy Shield website: https://www.privacyshield.gov/welcome.
How long will you use my information for?
We will retain your personal information for the period of time required in order to assess your application plus a further period of 9 (nine) months after the position for which you applied has been filled. We retain your personal information for that period so that we can show, in the event of a legal claim, that we have not discriminated against candidates on prohibited grounds and that we have conducted the recruitment exercise in a fair and transparent way. After this period, we will securely destroy your personal information in accordance with our data retention policy and applicable laws and regulations.
If we wish to retain your personal information on file, on the basis that a further opportunity may arise in future and we may wish to consider you for that, we will write to you separately, seeking your explicit consent to retain your personal information for a fixed period on that basis.
If your application is successful, your data will be kept and transferred to the systems we administer for employees. We have a separate privacy notice for employees, which will be provided to you following signature of your employment contract (or other contract, as relevant).
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact us using the contact details at the beginning of this policy.
This privacy notice applies to current and former employees, workers, contractors, and vacation placements/interns. It explains how we will process your personal data. This notice does not form part of any contract of employment or other contract to provide services.
What information do we hold?
We hold a range of personal data about you, some of which you provide to us directly and some of which we receive from third parties.
Here are some examples of types of personal data we hold:
We may also collect, store and use the following special categories of more sensitive personal information:
How do we use it and why?
We process your personal data to help us to effectively administer the employment relationship between you and MJ Hudson.
We only process data for specified purposes and if it is justified in accordance with data protection law.
Some processing of your personal data is justified on the basis of contractual necessity. In general this applies to personal data you provide to us at when you first start working for us and throughout the duration of your employment with MJ Hudson. It’s to manage the employment relationship and to monitor performance.
Without this information we wouldn’t be able to employ you and follow the law, assess your application, offer you work with MJ Hudson or make reasonable adjustments. Some personal data is also required to fulfil our legal obligations (for example, immigration or HMRC).
Further Information
Please refer to the detailed privacy notice set out in your employee handbook for further information on how we protect personal data relating to our employees and contractors.
Copyright © 2021. All rights reserved.