INPENDRA, JERSEY

General Privacy Notice

Inpendra Limited (“Inpendra”) is committed to protecting the privacy and security of your personal

information. This privacy notice describes how we collect and use personal information about you and what your data protection rights are, in accordance with the Data Protection (Jersey) Law 2018.

It applies to all third party persons (other than employees) with whom we have transactions, communications or contact. For the purposes of this document Inpendra together with all companies and other vehicles to whom it provides services is known as the Inpendra Group. These entities are managed and controlled from Jersey, UK, US, Bermuda and elsewhere.

Inpendra is a "data controller". This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this privacy notice. Inpendra is also a “data processor” processing information on behalf of companies in the Inpendra Group including private trust companies and asset holding vehicles.

This notice does not form part of any contract to provide services. We may update this notice at any time. It is important that you read this notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information.

What is “personal information”?

Personal data, or personal information, means any information about an individual from which that person can be identified. This includes but is not limited to, personal contact details, date and place of birth, gender, nationality, residential address employment and if necessary to transact with you your bank account details. It does not include data where the identity of the person has been removed (anonymous data).

There are "special categories" of more sensitive personal data which require a higher level of protection. These include information regarding race, health, genetic information and biometric data, religious beliefs, sexual orientation, criminal convictions and political opinions.

How is your personal information collected?

We process information that you provide directly and information learned about you from communications and dealings with you. We also obtain some information about you from others, as set out below:

From Third parties:

The individual or their immediate relation is the usual source of information. The individual may be based in the EU or outside the EU. Processed information may include the individual’s name, company, title and job description and contact details such as email address and telephone number or business address, as well as passport information, details of family relationships, banking relationships, financial and tax status, business and other affairs, and interests in a trust or private investment company or other asset holding company.

Public sources:

Sources both inside and outside the EU, such as news outlets, websites and other media sources, international sanctions lists, any publically available databases or data sources which may be accessed through private screening services. Processed information may include your name, company, title and job description and contact details such as email address and telephone number or business address, details about individual's personal or business interests or activities.

Other Sources:

Any research agencies who may carry out research for us both inside and outside the EU.

How we will use information about you

We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:

Where we need to perform the contract or agreement we have entered into with you.

Where another member of the Inpendra Group has an administration agreement with us whereby we obtain, hold and process information on their behalf.

Where we need to comply with a legal or regulatory obligation.

Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

Where you have provided your express consent.

We may also use your personal information to protect your vital interests (or someone else's interests) but this is likely to be rare.

If you do not provide personal data that we require to provide our services, then we may be unable to provide you with the services (including remittance of funds) and may need to terminate any contractual or fiduciary relationship with you.

What we use the information for

We may collect, use, process and disclose your data for the following reasons:

Where the processing is necessary for us to perform a contract with you:

For the performance of any Administration Agreement, for example to set up and service a relationship and to carry out advised directions or to set up and to maintain a Trust or company or other vehicle.

Where required by Jersey, European Union (EU), or EU Member State, or other applicable or equivalent laws:

To disclose information to governmental entities or regulatory authorities, financial markets, banks, brokers or other intermediaries or counterparties, courts or other parties.
To the extent required to allow us to process personal data of a minor child such as where a child is named as a trust beneficiary.
To the extent required to allow us to process personal data about the health of yourself, a client or relevant third party.
To provide services to you such as performance of a trust instrument, articles and memorandum of association, and to communicate with you about these services.
Trustees may be directed not to inform certain people that they are beneficiaries under a trust and may process beneficiary personal data to be able to contact, identify, and distribute the trust fund to these beneficiaries after the settlor is deceased, without informing these beneficiaries in advance.
To manage and administer the Company and/or trusts and companies under the Company’s administration.
For compliance with duties under any applicable laws, including trust law, company law, securities law and tax act in any jurisdiction.

Where necessary for our legitimate interests (as listed here):

To manage and improve relationships with you and assist with communications and management of administration requirements.

To record telephone conversations with you, to retain your picture, record video footage, and to keep samples of your signature or handwriting for authentication purposes.

Under directions or at the request of a client or when we may exercise discretion under a trust,
company, or contract, to establish and maintain a relationship with a financial institution, law firm, advisor, family officer, security issuer or company.

To help detect, prevent, investigate, and prosecute fraud and/or other criminal activity, and share this data with our legal, compliance, risk and managerial staff to assess suspicious activities.

To manage and ensure the security of our IT systems.

To disclose information to, and comply with instructions of, relevant governmental, tax or
regulatory bodies or other intermediaries, counterparties, courts, auditors or other third parties.

To determine our legal rights and duties, and to prepare documentation such as trust amendments and tax returns.

To make applications for protective orders or directions to courts or to establish, exercise or defend legal claims and in order to protect and enforce our rights, property, or safety, or to assist clients or others to do this.

To investigate and respond to any complaints about us and to help maintain service quality and train staff to deal with complaints and disputes.

To conduct compliance activities such as audit and reporting, assessing and managing risk, maintenance of accounting and tax records, fraud and anti-money laundering (AML) prevention and measures relating to sanctions, anti-terrorism laws and regulations and fighting crime. This includes know your customer screening (which involves identity checks and verifying address and contact details); screening for politically exposed persons (which involves screening client records against internal and external databases to establish connections to ‘politically exposed persons or PEPs); sanctions screening (which involves the screening of clients details against published sanctions lists); and exchanging source of wealth data and passports with an account provider to open and maintain a bank account.

Where you consent to the processing of personal data:

Otherwise to the extent that consent for the processing of personal data is required under
applicable law.

We may ask you to agree that you have received this Privacy Statement and that you agree to
each and every individual data processing activity and reasons set out in this Privacy Statement.

Where necessary to protect your or a relevant third party's vital interests.

Where necessary to protect an interest which is essential for the life of a relevant party such as to invest, administer, and distribute assets according to a trustee decision for the care of a
beneficiary suffering disability, illness or injury, or for a minor or disabled beneficiary. We will only use your personal information for the purposes for which we collected it, unless we
reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law and where we are required to
process, retain or maintain the confidentiality of personal information in order to exercise a power or discretion or perform a duty under a trust arrangement.

"Special categories" of particularly sensitive personal information require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information. We have in place an appropriate policy document and safeguards which we are required by law to maintain when processing such data.

We may process special categories of personal information in the following circumstances:

In limited circumstances, with your explicit written consent.
Where we need to carry out our legal obligations.
Where it is needed in the public interest.

Less commonly, we may process this type of information where it is needed in relation to legal
proceedings or where it is needed to protect your vital interests (or someone else's vital interests) and you are not capable of giving your consent, or where you have already made the information public.

Automated decision-making
No decisions will be taken about you using fully automated means; we will notify any relevant individuals in writing if this position changes.

Data sharing

We will share your personal information with third parties where required by law, where it is necessary to provide administration services for you, or to enable other parties in the Inpendra Group to exercise their discretion or transact for your benefit whether generally or specifically or where we have another legitimate interest in doing so.

Internal Third Parties:

Other companies in the Inpendra Group for whom Inpendra provides administration services and their officers, management and staff. In this context it should be noted that Inpendra collects personal information on behalf of family trust companies that administer trusts which hold assets for the actual or potential benefit of individuals. Information is held for the companies in the Inpendra Group which Inpendra is under obligation to share as it can be required in order to comply with their own specific legal and regulatory obligations.

External Third Parties:

Service providers including those providing investment management, investment advice, insurance, property management, IT, payroll and system administration services.
Professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
Global Authorities including any company registry, competent regulatory, prosecuting, tax or governmental or judicial body or authority, courts or other tribunals in any jurisdiction.
Successor third parties in connection with a change of administrator, company ownership or ownership of any assets.

All our third-party service providers and other associated entities are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

Transferring information outside the EU

We may transfer the personal information we collect about you to the following countries outside the EU (Jersey, Bermuda, British Virgin Islands, Cayman Islands, USA, Isle of Man, Singapore, Mauritius) in order to perform our contract with you. Normally we will only transfer your data to a country where there is an adequacy decision by the European Commission in respect of those countries. This means that the countries to which we transfer your data are deemed to provide an adequate level of protection for your personal information.

Where we propose to transfer your data to a country that does not have an adequacy decision, we will ensure that your personal information is protected through the use of appropriate contractual terms.

Data retention

We shall keep your personal data for as long as is required in order to fulfil contractual and fiduciary obligations to you, and for such other suitable period reflecting the applicable retention laws and regulations and limitation periods. After your lifetime, any residual privacy rights are abandoned and waived to the extent permitted by law. Where personal data is processed solely with your consent, it shall be processed until you ask us to stop, and for a reasonable period afterwards to allow us to comply with your request, unless another legal justification permits continued processing. Transactional and identity information is retained for a minimum of ten years.

Rights of access, correction, erasure, and restriction

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.

Under certain circumstances, by law you have the right to:

Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it. You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.
Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to re-establish its accuracy or the reason for processing it.
Request the transfer a copy of your personal information to another party.

If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact our data protection officer in writing.

Please note that we may decline to comply with any request to delete or restrict the use of your information if we still require that information for any legal or contractual reasons.

Right to withdraw consent

In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact our data protection officer. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis in law for doing so.

The withdrawal of consent shall not affect the lawfulness of processing for other reasons and based on other grounds where this is permitted under applicable law.

Data protection officer

Inpendra has appointed a data protection officer (DPO) to oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal information, please contact the DPO using the contact details below. You have the right to make a complaint at any time to the Jersey Office of the Information Commissioner being the Jersey supervisory authority for data protection issues.

Changes to this privacy notice

We reserve the right to update this privacy notice at any time, and we will ensure that any update to this privacy notice by a link from the footer of each email sent by us with the latest version date shown therein. We encourage you to regularly review this privacy notice to ensure that you are always aware of how personal information is collected, used, stored and disclosed. We may also notify you in other ways from time to time about the processing of your personal information.

Data Protection Laws

This privacy notice is based on EU and Jersey law. These data protection laws may not apply if:

You do not receive services from Inpendra in Jersey, the EU or the EEA;
You are not resident or located in these jurisdictions while receiving services; and
Your personal data is processed outside these jurisdictions.

If you have any questions about this privacy notice, please contact the Data Protection Officer (dpo@inpendra.com).

Privacy Policy

Inpendra Limited is committed to protecting the privacy and security of your personal information.

This privacy notice describes how we collect and use personal information about you and what your data protection rights are, in accordance with the Data Protection (Jersey) Law 2018.

It applies to all clients, prospective clients and third parties.

Inpendra Limited is a "data controller". This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this privacy notice.

This notice does not form part of any contract to provide services. We may update this notice at any time.

It is important that you read this notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information.

The kind of information we hold about you

Personal data, or personal information, means any information about an individual from which that person can be identified. This includes but is not limited to, personal contact details, date of birth, gender and bank account details. It does not include data where the identity of the person has been removed (anonymous data).

How is your personal information collected?

We process information that you provide directly and information learned about you from communications and dealings with you. We also obtain some information about you from others, as set out below:

From Clients:

The client or prospective client is the usual source of information. The individual or prospective client may be based in the EU or outside the EU. Processed information may include the clientâ€™s name, company, title and job description and contact details such as email address and telephone number or business address, as well as passport information, details of family relationships, banking relationships, financial and tax status, business and other affairs, and interests in a trust or private investment company (PIC).

Public sources:

Sources both inside and outside the EU, such as news outlets, websites and other media sources, international sanctions lists, any publically available databases or data sources. Processed information may include your name, company, title and job description and contact details such as email address and telephone number or business address, details about client's personal or business interests or activities.

Other Sources:

Any research agencies who may carry out research for us both inside and outside the EU.

How we will use information about you

We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:

Where we need to perform the contract or agreement we have entered into with you.
Where we need to comply with a legal obligation.
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
Where you have provided your express consent.

We may also use your personal information to protect your vital interests (or someone else's interests) but this is likely to be rare.

If you do not provide personal data that we require to provide our services, then we may be unable to provide you with the services and may need to terminate any contractual or fiduciary relationship with you.

What we use the information for

We may collect, use, process and disclose your data for the following reasons:

Where the processing is necessary for us to perform a contract with you:

For the performance of any Trustee Services Agreement, for example to set up and service a relationship and to carry out client directions or to set up and to maintain a Trust or PIC.
To take pre-contract measures you request to assess your needs in relation to specific products or services.

Where required by Jersey, European Union (EU), or EU Member State, or other applicable or equivalent laws:

To disclose information to governmental entities or regulatory authorities, financial markets, banks, brokers or other intermediaries or counterparties, courts or other parties.

Where necessary for our legitimate interests (as listed here):

To provide services to you such as performance of a trust instrument, PIC articles and memorandum of association, and to communicate with you about these services.
We may be directed not to inform certain people that they are beneficiaries under a trust and may process beneficiary personal data to be able to contact, identify, and distribute the trust fund to these beneficiaries after the clientâ€™s life, without informing these beneficiaries during the clientâ€™s life.
To manage and administer our business.
To manage and improve relationships with you and assist with client management.
To record telephone conversations with you, to retain your picture, record video footage, and to keep samples of your signature or handwriting for authentication purposes.
Under directions or at the request of a client or when we may exercise discretion under a trust, PIC, or contract, to establish and maintain a relationship with a financial institution, law firm, advisor, family officer, security issuer or company.
To help detect, prevent, investigate, and prosecute fraud and/or other criminal activity, and share this data with our legal, compliance, risk and managerial staff to assess suspicious activities.
To manage and ensure the security of our IT systems.
To disclose information to, and comply with instructions of, relevant governmental, tax or regulatory bodies or other intermediaries, counterparties, courts, auditors or other third parties.
To determine our legal rights and duties, and to prepare documentation such as trust amendments and tax returns.
To make applications for protective orders or directions to courts or to establish, exercise or defend legal claims and in order to protect and enforce our rights, property, or safety, or to assist clients or others to do this.
To investigate and respond to any complaints about us and to help maintain service quality and train staff to deal with complaints and disputes.
To conduct compliance activities such as audit and reporting, assessing and managing risk, maintenance of accounting and tax records, fraud and anti-money laundering (AML) prevention and measures relating to sanctions, anti-terrorism laws and regulations and fighting crime. This includes know your customer screening (which involves identity checks and verifying address and contact details); screening of politically exposed persons (which involves screening client records against internal and external databases to establish connections to â€˜politically exposed persons or PEPs); sanctions screening (which involves the screening of clients details against published sanctions lists); and exchanging source of wealth data and passports with an account carrier to open and maintain a bank account.
For compliance with duties under any applicable laws, including trust law, company law, securities law and tax act in any jurisdiction.

Where you consent to the processing of personal data:

To the extent required to allow us to process personal data of a minor child such as where a child is named as a trust beneficiary.
To the extent required to allow us to process personal data about the health of a client or relevant third party.
Otherwise to the extent that consent for the processing of personal data is required under applicable law.
We may ask you to agree that you have received this Privacy Statement and that you agree to each and every individual data processing activity and reasons set out in this Privacy Statement.

Where necessary to protect your or a relevant third party's vital interests.

Where necessary to protect an interest which is essential for the life of a client or relevant third party such as to invest, administer, and distribute assets according to a trust instrument for the care of a client suffering disability, illness or injury, or for a minor or disabled beneficiary.

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law and where we are required to process, retain or maintain the confidentiality of personal information in order to exercise a power or discretion or perform a duty under a trust arrangement.

In limited circumstances, with your explicit written consent.
Where we need to carry out our legal obligations.
Where it is needed in the public interest.

Less commonly, we may process this type of information where it is needed in relation to legal proceedings or where it is needed to protect your vital interests (or someone else's vital interests) and you are not capable of giving your consent, or where you have already made the information public.

Automated decision-making

We do not envisage that any decisions will be taken about you using fully automated means, however we will notify you in writing if this position changes.

Data sharing

We will share your personal information with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so.

In particular, we may disclose your personal data to others as follows:

Internal Third Parties:

Other companies in the Inpendra Group and their officers, management and staff.

External Third Parties:

Service providers including those providing investment management, insurance, property management, IT, payroll and system administration services.
Professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
Global Authorities including any competent regulatory, prosecuting, tax or governmental or judicial body or authority, courts or other tribunals in any jurisdiction.
Successor third parties in connection with a change of trusteeship, PIC ownership or ownership of any assets.

All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

Transferring information outside the EU

We will transfer the personal information we collect about you to the following countries outside the EU (Bermuda, British Virgin Islands, Cayman Islands, USA, Isle of Man, Singapore) in order to perform our contract with you. Normally we will only transfer your data to a country where there is an adequacy decision by the European Commission in respect of those countries. This means that the countries to which we transfer your data are deemed to provide an adequate level of protection for your personal information.

Data retention

Rights of access, correction, erasure, and restriction

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.

Under certain circumstances, by law you have the right to:

Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it. You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
Request the transfer of your personal information to another party.

Please note that we may decline to comply with any request to delete or restrict the use of your information if we still require that information for any legal or contractual reasons.

Right to withdraw consent

The withdrawal of consent shall not affect the lawfulness of processing for other reasons and based on other grounds where this is permitted under applicable law.

Data protection officer

We have appointed a data protection officer (DPO) to oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal information, please contact the DPO using the contact details below. You have the right to make a complaint at any time to the Data Protection Authority, the Jersey supervisory authority for data protection issues.

Changes to this privacy notice

We reserve the right to update this privacy notice at any time, and we will ensure that any update to this privacy notice is made available on our website www.inpendra.com. We encourage you to regularly review this privacy notice to ensure that you are always aware of how personal information is collected, used, stored and disclosed. We may also notify you in other ways from time to time about the processing of your personal information.

Data Protection Laws

This privacy notice is based on EU and Jersey law. These data protection laws may not apply if:

You do not receive services from Inpendra in Jersey, the EU or the EEA;
You are not resident or located in these jurisdictions while receiving services; and
Your personal data is processed outside these jurisdictions.

If you have any questions about this privacy notice, please contact the Data Protection Officer, Valerie Cunliffe (valerie.cunliffe@inpendra.com).