1. Commitment and Scope
1.1 This Bermuda Privacy Addendum supplements the information contained in the Global Privacy Policy and our Fair Processing Notice.
1.2 Charles Taylor complies with the requirements of the Personal Information Protection Act 2016 (“PIPA”) regarding the use of personal information, including collecting, obtaining, recording, holding, storing, organising, adapting, altering, retrieving, transferring, consulting, disclosing, disseminating, or otherwise making available, combining, blocking, erasing, or destroying it.
1.3 We will only process Personal Information for the purposes described in our Global Privacy Policy, where we have a legal basis to do so under the PIPA, and where necessary, we will obtain your prior consent.
1.4 Where we operate in jurisdictions outside of Bermuda, or where the Bermuda Data Protection Law does not apply then our main Global Privacy Policy will apply.
1.5 For those who work for Charles Taylor in Bermuda, the Charles Taylor Employee Privacy Notice is accessible online via our intranet.
2. Your personal and sensitive data
2.1 For individuals based in Bermuda, references to “special categories of personal data” in our Global Notice shall be understood to refer to “sensitive data” under the PIPA.
2.2 We only process sensitive data if and to the extent permitted or required by applicable laws in Bermuda, including after obtaining your separate consent if required. We will seek to protect such information using the security measures described below and, therefore, your sensitive data should not be processed in a way that will result in negative consequences to your personal rights e.g. harm to your reputation, physical or mental health, or your personal or property security.
2.3 References to “personal data” includes information about an identified or identifiable individual.
2.4 We will only process your personal data with your consent or as required by applicable laws or regulations in Bermuda. Our processing will not adversely affect your rights or interest. For the personal information we process, we will take appropriate security measures that correspond to the risk level of such information to prevent the loss or unlawful destruction or unauthorised disclosure of or access to personal information.
2.5 To make things simpler, Charles Taylor has nominated one entity, Charles Taylor Ltd, to handle all requests or queries you might have about our processing of your personal data. We have appointed a Privacy Officer in Bermuda who is supported by the Charles Taylor Group Data Protection Officer (DPO) to oversee compliance with data protection laws.
You can contact our Group DPO at:
2 Minster Court, Mincing Lane, London EC3R 7BB
dpo@charlestaylor.com
The privacy officer in Bermuda can be contacted at:
dpo@charlestaylor.com
3. Our responsibilities
3.1 During its core business activities, Charles Taylor is instructed to process the personal data of individuals who are identified in our clients’ instructions or during the course of the investigation undertaken pursuant to such instructions. Charles Taylor will not process any personal data without first having been satisfied as to the legal basis on which to process personal data.
3.2 To comply with the law, Charles Taylor will ensure that information processed about individuals is kept to the minimum necessary for the purpose of the processing, collected, and used fairly, be accurate, used solely for the purpose intended, stored safely, securely including protection against unauthorised or unlawful processing, loss, destruction or damage, using appropriate technical measures such as encryption or in password protected devices, retained for no longer than necessary and not disclosed to any third party unlawfully.
3.3 Some processing of personal data is considered high-risk, either because of the nature and volume of personal data processed or because we want to process that data using novel technology or a system or application that is new to us. Where this is the case, and where required by law, we assess the risks of the processing, how we mitigate those risks, and we document decisions taken in Data Protection Impact Assessments.
4. Your Privacy Rights
4.1 Under the Personal Information Protection Act 2016 you are afforded the following rights regarding your personal data:
4.2 You will not be discriminated against for exercising any of your data rights. To exercise these data subject rights please contact the following email address:
5. Transfer of your data
5.1 Our Fair Processing Notice explains the types of data we collect, how it is collected and with whom we might share your personal information.
5.2 Where personal information is transferred to an overseas third party for use by that overseas third party on behalf of Charles Taylor, or for the overseas third party’s own business purposed, Charles Taylor will remain responsible for compliance with PIPA in relation to that personal information. Please see our Global Privacy Policy and Fair Processing Notice for more information.
5.3 To ensure correct management of personal data, and to comply with many data privacy regimes around the world, we maintain records of data processing which identify key information in respect of all personal data we process. This enables us to align our privacy practices with local privacy laws.
5.4 Any individual whose personal data we process may contact the Bermuda Privacy Officer or the Charles Taylor Group DPO to request information about the types of personal data we process, the lawful basis (or bases) for that processing and how we protect their personal data.
6. Appropriate Technical and Organisational Measures
6.1 Charles Taylor takes information security seriously and has put in place security measures which meet various industry standards for example, ISO 27001.
6.2 We continuously monitor our information security and work hard to meet our own high expectations in this regard, as well as the expectations of our financial services industry clients and of data subjects.
6.3 Your personal data will only be shared with those of our staff or our business partners who have a need to see it for the legitimate purposes of carrying out our business and we work hard to maintain a culture of privacy awareness.
7. Your right to complain
7.1 You have the right to complain about how your data has been processed. You can contact the Charles Taylor Group DPO as follows:
2 Minster Court, Mincing Lane, London EC3R 7BB
dpo@charlestaylor.com
7.2 If you are dissatisfied with our response, you can also complain to the Privacy Commissioner in Bermuda:
Privacy Commissioner - Alexander White
Maxwell Roberts Building, 4th Floor
1 Church Street
Hamilton, HM11
Bermuda
Email: PrivCom@privacy.bm
Telephone: 1-441-543-7748
8. Changes to this Policy
8.1 This Privacy Policy comes into effect on 17 September 2024 replacing our previous Privacy Policy.
8.2 Our other data protection policies are available upon request to dpo@charlestaylor.com
Last updated: September 2024
Find out how our wide range of services can support and benefit your business.