Skip to main content
  • Home
  • About us
    • Board of Commissioners
    • Directors
    • Contact us
    • Data protection
    • Making a complaint
    • Our teams
      • Enforcement
      • Policy and Risk
      • Registry
      • Supervision
    • Strategic Roadmap
  • Careers
  • Industry
    • Codes of Practice
      • Alternative Investment Funds Code of Practice
      • Certified Funds Code of Practice
        • Certified Funds Code of Practice Schedule 1
        • Certified Funds Code of Practice Schedule 2
        • Certified Funds Code of Practice Schedule 3
        • Certified Funds Code of Practice Schedule 4
        • Certified Funds Code of Practice Schedule 5
      • Deposit-taking Business Appointment of Auditors Code of Practice
      • Deposit-taking Business Code of Practice
      • Deposit-taking Business Code of Practice (1)
      • Deposit-taking Business Declaration of Compliance Code of Practice
      • Deposit-taking Business Financial Statements Code of Practice
      • Deposit-taking Business Prudential Returns Code of Practice
      • Fund Services Business Code of Practice
      • General Insurance Mediation Business Code of Practice
      • Insurance Business Code of Practice
      • Investment Business Code of Practice
      • Money Service Business Code of Practice
      • Trust Company Business Code of Practice
    • Consultations
      • Consultation on proposals regarding further enhancements to the AML/CFT Handbook
    • Examinations
    • Fees
    • Financial crime
    • Fintech and innovation
      • Domestic collaboration and engagement
      • Fintech and innovation support
      • International collaboration and engagement
    • Forms
    • Guidance and policy
      • Compliance monitoring
      • Manager of a managed entity and certain managed entities
      • Outsourcing policy and guidance note
      • Prudential reporting of market risk
      • Sound Business Practice Policy
      • Co-ordinated Portfolio Investment Survey 2023
    • International-co-operation
      • International assessments
      • Memoranda of Understanding
      • Sanctions
    • Legislation
    • Regulated entities
    • Risk
      • Cyber-security
      • National Risk Assessments
      • Risk-based supervision
      • Supervisory risk data collection exercise
    • Sectors
      • Auditors
      • Banking
      • Funds
        • Fund statistics FAQs
      • General Insurance Mediation Business
      • Insurance
      • Investment Business
      • Financial Crime - Schedule 2 Business
      • Trust Company Business
      • Non- profit organisations
        • Non-profit organisations legislation
        • NPO risk assessment
        • Non-profit-organisations-risk-assessment
      • Virtual Asset Service Providers
      • Financial Institutions
      • Money Service Business
      • Is my activity or operation that of a Designated Non-Financial Business or Profession?
      • Anti-Money Laundering Services Provider FAQs Guidance and Legal Notices
    • Sustainable Finance
    • Schedule 2 Business FAQs
  • News and events
    • Events and webinars
    • Industry updates
    • News
    • Public statements and warnings
    • RSS feeds
    • Speeches
    • Subscribe
  • Protecting the public
    • Financial education
    • Fraud prevention
    • Investment mis-selling
    • World Investor Week
    • Retail business accepting large sums of cash
  • Publications
    • Annual reports
    • Business plans
    • Presentations
  • Registry
    • Annual confirmation
    • Beneficial ownership information
    • Register or make a change
    • Registry fees
    • Registry forms
    • Registry legislation
    • Registry notices
      • Public notices
  • Whistleblowing
  • Login
Jersey Financial Services Commission Jersey Financial Services Commission
  • About us
  • Industry
  • Registry
  • Protecting the public
  • News and events
  • Login

Popular searches

  • Annual report 2021
  • Annual returns
  • Annual confirmation statement
  • Business Plan 2022
  • Compliance monitoring
  • Guidance notes
  • myProfile
  • myRegistry
  • Outsourcing
  • Sanctions
  • Sound business practice policy

You are here

  • Home
  • About us
  • Data protection
  • Subscribe
  • RSS

Data protection policy

Processing of personal data

We process personal data in order to satisfy our statutory functions, and in particular:

  • to determine whether or not a prospective principal person or principal person is 'fit and proper' to carry on a particular role
  • to determine whether or not an individual’s association with an applicant for registration or registered person has any impact on the “fit and proper” status of the applicant or registered person to carry on a particular regulated activity
  • to determine whether or not the ownership or control of (i) a registered company, (ii) units in a unit trust, (iii) interests in a limited partnership, or (iv) interests in a limited liability partnership will detract from the reputation and integrity of the Island
  • to record or register matters relating to the incorporation of companies, establishment of limited partnerships and limited liability partnerships, and use of business names, and matters related thereto
  • to determine the probity and competence of our workforce (including individuals that have applied for employment in the JFSC).

In addition, we may occasionally be required by law to process personal data to comply with the requirements of departments of the Government of Jersey, e.g. in matters relating to the administration of United Nations sanctions. Personal data may also be processed for our suppliers and others with whom we conduct business.

In order to assist with the determination of 'fitness and propriety', assessment of ownership and control, or determination of probity and competence, we may make further enquiries and seek further information, as it considers appropriate, to verify personal data that is provided. In the case of assessing 'fitness and propriety' this will involve police record checks, checks with other regulators, the use of external databases, and bankers’ references. In the case of determining probity and competence, this will involve police record checks and taking references.

As part of our administration of our employees, including any pre-employment screening checks, third parties under our direction may carry out some processing of personal data.

We expect registered persons and principal persons to notify us of material changes to personal data. Applicants for registration and prospective principal persons are required to declare that any material change to personal data will be immediately notified to us, and –  under Codes of Practice - registered persons are required to deal with us in an open and co-operative manner.

We expect companies, unit trusts, limited partnerships, and limited liability partnerships that are required by law to disclose changes in ownership and control to us to do so in accordance with relevant legislation or published timescales.

Personal data that is processed by us under our statutory functions cannot be disclosed to another party unless permitted by legislation. In particular, regulatory legislation provides for us to share personal data with various parties and authorities in Jersey and with overseas financial services regulators.

We may continue to hold personal data after an individual ceases to be a principal person, ceases to be associated with a registered person, ceases to own or control a company, units in a unit trust, interest in a limited partnership, or interest in a limited liability partnership, or ceases to be an officer or employee of the JFSC, so that it may deal with any matters that may subsequently arise with respect to that individual.

How we protect privacy of personal data

Notwithstanding the statutory obligations imposed on the us (and others) under the Data Protection (Jersey) Law 2018 (the Data Protection Law), we consider that the fair and accurate processing of personal data is important to the achievement of our objectives, to the success of our operations, and to maintaining confidence in the JFSC.

This means that we will:

  • collect personal data fairly
  • tell you why we are collecting personal data and how we will use it
  • use personal data only to comply with our statutory functions or for operational purposes related to those statutory functions and to comply with legislation
  • ensure that the personal data collected and held is accurate and, where necessary, kept up to date
  • hold personal data only for so long as is necessary
  • keep personal data secure
  • share personal data only with other agencies by adopting practices that will keep it secure
  • ensure that individuals can exercise rights under the Data Protection Law including the right to request access to the personal data held on that individual and respond to requests for inaccurate personal data to be corrected

Security of processing

We have taken appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, or accidental loss or alteration, and unauthorised disclosure or access (including where the process involves transmission of personal data over a network) and against all other unlawful forms of processing.

In particular, we take measures that are intended to ensure that:

  • everyone  managing  and  handling  personal  data  understands  that  they  are contractually responsible for following good data protection practice
  • everyone managing and handling personal data is appropriately trained to do so
  • everyone managing and handling personal data is appropriately supervised.

Outsourcing to a data processor

Where the processing of personal data has been outsourced to a third party, such outsourcing shall be undertaken in line with a written agreement between us and the third party and shall specify the rights and obligations of each party. In particular, the agreement shall state that the third party has adequate security measures in place and shall only process personal data on the specific written instruction from us.

The third party shall carry the same obligations, as we are required to observe, under the Data Protection Law.

Individuals rights

Under the Data Protection Law, you have rights as an individual which you can exercise in relation to the information we hold about you. These include the right to request that inaccurate personal data we hold about you is corrected, and the right to access your personal data. To request your personal data you should make a written 'subject access request'. This right is subject to certain exemptions, and further information about how to make a subject access request, can be found in our guidance.

We would encourage you to find out more about your rights by visiting the Office of the Information Commissioner's website.

If you have any queries in relation to this policy, contact the JFSC Data Protection Officer:

Jersey Financial Services Commission
PO Box 267
14 – 18 Castle Street
St Helier
Jersey
JE4 8TP

Data protection policy

If anything is unclear, or you have any concerns about this data protection policy, contact us

Data Protection Officer
Jersey Financial Services Commission
PO Box 267
14-18 Castle Street
St Helier
Jersey
JE4 8TP
Telephone: +44 (0)1534 822000

  • Cookie policy
  • Making a subject access request
  • Privacy policy
  • Accessibility
  • Contact us
  • Press office
  • Privacy policy
  • Subscribe
  • Whistleblowing
  • Facebook
  • Instagram
  • LinkedIn
  • Twitter
Back to top
© 2023 Jersey Financial Services Commission

This website uses cookies to analyse our traffic. To find out more read our cookie policy.