Privacy Policy

 We last updated this Privacy Policy on 18 October 2019

Introduction
This Privacy Policy is to make you aware of the policies now in place to protect your personal data under the Data Protection Law 2017 of the Cayman Islands (“DPL”). Boddens are personal data “controllers” under the DPL and as such we are responsible for protecting your personal data provided to us or otherwise collected and used in connection with (i) use of our website; (ii) the provision, or contemplated provision, of legal or other services by us; (iii) those who may be party to, or connected to party to, a legal transaction or legal proceedings involving you and/or the services which we have been engaged to provide to you; (iv) those who request newsletters, marketing material or other publications from us; (v) those who apply for or express an interest in an employment or other similar position with us; and (vi) those who are, work for or are agents of, suppliers or service providers who provide goods and services to us. Personal data means any information about you from which you can be identified. The protections afforded by the DPL are in addition to the common law duty of confidentiality owed to our clients as part of the attorney-client relationship.

References to “Boddens”, “we”, “our”, “us” and “the firm” within this statement means Bodden & Bodden and Bodden Corporate Services Ltd.  

The types of information we hold about you

As a consequence of our professional relationship with you, we collect, store, and use a variety of information from you and about you, including the following categories of personal data:

  • Basic Information: Personal information such as your title, full name, employer, job title or position and your relationship to a person.

  • Contact Details: Your contact details such as postal address, telephone and facsimile number and e-mail or other electronic communication addresses.

  • Personal Identification Data: Any compliance information and documentation which is required for Boddens to fulfil its legal and regulatory requirements. This may include, but is not limited to, identity information such as your passport or other identity document details, date of birth, nationality, place of birth and country of residence and other information concerning your background (which may include sensitive information such as criminal records) and business or financial references for you. This may also include, where it may arise, sensitive personal data such as any criminal record you have, your status as a Politically Exposed Person (a “PEP”) or close associate of a PEP and any sanction or embargo enacted against you. We may also collect information from third parties. This may include information such as references, or background checks provided by agencies such as credit reference agencies. In addition we may also obtain information about you from public sources, such as information published on social media accounts.

  • Financial Information: Information relating to source of wealth or funds and billing or payment related information.

  • Employment Information: Information provided to us in respect of an application for, or expression interest in, a position with Boddens (such as personal information relating to your education and employment history, any professional qualifications, your nationality, your immigration, right to work or residential status).

  • Any other personal data you or any representative or agent of yours provides to us or which we may obtain about you during the course of our engagement with you as legal or other services provider.

How your personal data is collected
We process personal data from the following sources:

  • You (including when you communicate with us via email, post, telephone or when you submit an application for employment with us; when you sign up for an event; and when you respond to our communications or requests for information).

Note: In providing personal data to us, you agree and understand that legal services involving the application by us (on your behalf) for banking, immigration, licences and other government-related services will involve us storing, processing and sharing your personal data pursuant to the terms of our engagement with you.

  • Persons including your professional and other advisors who may provide us with your personal data on your behalf.

  • Publicly accessible sources such as websites, registers and databases.

What we use your personal information

The types of personal data we use will depend on many factors, including the nature of your relationship with us and the services we are asked to perform.

Most commonly, we will use your personal data for one or more of the following purposes: 

  • The provision of legal and other services you engage or instruct us to perform, including the management and administration of our business (e.g. the collection of our fees).

  • The maintenance and promotion of our client relationships, including providing legal and regulatory updates to our clients and contacts.

  • Where we need to comply with a legal obligation (e.g. to comply with requests for information issued by government or other regulatory authorities or to satisfy our AML/CFT obligations).

  • Where we are acting as data processor for a client that is a controller.

  • Where it is necessary for our legitimate interests (or those of a third party).

Generally, we do not rely on consent as a legal basis for processing your personal data, although, we may do so. We do not engage in unsolicited direct marketing communications.

Where you have consented to us processing your personal data, you have the right to withdraw that consent at any time. If we consider that the withdrawal of such consent will impede our ability to provide any service to you we reserve the right to terminate the provision of our services to you in the event of such a withdrawal.

Where we apply profiling as required pursuant to the risk-based approach under the AML/CFT regime, we do not solely rely on automated decision making.

We will only use your personal data for the purposes for which we collected it, unless we consider that we need to use it for another reason and that reason is compatible with the original purpose.

How we use sensitive data

We may also collect, store and use special category data including race, health, genetic information and biometric data, religious beliefs, sexual orientation, criminal convictions and political opinions. In addition to the lawful bases for processing set out above, we may process your personal data for the establishment, exercise or defence of legal claims.

Data sharing

We will only share your personal data to the extent it is necessary to do so for one or more of the purposes described above. To the extent that it is deemed appropriate to share your personal data for the purposes described above, we may do so with one or more of the following categories of third party:

  • Between Bodden & Bodden and Bodden Corporate Services Ltd.

  • Professional and other service providers acting in relation to the services being provided to you.

  • Entities such as bankruptcy search providers, insurance companies, beneficiary tracing agency, background check, credit reference agencies, providers of fraud, financial crime and sanctions database services.

  • Law enforcement agencies, courts or tribunals, other government authorities, or third parties (within or outside the jurisdiction in which you reside) as may be permitted by the law of the Cayman Islands.

  • Where our provision of services to you involves our acting as data processor on your behalf we are acting only on your instructions and we apply the same data security measures that we apply where we are data controller.

Where we share your personal information, whether internally or externally, we will ensure that the sharing of such data is kept to the minimum necessary.

Data security
We have installed appropriate technical and physical measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We also have procedures in place to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach in accordance with our obligations.

Transfer of information
The global nature of business might necessitate the transmission of personal data outside of the Cayman Islands. These origins and destinations of personal data flow may not have laws that protect your personal data to the same degree as the DPL.

How long will you use my personal data for?

We will retain your personal data for at least as long as is necessary for us to fulfil our legal obligations in relation to our duties to you under the terms of our engagement with you. We may retain the information beyond the term of our engagement where we consider this to be necessary and to comply with our legal obligations, in particular, AML/CTF obligations. After this period, we will destroy or otherwise erase your personal data in accordance with our policy and applicable laws and regulations.

Your legal rights

In certain circumstances and subject to a range of legal conditions and exemptions (including exemptions that preserve legal professional privilege) the DPL affords you the following rights:

  • Request access and obtain copies of your personal data held by us upon your written request and subject to certain conditions, including our right to verify your identity.

  • Request correction of any incomplete or inaccurate personal data that we hold about you.

  • Request erasure of your personal data where there is no legal basis for us continuing to process it.

  • Object to or request the restriction of the processing of your personal data. You also have the right to object where we are processing your personal data for direct marketing purposes.

Contacts regarding your Personal Data
If you would like to discuss or exercise the rights you may have, you can contact us via your usual contact at Boddens on +1-345-943-0303 or in writing at PO Box 10335, Governors Square, Building 6 Second Floor, 23 Lime Tree Bay Avenue, Grand Cayman KY1-1003, Cayman Islands.

We will endeavour to respond to any request, query, or complaint you may have in respect of your personal data.

However, should you wish to make a formal complaint you can contact the Caymans Islands Ombudsman: Ombudsman P.O. Box 2252, Grand Cayman KY1-1107, Cayman Islands

https://ombudsman.ky/data-protection

Changes to the privacy notice and your duty to inform us of changes

We keep our Privacy Statement under regular review it is, therefore, important that you read this Statement periodically so that you are aware of any updates. 

It is important that the personal data we hold about you is accurate and current. Please keep us informed if and when your personal data changes during your relationship with us.