Data Protection and Privacy Policy

Notwithstanding the statutory obligations imposed on us (and others) under the Data Protection (Jersey) Law 2018 (the Data Protection Law), we consider that the fair and accurate processing of personal data is important to the achievement of our objectives, to the success of our operations, and to maintaining confidence in the JRDCA.

This means that we will:

• collect personal data fairly
• tell you why we are collecting personal data and how we will use it
• use personal data only to comply with our statutory functions or for operational purposes related to those statutory functions and to comply with legislation
• ensure that the personal data collected and held is accurate and, where necessary, kept up to date
• hold personal data only for so long as is necessary
• keep personal data secure
• share personal data only with other agencies by adopting practices that will keep it secure
• ensure that individuals can exercise rights under the Data Protection Law including the right to request access to the personal data held on that individual and respond to requests for inaccurate personal data to be corrected.

We have taken appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, or accidental loss or alteration, and unauthorised disclosure or access (including where the process involves transmission of personal data over a network) and against all other unlawful forms of processing.

In particular, we take measures that are intended to ensure that:

• everyone managing and handling personal data understands that they are contractually responsible for following good data protection practice;
• everyone managing and handling personal data is appropriately trained to do so; and
• everyone managing and handling personal data is appropriately supervised.

Where the processing of personal data has been outsourced to a third party, such outsourcing shall be undertaken in line with a written agreement between us and the third party and shall specify the rights and obligations of each party.  In particular, the agreement shall state that the third party has adequate security measures in place and shall only process personal data on the specific written instruction from us.

The third party shall carry the same obligations, as we are required to observe, under the Data Protection Law.

To meet our contractual or legal obligations or to perform our statutory obligations, we may transfer personal data to third parties, including those outside of the European Economic Area.  In doing so we will take reasonable steps to ensure that the third party ensures an adequate level of protection in relation to processing of personal data.

Under the Data Protection Law, you have rights as an individual, which you can exercise in relation to the information we hold about you.  These include the right to request that inaccurate personal data we hold about you is corrected, and the right to access your personal data.  To request your personal data you should make a written 'subject access request' to:

JRDCA Data Protection Officer
Jersey Resolution and Depositors Compensation Authority
14-18 Castle Street
St Helier
Jersey 
JE4 8TP

This right is subject to certain exemptions.  We would encourage you to find out more about your rights by visiting the Office of the Information Commissioner's website.

If you have any queries in relation to this policy, contact the JRDCA Data Protection Officer at the above address.

We use personal data that we collect from our websites in order to help us fulfil our statutory obligations. If we need to use your personal data for any other purposes your consent will be sought. For example, where we use cookies to help us improve a website, this will also be made clear to you, and you will have to agree to their use. Read our cookies policy.

This policy does not cover links to other websites, and we encourage you to read the privacy statements on the other websites you visit.

When conducting our surveys we try to keep our collection of personal data to a minimum.  We use anonymised data as far as possible and only ask for personal data where we believe it is necessary for the purpose of the research exercise in question.  An individual’s participation in surveys, consultations and market research activities is their choice, and if asked they may refuse to participate.

The type of personal data that we typically use as part of our research is normally limited to contact details (of the person completing a questionnaire or survey or responding to a consultation) and personal views and opinions of consumers and those who submit questionnaires, surveys and consultation responses to us.

We use personal data that we collect about individuals who are connected with entities to which the Resolution Law applies so that we can perform our statutory functions effectively. This information may be obtained from third parties, including Jersey Banks and other agencies both in Jersey and overseas.

As a responsible resolution authority and administrator of the JDCS we may sometimes need to share your personal data with overseas resolution authorities, depositor compensation schemes, regulators, law enforcement agencies and other third parties.  This may include third parties who are located outside of the European Economic Area.

All of the personal data we collect is held securely.  However, in certain limited circumstances, we may make personal data that we collect publicly available in order to fulfil our statutory functions.  Where information is made publicly available we cannot provide any guarantees as to how it may be used by third parties who access it.

We use personal data relating to customers of Jersey Banks to help maintain and enhance readiness for the possibility of a bank being declared in default, which includes testing using ‘live data’.  Personal data involved in testing will be deleted as soon as practicable after testing has been completed and within 90 days.

In the event of a Jersey Bank being declared in default, we will receive information, including personal data, from the bank in default and such information will be used to process compensation due under the Jersey Bank Depositors Compensation Scheme (JDCS).  This will include automatic processing of information.

We will also use personal data to help pursue recoveries from the liquidation of the bank in default.  You are obliged by law to provide us with any assistance we require to do so.

To allow us to process depositor compensation we may need to request additional information from you.  If you do not provide us with this information, we may not be able to pay you any compensation you might otherwise be due.

As part of the above, we may need to share your personal data with third parties overseas, including those outside of the European Economic Areas.

The information that is provided to us as part of a job application process will be held securely and only used for the purpose of progressing your application, or to comply with legal or regulatory requirements.

We maintain files on our employees.  The information that is collected is held securely and only used for purposes related to that individual’s employment, or to comply with legal or regulatory requirements.

We will obtain information from suppliers and prospective suppliers about their staff, including contractors, as part of our procurement processes, supplier due diligence and on-going supplier relationship management.

Any information that is sent to us, whether in electronic or paper form, may be monitored and used by us for reasons of security and monitoring compliance with applicable laws, regulations and our internal policies.

Where you make a complaint, you should be aware that in certain circumstances it may be shared with third parties, and your identity could be disclosed.

Under the Data Protection (Jersey) Law 2018, you have rights as an individual which you can exercise in relation to the information we hold about you.  These include the right to request that inaccurate personal data we hold about you is corrected, and the right to access your personal data.  To request your personal data you should make a written ‘subject access request’.  This right is subject to certain exemptions.  To make a subject access request please write to:

Data Protection Officer
Jersey Resolution and Depositors Compensation Authority
14-18 Castle Street
St Helier
Jersey 
JE4 8TP

We would encourage you to find out more about your rights by on the Jersey Office of the Information Commissioner website.

If you wish to make a complaint, please email us at complaints@jrdca.org.je or write to us at:

Complaints
Jersey Resolution and Depositors Compensation Authority
14-18 Castle Street
St Helier
Jersey 
JE4 8TP

In addition you have the right to complain to the Jersey Officer of the Information Commissioner.  For information on how to do so, please visit its website.

More information about Data Protection can be found on the Jersey Office of the Information Commissioner website.