Data confidentiality and security are at the heart of all that we do, and Cains is committed to protecting the personal data that we collect about you and that you provide to us in the course of our business.
In this privacy statement we describe the personal data that we may collect about you, how and why it is processed by us, and the rights you have in relation to that data and our processing of it.
“Cains” (including “we”, “us” or “our”) refers to the Cains Group of companies, including Cains Advocates Limited, Cains Corporate Services Limited, Cains Holdings Limited, CCS Searches Limited and Cains Listing Services Limited.
This privacy notice applies to the processing of your personal data if you are:
- a client/prospective client of Cains or an employee of a client/prospective client;
- a transaction counterparty or litigant in legal proceedings involving a client/prospective client;
- a supplier/subcontractor/service provider or an employee of a supplier/subcontractor/service provider;
- a business contact;
- a visitor to our offices;
- a visitor to our website; or
- a recruitment applicant.
When we refer to “processing” of your personal data, this means anything we do with that data, whether or not by automated means, such as collection, recording, storage, alteration, use, disclosure, erasure or destruction.
A data controller is the person or entity that determines the purposes for which personal data is processed, and the way in which this is carried out.
The Cains Group controls the collection and processing of any personal data that you provide to us through or in relation to the Cains website.
Where services are provided to you by another company within the Cains Group of companies, that company will be the Data Controller and will have responsibility for your personal data. This Notice applies to all companies within the Cains Group of companies, which is located at:
Fort Anne, Douglas, Isle of Man, IM1 5PD
Telephone: (+44) 1624 638300
If you have any questions or enquiries you can also email our Data Protection Officer at email@example.com.
Personal data we collect about you
Personal data includes any information about you that may be used by us to identify you, directly or indirectly. The personal data that we collect and the way in which we collect it depends upon our relationship with you.
The categories of personal data we collect about you may include:
Contact data including your name, residential/work address, email address, and telephone numbers;
Biographical data such as your employer and job title, and for job applicant’s education and employment history, professional qualifications, nationality, immigration and work permit status;
Identity data including your date of birth, gender, passport, driving licence or other identification documents;
Billing data including your bank account details, billing address, and payment history;
Services data such as details of services we have provided to you, or you have provided to us;
Marketing and communications data including marketing and communications preferences and events attendance;
Website usage data about your visit to our website and how you interact with it; and
Technical data collected when you visit our website, including your domain name, browser, operating system and platform, IP address and location.
Special categories of personal data include information about your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life and sexual orientation, as well as genetic and biometric data.
We only collect special categories of personal data in limited circumstances, for example if the information is relevant to the client services we are providing to you or you need to provide us with information about your health or disabilities in relation to dietary restrictions or access requirements.
We may also collect information about your criminal convictions and offences if these are relevant to the client services we are providing or as part of our recruitment process.
We do not provide services directly to children or proactively collect their personal information. However, we may sometimes collect information about children where this is relevant to our client services, for example where we are acting on behalf of a Trust, the beneficiaries of which may be children. The information in the relevant parts of this notice applies to children as well as adults.
How your personal data is collected
Most of the data that we collect about you we will ask you to provide to us voluntarily. In some circumstances we may collect additional personal data about you from publicly available sources, such as public registers or other public sources including those accessible online.
We may also collect additional data from third party sources such as our clients, regulators, governmental or other authorities, or other companies that provide services to us.
Information supplied to us by a client may include personal data that relates to individuals who are relevant to the instructions we have received, and who for reasons of confidentiality we cannot approach in order to provide them with this privacy notice. If you supply us with the personal data of individuals who are not aware of our role in processing their personal data, and with whom we will not have direct contact, you must ensure that the individuals have been provided with the relevant notices in relation to our services.
If you choose not to provide information to us where we have a legal requirement to collect personal data (for example, where required by anti-money laundering legislation), or where the information is required in order to enter into a contract with you, we may not be able to provide the services you have requested from us.
How we use your personal data
We will only use your personal data where we have a lawful basis for doing so. When we collect and use your personal data, we will rely on one of the following grounds.
Legal obligation – where we have a legal or regulatory obligation to collect or use your personal data, for example carrying out client due diligence checks or keeping records of our transactions with you.
Performance of a contract – where we require the information in order to be able to enter into a contract to which you are a party, or at your request prior to entering into a contract.
Legitimate interests – where we have deemed the processing to be necessary for the purposes of our business interests (or those of a third party), and these are not overridden by your rights or fundamental freedoms.
Consent – where you have given consent to our use of your personal data for one or more specific purposes. We do not generally rely on consent to process your personal information, and will normally only rely upon consent when there is no other lawful basis available to us.
You can see more detail on the purposes for which we use your personal data here.
Sharing your information
We will only share personal data when we are legally permitted to do so. We may share information with the following categories of recipients in accordance with the purposes for processing set out in this privacy notice:
- Other members of the Cains Group, in accordance with the data sharing agreements we have in place;
- Sub-contractors, agents, professional advisers or service providers such as information technology providers, auditors, consultants, insurers, bankers, analytics providers and event hosting services;
- Regulatory, governmental and other authorities, where we are required by law to do so;
- Other legal or professional advisers, agents or third parties, if required in relation to a specific matter or services that you have instructed us to provide;
- Registrars of a public register, where the data is to be held in a registry; or
- Otherwise in accordance with your specific instructions and with your consent.
We may also share high level aggregated and statistical data with other third parties in the context of a possible sale or restructuring of the Cains Group.
Where we share your data with other parties, we do not allow recipients to use your data for their own purposes, and will only permit them to use your data in accordance with our instructions. We require that any recipient of your personal data complies with our data protection, confidentiality and security standards as well as with applicable laws and regulations.
Your personal data will not be transferred to a recipient outside of the European Union or a country determined by the European Commission as providing an adequate level of protection for personal data unless you have instructed us to do so.
Data security and retention
The information we collect about you is stored under our control and with our selected archive and data backup service providers.
Access to internal data servers is limited to specialist personnel and is controlled using defined policies. We have put in place appropriate technical and organisational measures to safeguard your personal data, considering the nature, scope, context and purposes of our use of your personal data. These measures are kept under regular review.
We will only retain your personal for as long as is necessary, considering relevant laws and regulations and our data retention procedures.
You have certain rights over your personal data that we use, and these are outlined below. You may exercise your rights at any time.
Right to object to processing – if our processing of your personal data is based on our legitimate interests, or if we are using your personal data for direct marketing purposes, you have a right to object at any time. We will cease to process your personal data unless we are able to demonstrate compelling overriding legitimate grounds for the processing, or unless the processing is required to establish, exercise or defend a legal claim. Where we rely on consent to process your personal data, you may withdraw that consent at any time by contacting us using the details in Section 2 above.
Right of access – you have the right to be provided with a copy of any personal data we hold about you, subject to certain restrictions (for example, where the information is subject to legal privilege).
Right to rectification – if the information we hold about you is inaccurate or incomplete, you have the right to have that information corrected or updated.
Right to deletion – you can request us to delete any personal data that we hold about you. While we are not obliged to comply with this in all circumstances, we will carefully consider every request for deletion of data and will inform you to what extent we are able to comply.
Right to restriction of processing – you have the right to request that we restrict processing of your data in certain circumstances:
- If you dispute the accuracy of the personal data we hold;
- If you believe we are processing your personal data unlawfully, but do not wish us to delete it;
- If we no longer need to hold your data, but you require us to do so to establish, exercise or defend a legal claim; or
- If you object to our processing of your personal data based on our legitimate interests, pending resolution on this point.
Right to data portability – if our processing of your personal data is based on performance of a contract or consent, and is carried out by automated means (such as completing an online form or providing information via our website), you can request a copy of your personal data in a commonly used and machine-readable format.
If you have any questions, or if you wish to exercise any of your rights, please email us at firstname.lastname@example.org, or you may use the contact details in Section 2. We may request proof of your identity in order to protect your privacy and ensure that we do not disclose your personal data to anyone else.
We aim to respond to all legitimate requests within one calendar month, however we may extend this if your request is particularly complex, or if you have submitted a number of requests. In this case, we will notify you as soon as we are aware that an extension will be required, and will keep you updated of our progress.
We do not charge a fee for responding to a request to exercise one or more of your rights, however where a request is manifestly unfounded or excessive, in particular because of its repetitive character, we may choose to charge a reasonable fee.
If you have any concerns or want to complain about how we use retain your personal data you can email our Data Protection Officer directly at email@example.com, or you may use the contact details in Section 2.
If you are not satisfied with our response you may also make a complaint to the the Isle of Man Information Commissioner: firstname.lastname@example.org
First Floor, Prospect House, Prospect Hill, Douglas, Isle of Man, IM1 1ET
Telephone: (+44) 1624 693260
We would encourage you to raise any concerns you may have with us initially, so that we can try and resolve these for you.