Privacy Policy

Who we are

This Privacy Policy is issued by BankClarity Jersey Group Limited (“BankClarity Group”, “The Group”) registered in Jersey number [101356], registered office First Floor, 3 Mulcaster St, St Helier, Jersey, JE2 3NJ.

BankClarity is a trading style of BankClarity Limited. BankClarity Group comprises any entity that the Group directly or indirectly controls, is controlled by or is under common control with BankClarity. In this Privacy Notice “us”, “our”, “we” refers to BankClarity Group.

BankClarity Group is committed to protecting and respecting your privacy at all times. Therefore, we respect and protect your right to privacy and will process your personal data in accordance with the provisions of the European General Data Protection Regulation (“GDPR”) and other applicable privacy laws.

The GDPR and any other applicable privacy laws apply to this Privacy Notice and anything not specifically mentioned in this notice shall be governed by the GDPR and any other applicable privacy laws.

‘GDPR’ means the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council and incorporates Jersey and Guernsey variations (Data Protection Legislation 2018).

BankClarity is the Data Controller within BankClarity Group. When handling personal data, BankClarity subsidiary companies act as a Data Processor to BankClarity. BankClarity is Data Processor when providing services to our Customers; we are not a Data Processor for underlying Client Data where this is applicable (subject to a Licence Agreement and Terms and Conditions on a case-by-case basis)

This Privacy Notice explains how we may use, process and store your personal data.

What is personal data?

Personal data is information that can identify a living individual from the information we hold. This includes their name, address and contact details and may include individual’s IP addresses and online identifiers. This is data which identifies an individual, even without a name associated with it, where it is processed to learn or record something about that individual. Data may ‘relate to’ an individual in several different ways, such as

Information processed or held in electronic form – on a computer;
Information processed in a non-automated manner – paper records held in a filing system; and
Information that forms part of any accessible record – certain health records, educational records etc. However these types of data are only held in relation to people applying for a role or employed by BankClarity Group.

What kind of personal data do we collect?

We collect the following types of personal data:

primarily names and contact information;
for colleagues we hold personal identification documentation and related information such as passport numbers, national ID Card, driver’s licence and employee identification numbers;
for business contacts we hold general demographic information (employment and employer details, professional skills, title and area of responsibility, etc.) as well as business contact details within an organisation who is ultimately our client / customer or partner;
for business clients we hold financial and payment data such as bank account numbers, bank statements and transaction information;
for business contacts and business clients we hold information related to the provision of the services performed under our ‘Terms of Business’ or relating to a specific proposal as per the services provided by us to you. BankClarity never holds, processes or shares identifiable data of underlying clients of our Customers.

The list above is not exhaustive and BankClarity Group may also collect and process personal data to the extent this is necessary for the provision of our services.

What is sensitive data?

Under Data Protection law some data may be considered ‘sensitive’ – this could be race or ethnic origin, political opinion, religion, a membership of a trade union, health, genetic/biometric data or criminal activity. It is not our intention to hold any sensitive data in relation to our business contacts or clients.

The category of personal information that we collect depends on the legitimate purposes for which it is collected as follows:

Activity/ person	Category of Personal Data we collect or use	Purpose	Lawful basis for processing
Customers of our applications and services	General Data Preferences	To provide software and services under contract.	Contract Legitimate Interest
Prospective customers	General Data, Preferences, Visual Data	To provide product demonstrations to customers, typically working under an NDA.	Consent
Customer Clients	Anonymised Data	To fulfil specific contract obligation directed by customers. BankClarity will never hold or process identifiable Customer Client data	Contract
Users of our applications and services	General Data, Preferences, Cookie Data, Device Data,	To provide software and services under contract.	Contract Legitimate Interest
Technical bulletins to customers on licenced software and software feedback surveys	General Data, Preference Data	To provide software and services under contract. We will respect opt-outs.	Legitimate Interest Contract
Marketing activities such as market bulletins, online surveys, new letters, and event invitations	General Data, Preference Data, Cookie Data, Device Data	To provide information on our software and services to develop our business.	Consent
Events such as product launches and technical updates	General Data, Preferences, Visual Data	To provide information on our software and services to develop our business.	Consent
Dialogue arising from contacting us offline by telephone, email, post etc	General Data, Preferences	To provide individuals with support and assistance in order to develop our business.	Consent
Analysis of website usage, marketing and business performance data	Anonymised Data	To help us to monitor and improve our business and the services and software we provide.	Legitimate Interest
Browsing our websites	Cookie Data, Device Data	To help us understand the use of our website and interest in our products. To enable monitoring and improvement of our website.	Consent
Interacting with us using social media.	General Data, Cookie Data, Device Data	To provide individuals with support and assistance in order to develop our business	Consent
Our suppliers	General Data, Financial Data, Cookie Data, Device Data	To purchase products and services from suppliers and to monitor the performance of suppliers	Contract Legitimate Interest
Our employees and people applying to work for us	General Data, Sensitive Data, Identity Verification, Visual Data, Preferences, Cookie Data, Device Data, HR Data, Anonymised Data	To fulfil our legal and contractual obligations for employees and our business.	Consent Contract Legal Obligation Legitimate Interest

How does BankClarity Group collect personal data?

BankClarity Group obtains and processes personal data in different ways.

Personal data provided to BankClarity Group directly:

We will collect personal data directly from all contacts and clients including prospective employees, contacts and clients, as well as partners for the purposes of entering into a contract or service agreement and/or to meet certain legal requirements.

Personal data obtained from third parties:

We may collect and process personal data from publicly accessible sources such as public records, social networks, compliance tools or commercial registers.
We may also receive personal data from third parties or partners as part of the service we provide to you or in connection with legal requirements that are applicable to us.

How does BankClarity Group use personal data?

The majority of the personal data processed by BankClarity Group is necessary for the performance of an employment contract, business contract or service to which the data subject is a party or to comply with the request of the data subject prior to entering into a contract.

BankClarity Group also processes personal data in order to comply with our current legal and future regulatory obligations.

We may furthermore process personal data for the purposes of the legitimate business interests pursued by BankClarity Group. Such legitimate interests include general research and development, including operational or statistical research or as a basis to analyse our current security measures, or to develop and improve our services or to strengthen our relationship with you.

We may provide you with communications or information regarding our service offering which we think will be interesting for you. When we process your personal data for our legitimate business interests, we will consider any potential impact on you and your rights under the relevant data protection and any other relevant law. Whenever we process personal data for these purposes you have the right to object or opt out to this way of processing.

Who does BankClarity Group provide personal data to?

BankClarity Group may disclose or transfer personal data collected by BankClarity Group to our group companies in the future, insofar as reasonably necessary for the purposes of our service offering or for bona fide business purposes as well as on the legal basis as set out in this Privacy Notice.

Except as described in this paragraph, BankClarity Group will not disclose, transfer or sell your personal data to any third party unless you have consented to this.

The following is a list of potential recipients of data (in each case including respective employees, directors and officers):

Other future members of the BankClarity Group;
Other providers of services (legal, finance, technology partners or otherwise, including any cloud services provider or technology partner providing services in relation to any service on which the BankClarity Group is instructed) where disclosure to that provider of services is considered necessary to fulfill the purposes set out above;
Any sub-contractors, agents or service providers of the BankClarity Group
Third parties with whom the BankClarity Group engages for the hosting of events or other marketing initiatives;
Law enforcement agencies where considered necessary for the BankClarity Group to fulfil legal obligations applicable to it;
Regulators or other governmental or supervisory bodies with a legal right to the material or a legitimate interest in any material;
Any registrar of a public register where the data is to be included in a public registry;
Potential parties with whom BankClarity Group intends to merge or sell or acquire and integrate to form part of the BankClarity Group; and
Where BankClarity Group is entering into an engagement with a third party pursuant to which data may be processed by that third party, we will seek to enter into an agreement with that third party setting out the respective obligations of each party and will seek to be reasonably satisfied that the third party has measures in place to protect data against unauthorised or accidental use, access, disclosure, damage, loss or destruction.

BankClarity Group may disclose or transfer personal data to subcontractors for the purpose of the proper performance of the services we provide to you, our clients.

We may, for example, disclose or transfer such personal data to third party service providers who provide administrative, computer, payment, data processing, screening debt collecting or other services. We enter into data processing agreements with such subcontractors to ensure that they process your data, on our behalf, with the same level of security and confidentiality as applied by

BankClarity Group. BankClarity Group may furthermore disclose or transfer personal data when we received your consent to do so.

In addition, BankClarity Group may disclose or transfer personal data to protect our rights or those of our clients and/or to prevent fraud. BankClarity Group can also be obliged to disclose or transfer personal data to competent authorities in order to comply with our legal and/or regulatory obligations.

International transfers and data storage

BankClarity Group may disclose or transfer personal data to other companies of the future BankClarity Group located in countries that are outside the European Economic Area (“EEA”) in connection with the above purposes or to transact within a post Brexit Economic Area.

The personal data BankClarity Group processeh3 is stored by BankClarity Group primarily on the servers of cloud-based services BankClarity Group subscribes to, and/or utilise.

Record Retention

BankClarity Group will process and store the relevant personal data for the duration of our services or for the duration of an employee’s contract or the business relationship.

BankClarity Group may also continue to store the data for as long as it is necessary or required in order to fulfil legal, regulatory, contractual or statutory obligations and, or for the establishment, exercise or defence of legal claims, and in general where it has a legitimate interest for doing so.

Your rights

You have the following rights:

Access to your information – You have the right to access the personal information that BankClarity Group holds about you at any time.
Data portability – You may ask BankClarity Group to provide you with a copy of the personal information that BankClarity Group holds about you.
Correction of your personal information – You have the right to ask BankClarity Group to update and correct any out-of-date or incorrect personal information that we hold about you.
Deletion of your personal information (the right to be forgotten) – You have the right to ask BankClarity Group to delete your personal information, to the extent that BankClarity Group has no legal and/or regulatory obligations to keep such personal information.
Restriction of processing of your personal information – You have the right to ask BankClarity Group to restrict the processing of your personal information in case:
You have successfully contested the accuracy of the personal information held by BankClarity Group;
BankClarity Group no longer needs the personal data for the purposes of the processing, but you require them for legal reasons; and
You objected to processing and BankClarity Group is investigating whether there are legitimate grounds to override your written objection.

Your right to object to the processing of your personal data

You have the right to object at any time to the processing of your personal data for any direct marketing (and/or related profiling) by BankClarity Group.

If you wish to exercise the above right, you can contact BankClarity Group or you have the right to make a complaint to the Jersey Information Commissioner with respect to the way BankClarity Group is processing your personal data or the way BankClarity Group is handling your rights.

Navigations and Cookies

We may collect information about your computer, including your IP address, operating system and browser type, for system administration and in order to create reports. This is statistical data about our users’ browsing actions and patterns to improve user experience and does not identify any individual but may, on occasion identify your employing organisation.

The only cookies in use on our site are for Analytical processing either in partnership with Microsoft, Click Dimensions, WordPress or Google Analytics, this helps us to understand how visitors engage with our website and to ensure that we can respond to enquiries in a timely fashion.

Like many services, analytical tools use first-party cookies to track visitor interactions as in our case, where they are used to collect information about how visitors use our site. We then use the information to compile reports and to help us improve our site and ultimately your experience of our online services.

Cookies contain information that is transferred to your computer’s hard drive. These cookies are used to store information, such as the time that the current visit occurred, whether the visitor has been to the site before and what site referred the visitor to the web page.

Our Analytical tools collect information anonymously.

How we protect personal data

BankClarity Group is committed to ensuring the security of your personal data.

BankClarity Group takes appropriate commercially reasonable technical, physical and organisational measures to prevent unauthorised or unlawful processing of your personal data or accidental loss or destruction of your personal data.

BankClarity Group will ensure a level of security suitable to the identified risks and pursuant to applicable Data Protection Laws and, where the Processing concerns personal data of EU residents, shall take measures required pursuant to Article 32 GDPR.

Where relevant, the Cloud Services BankClarity Group utilise adhere to ISO27001 and PCIDSS compliance. The service provider Microsoft, frequently update and transparently publish their compliance standards, which we benefit from here

Employees of BankClarity Group are trained from induction onwards to handle personal data securely and with utmost respect and they will treat your personal data as strictly confidential.

Staff members shall be authorised to access personal data only to the extent necessary to serve the applicable legitimate purposes for which the data is held and processed for by BankClarity Group.

Changes to this notice

BankClarity Group may update this Privacy Notice from time to time. We advise you to periodically review this Privacy Notice to be informed of how BankClarity Group is protecting your privacy.

Useful Contact information – BankClarity Group/Data Protection Officer

If you have any questions, concerns or complaints with respect to this Privacy Notice, the way BankClarity Group is handling your privacy please contact our Data Protection Officer [email protected]

Please note that BankClarity Group is not always required to provide details of all data held.

Consent

By entering into a service contract or by accepting our terms of business, you will have explicitly provided us permission to process your personal data specifically for the purposes identified of servicing a contract or delivering a service or exploring employment with us.

You may withdraw consent at any time by contacting the Data Protection Officer as detailed above.

Version: June 2023