1. Who are we?
    1. Broadhurst LLC is a company incorporated in the Cayman Islands and carries on business as a law firm.
    2. Corpserve Limited is also a company incorporated in the Cayman Islands and carries on business as company management firm.
    3. Broadhurst LLC and Corpserve Limited are affiliated companies and are together referred to in this document as “we” or “us”.
    4. The purpose of this Data Protection and Privacy Notice is to inform you why and how we handle personal information about you, in connection with the legal services we provide in the Cayman Islands.
    5. Our contact details are as follows:
      Broadhurst LLC
      c/o Corpserve Limited, PO Box 2503, 40 Linwood Street, George Town, Grand Cayman KY1-1104, Cayman Islands, +1 (345) 949 7237, info@broadhurstllc.com

      Corpserve Limited
      PO Box 2503, 40 Linwood Street, George Town, Grand Cayman KY1-1104, Cayman Islands, +1 (345) 949 7237
  2. Does this Data Protection and Privacy Notice apply to me?
    1. This Data Protection and Privacy Notice will apply to you if you fall into one or more of the following categories:
      1. You are one of our clients or connected to one of our clients, such as the family member of one of our clients;
      2. You are employed by or otherwise engaged by or hold a position in an entity that is one of our clients (our “corporate clients”) and interact with us in the course of that client relationship;
      3. You have a direct or indirect ownership interest in one of our corporate clients;
      4. You are a party to or connected to a party to a legal transaction or legal proceeding involving a client and/or the services which we have been engaged to provide to a client;
      5. You are one of our employees, prospective employees, consultants, service providers or suppliers;
      6. You do not fall into any of the above categories but nonetheless interact with us in connection with the legal services that we provide to clients or the business conducted by us.
    2. If this notice applies to you, it is likely that Broadhurst LLC holds personal data and/or information relating to you. If so, Broadhurst LLC is the data controller in respect to that information.
  3. What sort of personal information do we collect?
    1. Personal information is any information that identifies an individual. This includes but is not limited to, name, address, date of birth and gender. The types of information we collect will vary significantly depending on numerous factors, including your personal circumstances, the nature of your relationship with us and the nature of the services in connection with which the information was obtained.
    2. Despite the varied nature of the personal information we collect, it can be grouped into the following categories:
      1. Contact information;
      2. Due diligence / KYC records, being documents and information we are obligated to obtain to comply with regulator requirements;
      3. Working Documents, being information and documentation obtained in the course of providing our services;
      4. Other records not falling into the categories outlined above that are obtained in the course of our business operations.
    3. We will only collect your personal information where we are legally permitted to do so, and only to the extent it is necessary and appropriate for one or more of the purposes described below.
    4. If any of the personal data that you have provided to us changes, for example if you change your email address or other contact details, please let us know by sending an email to info@broadhurstllc.com. We will not be responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete personal information that you provide to us.
  4. Why do we collect personal information?
    1. We handle your personal information for the purpose of service delivery, development of our services, client relationship management, business administration and legal and regulatory compliance.
  5. What is the legal basis for the collection of personal information by us?
    1. In handling your personal information for the purposes mentioned above, we rely on the following legal justifications:
      1. Contract – We rely on this justification where we handle your personal information in order to discharge our contractual obligations to you.
      2. Legitimate business interest - We rely on this justification where we need to handle your personal information in order to meet our own requirement to provide services to our clients or to operate, manage and develop our business. This is often the case where we handle your personal information in order to discharge our contractual obligations to our client, but you are not our client.
      3. Legal and regulatory requirement - We rely on this justification where we handle your personal information for the purposes of legal and/or regulatory compliance.
      4. Consent – We would not ordinarily rely on consent, but occasionally, where none of the other legal justifications apply, we will seek your consent to handle your personal information. If you have provided your consent to the collection, processing and transfer of your personal data, you have the right to fully or partly withdraw your consent. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you originally consented unless there is another legal ground for the processing.
  6. How do we collect your personal information?
    1. We endeavour to collect your personal information directly from you; however, the nature of the services we perform and the context in which we handle your personal information can often result in us collecting your personal information from third party sources. Such third party sources will include, amongst others, those who referred you to us as a client; your lawyer, accountant or other agent; publicly accessible information sources such as websites; service providers; corporate clients to whom we provide services and with which you are affiliated or otherwise associated.
    2. Your personal information might also be provided to us by a third party, for instance, because you are the subject of, or your data is otherwise included in, documents relating to legal services we are providing to a client.
  7. Do we use your personal information for marketing purposes?
    1. We may from time to time use your personal information to promote to you the services that we offer.
    2. If we send you promotional e-mails or other marketing material, you will be given the opportunity to opt-out of such communications.
  8. Do we share personal information with others?
    1. We will share your personal information with others only if and to the extent it is necessary and appropriate for one of the purposes outlined in this notice. Whenever we share your personal information, whether internally or externally, we will ensure that such sharing is kept to the minimum necessary.
    2. The extent to which we share your personal information will vary depending on your circumstances and relationship with us, but your personal information will be shared with one or more of the following categories of recipients:
      1. Our corporate clients (for instance, if you are an employee, consultant, appointment holder or owner of one of our corporate clients, your information could be shared with that corporate client).
      2. Those who support our business operations, including, but not limited to, administrative support service providers, couriers, legal entity formation / registration services, fund administration services, fiduciary services, insurers, accountants, consultants, auditors etc.
      3. Those who provide information technology or data processing or storage services, including, but not limited to, date centre operators, IT services providers and any other services for the purposes of processing personal information and other data for any of the purposes recorded in this notice.
      4. Those who provide services that complement or are integral to the services that we provide, including, but not limited to, consultants, mediators, experts, witnesses, barristers, experts in foreign law, government officials, courts, tribunals, law enforcement authorities, regulators.
      5. Those companies and their employees / agents providing services relating to fulfilment of our regulatory requirements, including, but not limited to, money laundering and terrorist financing checks, credit risk reduction and other fraud and crime prevention purposes and companies providing similar services, including financial institutions, credit reference agencies and regulatory bodies with whom such personal data is shared.
      6. Those who participate in or contribute to transactions, arrangements, schemes, legal proceedings, public inquiries, regulatory investigation, and other like matters in respect of which we provide our legal services, including those who are opponents of our clients as well as other lawyers, experts and professional advisors.
      7. Any potential buyer of our business or assets or any part of it or them, to whom we assign or novate any of our rights and/or obligations.
  9. Do we transfer personal information outside the Cayman Islands?
    1. Due to the international nature of some of our client engagements, your personal information may be transferred outside the Cayman Islands to any of the different categories of recipients described in this notice, who could be located anywhere in the world.
    2. These overseas destinations, in particular those outside of Europe, may not have laws that protect your personal information in the same way or to the same extent as the Cayman Islands Data Protection Law, 2017 (as revised from time to time) (the “DPL”). This does not mean that your personal information is necessarily put at risk, but it can mean that there is less formal legal protection for your personal information.
    3. Where we share your personal information with a recipient or recipients who are located outside the Cayman Islands and do not have equivalent laws and or regulations in place for the protection of your personal information, wherever possible, we will take appropriate steps to ensure that adequate legal safeguards are in place to secure your personal information which is shared with such recipients (for example, by seeking contractual assurances from the recipients).
    4. Where those safeguards are not in place, we may nevertheless share your personal information with such recipients but we will do so only to the extent the applicable legal exemptions permit, and we will ensure that any of your personal information we share with such recipients is kept to the minimum necessary.
  10. What we will do if a data breach occurs?
    1. In the unlikely event your personal information under our control becomes compromised due to a breach of our security, we will act promptly to identify the cause and take steps to contain and mitigate the consequences of the breach. Where appropriate, we will also notify you of the breach in accordance with DPL and any other applicable law that requires us to provide such notification.
  11. Retention period in respect your personal information
    1. The personal information about you which we collect will typically be retained for at least the duration of the relevant matter in respect of we provide our legal services. Thus, where we obtain your personal information in connection with a court case or a corporate transaction, we will retain your personal information for as long as the court case or transaction remains open and pending.
    2. Once the matter is closed, for example because the underlying court case or transaction has settled, closed, or otherwise reached its conclusion, then we will retain your personal information as part of our business records for:
      1. The duration of the applicable retention period, as determined by us with reference to any legal or regulatory record keeping requirement, for example, rules concerning prevention of money-laundering;
      2. As long as we consider this to be necessary to protect ourselves from any legal claim or dispute that may arise in connection with the relevant services we have provided.
    3. If you want to learn more about our specific retention periods for your personal data established in our retention policy you may contact us at info@broadhurstllc.com. Upon expiry of the applicable retention period we will securely destroy your personal data in accordance with applicable laws and regulations.
  12. Changes to our Privacy Notice
    1. We reserve the right to update and change this Notice from time to time in order to reflect any changes to the way in which we process your personal data or changing legal requirements. Any changes we may make to our notice in the future will be posted on our website and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our Notice. We last updated this Notice on 14 October 2019.
  13. Your rights in respect of your personal information
    1. Under DPL, you have various rights with respect to our use of your personal information. These include the following:
      1. The right to ask us to confirm whether or not we handle any personal information about you;
      2. The right to ask us to provide you with copies of your personal information that we hold;
      3. The right to ask us to correct any inaccuracy or incompleteness in your personal information we hold;
      4. The right to ask us to stop handling your personal information or to not begin the handling of your personal information;
      5. The right to ask us not to subject you to automated decision-making that uses your personal information;
      6. The right to object to us using your personal information for direct marketing purposes.
    2. The rights you have in respect of your personal information are not absolute and are subject to a range of legal conditions and exemptions. If and to the extent a relevant legal condition or exemption applies (including exceptions that preserve legal professional privilege) we reserve the right not to comply with your request. Additionally, while the right you have can normally be exercised free of charge, in certain circumstances, the law allows us to charge you a reasonable fee for complying with your request.
  14. Who can I contact about my personal information?
    1. If you would like to exercise any of the rights you have in respect of your personal information, have any questions or concerns regarding the way in which we handle your personal information or would like to make a complaint regarding the way in which we handle your personal information, please reach out to your usual contact person at Broadhurst LLC or Corpserve Limited or send an e-mail to info@broadhurstllc.com.
    2. We will endeavour to respond satisfactory to any request, query, or complaint you may have in respect of your personal information, but if you are dissatisfied with our response and wish to make a formal complaint, or if you simply wish to learn more about your rights, you can contact the Cayman Islands Ombudsman:

      Ombudsman
      PO Box 2252, Grand Cayman KY1-1107, Cayman Islands
      https://ombudsman.ky/data-protection