Privacy Policy

‍This Privacy Notice sets out how Spring IM Limited (“Spring”) will use your personal data: how it is collected, how it is held, and how it is processed. It also explains your rights under the Data Protection (Jersey) Law 2018 (the DP Law) relating to your personal data.  

We respect and value the privacy of our clients and will only collect and use personal data in ways that are described here, and in a way that is consistent with our obligations and your rights under the DP Law. Spring is registered under the DP Law as a data controller and data processor.

Personal data is data which either by itself, or with other data available, can be used to identify a person.  Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.

Spring processes data for the purposes of providing regulated investment business to our clients, including trustees of trusts and companies. This notice relates to the use of personal data provided to Spring by our clients and related parties such as settlors and beneficiaries.  

Spring may collect your personal data from third party providers or administrators including:

• the application & engagement documentation completed for our services

• anti-money laundering verification services

• public registers and agencies

• our online services and website

• agents, brokers, dealers, introducers, and other intermediaries; and

• other companies who provide personal data for individuals with whom we seek to establish a business relationship. We may pay a fee to the providers of these services. 


The types of personal data Spring collects and uses

Spring uses personal data for the reasons set out below and in particular to provide services to our clients. The sources of personal data collected are noted in this Privacy Notice. The personal data Spring collects may include:

• Full name and any former name, contact details, such as residential and correspondence address and address history, email address, home, business, and mobile phone numbers

• Date of birth

• Passport or other identification documents

• Financial information (e.g. assets, sources of wealth, earnings and details of other income, social security/national insurance information, tax information and details of bank accounts)

• Employment details/employment status

Where necessary to provide certain services to you and with your consent we may collect and process sensitive personal information which may include information about your physical and mental health.

Monitoring of communications

Subject to applicable laws, Spring may monitor and record calls, emails, and other communications relating to clients and related parties’ dealings with us. We will do this for regulatory compliance, internal control practices, crime prevention and detection, to protect the security of the communications systems and procedures, to check for inappropriate content, for quality control and employee training, and when we need to see a record of what has been said. This is justified by our legitimate interests or our legal obligations.  We may also monitor and record image and audio data (e.g. CCTV recordings) if you enter our premises.


‍Using personal data: the legal basis and purposes

Under the DP Law, Spring must always have a lawful basis for using personal data.  We will process personal data, as necessary:

1) To carry out our services, and acting on behalf of clients and related parties, including to:
‍
a) take steps at a client’s request prior to entering into the contract for services

b) decide whether to enter into a contract for services with prospective clients

c) be responsible for the buying, selling, and monitoring of investments

d) prepare details of investments held by the client

e) update a client and related party’s records

f) trace clients and related parties whereabouts to contact them about the investment or distribution of assets and to make payments. 

2) For our clients’ own legitimate interests or those of other related parties and organisations, including:

a) for good governance, accounting, management, and auditing business operations

b) to monitor emails, calls, and other communications with clients and relevant parties

c) for our legitimate interests as a business (except where your interests or fundamental rights override these). For example, it is within our legitimate interests to use your personal information:
‍
1. to send you market commentary and information about your investments and services we believe are relevant and of interest to you
2. to respond to any enquiry or complaint you may make to us
3. to send you a brochure introducing you to our services
4. to invite you to an event which may be of interest to you
5. for market research purposes, where we may contact you to ask for your feedback
6. to prevent abuses of our website, for example, by requesting verification information to reset your password for the Client Portal (if required)
7. to ensure the security of our premises
8. to maintain compliance with our internal policies and procedures
9. for our own administrative purposes, including training our staff and conducting internal audits
10. for market research, analysis and developing statistics. 

3) To comply with legal obligations; for example:

a) when a client exercises their rights under the DP Law and makes a request

b) for compliance with legal and regulatory requirements and related disclosures

c) for establishment and defence of legal rights

d) for activities relating to the prevention, detection, and investigation of crime

e) to verify a client’s identity and undertake fraud prevention and anti-money laundering checks. 

4) Based on consent; for example:

a) when a client or a related party requests that Spring disclose personal data to another party such as an audit or accountancy firm, or otherwise agree to disclosures

b) to send a client or related party communications where they have agreed to this

c) Where you send us personal information which we do not request then you agree to consent to us processing such information.

Spring does not generally process any special categories of personal data defined in the DP Law, such as racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, data concerning health, sex life or sexual orientation or data relating to criminal record or alleged criminal activity. If we are provided with identification documents which contains information concerning racial or ethnic origin the data subject is deemed to consent to us holding and processing such data. If we are provided with information of a sensitive nature, then we will record it if that information is relevant to the client’s investment and financial objectives. 

Clients and related parties are free at any time to change their mind and withdraw consent. The consequence might be that we cannot provide our services.


‍Sharing of personal data

Subject to the DP Law, we may share clients and related parties’ personal data with:


• Sub-contractors and other persons who help us provide our services

• Companies and other persons providing services to clients and related parties

• Legal and other professional advisors, including auditors

• Government bodies and agencies in Jersey and overseas (e.g. the Jersey tax authority who may in turn share it with relevant overseas tax authorities) and with regulators e.g. the Jersey Financial Services Commission, and the Jersey Office of the Information Commissioner and equivalent regulators in other jurisdictions

• Courts, to comply with legal requirements, and for the administration of justice

• Other parties where necessary in an emergency or to otherwise protect clients and related parties’ vital interests

• Other parties connected with our clients e.g. directors, beneficial owners, beneficiaries, trustees or any named officials or authorised persons

• Other parties if there is a restructure or selling of assets or in the case of a merger or re-organisation

• Banks who may transfer personal data to others as necessary to operate the accounts and for regulatory purposes; to process transactions; resolve disputes; and for statistical purposes, including sending personal data overseas

• Anyone else where the clients or related parties’ consent is given or as required by law. 


‍Time Periods for Holding Personal Data

We will not keep your personal data for any longer than is necessary considering the reason(s) for which it was first collected. Your personal data will therefore be kept for the following periods:  

• Know Your Client identification documents, Throughout the relationship and 5 years from end of relationship

• Financial records, Throughout the relationship and 5 years from end of relationship

• General information relating to clients, Throughout the relationship and 5 years from end of relationship

• Supplier Invoices, Throughout the relationship and 5 years from end of relationship  

Where events occur that mean that data needs to be kept for longer, the following factors will be used to determine data retention periods for personal data:  

• Retention in case of queries: we will retain personal data as long as necessary to deal with queries (e.g. if an application for services is unsuccessful);  

• Retention in case of claims: we will retain personal data for as long as a client or a data subject might legally bring claims against us; and

• Retention in accordance with legal and regulatory requirements: we will retain personal data after the services provided have come to an end based on our legal and regulatory requirements which is normally 5 years.    


International transfers

Personal data will be transferred between Spring in Jersey and third party data controllers and data processors who are used to deliver services to allow us to provide our services to clients. These transfers will be to businesses in Jersey and Ireland only, who are subject to adequate protections under their data protection laws. If any personal data is transferred outside of Jersey to other jurisdictions not subject to adequate protection under their data protection laws, we will take suitable steps to ensure that your personal data is treated just as safely and securely as it would be within Jersey under the DP Law by imposing or ensuring that contractual obligations of adequacy are in place or based on your instructions and consent as set out below.

Personal data may also be sent to third parties in jurisdictions requested by our clients in order to facilitate their requirements. Some countries have equivalent protections in place for personal data under their applicable laws, in other countries steps will be necessary to ensure appropriate safeguards apply. These include imposing contractual obligations of adequacy in line with the data protection legislation in Jersey. Where this is not possible Spring will rely on the client’s explicit consent to provide such information to entities in these jurisdictions which is considered to be obtained on the basis of the client’s instructions to us. 


‍Clients’ rights under the DP Law

Clients and related persons’ rights are as follows (noting that these rights do not apply in all circumstances):

• The right to have personal data corrected if it is inaccurate and to have incomplete personal data completed

• The right to stop us processing their personal data

• The right to restrict processing of personal data

• The right to have their consent to the processing of their information

• The right to request a copy of the personal data and information we hold about them


‍Clients’ rights to access personal data

If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “Subject Access Request”.

All subject access requests should be made in writing and sent to the registered office address or email address as stated below.  There is not normally any charge for a Subject Access Request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.

We will respond to a Subject Access Request as soon as possible and within 30 days of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept informed of our progress. 


‍Contact or complaints

Clients and related persons have the right to complain to the Jersey Office of the Information Commissioner (JOIC) at www.jerseyoic.org respectively. JOIC have enforcement powers and can investigate compliance with the DP Law.

We can be contacted at 1st Floor, 9 Castle Street, St Helier, Jersey JE2 3BT or by email at info@spring.com if a client or related party has any questions or requires further information. 

We may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data held.