SUBMIT A COMPLAINT Complaint Icon
×

Select a language:

Privacy & Cookies

Privacy & Cookies Statement (as of July 2025)

This privacy notice sets out how you can expect us to use your personal data when you visit our website and when you use our services as the Channel Islands Financial Ombudsman (‘CIFO’, ‘we’ or ‘us’).

We reserve the right to update this privacy statement at any time.

About us

CIFO is the Financial Services Ombudsman for the Islands of the Channel Islands. For data protection enquiries you can contact us at DPO@ci-fo.org. Our data protection officer is Alison Finn.

As a pan-island authority, we are registered with the Jersey Office of the Information Commissioner (Registration No. 53967) and the Office of the Data Protection Authority in Guernsey (Registration No. 53968).

At CIFO we are committed to protecting your privacy and safeguarding your personal information.

What is Personal Information?

“Personal Information” is any information that is identifiable with you, as an individual. This information may include but is not limited to your name, mailing address, telephone number, e mail address and business facsimile number. If you are making a complaint about a Financial Service Provider (FSP), we may also collect Personal Information relevant to your complaint, such as your financial and health records.

When recording a call, CIFO will process technical data generated from the telephone system, in addition to the speech content itself. This includes the phone numbers involved in the call, the start of the call and the duration of the call.

Where we get personal data information from

Most of the Personal Information that we process is given to us directly by you for one of the following reasons:

  • You have made an enquiry.
  • You have brought a complaint against an FSP for us to investigate and resolve.
  • You are an individual connected to one of the FSPs where we are handling a complaint.
  • You wish to attend or have attended one of our events.
  • You subscribe to our newsletter and email updates.
  • You have applied for a job with us.
  • You are one of the stakeholders we engage or have engaged with as part of our stakeholder engagement outreach, including being a respondent of a CIFO consultation.
  • You have taken part in a procurement process or supply services to us as a sole trader or as an individual consultant.
  • You have made a service complaint to us.

We may get some personal data relating to you from third parties, most commonly when you have brought a complaint to be investigated by CIFO against an FSP, and this information forms part of the disclosure made in relation to your complaint.

Your data rights

Under the data protection law, you have rights we are required to make you aware of. The rights available to you depend on the reason for processing your Personal Data and are subject to the restrictions set out in the Data Protection (Jersey) Law 2018 and the Data Protection (Bailiwick of Guernsey) Law 2017. These are in summary form:

Right of access

You have the right to ask us for copies of your Personal Information. This right always applies. There are some exemptions, however, which may mean you will not receive all the information we process. The principal exemption which applies is where the disclosure of such information may be likely to prejudice the proper performance of CIFO’s statutory functions.

Right of rectification

You have the right to rectification of inaccurate Personal Information relating to you. This includes the right to have incomplete Personal Information completed. This only applies to factual information and not to opinions.

Right of erasure

You have the right to ask us to erase your Personal Information in certain circumstances.

Right of restriction

You have the right to ask us to restrict the processing of your Personal Information in certain circumstances.

Right to object

You have the right to object to processing if we can process your Personal Information because it forms part of our public function or is in our legitimate interests. If you have applied to this office to have your complaint investigated, you agree to waive this right.

Right to data portability

This only applies to the Personal Information you have given us. This right is limited to certain Personal Information and does not apply if we are processing your Personal Information as part of our public functions.

Right regarding automated decision-making

You have the right to not have decisions made about you solely based on automated decision-making processes.

What if I’m unhappy with how you’ve handled my Personal Information?

If your concerns are not related to data protection, for example you’re unhappy with CIFO’s delivery of its complaint resolution service or the evidence shared with you as part of your complaint against an FSP, please contact your case handler in the first instance.

If you’re not happy with how we’ve handled your Personal Information, please get in touch with us as soon as possible.

We have a two-stage process for responding to a complaint relating to data protection.

If you have a dedicated case handler, then please contact them in the first instance. Your complaint will first be dealt with by the appropriate case handler or CIFO’s Head of Case Management.

In most instances, this resolves things. But if you remain unhappy, you can escalate your concerns to our Data Protection Team at DPO@ci-fo.org . A member of our Data Protection Team will then respond to your complaint.

You should give us an opportunity to investigate your complaint first, but if you’re unhappy with the final response you receive from our Information Rights Team, then you can contact the Guernsey or Jersey data protection authority with whom CIFO is registered (see above).

How do we collect your Personal Information?

We will always collect your Personal Information by fair and lawful means. As a public body carrying out those functions vested in CIFO under statute, we are lawfully authorised to process your Personal Information.

For any special category data contained in your Personal Information, such as your private health data, we will obtain your consent before this data is processed.

We may collect Personal Information from you directly and/or from third parties, such as from FSPs and their external agents. We may also record calls where we have obtained your consent to do so or as otherwise required or permitted by law. If you have brought a complaint to CIFO for us to investigate and resolve, we will request as part of our onboarding of your complaint that you consent to us recording all our calls with you.

Where do we store your Personal Information?

We will keep the Personal Information that we collect either at CIFO’s office in Jersey, or on electronic records stored with an information technology service provider in Europe.

From time-to-time we may use a third-party provider to assist us to carry out research and gain feedback from users of our services.

How do we use your Personal Information?

We identify the purposes for which we use your Personal Information at the time we collect such information from you and, where required, obtain your consent, prior to such use. We generally use your Personal Information for the following purposes (the “Purposes”):

  • to respond to your enquiries.
  • to investigate and resolve your complaint.
  • to garner your opinions and comments regarding CIFO’s operations.
  • to administer our business activities and website.
  • to include you on CIFO’s mailing list(s).
  • for statistical research and demographic analysis.
  • if you are at our offices, to administer the physical security of our offices.
  • to recruit for positions in CIFO, and for planning and analysis relating to CIFO’s recruitment efforts.
  • to investigate legal claims.
  • such purposes for which CIFO may obtain your consent from time-to-time.
  • such other uses as may be permitted or required by applicable law.

If you are making a complaint to CIFO about the provision of financial services in or from within the Channel Islands, your complaint, with personal identifiers removed, may be used to compile statistical data or prepare case studies, which may be made public.

CIFO’s website may place and access cookies when you visit the website.

How will we use Generative AI?

CIFO has adopted a website Generative AI agent, Microsoft 365 Co-pilot Chat, to help facilitate its users navigate its services and its complaint resolution function. This will collect standard log in information and details of visitors’ behaviour patterns. We do this to enhance CIFO’s service delivery for its users. All Personal Information collected in this manner is anonymised and managed in accordance with CIFO’s Generative AI policy.

CIFO will only use GenAI tools for its’ complaint resolution function as a support tool and with the full oversight and review of its output by CIFO’s case handlers and the CIFO operations team. CIFO has an AI ethics and use policy in place.

To whom do we provide your Personal Information?

We identify to whom, and for what purposes, we disclose your Personal Information, at the time we collect such information from you and obtain your consent to such disclosure.

For example, we may transfer your Personal Information to third-party service providers with whom we have a contractual agreement that includes appropriate privacy standards, where such third parties are assisting us with the Purposes – such as service providers that provide data storage or processing.

We will only make disclosures of Personal Information to such persons for whom you provide your consent unless the disclosure is otherwise permitted or required by law.

When and how do we obtain your consent?

We generally obtain your consent at or before the time that we collect your Personal Information; however, we always obtain your consent prior to using or disclosing your Personal Information for any purpose, unless that consent is not required by law. You may provide your consent to us either orally, electronically or in writing. The form of consent that we seek, including whether it is express or implied, will largely depend on the sensitivity of the Personal Information and the reasonable expectations you might have in the circumstances.

If you have brought a complaint against an FSP for us to investigate, you will provide your consent to all processing necessary to the handling of your complaint when completing our Complaint Form.

How do we ensure the privacy of your Personal Information when dealing with third parties?

We ensure that all third parties with access to Personal Information, whether they are involved in a complaint, an investigation or otherwise, observe the intent of this Privacy Statement and our privacy practices.

Certain of CIFO’s events, such as its Annual Stakeholder Meeting, are facilitated through EventBrite. For further information on how they manage your data please view their Eventbrite Privacy Policy | Eventbrite Help Centre.

How long will we utilize, disclose or retain your Personal Information?

We may keep a record of your Personal Information, correspondence, call recordings or comments, in a file specific to you. We will utilize, disclose, or retain your Personal Information for as long as necessary to fulfil the purposes for which that Personal Information was collected and as permitted or required by law. You can request our Data Retention Schedule from our Data Protection Team, if required.

How do you know that the Personal Information we have on you is accurate?

We will ensure that your Personal Information is kept as accurate, complete, and up to date as possible. We will not routinely update your Personal Information, unless such a process is necessary. We expect you, from time-to-time, to supply us with written updates to your Personal Information, when required.

If you want to review, verify, correct, withdraw consent, or request erasure of your Personal Information, object to the processing or request that we transfer a copy of your Personal Information to another party, please contact our Data Protection Team.

What if the Personal Information we have on you is inaccurate?

At any time, you can challenge the accuracy or completeness of your Personal Information in our records. If you successfully demonstrate that your Personal Information in our records is inaccurate or incomplete, we will amend the Personal Information as required. Where appropriate, we will transmit the amended information to third parties having access to your Personal Information.

How can you review your Personal Information?

You may make a written or verbal request to review any Personal Information about you that we have collected, utilized, or disclosed. Upon receiving such a request, we will generally provide you with any such Personal Information in accordance with applicable law. We will make such Personal Information available to you in a form that is intelligible and will explain any abbreviations or codes.

CIFO as a public body established under statute is entitled to certain statutory exemptions from sharing this information with you, where the disclosure is likely to prejudice the performance of CIFO’s statutory functions.

How fast will we respond to your written requests?

We will attempt to respond to each of your written requests not later than twenty-eight (28) days after receipt of such requests. We will advise you in writing if we cannot meet your requests within this time limit.

Are there any costs to you for requesting information about your Personal Information or our privacy practices?

Generally, we will not charge you to access your Personal Information in our records or to access our privacy practices.

How do we know that it is really you requesting your Personal Information?

We may request that you provide sufficient identification to permit access to the existence, use or disclosure of your Personal Information. Any such identifying information shall be used only for this purpose.

What safeguards have we implemented to protect your Personal Information?

We have implemented physical, organizational, contractual, and technological security measures to protect your Personal Information from loss or theft, unauthorised access, disclosure, copying, use or modification. The only employees, who are granted access to your Personal Information, are those with a business ‘need-to-know’ or whose duties reasonably require such information.

How do you contact CIFO regarding access to your Personal Information?

If you are a complainant who has brought or is bringing a complaint against an FSP to CIFO to resolve and you are seeking to see your Personal Information held on your complaint file, please contact your case handler in the first instance. If you are still not happy you can contact the Data Protection Team at DPO@ci-fo.org.

For all other requests, you can simply email the Data Protection Team at DPO@ci-fo.org.

How do you contact CIFO regarding CIFO’s privacy practices?

If you have any questions about this Privacy Notice or how we handle your Personal Information, please contact DPO@ci-fo.org.

Your right to complain to Data Protection Regulator:

You have the right to make a complaint at any time to the relevant Data Protection authority either in Jersey or Guernsey with whom we are registered (see above).

 

Office of the Information Commissioner – Jersey

2nd Floor, 5 Castle St, St Helier, Jersey JE2 3BT

Telephone +44 (0) 1534 716530 or Email: enquiries@dataci.org

Office of the Data Protection Authority – Guernsey

St Martin’s House, Le Bordage, St Peter Port, Guernsey, GY1 1BR

Telephone +44 (0) 1481 742074 or Email: enquiries@odpa.gg