Privacy Statement (as of December 2021)
At the Channel Islands Financial Ombudsman (“CIFO”, “we” or “us”), we are committed to protecting your privacy and safeguarding your personal information.
This Privacy Statement describes how we collect and use personal information about you during and after your relationship with us, in accordance with the Data Protection (Jersey) Law 2018 (DPJL) and the Data Protection (Bailiwick of Guernsey) Law 2017 (DPGL). CIFO is registered with the Jersey Office of the Information Commissioner – Registration No. 53967 and the Office of the Data Protection Authority in Guernsey, Registration No. 53968.
We reserve the right to update this privacy statement at any time. This is current as of the “last revised” date which appears at the top of this page.
We may provide links on our website to other websites. Those websites may have different policies and we do not assume responsibility for the information or privacy practices of those other sites.
We have appointed a Data Protection Lead (DPL) to oversee compliance with this Privacy Statement. If you have any questions about this Privacy Statement or about how we handle your personal information, please contact the DPL at Carol.Rabet@ci-fo.org.
- What is Personal Information?
“Personal Information” is any information that is identifiable with you, as an individual. This information may include but is not limited to your name, mailing address, telephone number, e-mail address and business facsimile number. If you are making a complaint about a financial services provider (FSP), we may also collect information about your finances and health. Personal Information, however, does not include your name, business title, business address, business telephone number, business e-mail address or business facsimile number in your capacity as an employee or official of an organization.
- How do we collect your Personal Information?
We will always collect your Personal Information by fair and lawful means. We may collect Personal Information from you directly and/or from third parties, such as from FSPs, where we have obtained your consent to do so or as otherwise required or permitted by law.
- Where do we store your Personal Information?
We will keep the Personal Information that we collect either at CIFO’s office in Jersey, or on electronic records stored with an information technology service provider in Europe.
From time-to-time we may use a third-party provider to assist us to carry out research and gain feedback from users of our services.
- How do we use your Personal Information?
We identify the purposes for which we use your Personal Information at the time we collect such information from you and obtain your consent, in any case, prior to such use. We generally use your Personal Information for the following purposes (the “Purposes”):
- to respond to your enquiries;
- to investigate and resolve your complaint;
- to garner your opinions and comments regarding CIFO’s operations;
- to administer our business activities and website;
- to include you on CIFO’s mailing list(s);
- for statistical research and demographic analysis;
- if you are at our offices, to administer the physical security of our offices;
- to recruit for positions in CIFO, and for planning and analysis relating to CIFO’s recruitment efforts;
- to investigate legal claims;
- such purposes for which CIFO may obtain your consent from time-to-time; and
- such other uses as may be permitted or required by applicable law.
If you are making a complaint to CIFO about the provision of financial services in or from the Channel Islands, your complaint, with personal identifiers removed, may be used to compile statistical data or prepare case studies, which may be made public.
CIFO’s website may place and access cookies when you visit the website. Our website does not use any internal or third-party data collecting analytical services.
5.To whom do we provide your Personal Information?
We identify to whom, and for what purposes, we disclose your Personal Information, at the time we collect such information from you and obtain your consent to such disclosure.
For example, we may transfer your Personal Information to third-party service providers with whom we have a contractual agreement that includes appropriate privacy standards, where such third-parties are assisting us with the Purposes – such as service providers that provide data storage or processing.
We will only make disclosures of Personal Information to such persons for whom you provide your consent unless the disclosure is otherwise permitted or required by law.
- When and how do we obtain your consent?
We generally obtain your consent at or before the time that we collect your personal information; however, we always obtain your consent prior to using or disclosing your Personal Information for any purpose, unless that consent is not required by law. You may provide your consent to us either orally, electronically or in writing. The form of consent that we seek, including whether it is express or implied, will largely depend on the sensitivity of the personal information and the reasonable expectations you might have in the circumstances.
- How do we ensure the privacy of your Personal Information when dealing with third parties?
We ensure that all third-parties with access to Personal Information, whether they are involved in a complaint, an investigation or otherwise, are contractually required to observe the intent of this Privacy Statement and our privacy practices.
- How long will we utilize, disclose or retain your Personal Information?
We may keep a record of your Personal Information, correspondence, or comments, in a file specific to you. We will utilize, disclose, or retain your Personal Information for as long as necessary to fulfill the purposes for which that Personal Information was collected and as permitted or required by law. You can request our Data Retention Schedule from our DPL if required.
- How can you review your Personal Information that we have collected, utilized or disclosed?
You may make a written request to review any Personal Information about you that we have collected, utilized, or disclosed. Upon receiving such a request, we will generally provide you with any such Personal Information in accordance with applicable law. We will make such Personal Information available to you in a form that is understandable and will explain any abbreviations or codes.
- How do you know that the Personal Information we have on you is accurate?
We will ensure that your Personal Information is kept as accurate, complete, and up-to-date as possible. We will not routinely update your Personal Information, unless such a process is necessary. We expect you, from time-to-time, to supply us with written updates to your Personal Information, when required.
If you want to review, verify, correct, withdraw consent, or request erasure of your personal information, object to the processing or request that we transfer a copy of your personal information to another party, please contact our DPL.
- What if the Personal Information we have on you is inaccurate?
At any time, you can challenge the accuracy or completeness of your Personal Information in our records. If you successfully demonstrate that your Personal Information in our records is inaccurate or incomplete, we will amend the Personal Information as required. Where appropriate, we will transmit the amended information to third-parties having access to your Personal Information.
- How fast will we respond to your written requests?
We will attempt to respond to each of your written requests not later than thirty (30) days after receipt of such requests. We will advise you in writing if we cannot meet your requests within this time limit.
- Are there any costs to you for requesting information about your Personal Information or our privacy practices?
Generally, we will not charge you to access your Personal Information in our records or to access our privacy practices.
- How do we know that it is really you requesting your Personal Information?
We may request that you provide sufficient identification to permit access to the existence, use or disclosure of your Personal Information. Any such identifying information shall be used only for this purpose.
- What safeguards have we implemented to protect your Personal Information?
We have implemented physical, organizational, contractual, and technological security measures to protect your Personal Information from loss or theft, unauthorised access, disclosure, copying, use or modification. The only employees, who are granted access to your Personal Information, are those with a business ‘need-to-know’ or whose duties reasonably require such information.
- How do you contact CIFO regarding access to your Personal Information or CIFO’s privacy practices?
If you have any questions about this Privacy Notice or how we handle your personal information, please contact the DPL at Carol.Rabet@Ci-Fo.org
You have the right to make a complaint at any time to the Jersey Office of the Information Commissioner, the supervisory authority in Jersey for data protection issues or the Office of the Data Protection Authority (ODPA) in Guernsey.
Office of the Information Commissioner – Jersey
2nd Floor, 5 Castle St, St Helier, Jersey JE2 3BT
Telephone +44 (0) 1534 716530 or Email: firstname.lastname@example.org
Office of the Data Protection Authority – Guernsey
St Martin’s House, Le Bordage, St Peter Port, Guernsey, GY1 1BR
Telephone +44 (0) 1481 742074 or Email: email@example.com