DATA PROTECTION AND PRIVACY NOTICE

1. This notice tells you what to expect when we collect information about individuals. If you need further information or have any questions or complaints about our privacy notice or privacy practices please contact our Data Protection Officer using the details below:

• Data Protection Officer:
• Mrs. Claire M. L. Greene-Malaykhan, FOSTERS, Robin Kelton Building, Choc Bay, Castries, Saint Lucia, LC02 501
• Telephone: 758 453 1100
• E-mail: claire@fosters.law

2. This notice describes:

• The personal information that we collect
• How we obtain personal information
• How we use personal information
• The basis upon which we use personal information
• How long we keep personal information
• Who we share personal information with
• Which countries we transfer personal information to
• How we protect personal information
• The legal rights of individuals whose personal information we process

The personal information that we collect

3. Personal information (personal data) means any information relating to an identified or identifiable natural person.

4. Because of the wide ranging nature of our work, and the different reasons why we need to use personal information, what we collect is very varied and includes:

• Identity and contact data – including name, date of birth, email address, postal address, telephone numbers, passport details and information provided or collected as part of our client take on or employee recruitment processes
• Financial and transaction data – including bank account details, payment card details and details of payments from and to individuals
• Technical and usage data – including information about how individuals use our website
• Marketing data – including individuals’ preferences in receiving marketing from us and information provided to us for the purpose of attending events such as dietary information and accessibility requirements
• Information used to provide our services – including information provided to us by or on behalf of our clients or otherwise provided to us or generated by us in the course of providing services to our clients

5. To provide our services, we collect special category data and personal data relating to criminal convictions and offences. Special category data includes personal data that reveals racial or ethnic origin, religious or philosophical beliefs, trade union membership, data concerning health and data concerning a person’s sex life or sexual orientation.

How we obtain personal information

6. We obtain personal information in different ways, including through:

• Direct contact – individuals may give us their personal information by corresponding with us by post, email or telephone or otherwise.
• Clients – our clients may give us personal information of individuals (for example a client’s employees) to enable us to provide our services
• Third parties or publicly available sources – we may receive personal information of individuals from third parties  in connection with the provision of services by us to our clients. We may also receive information from publicly available sources such as the Registry of Companies, Office of Deeds and Mortgages  and Land Registry
• Our website – we use cookies to help us to provide users with a good experience when browsing the website and allow us to improve the site. Details of the cookies we use, the information we gather and how cookies can be blocked can be found in our Cookie Policy on our website and in our Legal Notices.

How we use personal information

7. We use personal information in a variety of ways including:

• To provide our services to our clients
• To recruit employees
• To manage and supervise our employees and partners
• To promote our services
• To meet our legal and regulatory obligations
• To meet our audit and insurance obligations

The basis upon which we use personal information

8. We will only use personal information (including special category data and data relating to criminal convictions and offences) when the law allows us to. Most commonly, we will use personal data in the following circumstances:

• Where we need to do so to perform a contract we are about to enter into or have entered into – for example a contract of employment
• Where it is necessary for our legitimate interests (or those of a third party such as one of our clients) and the interests and fundamental rights of the individual whose personal information we are using do not override those interests – for example where we act for a client in bringing regulatory proceedings
• Where it is necessary to comply with a legal or regulatory obligation
• For updating and enhancing client records
• Analysis for management purposes and statutory returns

9. When we use special category data and data relating to criminal convictions and offences it will normally be when this is necessary for the establishment, exercise or defence of legal claims or where we need to do so as an employer

10. Generally we do not rely on consent as a legal basis for processing personal information other than in relation to sending direct marketing communications. Consent to receiving direct marketing communications can be withdrawn at any time, including through our website.

How long we keep personal information

11. We will keep personal information in accordance with our data retention practices, which apply appropriate retention periods for each category of personal information. In setting retention periods we take account of the purposes for which the personal information was collected, legal and regulatory obligations on us to retain information, limitation periods for legal action and our business purposes.

Who we share personal information with

12. We may share personal information with third parties including:

• In the course of providing services to our clients – for example when instructing a medical expert to produce a report or counsel to provide advice
• When we outsource certain support services – for example photocopying or IT services
• Our professional advisers – for example our auditors, bankers and insurers
• To regulatory authorities, courts, tribunals and law enforcement agencies

13. Third parties to whom we transfer personal information are required to respect the security of the information and treat it in accordance with the law. We do not sell personal data to third parties.

Which countries we transfer personal information to

14. In the course of providing services to our clients we may need to transfer personal information outside the Eastern Caribbean (EC) jurisdiction, for example where we are providing immigration advice to companies based outside the EC and wider Caricom region.

15. Whenever we transfer personal information outside the EC, we implement at least one of these safeguards or ensure that at least one of these conditions applies:

• By transferring to a country that the European Commission has decided provides an adequate level of protection for personal information
• If transferring personal information to the US, by transferring to organisations that are part of the Privacy Shield
• By using adopted or approved (by the European Commission) standard data protection clauses
• The transfer is necessary for the establishment, exercise or defence of legal claims
• The transfer is necessary for the conclusion or performance of a contract between us and the individual whose personal information is being transferred

How we protect personal information

16. We have put in place appropriate security measures to prevent personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we have put in place appropriate measures to inform our staff about how we collect, handle and keep information secure.

17. We have put in place measures to deal with any suspected personal information breach and will notify relevant individuals and the appropriate authority of a breach when we are legally required to do so.

The legal rights of individuals whose personal information we process

18. Individuals have the rights set out below. If you wish to exercise any of these rights please contact our Data Protection Officer using the contact details given above.

• Request access to their personal information (commonly known as a "data subject access request"). This enables individuals to receive a copy of the personal data we hold about them and to check that we are lawfully processing it.
• Request correction of the personal information that we hold about them. This enables individuals to have any incomplete or inaccurate information we hold, though we will need to verify the accuracy of the new information provided to us.
• Request erasure of their personal information. This enables individuals to ask us to delete or remove personal information where there is no good reason for us continuing to process it. Individuals also have the right to ask us to delete or remove their personal information where they have successfully exercised their right to object to processing (see below), where we may have processed their information unlawfully or where we are required to erase their personal information to comply with local law. Note, however, that we may not always be able to comply with a request of erasure for specific legal reasons which will be notified to the individual, if applicable, at the time of their request.
• Object to processing of personal information where we are relying on a legitimate interest (or that of a third party) and there is something about the individual’s particular situation which makes her/him want to object to processing on this ground as she/he feels it impacts on her/his fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process the information that overrides those rights and freedoms. Individuals also have the right to object where we are processing their personal information for direct marketing purposes.
• Request restriction of processing of their personal information. This enables individuals to ask us to suspend the processing of their personal information in the following scenarios: (a) if the individual wants us to establish the information's accuracy; (b) where our use of the information is unlawful but an individual does not want us to erase it; (c) where the individual needs us to hold the information even if we no longer require it as she/he needs it to establish, exercise or defend legal claims; or (d) the individual has objected to our use of their information but we need to verify whether we have overriding legitimate grounds to use it
• Withdraw consent at any time where we are relying on consent to process the personal information. However, this will not affect the lawfulness of any processing carried out before consent is withdrawn.

Complaints

19. We would appreciate the chance to deal with any concerns you may have.  Please contact our Data Protection Officer, using the contact details given above.

Changes to this privacy notice

We keep our privacy notice under regular review.
This Privacy Notice was last updated on September 22 2018.