Privacy Statement

September 2019

Download PDF

The purpose of this Privacy Statement is to make you aware of the policies now in place to protect your personal data under the Data Protection Law 2017 of the Cayman Islands (“DPL”). Our firm and its affiliated CIMA licensed service providers (together “TTA”) are personal data “controllers” under the DPL and as such we are responsible for protecting your personal data provided to us or otherwise collected and used in connection with the provision of legal services by us. Personal data means any information about a living individual from which that person can be identified. The protections afforded by the DPL are in addition to the common law duty of confidentiality owed to our clients as part of the attorney-client relationship.

The types of information we hold about you
As a consequence of our professional relationship with you we collect, store, and use the following categories of personal data:

  • Contact Details: Personal information such as your title, name, telephone number and e-mail address.
  • Personal Identification Data – official documents and records e.g. passport, driving licence, and the information contained in them, including nationality, date and country of birth etc.. This may include, where it may arise, sensitive personal data such as any criminal record you have, your status as a PEP or close associate of a PEP and any sanction or embargo enacted against you.
  • Any other personal data you or any representative or agent of yours provides to us or which we may obtain about you during the course of our engagement with you as legal services provider.
    How is your personal data collected?
    We process personal data from the following sources:
  • You (including when you communicate with us via e-mail, post, telephone or when you submit an application for employment with us; when you sign up for an event; and when you respond to our communications or requests for information).

Note: In providing personal data to us, you agree and understand that legal services involving the application by us (on your behalf) for banking, immigration, licences and other government-related services will involve us storing, processing and sharing your personal data pursuant to the terms of our engagement with you.

Other sources from which we may obtain your personal data include:

  •  persons including your professional and other advisors who may provide us with your personal data on your behalf; and
  • publicly accessible sources such as websites, registers and databases.

What we use information about you for
The types of personal data we use will depend on many factors, including the nature of your relationship with us and the services we are asked to perform.
Most commonly, we will use your personal data for one or more of the following purposes: 2

  • The provision of legal and other services you engage or instruct us to perform, including the management and administration of our business (e.g. the collection of our fees).
  • The maintenance and promotion of our client relationships, including providing legal and regulatory updates to our clients and contacts.
  • Where we need to comply with a legal obligation (e.g. to comply with requests for information issued by government or other regulatory authorities or to satisfy our AML/CFT obligations).
  • Where we are acting as data processor for a client that is a controller.
  • Where it is necessary for our legitimate interests (or those of a third party).

Generally we do not rely on consent as a legal basis for processing your personal data, although, we may do so. We do not engage in unsolicited direct marketing communications.
Where you have consented to us processing your personal data, you have the right to withdraw that consent at any time. If we consider that the withdrawal of such consent will impede our ability to provide any service to you we reserve the right to terminate the provision of our services to you in the event of such a withdrawal.

Where we apply profiling as required pursuant to the risk-based approach under the AML/CFT regime, we do not solely rely on automated decision making.
We will only use your personal data for the purposes for which we collected it, unless we consider that we need to use it for another reason and that reason is compatible with the original purpose.

How we use sensitive data
We may also collect, store and use special category data including health, disabilities and family status data as part of our litigation services offering. In addition to the lawful bases for processing set out above, we may process your personal data for the establishment, exercise or defence of legal claims.

Changes to the privacy notice and your duty to inform us of changes
We keep our Privacy Statement under regular review it is, therefore, important that you read this Statement periodically so that you are aware of any updates.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if and when your personal data changes during your relationship with us.

Data sharing
We will only share your personal data to the extent it is necessary to do so for one or more of the purposes described above. To the extent that it is deemed appropriate to share your personal data for the purposes described above, we may do so with one or more of the following categories of third party:

  • Professional and other service providers acting in relation to the services being provided to you.
  • Entities such as bankruptcy search providers, insurance companies, beneficiary tracing agency, background check, credit reference agencies, providers of fraud, financial crime and sanctions database services.
  • Law enforcement agencies, courts or tribunals, other government authorities, or third parties (within or outside the jurisdiction in which you reside) as may be permitted by the law of the Cayman Islands.
  • Where our provision of services to you involves our acting as data processor on your behalf we are acting only on your instructions and we apply the same data security measures that we apply where we are data controller. 3

Data security
We have installed appropriate technical and physical measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We also have procedures in place to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach in accordance with our obligations.
Will my data be transferred outside of the Cayman Islands?
The global nature of our business as an international legal services provider necessitates the transmission of personal data outside of the Cayman Islands. These origins and destinations of personal data flow may not have laws that protect your personal data to the same degree as the DPL.

How long will you use my personal data for?
We will retain your personal data for at least as long as is necessary for us to fulfil our legal obligations in relation to our duties to you under the terms of our engagement with you. We may retain the information beyond the term of our engagement where we consider this to be necessary and to comply with our legal obligations, in particular, AML/CTF obligations. After this period, we will destroy or otherwise erase your personal data in accordance with our policy and applicable laws and regulations.

Your legal rights
In certain circumstances and subject to a range of legal conditions and exemptions (including exemptions that preserve legal professional privilege) the DPL affords you the following rights:

  • Request access and obtain copies of your personal data held by us upon your written request and subject to certain conditions, including our right to verify your identity.
  • Request correction of any incomplete or inaccurate personal data that we hold about you.
  • Request erasure of your personal data where there is no legal basis for us continuing to process it.
  • Object to or request the restriction of the processing of your personal data. You also have the right to object where we are processing your personal data for direct marketing purposes.

Contacts regarding your Personal Data
If you would like to discuss or exercise the rights you may have, you can contact us via your usual contact at TTA or the Compliance Manager on + (345) 949 0699 or in writing at

2nd Floor, Harbour Place, PO Box 472, 103 South Church Street, Grand Cayman, Cayman Islands, KY1-1106.

We will endeavour to respond to any request, query, or complaint you may have in respect of your personal data.

However, should you wish to make a formal complaint you can contact the Caymans Islands Ombudsman: Ombudsman P.O. Box 2252, Grand Cayman KY1-1107, Cayman Islands

Version control
Version Number : 1
Date : 23.09.19
Description : DPL In force.