Privacy Policy

Quick Links

Introduction The types of information, including personal information, we may collect Personal Information you provide to us voluntarily Information we may collect from third party sources How we may use and share the information we collect Legal grounds for using personal information Measures we take to protect and safely store the information we collect Retention of the information we collect Your choices and rights How to contact us Complaints Changes to this Privacy Policy

Appleby is an international law firm, operating across a number of international offices (listed below). We have presences in jurisdictions outside the European Union and which have not been deemed adequate by the European Commission for data protection purposes. However, Appleby operates global data protection policies, such that all of our offices are required to meet the same standards.

Appleby (Bermuda) Limited, Appleby (BVI) Limited, Appleby (Cayman) Ltd., Appleby (Guernsey) LLP, Appleby Hong Kong, Appleby (Isle of Man) LLC, Appleby (Jersey) LLP, Appleby Seychelles and Appleby (JV) Ltd & Cie and its representative office in Shanghai and our affiliated businesses (collectively, Appleby) are committed to being a responsible custodian of the information you provide to us and the information we collect in the course of operating our business and providing legal services.

This Privacy Policy sets out how Appleby may collect, use and share information and describes:

The types of information, including personal information, we may collect;
How we may use and share the information we collect;
Legal grounds for using personal information;
The measures we have in place to protect and safely store the information we collect;
Retention of the information we collect;
Your choices and rights in respect of the information we hold;
How to contact us;
Complaints; and
Changes to this privacy policy.

The types of information, including personal information, we may collect

We collect your personal information when you provide it to us. “Personal Information” is any information that can be used to identify you or that we can link to you as an individual and may include:

Personal identification information, such as full name, date of birth, passport, driving licence or other photographic identity details, IP address, politically exposed person status or other information in the public domain;
Company or organisation details, including professional and employment information (which may include your level of education, professional qualifications, employer’s name and details of directorships or other offices you may hold);
Contact information including postal address, email address and any telephone number(s);
Demographic information such as postcode, preferences and interests,
Financial information, including sources of wealth, your assets, bank details and credit history;
Information pertinent to fulfilling our legal services on an individuals or organisations behalf; and
Information we collect automatically through cookies and similar tracking technologies through our website, mobile applications or other online services (please refer to our online services privacy policy for further details).

We may also collect, store and use the following “special categories” of more sensitive personal information including:

Racial or ethnic origin;
Political opinions, religious or philosophical beliefs;
Trade union membership;
Data concerning physical or mental health or disabilities;
Genetic data or biometric data for the purpose of uniquely identifying a natural person;
Data relating to any criminal allegations, court cases and convictions;
Marital or family status; or
Data concerning a natural person’s sex life or sexual orientation

Personal Information you provide to us voluntarily

We may also collect other information that you voluntarily provide to us, including when you communicate with us via email, post, telephone or other channels; when you sign up for or request that we send you our e-alerts, or other legal or marketing materials; when you submit an application for an employment position with us; when you sign up for an event; and when you respond to our communications or requests for information, whether as part of our due diligence required for regulatory compliance, or as part of the provision of legal services to you or a third party.

Information we may collect from third party sources

We may receive information about you from other sources, including our clients, in connection with matters on which we are instructed, entities in which you or someone connected to you has an interest, your legal or financial advisors, financial institutions who process your personal data, third parties and publicly available information that help us: update, expand, and analyse our records; identify new customers or prevent or detect fraud (including credit reference agencies and/or financial crime databases).

We may also receive information in the course of dealing with advisors, regulators, official authorities and service providers. We may also receive information about you from social media platforms, including but not limited to, when you interact with us on those platforms or access our social media content. Please note that the information we may receive from those third-party sites is governed by the privacy settings, policies, and/or procedures of the applicable platform, and we strongly encourage you to review them before submitting any information to them.

How we may use and share the information we collect

Appleby is a global provider of offshore legal services. Our offices and business entities share information with each other for business purposes such as billing, internal administration, promoting our events and services, and providing you or your organisation with legal services. We do not sell, rent, or otherwise share any information with unaffiliated entities except as expressly described in this Privacy Policy or with your prior permission. We may share anonymised information that does not reasonably identify you or your organisation only as permitted by applicable law.

You are not required to provide any personal information on the public areas of our website, however you may choose to do so by completing any of the forms which are included on the site. In addition, Appleby collects the domain names and IP addresses of its visitors, along with usage statistics, analytics and browsing history. This data is used to assist us with promoting or services. Please see our cookies policy for more details about this. We are committed to protecting and respecting your privacy.

We provide legal, corporate and other professional services to our clients and we use your personal data for those purposes. We may use the information we collect:

to respond to your enquiries;
to provide you with legal and other services that you request;
to send you e-alerts and other legal updates, marketing communications and other information or materials that may be of interest to you or which you have expressed an interest in receiving;
to maintain our list of contacts;
for Appleby’s business purposes, including operational and administrative matters, improving the provision of our legal services; data analysis; submitting invoices; detecting, preventing, and responding to actual or potential fraud, illegal activities, or intellectual property infringement;
to assess the effectiveness of our events, promotional campaigns and publications;
to evaluate and recruit personnel; and
as we believe reasonably necessary or appropriate to: comply with our legal and/or regulatory obligations; respond to legal process or requests for information issued by courts, regulators, government authorities or other third parties; or protect your, our, or others’ rights, including legal rights. We may also share information we collect with:
Employees of Appleby but their use shall be limited to the performance of their duties and in line with the reason for processing. Our employees are required to keep that information confidential and are not permitted to use it for any purposes other than to provide legal services, to deal with requests which are submitted to us or for the purposes of facilitating our use of that information in accordance with this Privacy Policy.
Third-party agents, service providers or contractors engaged by us to perform services on our behalf, such as web-hosting companies, information technology providers, analytics providers, marketing and communications services and event hosting services, or our own advisors, auditors and accountants and financial institutions with whom we or you transact (including where the information is required as part of that third party’s own processes to satisfy their legal or regulatory obligations, such as anti-money laundering checks).
Law enforcement, courts or tribunals, other government authorities, regulators or third parties (within or outside the jurisdiction in which you reside) as may be permitted or required by the laws of any jurisdiction that may apply to us and including for the purposes of complying with our legal or regulatory obligations;
Third parties as provided for or required under contract, or as we deem otherwise reasonably necessary to provide our legal services. This may include sharing information with some or all of the categories of third party listed above. We take reasonable efforts to notify you before we disclose information that may reasonably identify you or your organisation, unless giving prior notice is prohibited by applicable law or is not possible or reasonable in the circumstances.
Service providers, advisors, potential transactional partners, or other third parties in connection with the consideration, negotiation, or completion of a transaction in which we are acquired by or merged or amalgamated with another company or we sell, liquidate, or transfer all or a portion of our assets.

Legal grounds for using personal information

We rely on the following legal grounds to process personal information, namely:

Consent – we may use personal information as described in this Privacy Policy subject to your consent. To withdraw your consent to such use, you can contact us via our Contact Us page. Where required by applicable laws, we will rely on your consent for direct marketing and to collect information from your device or computer.
Performance of a contract – we may need to collect and use personal information to enter into a contract with you or to perform a contract that you have entered into with us. For example, when you engage Appleby to provide legal services we will use your personal information to respond to provide you with such services. The provision of those services may require that we share your personal information with others, as outlined in this Privacy Notice.
Legal obligation – we may need to collect and use personal information to comply with legal obligations to which Appleby is subject. This includes undertaking client due diligence and background checks (known as “KYC” (“Know Your Client”) or “CDD” (“Customer Due Diligence”) checks) as well as all other anti-money laundering, countering the financing of terrorism, anti-bribery, or other legal or regulatory obligations.
Legitimate interests – we may use your personal information for our legitimate interests to provide legal services and/or to promote or improve our services. Consistent with our legitimate interests and any choices that we offer or consents that may be required under applicable laws, we may use personal information and other technical information as described in this Privacy Policy for our marketing purposes.

Measures we take to protect and safely store the information we collect

We may store or process the information we collect in jurisdictions where we (or our service providers) have facilities, including but not limited to Bermuda, BVI, Cayman Islands, Guernsey, Hong Kong, Isle of Man, Jersey, Mauritius, Seychelles and Shanghai.

The European Commission (EC) has issued adequacy decisions in respect of Guernsey, Jersey and the Isle of Man, so these jurisdictions are deemed to provide an adequate level of protection for your personal information in accordance with European Union standards. This means that the remaining jurisdictions to which we transfer your data are not deemed to provide an adequate level of protection for your personal information, or have not yet been assessed for such purposes by the EC.

However, to ensure that your personal information does receive an adequate level of protection, we have put in place standard data protection clauses (reflecting the updated SCCs issued by the EU in June 2021) with all members of the Appleby group or service providers with whom we may share information, to ensure that your personal information is treated by those third parties in a way that is consistent with and which respects the standards and laws on data protection within Guernsey, Jersey and the Isle of Man. If you require further information about this protective measure, you can contact us via our Contact Us page.

In other circumstances, the law may permit us to transfer your personal information outside the European Union. In all cases, however, any transfer of your personal information will be compliant with applicable data protection law.

In addition, we deploy administrative, technical, and physical safeguards designed to comply with applicable legal requirements and safeguard the information that we collect. This includes, when required or appropriate and feasible, obtaining written assurances from third parties that may access your data that they will protect the data with safeguards designed to provide a level of protection equivalent to that adopted by Appleby.

However, no information system can be 100% secure. So, we cannot guarantee the absolute security of your information. Moreover, we are not responsible for the security of information you transmit to us over networks that we do not control, including the Internet and wireless networks.

Retention of the information we collect

We retain the information we collect for no longer than is reasonably necessary to fulfil the purposes for which we collect the information, in order to establish or defend legal rights or obligations or to satisfy any reporting or accounting obligations and to comply with our wider legal or regulatory obligations.

Your choices and rights

Where we have relied on your consent to process your personal information, you have the right to withdraw that consent as described in this Privacy Policy at any time. You can contact us via our Contact Us page to do this. Please note that in some circumstances this may mean that we can no longer provide our services to you. If you no longer wish to receive marketing communications from us, you can also let us know via our Contact Us page. The electronic marketing communications we send you also contain opt-out mechanisms that allow you to opt-out from receiving those communications, update your contact information or change your preferences at any time. We will honour your choice and refrain from sending you such announcements. You may also opt back in to receive those communications at any time. You have a number of rights in relation to the information that we hold about you. These rights include:

the right to access information we hold about you and to obtain information about how we process it;
(where we rely on consent) the right to withdraw your consent to our processing of your information, which you can do at any time. We may continue to process your information if we have another legitimate reason or legal obligation for doing so;
in some circumstances, the right to receive certain information you have provided to us in an electronic
format and / or request that we transmit it to a third party;
the right to request that we rectify your information if it is inaccurate or incomplete;
in some circumstances, the right to request that we erase your information. We may continue to retain your information if we are entitled or required to retain it;
the right to request that we restrict our processing of your information in some circumstances. There may be situations where you object to, or ask us to restrict, our processing of your information but we are entitled to continue processing your information and / or to refuse that request.

You can exercise your rights by contacting us using the details set out below. As an individual you also have a right to complain to the data protection regulator in the country where you live or work.

If you would like to discuss or exercise the rights you may have, you can contact us via our Contact Us page.

How to contact us

We welcome your enquiries and comments, but please note that if you are not a client we may not be able to treat the information you send us as confidential or privileged. If you wish to contact us regarding legal or other services, please contact one of our offices near you. You can find a list of our offices on our main website at www.applebyglobal.com.

If you would like to contact us with questions about our privacy or data protection practices, please send us an email via our Contact Us page or by writing to:

Mr Carey Cooper, Privacy Officer [email protected]

EU Representative – We have appointed Saltire Data Protection Services Limited to act as our representative in the European Union as required under Article 27 EU GDPR. You can always contact us directly if you are located in the EU and wish to raise any issues or queries you may have relating to the processing of your personal data. However, if you wish to contact Saltire Data Protection Services Limited you can do so by clicking this form: https://app.saltiredataprotection.eu/enquiry/rs/appleby

UK Representative – We have appointed Shepherd and Wedderburn LLP to act as our representative in the United Kingdom as required under Article 27 UK GDPR. You can always contact us directly if you are located in the UK and wish to raise any issues or queries you may have relating to the processing of your personal data. However, if you wish to contact Shepherd and Wedderburn LLP you can do so by clicking this form: https://app.saltiredataprotection.co.uk/enquiry/rs/appleby

Complaints

We are committed to working with you to obtain a fair resolution of any complaint or concern about your privacy. If, however, you believe that we have not been able to assist with your complaint or concern, you may have the right to complain to the data protection authority/regulator, as applicable, in your jurisdiction. We have set out below the contact details for the relevant authority/regulator in each Appleby jurisdiction:

Bermuda	Privacy Commissioner Maxwell Roberts Building, 4th Floor 1 Church Street Hamilton HM11 Bermuda Telephone: +1 441 543 7748 Email: [email protected]
British Virgin Islands	British Virgin Islands Financial Services Commission Pasea Estate P.O. Box 418 Road Town, Tortola, VG 1110 British Virgin Islands Telephone: +1 284 494 1324 Email: [email protected]
Cayman Islands	Information Commissioner’s Office PO Box 2252 Grand Cayman, KY1-1107 Cayman Islands Telephone: +1 345 946 6283 Email: [email protected]
Guernsey	The Office of the Data Protection Authority St Martin’s House Le Bordage St Peter Port Guernsey GY1 1BR Telephone: +44 1481 742074 Email: [email protected]
Hong Kong	Privacy Commissioner for Personal Data 12/F Sunlight Tower 248 Queen’s Road East Wanchai, Hong Kong Telephone: +852 2827 2827 Email: [email protected]
Isle of Man	Isle of Man Information Commissioner First Floor, Prospect House Prospect Hill Douglas Isle of Man IM1 1ET Telephone: +44 1624 693260 Email: [email protected]
Jersey	Jersey Office of the Information Commissioner 2nd Floor 5 Castle Street St Helier Jersey JE2 3BT Telephone: +44 1534 716530 Email: [email protected]
Mauritius	The Data Protection Commissioner Mauritius Level 5, SICOM Tower Wall Street Ebene Cyber City, Ebene Republic of Mauritius Telephone: +230 460 0251 Email: [email protected]
Seychelles	Department of Information Communications Technology PO Box 737 3rd Floor, Caravelle House Manglier Street Victoria Seychelles Telephone: +248 4 28 66 00 Email: [email protected]
Shanghai	Cyberspace Administration of China 225 Chaoyangmennei Da Jie Beijing China 100010 Telephone: +10 8805 0686 Website: www.cac.gov.cn

Changes to this Privacy Policy

We may update this Privacy Policy from time to time and we encourage you to review this page periodically. If we make any material changes in the way we collect, use, and/or share the personal information that you have provided, we will notify you by posting notice of the changes in clear and conspicuous manner on the Appleby website www.applebyglobal.com.