Privacy Policy

The purpose of this document is for Meridian Asset Management (C.I.) Limited (‘Meridian’) to provide to its clients information on what Personal Data we hold on clients, how we use it, the conditions under which we may disclose it to others and how we keep it secure. The rationale of having this policy is to protect and respect clients’ privacy. It also sets out the rights of those individuals in respect of that Personal Data. Personal data relates to living individuals.


Who are we?
Meridian is a discretionary portfolio manager with a single office in Jersey. Our rules and procedures governing Personal Data are subject to the laws of Jersey and, in this instance, the Data Protection (Jersey) Law 2018.

What is Personal Data?
Personal Data will include your name, address, date of birth, gender, passport or driving licence details and may include details such as income, other assets owned, financial liabilities, private information relating to family matters and other Personal Data germane to our role as a chosen investment manager such as transactional history. For legal and regulatory reasons we are also required to maintain information verifying client identity as well as background information regarding source of wealth and funds. We do not retain any Personal Data that are not relevant to the services offered.

If you have any questions regarding this policy, your Personal Data or, in the context of your relationship with Meridian, any other aspect of the Data Protection (Jersey) Law 2018 then please contact Ian Brandon.

How do we collect data from clients?
It is necessary to gather a certain amount of Personal Data at the start of an investment management relationship. This may be provided to us verbally, by e-mail or by letter. For active clients we retain copies of all correspondence, electronic or hard copy, and file notes are made following meetings and telephone calls where there is significant new information to record pertinent to the relationship. Meridian may also use independent third party data sources to provide information on clients in order to fulfil legal obligations relating to anti-money laundering and risk assessing.

On what basis do we process client data?
There are six agreed legal bases on which we might process Personal Data. At least one must apply to justify processing such information:

1. Consent: The client has given clear consent for Meridian to process their Personal Data for a specific purpose.
2. Contract: The processing is necessary to fulfil the legal agreement signed between Meridian and the client.
3. Legal obligation: The processing is necessary to comply with the law (not including contractual obligations).
4. Vital interest: The processing is necessary to protect someone’s life.
5. Public task: The processing is necessary to perform a task in the public interest or an official function, both of which would need a clear basis in law.
6. Legitimate interests: The processing is necessary for Meridian’s own legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the client’s Personal Data which overrides those legitimate interests.

Of these, we rely primarily on contractual and legal obligations to process data, with legitimate interest also playing a smaller part.

How are client Personal Data used?
We will use this information:

  1. To fulfil our obligations under local and international legislation, for example meeting the requirements of anti-money laundering laws and passing information to the Taxes Office under international reporting obligations.
  2. To provide an investment management service that is appropriate for the client’s needs and circumstances on an ongoing basis.
  3. To pass on to our custodian, BNP Paribas Securities Services, Jersey Branch (‘BNP Paribas’) so that they can also meet their requirements under local and international legislation as well as fulfilling their internal procedures.
  4. To communicate with the client by sending regular portfolio information such as valuations and ad hoc communication associated with the service offered, such as requests for information.
  5. To notify clients of changes to the service offered.
  6. To request fresh Personal Data from clients to ensure our records are kept current.



Who has access to client Personal Data?
All client Personal Data are accessible by all staff in the Jersey office. Meridian does not store Personal Data outside of Jersey though BNP Paribas and our outsourced I.T. provider, C5 Alliance (‘C5’) may store Personal Data outside of Jersey. It is necessary to pass on certain Personal Data to BNP Paribas to meet their requirements in the context of normal banking practice and meeting their obligations under local and international legislation. C5 host our computer system and so have access to our systems.

We only share information where it is necessary to do so in order to facilitate the provision of investment services to the client and we will not share or sell clients’ Personal Data with any third parties for the purpose of marketing, data analysis, profit or any other reason. There are no client Personal Data stored on the website nor can it be accessed via the website. Meridian does not collect information, for example, through the use of ‘cookies’, when you visit the website. Apart from telephone numbers, there are no client data stored on the personal devices of Meridian staff.

 

Security precautions in place to protect the loss, misuse or alteration of client Personal Data
Meridian takes very seriously the issue of privacy generally and, specifically, the storage of and access to Personal Data. Client data in paper format are stored in locked areas and cannot be accessed by non-Meridian staff. All Personal Data stored electronically on Meridian’s I.T. systems are encrypted and only accessible by Meridian staff and C5 staff.

What would Meridian do in the event of a data breach?
In the event of certain types of Personal Data breach Meridian will inform the Jersey Information Commissioner within 72 hours. A breach is defined as a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise processed. It would involve information, either written or in electronic form, including encrypted Personal Data. Meridian has an internal process to deal with all breaches which covers informing affected individuals about a breach which is likely to adversely affect them.

For how long is client Personal Data retained?
All Personal Data for clients are retained for a period of 10 years after the termination of the relationship. After that point all physical records are securely destroyed and electronic and other media records are erased. Some co-mingled client Personal Data may have to be retained for longer than this in order to preserve other clients’ data held alongside it. When Personal Data are processed in the case of prospective clients that do not become investment business clients, all Personal Data will be destroyed at the next destruction date after a period of one year has elapsed.

Right to erasure/Right to be forgotten
Clients can request for their Personal Data to be erased by contacting Meridian in writing. It may not be possible to comply with this request if there is an ongoing legal basis to retain such Personal Data. The most common legal basis would be the retention of records to meet local regulations and a specific requirement under the law to retain records for a minimum of 10 years. Should a request be agreed to then it will be completed with one month. It may be necessary to make a time charge, purely to cover the cost of completing the request.

How clients can access the information held by us.
Clients that have a query on their Personal Data or wish to access any of it can contact Meridian by calling 01534 736633 or e-mailing info@meridian.co.je If the data access request is administratively burdensome then there may be a time charge made purely to cover the cost of completing the request. This will be agreed up front. Copies of the Personal Data requested will be provided within one month. This would be extended if there was a delay in Meridian receiving information relating to the request.

Policy review
This policy will be reviewed and, if necessary, updated on an annual basis. The most current version will be available on the company website www.meridian.je . This policy was written in May 2018.

  >> click here

© Meridian 2006