Privacy Policy

The purpose of this document is for Meridian Asset Management (C.I.) Limited (‘Meridian’) to provide to our clients information on what Personal Data we hold on clients, how we use it, the conditions under which we may disclose it to others and how we keep it secure. The rationale of having this policy is to protect and respect clients’ privacy. It also sets out the rights of those individuals in respect of that Personal Data. Personal data relates to living individuals.

Who are we?
Meridian is a discretionary portfolio manager with a single office in Jersey. Our rules and procedures governing Personal Data are subject to the laws of Jersey and, in this instance, the Data Protection (Jersey) Law 2018.

What is Personal Data?
Personal Data will include your name, address, date of birth, gender, passport or driving licence details and may include details such as income, other assets owned, financial liabilities, private information relating to family matters and other Personal Data germane to our role as a chosen investment manager such as transactional history. For legal and regulatory reasons we are also required to maintain information verifying client identity as well as background information regarding source of wealth and funds. We do not retain any Personal Data that are not relevant to the services offered.

If you have any questions regarding this policy, your Personal Data or, in the context of your relationship with Meridian, any other aspect of the Data Protection (Jersey) Law 2018 then please contact Neil Macfarlane..

How do we collect data from clients?
It is necessary to gather a certain amount of Personal Data at the start of an investment management relationship. This may be provided to us verbally, by e-mail or by letter. For active clients we retain copies of all correspondence, electronic or hard copy, and file notes are made following meetings and telephone calls where there is significant new information to record pertinent to the relationship. Meridian may also use independent third party data sources to provide information on clients in order to fulfil legal obligations relating to anti-money laundering and risk assessing.

On what basis do we process client data?
There are six agreed legal bases on which we might process Personal Data. At least one must apply to justify processing such information:

1. Consent: The client has given clear consent for Meridian to process their Personal Data for a specific purpose.
2. Contract: The processing is necessary to fulfil the legal agreement signed between Meridian and the client.
3. Legal obligation: The processing is necessary to comply with the law (not including contractual obligations).
4. Vital interest: The processing is necessary to protect someone’s life.
5. Public task: The processing is necessary to perform a task in the public interest or an official function, both of which would need a clear basis in law.
6. Legitimate interests: The processing is necessary for Meridian’s own legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the client’s Personal Data which overrides those legitimate interests.

Of these, we rely primarily on contractual and legal obligations to process data, with legitimate interest also playing a smaller part.

How is client Personal Data used?
We will use this information:

  1. To fulfil our obligations under local and international legislation, for example meeting the requirements of anti-money laundering laws and passing information to the Taxes Office under international reporting obligations.
  2. To provide an investment management service that is appropriate for the client’s needs and circumstances on an ongoing basis.
  3. To pass on to our custodian, BNP Paribas Securities Services, Jersey Branch (‘BNP Paribas’) so that they can also meet their requirements under local and international legislation as well as fulfilling their internal procedures.
  4. To communicate with the client by sending regular portfolio information such as valuations and ad hoc communication associated with the service offered, such as requests for information.
  5. To notify clients of changes to the service offered.
  6. To request fresh Personal Data from clients to ensure our records are kept current.

Who has access to client Personal Data?

• All client Personal Data is accessible by all our staff in the Jersey office.
• We share data only with third parties who process data on our behalf to provide us or clients with services for the purposes outlined above. Contractual arrangements are in place for data sharing and protection with these third parties as relevant. The third parties include:

    • Professional advisers, including lawyers, tax advisers and auditors.
    • Our Custodian.
    • Screening service providers.
    • IT service providers, including hosting and support service providers.

We only share information where it is necessary to do so in order to facilitate the provision of investment services to the client and we will not share clients’ Personal Data with or sell to any third parties for the purpose of marketing, data analysis, profit or any other reason. There is no client Personal Data stored on the website nor can it be accessed via the website. Meridian does not collect information, for example, through the use of ‘cookies’, when you visit the website.


Security precautions in place to protect the loss, misuse or alteration of Personal Data.
Meridian takes very seriously the issue of privacy generally and, specifically, the storage of and access to Personal Data. Personal Data in paper format is stored in locked areas and cannot be accessed by non-Meridian staff. All Personal Data stored electronically on Meridian’s I.T. system is encrypted and only accessible by Meridian staff.

What would Meridian do in the event of a data breach?
In the event of certain types of Personal Data breach, Meridian will inform the Jersey Office of the Information Commissioner within 72 hours. A breach is defined as a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise processed. It would involve information, either written or in electronic form, including encrypted Personal Data. Meridian has an internal process to deal with all breaches which covers informing affected individuals about a breach which is likely to adversely affect them.

For how long is Personal Data retained?
All Personal Data for clients is retained for a period of 10 years after the termination of the relationship. After that point, all physical records are securely destroyed and electronic and other media records are erased. Some co-mingled client Personal Data may have to be retained for longer than this in order to preserve other clients’ data held alongside it. When Personal Data is processed in the case of prospective clients that do not become investment business clients, all Personal Data will be destroyed at the next destruction date after a period of one year has elapsed.

Right to erasure/Right to be forgotten
Clients can request for their Personal Data to be erased by contacting Meridian in writing. It may not be possible to comply with this request if there is an ongoing legal basis to retain such Personal Data. The most common legal basis would be the retention of records to meet local regulations and a specific requirement under the law to retain records for a minimum of 10 years. Should a request be agreed to then it will be completed within one month. It may be necessary to make a time charge purely to cover the cost of completing the request.

How clients can access the information held by us
Clients that have a query on their Personal Data or wish to access any of it can contact Meridian by calling 01534 733663 or e-mailing If the data access request is administratively burdensome then there may be a time charge made purely to cover the cost of completing the request. This will be agreed up front. Copies of the Personal Data requested will be provided within one month. This could be extended if there was a delay in Meridian receiving information relating to the request.

Policy review
This policy will be reviewed and, if necessary, updated on a regular basis. The most current version will be available on the company website This policy was written in May 2018.

  >> click here

© Meridian 2022