Privacy Policy

The purpose of this document is for Meridian Asset Management (C.I.) Limited (‘Meridian’) to provide information to our clients on what Personal Data we hold for clients, how we use it, the conditions under which we may disclose it to others and how we keep it secure. The rationale of having this policy is to protect and respect clients’ privacy. It also sets out the rights of those individuals in respect of that Personal Data. Personal Data relates to living individuals.


Who are we?
Meridian is a discretionary portfolio manager with a single office in Jersey. Our rules and procedures governing Personal Data are subject to the laws of Jersey and, in this instance, the Data Protection (Jersey) Law 2018.

Scope of this notice
This notice applies to all individuals whose personal data we process, including:

• Clients and prospective clients.
• Employees and job applicants.

Each category of data subject may have different processing purposes, lawful bases, and retention periods, as set out in separate sections below.

What Personal Data do we process?
Personal Data will include your name, address, date of birth, gender, passport or driving licence details and may include details such as income, other assets owned, financial liabilities, private information relating to family matters and other Personal Data germane to our role as a chosen investment manager such as transactional history. For legal and regulatory reasons we are also required to maintain information verifying client identity as well as background information regarding source of wealth and funds. We do not retain any Personal Data that are not relevant to the services offered.

How do we collect data from clients?
It is necessary to gather a certain amount of Personal Data at the start of an investment management relationship. This may be provided to us verbally, by e-mail or by letter. For active clients we retain copies of all correspondence, electronic or hard copy, and file notes are made following meetings and telephone calls where there is significant new information to record pertinent to the relationship. Meridian may also use independent third party data sources to provide information on clients to fulfil legal obligations relating to anti-money laundering and risk assessing.

On what basis do we process client data?

We process your personal data only where a lawful basis applies and only for the purposes stated in our Records of Processing Activities and your Investment Management Agreement.

These are: 

Contract - to provide discretionary portfolio management services, manage your account, prepare statements, and communicate with you about your investments. 

Legal obligation - to meet our obligations under Jersey law and international agreements, including anti money laundering (AML) checks, tax reporting, and record keeping.

Legitimate interests - we rely on legitimate interests for certain processing activities, having carried out and documented a Legitimate Interests Assessment (“LIA”) in line with the Data Protection (Jersey) Law 2018. Examples include:

  • Ensuring the security of our IT and communication systems
  • Monitoring and improving the quality of investment services
  • Internal business management and reporting
  • Protecting our legal rights in the event of disputes 

We do not rely on consent for our core investment management services. If we introduce new purposes or legal bases, we will update this notice before processing begins. 

You have the right to object to processing based on legitimate interests at any time. If you object, we will stop processing unless we can demonstrate compelling lawful grounds.


How is client Personal Data used?

We process your personal data only for the purposes agreed in your Investment Management Agreement and documented in our Data Matrix. These obligations may require us to collect and share certain information with regulators and tax authorities: 

  • Providing discretionary portfolio management, including reviewing your investment objectives, executing trades, and monitoring portfolio performance. (Contract)
  • Administering your account, including client record-keeping, valuations, and responding to your instructions. (Contract)
  • Meeting regulatory obligations under the Proceeds of Crime (Jersey) Law 1999, the Investment Business (Jersey) Law 1998, and related AML/CFT Codes of Practice. (Legal obligation)
  • Complying with international tax reporting under CRS and FATCA. (Legal obligation)
  • Coordinating with our appointed custodian to safeguard your assets and meet their compliance requirements. (Contract / Legal obligation)
We do not use your personal data for any purpose not listed above and will inform you before introducing any new processing activities.  data for a new purpose, we will notify you and update this privacy notice before such processing begins. 


Who has access to client Personal Data?

All client Personal Data is accessible by all our staff in the Jersey office.

We share data only with third parties who process data on our behalf to provide us or clients with services for the purposes outlined above. Contractual arrangements are in place for data sharing and protection with these third parties as relevant. The third parties include:

  • Professional advisers, including lawyers, tax advisers and auditors.
  • Our Custodian.
  • Screening service providers.
  • IT service providers, including hosting and support service providers.

We only share information where it is necessary to facilitate the provision of investment services to the client and we will not share clients’ Personal Data with, or sell to, any third parties for the purpose of marketing, data analysis, profit or any other reason. There is no client Personal Data stored on the website, nor can it be accessed via the website. Meridian does not collect information, for example, through the use of ‘cookies’, when you visit the website.

What security precautions are in place to protect the loss, misuse or alteration of Personal Data?

We apply a risk-based approach to protecting personal data, considering: 

  • The type and sensitivity of personal data (e.g., standard vs. special category data). 
  • The vulnerability of the individuals concerned. 
  • The volume of data involved. 
  • The potential impact of a breach, including financial harm or identity theft.

In the event of a high-risk breach, we will notify affected individuals and the Jersey Office of the Information Commissioner within legal timeframes. 

What would Meridian do in the event of a data breach?

In the event of certain types of Personal Data breach, Meridian will inform the Jersey Office of the Information Commissioner within 72 hours. A breach is defined as a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise processed. Meridian has an internal process to deal with all breaches which covers informing affected individuals about a breach which is likely to adversely affect th

For how long is Personal Data retained?

We retain personal data for 10 years after the termination of our client relationship. Where records are co-mingled with other clients’ data, we retain them for the period required by applicable legal obligations, such as anti-money laundering laws, which may require retention for up to 15 years. After this period, all records are securely destroyed. 

What are Clients’ Rights regarding Personal Data?

The rights of clients regarding the use of their Personal Data are set out in Section 6 of the Data Protection (Jersey) Law 2018:

  • The right to be informed.
  • The right to access Personal Data.
  • The right to rectification.
  • The right to erasure.
  • The right to request restriction of processing.
  • The right of data portability.
  • The right to object to processing.
  • The right to challenge automated decision making and profiling.

What are our Privacy Governance arrangements?

We have appointed a Privacy Lead to oversee compliance with data protection laws and best practice, including: 

  • Monitoring compliance with the Data Protection (Jersey) Law 2018 and our internal policies. 
  • Conducting staff training on privacy requirements. 
  • Advising on Data Protection Impact Assessments (DPIAs). 
  • Acting as the contact point for the Jersey Office of the Information Commissioner. 
  • Responding to individual rights requests and complaints.

If you have any questions regarding this notice, your Personal Data, or, in the context of your relationship with Meridian, any other aspect of the Data Protection (Jersey) Law 2018 then please contact our Privacy Lead Neil Macfarlane by email: info@meridian.co.je or telephone: 01534 733663.

Meridian will provide copies of Personal Data within 4 weeks of receipt of a Data Subject Access Request unless an extension is applied in accordance with Data Protection (Jersey) Law 2018. If you are unsatisfied with Meridian’s response to any queries, concerns or subject right’s requests, you have the right to complain to:

The Jersey Office of the Information Commissioner
2nd Floor
5 Castle Street
St Helier
Jersey
JE2 3BT

Email: enquiries@jerseyoic.org
Telephone: 01534 716530

 

Privacy Notice - Job Applicants

When you apply for a role with Meridian Asset Management, we collect and process personal data provided in your application, CV, and any supporting documents. This may include your contact details, employment history, qualifications, and references.

We process this information to assess your suitability for the role, conduct interviews, and make recruitment decisions. The lawful basis for processing is our legitimate interests in recruiting qualified personnel, and where applicable, compliance with legal obligations.

We may share your information with recruitment agencies or referees you have nominated. Data will be retained for six months after the recruitment process ends, unless you become an employee, in which case it will form part of your personnel file.

Privacy Notice Review

We review and update this privacy notice whenever our processing activities change and at least once every 12 months. Updates are linked to our formal Records of Processing Activities review process to ensure accuracy and compliance. The most recent review was completed on 23rd March 2026



  >> click here

© Meridian 2026