Privacy Policy

Introduction

  1. We, FT Legal and FT Corporate and Fiduciary Services Ltd. (we, us, our, the Organisation), take privacy, and the security of your personal data, very seriously, and we are committed to ensuring that we safeguard your personal data at all times and in the best manner possible.
  2. This data privacy policy provides essential information about who we are, what personal data we collect from you, how, when, and why we collect, store, use, and share your personal data, how we keep your personal data secure; how long we retain your personal data; your rights concerning your personal data, and how to contact us, or the relevant supervisory authorities, should you have a complaint.
  3. So that we may advise you, provide legal services to you and take your instructions as appropriate, we need to collect, use and process or deal with certain personal information about you (your personal data). When we do so we are subject to the provisions of the Barbados Data Protection Act, 2019-29 (the “DPA”). We are a ‘data controller’ of that personal information for the purposes of those laws. In other words, we are primarily responsible for that personal data and are the ‘person who alone, jointly or in common with others determines the purposes for which, and the manner in which, any personal data is or should be processed’.
  4. If you have any questions about the use to which we put your data please email us at info@ft-legal.com.
  5. This data privacy policy applies in all circumstances, but in particular where you (or someone or an organisation on your behalf):
    1. instruct us to act on your behalf and/or to provide you with advice, information or services;
    2. enquire about instructing us;
    3. visit our website;
    4. submit an enquiry, make contact with us or sign-up to receive our newsletter;
    5. request information from us or provide information to us; and
    6. attend events or seminars hosted by us.
  6. This data privacy policy will also apply where we:
    1. conduct searches about you on public sources in connection with our marketing or business acceptance processes;
    2. agree to provide legal or other services to you or to the organisation for which you work or provide services; or
    3. add you to a mailing or marketing list.
  7. In other words, this data privacy policy will apply where we are acting as a data controller in relation to your personal data, and where we have a supervisory role in relation to how personal data is collected, stored, used and shared.
  8. We are committed to preserving the privacy of your data so that we can:
    1. deliver services of a high quality to all our clients;
    2. at all times comply with the law and the various regulations that we are subject to;
    3. preserve the confidentiality of your personal data in compliance with the DPA and any regulations enacted thereunder;
    4. meet the expectations of customers/clients, employees and third parties; and
    5. protect our reputation.
  9. In this data privacy policy, please note the use of the following terms:
    personal data has the meaning given to it by the DPA and means data which relates to an individual (known as a ‘data subject’) who can be identified from that data; or from that data together with other information which is in the possession of, or is likely to come into the possession of the data controller.
    process has the meaning given to it by the DPA and in relation to information or data, means to obtain, record or hold the information or data or carry out any operation or set of operations on the information or data, including the

    (a) organization, adaptation or alteration of the information or data;
    (b) retrieval, consultation or use of the information or data;
    (c) disclosure of the information or data by transmission, dissemination or otherwise making available; or
    (d) alignment, combination, blocking, erasure or destruction of the information or data.
    we, us and our refers to FT Legal and FT Corporate and Fiduciary Services Ltd., as the case may be;
    you and your refers to the individual person whose data is processed, who is also referred to as the ‘data subject’.

Your personal data

  1. We may collect, store, use and share personal data relating to you in the course of acting for, advising you or providing services to you. The data we need to collect from you in order for us to be able to act for, or advise, you may include the following:
    1. Your name and contact details including but not limited to business and residential addresses, telephone number, mobile telephone number, email address, and other contact details as appropriate.
    2. Where you are located where it is relevant, and you choose to provide this information.
    3. Professional or trade-related information where it is relevant, and you choose to provide this information.
    4. Information required by us in order to enable us to check and verify your identity (for example for anti-money laundering purposes or generally as a means of helping to prevent fraud). This may include identification card, passport details, driving licence details, date of birth, and other identification information as appropriate.
    5. Information as to the matter in which we are acting, advising or providing services.
    6. Financial details relating to you, including details of your bank account if money is sent to you or is likely to need to be sent to you, billing information and credit card details.
    7. The source of any funds being supplied by you in relation to any transaction that involves a purchase.
    8. Your national insurance number and/or tax details.
    9. Details of your spouse/partner and dependants or other family members. This applies where, for example, you have instructed us on a family matter or in connection with a will, trust or similar arrangement.
    10. Details of your nationality and immigration status, and information from related documents, such as your passport or other identification and immigration information. This applies where, for example, you instruct us on an immigration matter.
    11. Marketing and communications data including, where relevant, your preferences in relation to receiving marketing and communications from us.
    12. Transaction data, including details about any payments to and from you.
    13. Technical data, including internet protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technological data relating to your use of our website.
  2. Note that failure to provide the personal data requested may prevent us from acting for you or may delay the provision of services.
  3. In most cases we will generally collect data about you directly from you by email, by phone or at a meeting with you. However, we may also need to acquire information about you:
    1. from publicly-available sources, including but not limited to the Land Registry of Barbados, Corporate Affairs and Intellectual Property of Barbados/Business Barbados, professional records and other membership records;
    2. from third parties with whom you have a relationship, including online databases, banks, building societies, financial institutions, other professionals and advisers, employers, professional bodies, medical professionals, trade unions and others as appropriate; and
    3. through information technology-related methods, including by the use of cookies on websites, messaging systems, access control systems, and email.
  4. Please note that it is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
  5. We may also obtain personal data about you in relation to your use of our website. This information may include your computer’s IP address and the operating system and web browser that you use to access our website. It enables us to identify who has visited our website. This information is used to produce statistical data on the use of our website and to help us to enhance the user experience in the future.

The purposes for which your information is used

  1. Data protection law requires that we only use your personal data for the purposes for which it was acquired, or where we have a proper reason for using it. Those reasons may include but are not limited to the following:
    1. Where you have given consent to the use of your personal data for one or more specific purposes.
    2. Where the use is necessary for the performance of a contract to which you are party, or in order to take steps at your request prior to entering into a contract.
    3. Where the use is necessary for compliance with a legal obligation that we are subject to.
    4. Where the use is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
  2. The reasons set out above represent the general position as to the purposes for which your personal data may be used. The specific position in relation to your personal data, however, is that we may use it for the following purposes:
    1. To provide you with legal, corporate, or fiduciary services, advice or representation, so that we can comply with our contract with you and/or take any steps that are necessary for us to take before entering into a contract with you.
    2. To prevent or detect fraud, either against you or against any other person involved in any matter in which you are involved. This will help to prevent any damage either to you, a third party or to us.
    3. To carry out identity checks and undertake information gathering and audits as required by the relevant regulatory bodies to comply with any legal and/or regulatory obligations to which you or we are subject.
    4. To carry out know-your-client and anti-money laundering checks.
    5. To undertake financial, embargo/sanction list and other security checks, and such other processing activities as are required for legal and regulatory compliance generally or specifically by your or our regulator(s).
    6. To gather and provide any information required by or relating to audits, enquiries or investigations by your, or our, regulator(s).
    7. To preserve the confidentiality of commercially sensitive information, and for our legitimate interests or those of a third party in relation to the protection of our, or another’s, intellectual property, and other commercially valuable information.
    8. To comply with our legal and regulatory obligations.
    9. To comply with our internal business policies, and for operational reasons such as security, confidentiality, competency and efficiency control, training and client care. This will help us to deliver the best service to you.
    10. For statistical analysis to enable us better to manage our business, for example in relation to our financial performance, client base, and range of services.
    11. For maintaining and updating records to ensure accuracy of processing and preventing unauthorised access and modifications to systems, and to prevent and detect criminal activity that could be damaging for us and for you.
    12. To comply with legal and regulatory obligations, and to make information returns to regulators and legally constituted bodies.
    13. To ensure safe working practices, and for staff administration and assessment purposes.
    14. For marketing our services to existing and former clients and third parties.
    15. For credit control and credit reference checks in relation to the services that we perform.
  3. The purposes set out above will not apply to what is termed ‘sensitive personal information’. This includes personal information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic and biometric data capable of identifying you, and data concerning health, sex life or sexual orientation. We will only ever process information of that nature with your explicit consent.

Contacting you

  1. In addition to the general matters dealt with in paragraph 3.2 above, we may also need to send you updates concerning legal, regulatory and other relevant developments in relation to you, the matter in connection with which we are instructed, your personal business or family interests, or other related matters which might concern you, or be of interest to you. This may be by post, telephone, email or text, and may include information about the legal and other services that we offer, and information relating to changes in those services.
  2. We regard ourselves as having a legitimate interest in processing your personal data for these purposes, and we take the view that we do not require your consent in order to do so. From time to time we undertake what are known as ‘legitimate interest assessments’ in order to balance our interests in contacting you with your interests in relation to your data. Where your consent is required by law, we will contact you specifically for this and will do so in a clear and transparent manner.

Sharing your data with others

  1. Notwithstanding the fact that we will not share your personal data for marketing purposes, it may be necessary for us to share your personal data with others. This may be in order to:
    1. carry out our legal, corporate, or fiduciary services for you;
    2. provide advice, assistance and representation to you;
    3. comply with our contractual obligations to you; or
    4. comply with any legal or regulatory obligations to which you or we are subject.
  2. Those with whom we may share your personal data include:
    1. professional advisers used in connection with the matter in which we are instructed by you;
    2. third parties involved in the matter in which we are instructed by you, for example financial services providers, banks, building societies, insurers and registrars;
    3. government and similar organisations;
    4. others within our Organisation;
    5. your/our regulators;
    6. our bank, insurers and insurance brokers;
    7. external auditors in relation to the audits; and
    8. suppliers of services required in relation to your matter.
  3. When sharing your personal data, we will ensure at all times that those with whom it is shared process it in an appropriate manner and take all necessary measures in order to protect it. We will only ever allow others to handle your personal data if we are satisfied that the measures which they take to protect your personal data are satisfactory having regard to the DPA.
  4. Please be aware that, from time to time, we may be required to disclose personal data and exchange information about you, or relating to you, with government, law enforcement and regulatory bodies and agencies in order to comply with our own legal and regulatory obligations.
  5. During the course of, and sometimes following the conclusion of, our instructions from you we may need to share your personal data with other third parties, for example those involved in a relevant or related transaction. We will only share that information which is necessary and relevant to share.
  6. From time to time it may be necessary for us to share data for statistical purposes, for example with our regulatory bodies. We will always take steps to try to ensure that information shared is anonymised; and where this is not possible we will require that the recipient of the information keeps it secure and confidential at all times. Steps will be taken at such time to ensure that the sharing of this information does not lead to a conflict between your interests and those of another client, third party or ourselves.

How your personal data is kept

  1. Your personal data will be kept secure at all times.
  2. Your personal data may be held at our offices, at third party agencies and service providers, and by our representatives and those agents used by us.
  3. Some of your data may be held on secure online databases. Where this takes place outside Barbados then the provisions set out in Paragraph 7 below will apply.
  4. We operate various security measures in order to prevent loss of, or unauthorised access to, your personal data. In order to ensure this, we restrict access to your personal data to those with a genuine business need to access it, and we have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
  5. Personal data that is processed by us will not be retained for any longer than is necessary for that processing, or for purposes relating to or arising from that processing.
  6. Where your personal data is retained after we have finished providing our services to you, or where the contract with you has ended in any other way, this will generally be for one of the following reasons:
    1. so that we can respond to any questions, complaints or claims made by you or on your behalf;
    2. so that we are able to demonstrate that your matter was dealt with adequately and that you were treated fairly; or
    3. in order to comply with legal and regulatory requirements.
  7. In general, we will retain your data for only so long as is necessary for the various objectives and purposes contained in this data privacy policy. Please note, however, that different periods for keeping your personal data will apply depending upon the type of data being retained and the purpose of its retention.
  8. We will retain your personal data as follows:
    1. contact details—so that we can inform you of updates concerning our services and about relevant developments in relation to you, the matter about which you instructed us, or other related matters which might concern you, or be of interest to you;
    2. accounts data, money laundering checks data documents and other regulatory requirements—for such period as they continue to be required in order adequately to conclude all of your matters, for such time as is necessary for compliance with a legal obligation that we are subject to, or in order to protect your vital interests or the vital interests of another natural person.
  9. We will delete and/or anonymise any personal data which it is no longer necessary for us to retain.

Transferring your data out of Barbados

  1. In order for us to provide you with the services in connection with which we have been instructed, it may be necessary for us to share your personal data with those who are outside Barbados; where, for example, those persons have offices outside Barbados, are based outside Barbados, where electronic services and resources are based outside of Barbados or where there is an international element to the instructions we have received from you. Where this is the case, special rules apply to the protection of your data.
  2. In such cases we will always take steps to ensure that, wherever possible, the transfer complies with data protection law, and that your personal data will be secure.
  3. For further information, please contact us.

Your rights in relation to your data

  1. The DPA gives you, the data subject, various rights in relation to your personal data that we hold and process. These rights are exercisable without charge, and we are subject to specific time limits in terms of how quickly we must respond to you. Those rights are set out in Sections 10–21 of the DPA. They are as follows:
    1. Right of access—the right to obtain, from us, confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to that personal data and various other information, including but not limited to the purpose for the processing, with whom the data is shared, how long the data will be retained and the existence of various other rights (see below).
    2. Right to rectification—the right to obtain from us, without undue delay, the putting right of inaccurate personal data concerning you.
    3. Right to erasure—sometimes referred to as the ‘right to be forgotten’, this is the right for you to request that, in certain circumstances, we delete data relating to you without undue delay.
    4. Right to restrict processing—the right to request that, in certain circumstances, we restrict the processing of your data.
    5. Right to data portability—the right, in certain circumstances, to receive the personal data which you have provided to us, in a structured, commonly used and machine-readable format, and the right to have that personal data transmitted to another controller.
    6. Right to object—the right, in certain circumstances, to object to personal data being processed by us where it is in relation to direct marketing, or in relation to processing supported by the argument of legitimate interest.
    7. Right not to be subject to automated decision making—the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
  2. Full details of these rights can be found in the DPA.
  3. In the event that you wish to exercise any of these rights you may do so:
    1. by contacting us using any medium you wish, including in writing, or by email; or
    2. through a third-party whom you have authorised for this purpose.
  4. Please bear in mind that there are some restrictions on your rights to exercise the rights set out above and that, in some cases, if you choose to exercise those rights we will be unable to perform the instructions you have given us. If that is the case, we may need to cease to act for you.

Keeping your data secure

  1. In order to ensure that data is kept secure, and to prevent there being any breach of confidentiality, we have put in place security measures which are intended to prevent your personal data from being accidentally lost or used or accessed unlawfully. Access to your personal data is restricted to those with a need to access it, and regard will be had to the need for confidentiality when that personal data is processed.
  2. In the event that there is a suspected data security breach you will be notified. Where relevant we will also inform the appropriate regulator of a suspected data security breach where we are legally required, or have a regulatory obligation, to do so.
  3. Please note that the transmission of information via the internet is not completely secure. Although we will do our best to protect personal data, we cannot guarantee the security of any data transmitted to us via our website, or to or from us via email. Any transmission using these methods is at your risk. Once we have received your information, we will be able to set up procedures and security features, such as encrypted emails, with a view to safeguarding against unauthorised access.
  4. We also take appropriate steps to keep your personal data safe from unauthorised access, improper use or disclosure, unauthorised modification, or unlawful destruction or accidental loss consistent with applicable law. This applies both to electronic and physical data, and to that end our premises are access controlled and electronic data requires users to use login and password authentication.
  5. All of our partners, staff and third-party service providers who have access to your personal data are subject to confidentiality obligations.

Making a complaint

  1. If you have any queries as to the acquisition, use, storage or disposal of any personal data relating to you, please contact us.
  2. We can be contacted at info@ft-legal.com.
  3. Notwithstanding our best efforts, inevitably sometimes things do go wrong. If you are unhappy with any aspect of the use and/or protection of your personal data, you have the right to make a complaint to the Data Protection Commission, who may be contacted in writing at the Ministry of Industry, Innovation, Science & Technology  5th Floor, SSA Building, Vaucluse, St. Thomas, Barbados; or by telephone at 1 (246) 536-1200 / 1 (246) 536-1212..

This data privacy policy

  1. The terms and provisions of this data privacy policy may be changed, updated and amended from time to time. If we do so during the time when we are providing you with services then we will inform you of those changes.

Date: 2026.03.09

x