1. Commitment to Personal Data Privacy

1.1. Conyers Dill & Pearman and its affiliated entities (collectively “Conyers”, “us” “our” and “we”) are committed to maintaining the security, confidentiality and privacy of Personal Data.

1.2. “Personal Data” means information associated with a specific identifiable individual (“Data Subject”) but does not include information about corporate or commercial entities.

1.3. This Personal Data Privacy Notice documents our commitment to protecting Personal Data.

1.4. All Conyers staff must conduct their business in compliance with the Conyers Personal Data Privacy Principles, as set out in this Personal Data Privacy Notice, and with all applicable Personal Data protection, privacy, secrecy, electronic communications and confidentiality laws and regulations, and any other applicable laws or regulations to the extent that they relate to Personal Data privacy (“Data Privacy Laws and Regulations” or “personal data privacy”).

2. Personal Data Privacy Principles

2.1. To ensure a consistent, accountable, global approach to data privacy compliance, Conyers has implemented the following set of Personal Data Privacy Principles which establish good data privacy practices, demonstrate compliance with Data Privacy Laws and Regulations and outline Conyers’ high-level commitments to handling and using the Personal Data it collects generates, holds and/or processes.

(a) Transparency: We will be clear and transparent as to how we collect and use Personal Data.

(b) Fair and lawful usage: We will only collect, process and store Personal Data lawfully and where we have legitimate reason to do so.

(c) Limited purposes: We will collect and process Personal Data for specified and lawful purposes, and will not use it for further, incompatible purposes without first taking all steps necessary under applicable Data Privacy Laws and Regulations.

(d) Data minimisation and adequacy: We will ensure collection, retention and processing of Personal Data is proportionate. We will strike an appropriate balance to ensure that we process sufficient data to carry on our business and achieve any specified lawful purpose, while making sure that we do not collect, retain or process excessive amounts of Personal Data.

(e) Data quality and accuracy: We will maintain appropriate standards of Personal Data quality and integrity, and we will implement policies in respect of Personal Data accuracy, including taking steps to avoid becoming out of date where appropriate.

(f) Data security and retention: We will retain Personal Data securely, implement appropriate Personal Data retention policies, and we will dispose of Personal Data securely when it is no longer required. We will ensure that appropriate processes are put in place so only Conyers staff with a business requirement to access such Personal Data are authorised and able to do so..

(g)  Training and awareness: We will ensure that Conyers staff with access to Personal Data are trained appropriately on their obligations regarding that Personal Data.

(h)  Data Subject’s rights: We will ensure that the Data Subject’s rights are observed in accordance with applicable Data Privacy Laws and Regulations, including any timelines established thereby.

(i) Third parties: Where we appoint a vendor or agent, we will require them to apply standards equivalent to the Conyers Personal Data Privacy Principles. We will only disclose Personal Data to governmental or judicial bodies or law enforcement or agencies or our regulators if required by applicable laws and regulations.

(j) Data transfers: Where we voluntarily transfer Personal Data to another Conyers entity, third party or to another jurisdiction, we will ensure that the personal data transfer is lawful and that the recipient is required to apply the same, or equivalent, standards as the Conyers Personal Data Privacy Principles.

3. Responsibility

3.1. Conyers is responsible for Personal Data in its possession or control. We have designated an individual to be responsible for compliance with this Personal Data Privacy Notice and have adopted procedures to protect Personal Data, receive and respond to complaints, access requests and inquiries, train staff regarding policies and procedures and communicate our policies to a Data Subject as required. We will monitor ongoing developments in privacy legislation and make changes to this Personal Data Privacy Notice as required.

3.2. For the purposes of the European Union’s General Data Protection Regulation and the Cayman Islands’ Data Protection Law, Conyers collects and processes Personal Data and acts as a Data Controller. In delivering our services, Personal Data that is collected through our website or by any of our staff may be transferred between our servers and offices, including our data centre, which is located in Toronto, Canada. As such our various offices may act as joint Data Controllers of Personal Data. Our London office acts as our European Union representative. Further, where we use the services of third parties as Data Processors, whether as software as a service or for cloud server storage, we confirm their responsibilities as Data Processors.

4. What We Collect

4.1. In addition to Personal Data provided to us through our staff or website, we may also collect information that is publicly available. The Personal Data we may hold includes:

(a) Contact information, including name, telephone number, address and email address;

(b) Occupation and employer details;

(c) Identification documents (which may include gender, nationality, photograph, signature, date of birth, etc.) and numbers necessary to meet our legal obligations, such as those related to anti-money laundering and “know-your-customer” requirements;

(d) IP addresses; and

(e) Details related to marketing our services, including recording usage of our website and the mailing lists for which a Data Subject have subscribed or unsubscribed.

5. Purposes

5.1. Conyers comes into the possession of Personal Data in order to provide professional services. Conyers only collects and processes Personal Data if it is lawful to do so, specifically where:

(a) it is required to fulfil a contract with a Data Subject;

(b) it is required for us to comply with the law or to comply with a court order;

(c) it is necessary for us to perform a task in the public interest;

(d) it is necessary for our legitimate interests, or the legitimate interests of a third party;

(e) except in relation to sensitive Personal Data or where use of the Personal Data would prejudice the rights of the Data Subject, it is reasonable for Conyers to consider that the Data Subject would not reasonably be expected to request that the use of their Personal Data should not begin or cease; or

(f) a Data Subject has provided us with their consent.

5.2. Personal Data may be used for the following purposes:

(a) to meet our regulatory, legal and professional obligations;

(b) to establish and manage our relationship with a Data Subject;

(c) to provide legal advice and services; including but not limited to, corporate service provider services, trustee services, accounting, management and payroll services;

(d) to monitor and manage the performance of our business operations;

(e) to manage conflicts of interest;

(f) to analyse performance, and generate internal reports;

(g) to assess risks including legal and financial risks;

(h) to invoice and process payments;

(i) to process applications for employment;

(j) to monitor visitor traffic to and usage of the Conyers website;

(k) to market our services;

(l) to engage in business transactions;

(m) to prevent fraud;

(n) to undertake network and information security activities; and

(o) for any other purposes for which we have a Data Subject’s consent, or for which Conyers or its third parties have a legitimate interest.

5.3. Conyers collects and processes Personal Data in order to fulfil its contractual obligations with a Data Subject and to meet our applicable statutory obligations. If a Data Subject decides not to provide us with necessary Personal Data this may prevent us from meeting our legal obligations, and therefore prevent us from performing our services.

6. Transfer of Information

6.1. Transfers to Third Parties. Conyers may, from time to time, use third parties in the course of conducting its business. Conyers will use reasonable efforts to ensure that third parties are bound by the terms of this Personal Data Privacy Notice or a similar policy.

6.2. International Transfers. Data Subject Personal Data may be transferred to or accessed from countries that may not have data protection laws equivalent to those of a Data Subject country. Unless we have Data Subject consent to transfer Data Subject Personal Data, the transfer is necessary for the performance of a contract, for the establishment, exercise or defence of legal claims, or is otherwise permitted by applicable data protection and privacy laws, we will only transfer Data Subject Personal Data to a country considered to have an adequate level of protection. If such a country does not have equivalent privacy laws, Conyers will ensure it has the appropriate safeguards in place; such safeguards may include binding corporate policies and procedures, standard contractual data protection clauses approved by applicable supervisory authorities, an approved employee code of conduct, or an approved certification mechanism.

6.3. Conyers may be required to transfer Data Subject Personal Data to government or regulatory authorities if required by applicable law.

7. Data Subject’s Rights

7.1. Right to Access.  A Data Subject has the right to request and obtain from us the details of Data Subject Personal Data and how it is processed, including the purposes of processing, whether it has been disclosed to third parties, and how long we intend to hold on to the data. Data Subject information will be provided upon written request and we reserve the right to request authentication of identity in the event of such a request.

7.2. Right to Withdraw Consent.  Where a Data Subject has consented to us processing Data Subject Personal Data, the Data Subject has the right to withdraw that consent at any time. If we consider that the withdrawal of such consent will impede our ability to provide any service to the Data Subject we reserve the right to terminate our service in the event of such a withdrawal.

7.3. Right to Accuracy/Rectification.  A Data Subject has the right to request that we rectify inaccurate Personal Data concerning the Data Subject.

7.4. Right to Object To or Restrict Processing.  A Data Subject has the right to object to or request that we restrict processing their Personal Data if:

(a) they believe the Personal Data we hold about them is inaccurate;

(b) they believe the processing is unlawful but they oppose us erasing their Personal Data;

(c) we no longer need to process the Personal Data but they require it for the establishment, exercise or defence of legal claims; or

(d) they object to the grounds upon which we have determined that processing their data is legitimate.

We are required to comply with their request unless the processing is to meet the conditions of a contract, under a legal obligation, in order to protect the vital interests of an individual, or otherwise permitted under applicable law.

7.5. Right to Object to Processing for Direct Marketing. A Data Subject has the right at any time to object to the processing of their data for direct marketing purposes.

7.6. Right to Avoid Automated Decision Making. A Data Subject has the right not to be subject to a decision based solely on automated processing (i.e. a decision made without human involvement), including profiling, which produces legal or similarly significant effects concerning them, unless it is necessary for entering into, or the performance of, a contract between the Data Subject and Conyers.

7.7. Right to Data Portability.  A Data Subject has the right to receive their Personal Data in a machine-readable format and the right to have that information transferred to another data controller, where technically feasible.

7.8. Right to Erasure/”Right to Be Forgotten”.  A Data Subject has the right to request for us to erase their Personal Data. We will fulfil this request provided that there are no legal requirements for us to continue processing their Personal Data.

7.9. A Data Subject’s Right to Raise Concerns.  Conyers has procedures in place to receive and respond to complaints or inquiries about our policies and practices relating to the handling of Personal Data. If a Data Subject has any questions or concerns about their Personal Data or how it is being used by Conyers, they can contact our Data Protection Officer at the address below. If we are unable to satisfactorily address their concerns, they have the right to communicate with the relevant supervisory authority.

8. Cookies and our Website

8.1. Our website uses cookies. Find out more about cookies, how we use them, and how to manage them below.

8.2. Cookies are small files that are downloaded onto a Data Subject’s computer to help improve their browsing experience and enable us to evaluate how people use our website. We currently use a session cookie and a persistent cookie. The session cookie is temporary and stored on their computer only for as long as they visit our website. The persistent cookie is uploaded to their computer only after they check the “Remember Me” box and enables them to store information to more quickly access password protected portions of our website.

8.3. Our website may from time to time contain links to third party websites. Conyers does not take responsibility for the privacy practices of any third party website. Please advise the Data Subject to read the policies of any third-party website they visit.

8.4. Third-party vendors, including Google, may use cookies to serve ads based on a user’s past visits to our website. Third-party advertising vendors, including Google, may show our ads on sites across the Internet based on a Data Subject’s past browser history. This practice is commonly known as remarketing.

8.5. Most web browsers, including Chrome, Internet Explorer, and Safari accept cookies and allow a Data Subject to control their cookie settings on their computer or other device. To control the use of cookies on their device, including deleting and blocking the cookies any website uses, including ours, a Data Subject may do so within their browser settings. A Data Subject may also use the cookie management tool on our website to select their cookie preferences for our website. Please note that any changes may affect their ability to properly use our website.

8.6. A Data Subject can opt out of Google’s use of cookies by visiting Google’s Ads Settings. Alternatively, they can opt of out of a third-party vendor’s use of cookies by visiting the Network Advertising Initiative opt-out page. They can also opt out of being tracked by Google Analytics across all websites by visiting: http://tools.google.com/dlpage/gaoptout.


9. Contact Us

9.1. If a Data Subject has any questions about this Personal Data Privacy Notice or their Personal Data they may direct their inquiries in writing to the Data Protection Officer at [email protected] or write us at P.O. Box 666, Hamilton HM CX, Bermuda.

9.2. Conyers reserves the right to amend this Personal Data Privacy Notice from time to time without prior notice to Data Subjects. Please check our website periodically at www.conyers.com to see if any changes have been made.

Last updated October 2024.