Privacy Notice

CANTERBURY LAW LIMITED

PRIVACY NOTICE

INTRODUCTION

Canterbury Law Limited is a Bermuda professional law company. References to “Canterbury”, “we” or “us” in this Privacy Notice mean Canterbury Law Limited.

This Privacy Notice sets out information about Canterbury’s practices and policies and your rights with respect to your personal information. It is important that you read this Privacy Notice together with any other privacy notice or data privacy policy we may provide on specific occasions when we are using personal data about you so that you are aware of how and why we are using it.

We may amend this Privacy Notice at any time and for any reason. Every update will be published on our website, (www.canterburylaw.bm).

Effective January 1, 2025, Canterbury is bound by Bermuda’s Personal Information Protection Act 2016 (“PIPA”) and therefore all personal data that we use in Bermuda is subject to PIPA, unless an exemption applies as specified in PIPA.

Pursuant to PIPA, all personal data that we acquired prior to January 1, 2025 is deemed to have been collected with your consent and may be used by Canterbury for the purposes for which the information was then collected.                                               

In this Privacy Notice all legal terms such as use, using, organisation, personal information, sensitive personal information, privacy notice, privacy officer, etc., shall have the meanings given to them in PIPA.  PIPA defines “use” or “using”, in relation to personal information, to mean:

“Carrying out any operation on personal information, including collecting, obtaining, recording, holding, storing, organising, adapting, altering, retrieving, transferring, consulting, disclosing, disseminating or otherwise making available, combining, blocking, erasing or destroying it.”

The term “personal data” when used in this Privacy Notice means personal information.  The term “data subject” means you, our client, our employee, or some other person whose personal data we use.

Commissioner” means the Privacy Commissioner appointed under PIPA.

PRINCIPLES AND RULES THAT GUIDE US

Pursuant to PIPA, Canterbury is committed to:

  • acting in a reasonable manner when meeting its responsibilities under PIPA;
  • using personal information in a lawful and fair manner;
  • ensuring that the use of personal data is proportionate;
  • using personal information in a manner which recognizes both the need to protect the rights of individuals in relation to their personal information and the need for our organisation to use personal information for legitimate purposes;
  • adopting suitable measures and policies to give effect to our obligations and your rights under PIPA that take into account the nature, scope, context and purposes of our use of personal information and the risk to you by such use;
  • ensuring that personal information is adequate, relevant and not excessive in relation to the purposes for which it is used;
  • ensuring that any personal information used is accurate and kept up to date to the extent necessary for which it is used; and
  • ensuring that personal information is not kept for longer than is necessary for that use;
  • protecting personal information that we hold with appropriate safeguards against risk;
  • ensuring that our employees with access to personal information are trained appropriately on their PIPA Obligations;
  • ensuring that vendors and agents or third parties with whom we lawfully share personal data are required to, or agree by contract or binding corporate rules to apply equivalent safety standards.

 

WHAT PERSONAL INFORMATION WE USE

The personal information we use may include:

  1. contact information, including your name, telephone numbers (home, work and mobile), postal and physical home and business address, email address, etc.;
  2. occupation and employment details including your qualifications, employment history, employer’s name and contact details, your position, any directorships and offices you hold, social insurance number, etc.;
  3. personal identification documents (which may include passport details, gender, nationality, immigration status, driver’s licence, utility bill, photograph, signature, date of birth, personal data relating to court cases, claims and criminal convictions, and data required to meet our legal obligations, such as those related to proceeds of crime (POC) laws and anti-money laundering (AML) and anti-terrorist-financing (ATF) and Customer Due Diligence (CDD) and ‘Know Your Client’ (KYC) requirements;
  4. family status and relationships including marital status, being pregnant, the identity of your spouse/partner and personal information about them, next of kin details, the names and ages and number of your children, your marriage, divorce and family death certificates, etc.
  5. financial information including your bank account details and names of joint account holders, sources of wealth, your assets, shareholdings, credit history, etc. (including for the purpose of processing payments and transactions);
  6. personal information about client legal matters in relation to which we are hired as attorneys, which can include a wide assortment of personal and sensitive personal information;
  7. information about your health status, medical history and health insurance, and about your family members’ health and insurance; and/or
  8. details related to marketing our services, or providing you with relevant legal updates.

SOURCES OF PERSONAL DATA

We may collect personal information about our clients, employees, consultants, experts, advisors, contractors, suppliers, doctors, witnesses, etc. from a whole range of sources including:

  1. public sources, including the internet, social media, company records, the Land Registry, the Registry General, insurance industry databases, credit reporting agencies, the electoral roll, etc.;
  2. you or your family members when you fill in forms and give us information and documentation after requesting our legal services, or when we correspond with you by phone, email or otherwise, or when you apply for employment with us;
  3. information gathered through client due diligence (CDD) carried out by us in compliance with our regulatory requirements (e.g. on various databases);
  4. organizations with which you are associated;
  5. other attorneys or advisors who might be working with us to provide services to you;
  6. our clients in connection with matters upon which we are or may be instructed;
  7. our staff members who might know you; and
  8. other lawful sources.

CONDITIONS FOR USE OF YOUR PERSONAL DATA

We may only use your personal information if one or more of the following conditions are met:

  • you have knowingly consented to Canterbury using your personal data. We will provide you with clear, prominent, easily understandable and accessible ways for you to give consent (except where it can be reasonably implied from your conduct that you consent to the use of your personal data for all intended purposes that were notified to you, save that this exception does not apply to sensitive personal information).

When you consent to the disclosure of personal information by an intermediary for a specified purpose, you will be deemed to have consented to the use of your personal information by the receiving organisation for the specified purpose.

You will also be deemed to have consented to the use of your personal data for the purpose of coverage or enrolment under an insurance, trust, benefit or similar plan if you have an interest in or get a benefit from that plan (e.g. health insurance, pension, social insurance, etc.).

If the condition that we have relied on for using your personal information is consent, you have the right to withdraw your consent at any time.

  • a reasonable person giving due weight to the sensitivity of the data would consider:
  1. that you would not reasonably be expected to request that the use of your data should not begin or cease; and
  2. the use does not prejudice your rights

 

  • The use of the data is necessary:
  1. for the performance of a contract to which you are a party (e.g. our engagement letter contract with you to provide and receive legal services); or
  2. for the taking of steps at your request with a view to entering into a contract (e.g. when we carry out conflict checks for new clients)

 

  • the use of the personal information is pursuant to a provision of law that permits or requires such use;
  • the personal information is publicly available information and will be used for a purpose that is consistent with the purpose of its public availability (e.g. Registrar of Companies);
  • the use is necessary to respond to an emergency that threatens your life, health or security or that of the public; or
  • the use is necessary in the context of your current, past or potential employment relationship with Canterbury.

If we are unable to meet any of the above conditions for use, then we may use personal information only if:

  1. the personal data was collected from, or is disclosed to, a public authority which is authorised or required by a statute to provide the personal information to, or collect it from us;
  2. the use is for the purpose of complying with an order made by a court, individual or body having jurisdiction over Canterbury;
  3. the use is for the purpose of contacting your next of kin or a friend if you are injured, ill or deceased;
  4. the use is necessary to collect a debt owed to Canterbury or for Canterbury to repay to you money owed by us;
  5. the use is in connection with disclosure to a surviving spouse or relative of a deceased person if in our reasonable opinion, the disclosure is appropriate; or
  6. the use is reasonable to protect or defend Canterbury in any legal proceeding.

All the above conditions and obligations are applicable when we transfer personal information to an overseas third party, in addition to other obligations set out below.

SENSITIVE PERSONAL INFORMATION

Canterbury, shall never, without lawful authority, use sensitive personal information in order to discriminate against you in violation of the Human Rights Act 1981.

Sensitive personal data is used with lawful authority if and only to the extent that the sensitive personal information is used:

  1. with your consent;
  2. in accordance with an order by either the court or the Commissioner;
  3. for the purposes of any criminal or civil proceedings; or
  4. in the context of recruitment or employment where the nature of the role justifies such use.

PURPOSES FOR WHICH YOUR PERSONAL INFORMATION IS OR MIGHT BE USED

In compliance with PIPA, Canterbury uses or may use your personal data for legitimate purposes or for purposes that are related to those specific purposes, save that this purpose limitation shall not apply:

  1. when you have knowingly consented to the use of your personal data;
  2. when the use of your personal data is necessary to provide a service or product required by you (e.g. you require our legal services);
  3. where the use of personal data is required by any rule of law or by the order of the court;
  4. where the use of personal data is for the purpose of detecting or monitoring fraud or fraudulent misuse of personal information;
  5. where the personal data is used for the purposes of scientific, statistical or historical research, subject to the appropriate safeguards for your rights.

Canterbury provides litigation and legal advisory services to its clients, both locally and abroad. It appoints directors and employs employees and engages independent contractors. Accordingly, legitimate purposes for which Canterbury may use your personal data include:

  1. providing legal services (such as advice and litigation representation) to our clients;
  2. performing a contract – we require personal information from you to enter into a contract with you (through a signed engagement letter that incorporates our Terms of Business) or to perform that contract that we have entered into and to invoice you for legal services provided;
  3. complying with all legal and regulatory obligations – This includes undertaking Customer Due Diligence (CDD) and background checks to comply with proceeds of crime (POC) and anti-money laundering (AML)/anti-terrorist financing (ATF) laws and/or other legal or regulatory obligations. As part of our obligations under the Proceeds of Crime (Anti-Money Laundering and Anti-Terrorist Financing Supervision and Enforcement) Act 2008 and related legislation, Canterbury is required to obtain from each client certain personal information and sensitive personal information and maintain the same on file (both electronic files and paper files) for at least 5 years. All such information is provided by each client to us voluntarily if they wish to retain us as attorneys;
  4. conducting administrative or operational processes within our business and/or assessing risks to our business, including legal, financial and cyber risks, and/or or undertaking network and IT security activities.
  5. exercising, enforcing and/or defending Canterbury’s rights or for the purpose of legal proceedings;
  6. responding to requests, enquiries or complaints received from you or someone connected to you;
  7. employing and managing our employees and engaging our independent contractors, and appointing our directors;
  8. marketing our services (with your consent) for the purpose of developing and growing our business and client and supplier relationships, understanding the needs of our clients and prospective clients, and providing commentary on legal issues. You may opt out of receiving marketing communications from us at any time; and
  9. for other legitimate purposes for which we have your informed consent.

Canterbury will only rely on the above legitimate purposes to use your personal data where those legitimate interests are not overridden by your rights in relation to your personal information and where such use is not in conflict or inconsistent with the Human Rights Act 1981.

We will use your personal data only for the purpose(s) for which we collected it, unless we reasonably consider that we need to use it for another purpose that is related to the original purpose.

If we need to use your personal data for an unrelated legitimate purpose, we will give you notice of this, and we will explain the legal basis which allows us to do so.

Please note that we may use your personal data without your knowledge or consent in compliance with the above legitimate purposes, where this is required or permitted by law.

Notwithstanding any other provision of PIPA, Canterbury may, for the purposes of a business transaction between itself and one or more other organisations (e.g. purchase, sale, lease, merger, amalgamation, etc.), use personal information in accordance with certain conditions imposed by PIPA.  If the business transaction does not proceed or is not completed, the party to whom we disclosed your personal information shall, if the personal information is still in their custody or under their control, either destroy the personal information or turn it over to us.

Canterbury Law does not engage in any automated decision-making or profiling. “Automated decision-making” means a decision based solely on automated processing of personal data (without human intervention) which produces legal effects concerning the person or otherwise significantly affects the person.

PERSONS AND ORGANISATIONS TO WHOM WE MIGHT DISCLOSE YOUR PERSONAL INFORMATION

We may share personal information we collect with:

  1. employees who assist us in providing legal and marketing services, but their use shall be limited to the performance of their duties and in line with a legitimate purpose for use. Our staff are required to keep that information confidential and are not permitted to use it for any purposes other than to assist in the provision of legal services, and for the purposes of facilitating our use of that information in accordance with this Privacy Policy;
  2. third-party agents, service providers or independent contractors engaged by us such as IT service and data storage providers, telecommunications providers, analytics providers, auditors, accountants, investigators, experts, translators, insurers, document destruction personnel, external legal advisors, and financial institutions with whom we and you transact (including where the information is required as part of that third party’s own processes to satisfy their legal or regulatory obligations, such as, KYC, AML/ATF checks etc.);
  3. law enforcement agencies, courts or tribunals, government public authorities, registrars, regulators or similar third parties (whether within or outside the country in which you reside) as may be permitted or required by the laws of any jurisdiction that may apply to us, including for the purposes of complying with our legal and regulatory obligations. We do not propose to disclose or share any of your personal information or sensitive personal information without your consent, save as may be required by law. Note that the Barristers and Accountants AML/ATF Board may have access to your personal information and/or sensitive personal information as part of its supervisory authority over law firms in Bermuda. We are unable to prevent potential access to any client’s personal information and/or sensitive personal information by the Board. Information about the power and authority of the Board can be found at amlatfboard.bm;
  4. other third parties as provided for or required under contract, or as we deem otherwise reasonably necessary to provide our legal services e.g. counterparties to transactions or litigation. We will take reasonable efforts to notify you before we disclose information that may reasonably identify you or your organisation, unless giving prior notice is prohibited by applicable law or is not possible or reasonable in the circumstances;
  5. service providers, advisors, potential transactional partners, or other third parties in connection with the consideration, negotiation, or completion of a transaction in which we are acquired by or merged or amalgamated with another entity or we sell, liquidate, or transfer all or a portion of our assets;
  6. referees of potential new employees or consultants or suppliers of Canterbury for the purpose of seeking and receiving references and confirmation of details of job candidates.
  7. third-party websites, plug-ins and applications to which our website may be linked. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and cannot be responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of each website you visit.

We will not share any personal information with any third parties except as expressly described in this Privacy Policy or with your prior informed consent, subject to the exceptions contained herein.

We may share anonymised information that does not reasonably identify you or your organisation.

Canterbury does not use cookies, or other tracking technologies to collect data.

TRANSFERS ABROAD

On occasion we will transfer to an overseas third party personal information for use by that overseas third party on our behalf, or for the overseas third party’s own business purposes; e.g., when a matter involves obtaining legal or other professional advice from another country, we may need to transfer details about your matter to a legal advisor who is providing supplementary advice on your matter.

Canterbury will adopt the following safeguards when transferring personal data overseas.

Before making any such transfer, we will assess the level of protection provided by the overseas third party for that personal information.  When doing so, we will consider the level of protection afforded by the law applicable to such overseas third party.  We will also have regard to whether the Minister has designated that jurisdiction as providing a comparable level of protection to PIPA for this purpose.

If we reasonably believe that the protection provided by the overseas third party is comparable to the level of protection required by PIPA (which may be evidenced by the third party’s adoption of a certification mechanism recognised by the Commissioner), we may rely on such comparable level of protection while the personal information is being used by the overseas third party.  For e.g., information that is sent abroad to a country that is within the European Economic Area (EEA) is protected by GDPR data privacy legislation that is similar to the protection afforded by PIPA.  In addition, if the transfer is to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission (e.g. Guernsey, Jersey, etc.), we will also rely on that protection.

Where this is not the case, we will employ contractual mechanisms, corporate codes of conduct including binding corporate rules, or other means to ensure that the overseas third party provides a comparable level of protection to PIPA. In particular, Canterbury will require by contract that any overseas third party to which it discloses your personal data will agree to:

  1. only use that personal data for the purposes for which it was disclosed;
  2. use technical and organizational measures which are reasonable in the circumstances to secure that personal data;
  3. delete that personal data when it is no longer required; and
  4. treat that personal data in accordance with this Privacy Notice and that country’s local data privacy law (if any).

Notwithstanding all of the above, we may transfer personal information to an overseas third party if the transfer of the personal information is necessary for the establishment, exercise or defence of legal rights, or we assess all the circumstances surrounding the transfer of personal information to the overseas third party and reasonably consider that the transfer of personal information is small-scale, occasional, and unlikely to prejudice your rights.

SECURITY SAFEGUARDS AND ACTIONS WE WILL TAKE IN THE EVENT OF A BREACH

Canterbury shall protect personal information that it holds with appropriate safeguards against risk, including:

  1. loss;
  2. unauthorized access, destruction, use, modification or disclosure; or
  3. any other misuse.

Such safeguards shall be proportional to:

  1. the likelihood and severity of the harm threatened by the loss, access or misuse of the personal information;
  2. the sensitivity of the personal information (including whether it is sensitive personal information); and
  3. the context in which it is held,

and shall be subject to periodic review and reassessment.

Canterbury’s technology and control mechanisms are designed and monitored by Smith Technologies Ltd. in Bermuda and are periodically assessed for security purposes.

Please take important note that the security of your information cannot be assured when you transmit your personal information to us over networks that we do not control, including the internet (e.g. by email) and wireless networks (e.g. by WhatsApp).  Accordingly, whilst we will use encryption methods where necessary to help keep your personal information secure, we cannot guarantee that hackers, cyber criminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal or modify your information.

We will take your chosen use of a particular mode of communication as permission for us to communicate with you using the same mode of communication unless otherwise expressly instructed by you.

In the event of a breach of security leading to the loss or unlawful destruction or unauthorized disclosure of or access to personal information, which is likely to adversely affect a person, we will, without undue delay:

  1. notify the Commissioner of the breach; and
  2. notify any individual affected by the breach.

Our notification to the Commissioner will describe the nature of the breach, its likely consequences for the person concerned, and the measures taken and to be taken by Canterbury to address the breach.

DATA RETENTION

We will only retain your personal information for so long as is reasonably necessary for any of the purposes set out in this Privacy Notice, including for the purposes of satisfying any legal, accounting, regulatory or reporting requirements.

Thereafter we will destroy, erase, return to you, or anonymize documents or other records containing personal information as soon as it is reasonable to assume that there is no longer a legitimate purpose for holding it.

To determine the appropriate retention period for personal data, we consider:

  1. the amount, nature, and sensitivity of the personal data,
  2. the potential risk of harm from unauthorised use or disclosure of your personal data,
  3. the purposes for which we process your personal data; and
  4. whether we can achieve those purposes through other means, as well as the applicable legal requirements.

In some circumstances you can ask us to delete your data; see below for further information.

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

YOUR RIGHTS WITH RESPECT TO YOUR PERSONAL INFORMATION

Below we set out the choices and means for limiting the use of, and for accessing, rectifying, blocking, erasing and destroying your personal information, in accordance with PIPA 2016.

Access to personal Information

 (1)  Subject to subsections (2) to (4) below and to section 18 (medical records), upon your request for access to your personal information, and having regard to that which is reasonable, Canterbury will provide you with access to:

  1. personal information about you that is in our custody or under our control;
  2. the purposes for which the personal information has been and is being used by us; and
  3. the names of the persons or types of persons to whom and circumstances in which the personal information has been and is being disclosed.

(2) We may refuse to provide access to personal information under subsection (1) if:

  1. the personal information is protected by any legal privilege;

  2. the disclosure of the personal information would reveal confidential information about Canterbury or of a third party that is of a commercial nature and it is not unreasonable to withhold that information;
  3. the personal information is being used for a current disciplinary or criminal investigation or legal proceedings, and refusal does not prejudice your right to receive a fair hearing;
  4. the personal information was used by a mediator or arbitrator, or was created in the conduct of a mediation or arbitration for which the mediator or arbitrator was appointed to act under an agreement or by a court; or
  5. the disclosure of the personal information would reveal Canterbury’s intentions in relation to any negotiations with you to the extent that the provision of access would be likely to prejudice those negotiations.

(3) We will not provide access to personal information under subsection (1) if:

  1. the disclosure of the personal information could reasonably be expected to   threaten   the life or security of a person;
  2. the personal information would reveal personal information about another person; or
  3. the personal information would reveal the identity of a person who has in confidence provided an opinion about another person and the person providing the opinion does not consent to disclosure of his identity,

unless it is reasonable in all the circumstances to provide access.

If we are reasonably able to redact the information referred to in subsection (2)(b) or (3)(b) or (c) from the personal information about the person who requested it, we will provide the person with access to his/her personal information after redacting the former information.

Rectification, blocking, erasure and destruction

Request correction

You may make a written request to Canterbury to correct an error or omission in any of your personal information which is under our control. If there is an error or omission, we will correct the personal information as soon as reasonably practicable.

We may need to verify the accuracy of the new data you provide to us. It is important that the personal data we hold about you is accurate and current.  Please keep us informed if your personal data changes during your relationship with us.

If we have disclosed the incorrect information to other organisations, we will send a notification containing the corrected information to each of them if it is reasonable to do so, informing those organisations that they must then correct the personal information.

Please note that we must obtain the consent of the writer of an opinion, including a professional or expert opinion, before making a correction to or otherwise altering such opinion. If consent is not provided, we will note what is contained in your written request to change any error or omission in the opinion in a manner that links that request with that opinion.

Request erasure 

You may request that Canterbury cease, or not begin, using your personal information for the purposes of advertising, marketing or public relations. On receiving such a request, we will stop, or not begin, doing such things.

You may also request that we cease, or not to begin, using your personal information where the use of that personal information is causing or is likely to cause substantial damage or substantial distress to you or to another person.  On receiving such a request, we will either cease, or not begin, using the personal information that you have identified in your request, or we will provide you with written reasons as to why the use of such personal information is justified.

You may also request that that we erase or destroy personal information about you where that personal information is no longer relevant for the purposes of its use. On receiving such a request, we will erase or destroy the personal information that you have identified in your request, or provide you with our written reasons as to why the use of such personal information is justified.

 

Procedure for making a request under section 17 (personal information), 18 (medical records) or 19 (rectification, blocking erasure and destruction)

  • In order to obtain access to your personal information or make a request for a correction to your personal information, you must make a written request to Canterbury setting out sufficient detail to enable us, with a reasonable effort, to identify the personal information in respect of which your request is made.
  • You may ask for a copy of your personal information or ask to examine your personal
  • Canterbury will promptly acknowledge in writing receipt of your request, including the date of your request, and we shall at the same time inform you, if there is insufficient detail in the request, what information is required to complete your request.
  • Subject to subsection (5) below, when a completed request has been received, we will respond to the request not later than:
    1. 45 days from the day on which we received the written request; or
    2. the end of an extended time period if the time period is extended under subsection (6).
  • We are not required to comply with subsection (4) whilst any requests to the

Commissioner made by you or Canterbury regarding the scope of rights or obligations pertaining to your request under section 17 (access to personal information), 18 (access to medical records) or 19 (rectification, blocking, erasure and destruction) are pending.

  • Canterbury may, with respect to a request made under section 17 (access to personal information) or 18 (access to medical records), extend the period for responding to the request by no more than 30 days, or for such longer period as the Commissioner may permit, if:
    1. a large amount of personal information is requested or needs to be searched or corrected;
    2. meeting the time limit would unreasonably interfere with our operations; or
    3. more time is needed to consult with a third party before we are able to determine whether or not to give you access to the requested personal
  • If the period for responding is extended under subsection (6), we shall inform you of the following:
    1. the reason for the extension; and
    2. the time when a response from us can be
  • If you make a request under section 17 (access to personal information) or 18 (access to medical records), we may charge you a fee not exceeding the prescribed maximum for access to your personal information except where your request results in the correction of an error or omission in your personal information that is under our control (which is free of charge).
  • We will not charge a fee if we are prevented from doing so by our professional regulatory body (Bermuda Bar, AML/ATF Supervisory Board, etc.).
  • If we intend to charge you a fee for a service, we may require you to pay all or part of   the fee in advance, as determined in our discretion.
  • The Minister may, in consultation with the Privacy Commissioner, prescribe any applicable fees.
  • We are not required to comply with section 17, 18 or 19 of the Act if your request is

manifestly unreasonable.

  • If we refuse to take action at your request, we will inform you in writing of our reasons for the refusal and of the right to contact the Commissioner to make a complaint.

Compensation for financial loss or distress

If you (being a natural person) suffer:

  1. financial loss; or
  2. emotional distress,

by reason of Canterbury’s failure to comply with any of the requirements of this Act, you have a right to seek compensation from Canterbury.

In legal proceedings brought against Canterbury for failure to comply with this Act, is a defence for Canterbury to prove that we had taken such care as in all circumstances was reasonably necessary to comply with the requirement.

The amount of compensation that you might be entitled to under this section for each contravention shall be determined by a court.

Exemptions

 PIPA provides exemptions to the above-mentioned rights.  Parts 2 (General Principles and Rules) and 3 (Rights of Individuals) of PIPA do not apply to the use of personal information in any case where such use is required for:

  1. the prevention or detection of crime and compliance with international obligations regarding the detection, investigation and prevention of crime;
  2. the apprehension or prosecution of offenders;
  3. the assessment or collection of any tax or duty;
  4. the prevention, investigation, detection and prosecution of breaches of ethics for regulated professionals; or
  5. the economic or financial interests of Bermuda, including monetary, budgetary and taxation matters, compliance with international tax treaties and any monitoring, inspection or regulatory function exercised by official authorities for monetary, budgetary and taxation purposes in Bermuda,

to the extent that the application of those Parts would be likely to prejudice any of the above matters.

Power of Commissioner to authorise Canterbury to disregard certain requests

In response to a written request by Canterbury, the Commissioner may authorise us to disregard one or more requests made under sections 17 (personal information), 18 (medical records) or 19 (rectification, blocking erasure and destruction) if, because of their repetitious or systematic nature, the requests would unreasonably interfere with our operations or amount to an abuse of the right to make those requests or are otherwise frivolous or vexatious.

Right to ask for a Review or initiate a Complaint

If you made a request to Canterbury respecting your personal information, you may ask the Commissioner to review our decision, action or failure to act.

Alternatively, you may initiate a written complaint with respect to the matters referred to in section 29(2) of PIPA, namely:

  1. Canterbury has not performed an obligation that it has under PIPA;
  2. a right set out in this Act has not been observed;
  3. we have used personal information in a way that is contrary to PIPA;
  4. we are not in compliance with PIPA.

To submit a complaint you can write a letter or email to our Privacy Officer (see below) that should contain:

  1. your name;
  2. a summary of your complaint;
  3. a written description of the specific circumstances;
  4. a summary of other steps taken, if any, to resolve your complaint; and
  5. a preferred method of contact about your complaint (mailing address or email address)

If the Commissioner is satisfied that there are other grievance, complaint or review procedures available for the purposes of resolving matters for which a review may be requested or a complaint may be initiated, the Commissioner may require that you first exhaust those other procedures with a view to resolving the matter before the Commissioner proceeds to hear or otherwise deal with your review or complaint.

To ask for a review or to initiate a complaint under this Part, you must deliver a written request to the Commissioner. Certain timelines apply as prescribed in PIPA. The Commissioner may disregard your request if he/she believes the request is without merit or where there is insufficient evidence to proceed.

Please keep in mind that requests for access, amendments, or corrections are not privacy complaints.  Note also that complaints about the privacy of a company, corporation or any entity other than a natural person are not governed by PIPA.

PRIVACY OFFICER CONTACT DETAILS – CONTACT US

Canterbury has designated the following person for the purposes of compliance with the Act and who have primary responsibility for communicating with the Privacy Commissioner:

Director Ms Juliana Snelling

If you have any questions about this Privacy Notice, or if you wish to exercise any of your rights as a data subject, you may contact Ms Snelling at jsnelling@canterburylaw.bm

Please cc co-Director Mr. Paul Harshaw at: paul.harshaw@canterburylaw.bm

Alternatively, you may write to Ms. Snelling at our office physical address:

Canterbury Law Limited
3rd Floor, Swan Building,
26 Victoria Street
Hamilton HM 12
Bermuda                                               

 

 

 

 

 

 

Site Managed by: Delta Decisions Inc.