This privacy statement tells you about the information we collect from you when you use our website (www.cicra.je and www.cicra.gg (the “Site”)), and when you provide us with personal data in relation to our functions in economic regulation and administration and enforcement of competition law. In collecting this information, we are acting as a data controller and, by law, we are required to provide you with information about us, about why and how we use your data, and about the rights you have over your data.
Who are we?
We are the Channel Islands Competition and Regulatory Authorities (CICRA), which consist of the Guernsey Competition and Regulatory Authority and the Jersey Competition Regulatory Authority. Our addresses are Suite 4, 1st Floor, La Plaiderie Chambers, St Peter Port, Guernsey, GY1 1WG and 2nd Floor, Salisbury House, 1-9 Union Street, St Helier, Jersey, JE2 3RF.
Our Data Protection Officer is Matthew Harrison, and he can be contacted at any of the above addresses or phone numbers.
CICRA has functions as an economic regulator we administer and enforce competition law. We are a ‘competent authority’ under the Data Protection (Jersey) Law 2018 and we process data for a ‘regulatory purpose’ under the The Data Protection (Law Enforcement and Related Matters) (Bailiwick of Guernsey) Ordinance, 2018. We deal with confidential information in the normal course of our activities and the protection of this information is extremely important to us.
Personal data is often included incidentally, but there are only limited contexts in which we use such information to make decisions or take actions directly related to individuals rather than businesses. These include, but are not limited to, involvement in complaints, certain licensing matters relating to owners and controllers, and other provisions of regulatory and competition law which relate to individuals and their actions. Your rights to access the data held by us and determine how it is used may be different from other situations as a result of its use in the context of these functions and/or because we are the sort of organisation we are.
When you use our website
When you use our Site to view the information we make available, cookies are used to allow the Site to function, to collect useful information and to help to make your user experience better. You can refuse to accept these cookies, but this may mean that some parts of the Site will not function properly.
We may collect non-personal identification information about users whenever they interact with our Site. Non-personal identification information may include the browser name, the type of computer and technical information about users’ means of connection to our Site, such as the operating system and the internet service providers utilised and other similar information.
When you submit a request for alerts on our website
Our Site gives you the opportunity to subscribe for alerts when content is changed. The only information about you which we collect is your email address and the types of email you have asked to be sent. Our use of your email address is based on your consent, which is demonstrated by your having entered it to request update emails. You may withdraw this consent at any time by clicking the ‘unsubscribe’ link in any email you have received. We will not use your email address for any other purpose than to send these emails, which are automatically generated. Your email address is stored and processed in Ireland and backups are held in Germany.
Third party websites
The information accessible from this site may be derived from a variety of sources, so despite our best efforts there may be inaccuracies. Links and references to other web-sites, organisations or people outside of CICRA are provided for convenience only and should not be taken as an endorsement by CICRA. Users may find content on our Site that links to the sites and services of others. We do not control the content or links that appear on these third party sites and are not responsible for the practices employed by websites linked to or from our Site. In addition, these sites or services, including their content and links, may be constantly changing. These sites and services may have their own privacy policies and customer service policies. Browsing and interaction on any other website, including websites which have a link to or from our Site, is subject to that website's own terms and policies.
When you contact us by any means with an enquiry, complaint or information relevant to our functions
When you contact us, we will record information about you in order to be able to deal with your enquiry, your complaint, or the information you provide.
We use this information in connection with exercising our duties and functions. Your personal data will not be used in connection with matters other than those related to the matter in relation to which it was originally provided. If we need to communicate with you in order to deal with the matter, we will do so, but we will not communicate with you for unrelated purposes.
When you provide us with information about yourself in relation to one of our functions, such as when you request a licence, we use the personal information in the exercise of the relevant function and any functions associated with them on which that information may have a bearing.
It is important that the information we hold about you is accurate. If you have provided us with information in the past and it changes, please ensure that you provide us with the new information.
Please note that our duties and functions may require information to be passed to other parties, such as licensees (although we will only identify you to a licensee with your consent), or law enforcement bodies.
In some circumstances we may anonymise or pseudonymise the personal data so that it can no longer be associated with a Data Subject. Where we do this, we may use it without further notice to you.
If you refuse to provide us with certain information when requested, we may not be able to progress a matter further.
Other personal information
We may collect and use personal data during the recruitment process and for purposes related to employment. We have a separate privacy statement for employees.
In some cases we may also collect and use special category personal information such as biographical details, offences, criminal proceedings, outcomes and sentences, and licences or permits held. Such information will be used only for the purpose of carrying out our functions.
Collection of personal information from sources other than the individual
There are circumstances where we may seek to obtain information about individuals from other sources than those individuals in order to exercise our functions appropriately. Such information will only be used for the purposes for which it was collected.
We do not use automated means to process personal data.
Protection of information
We consider the security of all the information we hold as of paramount importance, and this includes any personal information we hold. We adopt appropriate collection, storage and processing practices and security measures to protect against unauthorised access, alteration, disclosure or destruction of all information we hold, including personal information.
Sharing of information with other partiesWe will share your personal data with third parties where we are required by law, where it is necessary to administer the relationship between us or where we have another legitimate interest in doing so.
The following activities are carried out by third party service providers:
- IT software and operational support providers
- Professional advisory and consultancy services
- Payroll software and operational support providers
- Human Resources support providers
We require all third party service providers that we engage to have appropriate security measures to protect your personal data. We only permit our third party service providers to process your personal data for specified purposes and in accordance with our instructions.
We do not transfer your data to any third party outside an authorised jurisdiction or the European Economic Area.
Retention of personal information
We will only retain your personal data for as long as we require it to meet the purposes it was collected for. We consider the following when setting our retention periods:
- The legitimate interests of CICRA;
- The statutory or legal obligations of CICRA;
- The reasons CICRA collected the personal data;
- The lawful basis CICRA based its processing on;
- The categories of personal data CICRA hold;
- The volume of personal data held; and
- Consideration of whether CICRA’s processing needs could be fulfilled by other means.
The principles we follow in processing your data
CICRA is committed to complying with the following core Data Protection Principles:
- Lawfulness, Fairness and Transparency
- Purpose Limitation
- Storage Limitation
- Integrity and Confidentiality
Your rights as a data subject
Please note (as stated above) that your rights as a data subject may differ from those you have in relation to a commercial entity, as a result of our status.
A Data Subject Access Request Form to allow you to make requests related to your rights as a data subject is provided in the Publications page of our Site. To submit a request regarding your personal data by email, post or telephone, please use the contact information provided above in the "Who Are We?" section of this Privacy Statement.
By law, you can ask us what information we hold about you, and you can ask us to correct it if it is inaccurate or out of date. Where the information is out of date, we may need to maintain a record of the old information as well.
We will need to verify your identity before we provide you with information about the data we hold on you.
We will not charge you a fee to access your personal data or to exercise your rights under relevant legislation. We do, however, reserve the right to charge a reasonable fee if we believe your request is excessive, or alternatively we may refuse to fulfil your request in such circumstances.
You may withdraw your consent for the use of your email address at any time by clicking the ‘unsubscribe’ link in emails sent to you, and your email address will be removed.
Your right to complain
If you have a complaint about our use of your information, we would prefer you to contact us directly in the first instance so that we can address your complaint. However, you can also contact the The Office of the Data Protection Authority in Guernsey, or the Office of the Information Commissioner in Jersey by email at firstname.lastname@example.org and email@example.com respectively, or you can write to them at:
Office of the Data Protection Authority
St Martin’s House
St. Peter Port
Guernsey, GY1 1BR
Office of the Information Commissioner
5 Castle Street
Jersey, JE2 3BT
Updates to this privacy statement
We will update date of this document each time it is changed.
This document was last updated on 21 May 2019.