Privacy Notice

This privacy notice tells you what to expect when our organisation collects personal data and how to contact us should you wish to discuss any aspect of how we handle that data.

Our organisation

Our Group parent company, Belasko Group Limited, is registered in Guernsey under company number 63580. Our main operating activities are performed by its two wholly owned subsidiaries:

  • Belasko Administration Limited, company number 53851, registered in Guernsey, and
  • Belasko Jersey Limited, company number 123988, registered in Jersey.

Data Protection Officer

Although the nature of our business does not oblige us to appoint a Data Protection Officer, we do have a central point of contact for data protection queries.

The best means of contact for any query regarding data protection is via email at

If you have any questions or concerns regarding how we work with personal data please don’t hesitate to contact us via the above email address.

The data we process

We store and process only the data that we need and we delete it when it’s no longer required. Unless otherwise stated we don’t pass this data to anyone else and all electronic data is stored on our server in Guernsey. If you would like more detail please contact us via the above email address.

Employee Data

We store personal data on our employees so that we can run the company and pay our employees. This includes names and contact details, pre-employment screening information, performance and disciplinary data, and health information and bank details; it also includes emergency contacts and next-of-kin information as provided to us by each employee. We retain data for former employees only for as long as we are required to by law and where there is no statutory retention period we use the CIPD’s best practice guidelines.

Customer Data

We store and process customer data in order that we can correspond with, make payments to and receive payments from, our customers. When we have not done business with you for one year or longer we will delete your personal data from our systems in line with the Belasko data retention policy.

Shareholder Data

We store personal data on our shareholders to enable us to verify the identity of our owners, receive payments from them and allow us to pay dividends as applicable. If a shareholder sells their holding we would delete personal data in line with the Belasko data retention policy after the date of the sale.

Phone call logs

Our phone system retains logs of the calls we make and receive (unless, for incoming calls, the caller’s number is withheld). Only the date and time of the call and the phone number (where available) are retained and the logs are stored for no longer than a year.

Marketing Data

We currently do not maintain mailing lists for marketing purposes, however, if we were to use your data for this purpose in the future, we would need your consent to do so. We would keep a record of that consent for as long as you choose to receive marketing information. If you withdrew your consent we would record the fact that you had done so for audit purposes and we would remove you from the list.

Outsourced IT support

Our IT systems are hosted and supported by a third party provider of IT services. As you would expect, the contract between us and our IT support partner contains appropriate clauses regarding information security and data protection and we carry out regular service reviews.

Information security

Our IT systems are located in secure data centres in Guernsey to protect them against theft and environmental risks (flood, fire, power cuts, etc.). All our computer systems run up to date anti-virus software and system updates are applied regularly to protect against potential security problems. All of the user login IDs on our systems are restricted so that each user has access only to the data that he or she requires.

Security on mobile devices

Laptops are only used to gain remote access to our systems when we are out of the office and so no data is actually stored on laptops. Our staff have access to their work email from their mobile phones, which we secure with a mobile device management system so we can remotely wipe any device if it is lost or stolen.

Internet interaction

Our Website

Our web site host, The Partnership Agency, use Google Analytics to collect standard log information, along with data about how people use our website; a link to their privacy policy is as follows The information doesn’t identify anyone and nor do we attempt to find anyone’s identity from the information. If we do want to collect personally identifiable information through our website we will be open and transparent and will explain what we plan to do with it.

We use cookies on our website, both to make it work and to provide a good customer experience.

People who email us

We use Transport Layer Security (TLS) to encrypt and protect email traffic. If your email service does not support TLS you should be aware that any emails we send or receive may not be protected in transit.

We monitor any emails sent to us, including file attachments, for security threats such as phishing scams, viruses or other malicious software. Please note that you have a responsibility to ensure that any email you send to us is within the bounds of the law.

Contact for data protection purposes

You have a number of rights under the laws of data protection. As we mentioned earlier please contact if you have any queries or concerns. We retain a log of requests that we receive and remove entries when they are one year old.

Right of access

You can contact us to request a copy of any personal data we hold about you on our systems or in our files, along with information about what we use it for. We must respond to you in a reasonable time and always within a month. Unless the request is particularly complex or onerous there’s no cost to you for making these requests.

Right to rectification

We must ensure that the data we hold about you is accurate. If you tell us that something is wrong, we will correct it and then confirm to you that we have done so.

Right to erasure

If you ask us to erase your personal data we must do so unless there is a legitimate reason for us to keep it. For example if you are a customer and we need some of your personal data in order to satisfy our contract with you (say, to interact with you or to send you information), we will keep just the information we need for those purposes.

Right to restriction of processing

If there is some dispute between you and us regarding the use of your personal data, you have the right to ask us to restrict the processing of your data. This means we can continue to store it but we can’t do anything else with it until the dispute is resolved. We will inform you prior to beginning processing once the restriction has been removed.

Our recruitment process

We are the data controller for any information you provide as part of our recruitment process. All of the information you provide during the process will only be used for the purpose of processing your application or to fulfil legal or regulatory requirements if necessary.

We will not share any of the information you provide during the recruitment process with any third parties for marketing purposes and your data will be stored on our IT systems in Guernsey.

We may look up applicants’ profiles on social media, though we don’t copy that information or store it on our systems.

We will use the contact details you provide to us to contact you to progress your application. We will use the other information you provide to assess your suitability for the role you have applied for. The information we ask for is used to assess your suitability for employment: you don’t have to provide what we ask for but it might affect your application if you don’t.

Unsuccessful applicants’ data will be retained for no more than a year and then deleted.


This privacy notice is designed to be clear and concise. We are happy to provide any additional information you need: please contact us on

Should you have any cause for complaint, please write to us at:


Data Protection Representative

Belasko Group Limited

Hirzel House

Smith Street

St Peter Port




If you are dissatisfied with the way in which your complaint has been handled you may contact your local data protection supervisory authority, or write to our local Information Commissioners at:


The Office of the Data Protection Authority

St Martin’s House

Le Bordage

St. Peter Port




Jersey Office of the Information Commissioner

2nd Floor

5 Castle Street

St Helier