By giving us your personal information, directly or through third parties, and by using any products or services that we provide, you are accepting and consenting to our processing of your personal information in accordance with the practices described in this policy.
The Data Protection Law, 2017 came into force in the Cayman Islands on 30 September 2019. We may need to update this policy to reflect any further changes in the law, as well as any changes to our business from time to time. Please check this policy regularly to ensure you are familiar with its terms. This policy was last updated on 30 September 2019.
Who we are
Cayman Code Academy, a resident profit organisation incorporated and registered under the laws of the Cayman Islands whose registered office is at c/o Cayman Law Group Ltd, 2nd Floor, Strathvale House, 90 North Church Street, P.O. Box 1103, George Town, Grand Cayman KY1-1103, Cayman Islands.
In this policy we refer to ourselves as “we”, “us”, “our” and “Cayman Code Academy”.
Cayman Code Academy is a “data controller”. This means that we are responsible for deciding the reasons for and the manner in which we will hold and use your personal information, including:
- how to use, store, and process your personal data;
- with whom to share your personal data;
- when to modify or erase your personal data;
- when to engage one or more third parties to process your personal data; and
- which such third parties to engage.
Cayman Code Academy will continue to be a data controller even where we engage third parties to perform certain processing activities on our behalf.
The Data Protection Officer, c/o Cayman Law Group Ltd, 2nd Floor, Strathvale House, 90 North Church Street, P.O. Box 1103, George Town, Grand Cayman KY1-1103, Cayman Islands or by email to:
What personal information may we hold about you
We may collect the following personal information about you:
- date of birth
- employment information
- tax identifier and tax residence
- bank account numbers and economic information
- your contact telephone number(s)
- your contact email address(es)
- any personal information that you disclose to us in letters, requests for information, emails and/or telephone conversations between us.
As well as personal information (such as your name, address, telephone number) we may collect sensitive personal information (also known as special categories of data).
We will ask for your specific informed consent at the time of collecting sensitive data. Where you provide consent for us to process sensitive personal information, you have the right to withdraw this consent at any time. We will apply additional security and confidentiality measures when processing your sensitive personal information.
We may collect information from you in the following ways:
Information provided by you
- When you use our website and fill in our contact form for us to contact you by telephone, post and/or email about our products and services
- When you fill in our forms and any associated documentation that you complete when signing up for our products and services
- When you talk to us on the phone or face to face when you visit our offices to enquire about or to engage us in providing our products and services
- When you contact us by email or by letter
- When you complete customer surveys
- When you contact us through social media
- When you make a complaint
Information we collect
From third parties, including: attorneys; accountants; tax authorities; governmental agencies and departments; regulatory authorities; fraud prevention and detection agencies and organisations, including law enforcement.
From publicly available and accessible directories and sources, including websites.
Profile and usage data: we gather this data from devices such as computers and mobile phones that you use to connect to our website using cookies and other internet tracking software.
If you choose not to give personal information
If you choose not to give us your personal information, it may mean that we cannot provide our products or services to you.
We will only collect the personal information that we need to be able to provide a service to you. When we ask you for information, we will make it clear why we need it. Any data collection that is optional will be made clear at the point of collection.
If you provide any personal information relating to another person, we assume that you do so with their full knowledge and consent.
Our purpose for collecting and processing your personal data
Data Protection law says that we can use your personal information only if we have a lawful purpose for doing so. This means that we can only process your personal data if we have one (or more) of these reasons:
- To fulfil a contract we have with you, or
- To comply with a legal obligation, or
- When it is in our legitimate interest, or
- When you consent to it, or
- To protect your vital interestsg. in cases of life or death, or
- When it is to exercise a public function or is in the public interestg. it's necessary to deliver justice.
A legitimate interest is when we have a business or commercial reason to use your information. However, our use of your personal data must not have a negative or unfair impact on you.
These are the principal reasons why your personal data is processed:
The processing is necessary for the performance of a contract, including:
- administering or managing the products and services we provide you
- processing work permit and other immigration-related applications
- applying for and obtaining necessary government and regulatory consents and permissions
- facilitating the continuation or termination of the contractual relationship between you and any third-party service providers, such as the immigration department of the Cayman Islands
The processing is necessary for compliance with applicable legal or regulatory obligations, including:
- undertaking due diligence and on-boarding checks
- carrying out know your client, anti-money laundering and counterterrorist financing checks, including verifying your identity and addresses
- complying with requests from regulatory, governmental, tax and law enforcement authorities
- carrying out audit checks and instructing our auditors
- maintaining statutory registers
- preventing and detecting fraud;
- complying with the United States Foreign Account Tax Compliance Act and other comparable legislation
- complying with applicable sanctions and embargo legislation
In pursuance of our legitimate interests, including:
- complying with a legal, tax, accounting or regulatory obligation to which we are subject
- assessing and processing requests you make
- sending updates, information and notices or otherwise corresponding with you in connection with the services we provide you
- sending you invoices in relation to the products and services we provide
- investigating any complaints, or pursuing or defending any claims, proceedings or disputes
- providing you with, and informing you about, our products and services
- to assist you in participating in any government schemes in which you have indicated you wish to take part
- managing our risk and operations
- complying with audit requirements
- ensuring internal compliance with our policies and procedures
- protecting our business against fraud, breach of confidence or theft of proprietary materials
- monitoring phone calls and capturing CCTV footage for security, quality and training purposes
- seeking professional advice, including legal advice
- facilitating business asset transactions
- monitoring communications to/from us (where permitted by law)
- protecting the security and integrity of our IT systems
but in all cases only where we have considered that the processing is necessary and, on balance, our legitimate interests are not overridden by your legitimate interests, rights or freedoms.
We will use your personal information to tell you about our products and services. This is what we mean when we talk about ‘marketing’.
The personal information we have for you is made up of what you tell us and data we collect from third parties we work with. We use this to identify and inform us of what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you.
We can only use your personal information to send you marketing messages if we have either your consent or a ‘legitimate interest’. That is when we have a business or commercial reason to use your information. It must not unfairly go against what is right and best for you.
You can ask us to stop sending you marketing materials by contacting us at any time using the contact details above.
Before sending electronic marketing communications, we will follow the law and guidance which requires us to seek your consent. You can withdraw your consent at any time. Please just contact us using the contact details above or follow the ‘unsubscribe’ instructions on our targeted marketing communications.
We may ask you to confirm or update your choices from time to time and if there are changes in the law, regulation, or the structure of our business.
Digital Cayman will never sell your personal data to third party organizations for marketing purposes.
Who we share your personal information with
When we need to share personal data with third parties, our relationships with them are governed by contracts which impose strict data sharing and confidentiality requirements.
Sometimes we need to share personal information we hold about you with other organisations that we work with or who provide services on our behalf. When sharing information, we will comply with all aspects of data protection law.
Where the information is of a sensitive nature, for example about your health, we will generally obtain consent from you prior to sharing this information, unless we are required or permitted to share this by law.
Where sharing is in our legitimate business interests, we may share your information without seeking your consent first. This may be with:
- third parties providing services on our behalf and their respective affiliates for the purposes set out in this notice, in particular: managing our relationship with you; delivering the services you require; supporting and administering service-related activities; complying with applicable laws and regulations; delivering and facilitating the services needed to support our business relationship with you; providing you with marketing materials
- our lawyers, accountants, auditors and other professional advisors for the purposes of providing you with our products and services; and seeking advice on, and complying with, legal and regulatory requirements or legal rights and obligations
- tax authorities to comply with applicable laws and regulations; and where required by tax authorities (who, in turn, may share your personal data with other tax authorities)
- Governmental bodies responsible for processing work permit and other immigration related applications
- Police and other relevant authorities in relation to the prevention and detection of crime, the apprehension of offenders or the collection of tax or duty; and parties to litigation (whether pending or threatened), in any country or territory
We may also share information when required by law for example where ordered by the Court or to protect an individual from immediate harm.
We may also share your personal information if the structure of Digital Cayman changes in the future. We may choose to sell, transfer, or merge parts of our company, or our assets; or we may seek to acquire other companies or merge with them. During any such restructuring of our Group, we may share your information with other parties. We’ll only do this if those parties agree to keep your data safe and private.
Sending data outside of the Cayman Islands
We will only send your data outside of the Cayman Islands or the European Union to:
- Follow your instructions, or
- Comply with a legal duty.
If we do transfer your personal information outside of the Cayman Islands or the EU, we will make sure that it is protected in the same way as if it was being processed in the Cayman Islands. We’ll use one of these safeguards:
- Transfer it to a non-EU country with privacy laws that give the same protection as the EU; or
- Put in place a contract with the recipient that means they must protect it to the same standards as the EU.
Please contact us in writing if you would like to know more about these arrangements.
How long do we keep your personal information
We will keep your personal information for as long as you are a member of Digital Cayman.
After you stop being a customer, we may keep your information for up to 6 years for one of these reasons:
- To respond to any questions or complaints or to resolve any follow up issues between us.
- To show that we treated you fairly.
- To maintain records according to legal rules that apply to us.
We may keep your data for longer than 6 years if we cannot delete it for legal, regulatory or technical reasons. If we do, we will make sure that your privacy is protected and only use it for those purposes.
We will apply appropriate technical and organizational measures to ensure your personal information is secure. For example, we have systems in place to ensure that access to personal information is restricted to authorized individuals on a strictly need-to-know basis.
To help us ensure the security and confidentiality of your personal information we will ask you (and any of your representatives) security questions to confirm your identity when you call us and as may be necessary when we call you. We will not discuss your personal information with anyone other than you, unless you have given us prior written authorization to do so or where we have received a clear verbal instruction from you (as a one-off circumstance).
We will not take decisions producing legal effects concerning you, or otherwise significantly affecting you, based solely on automated processing of your personal information, unless we have considered the proposed processing in a particular case and concluded in writing that it meets the applicable Cayman Islands law requirements.
Digital Cayman is committed to upholding your data privacy rights.
The right to be informed
We will be open and transparent about how and why we use your personal information. This will be set out in our privacy notices.
The right of access
You have the right to ask us what personal information we hold about you and to request a copy of your personal information. This is known as a ‘subject access request’ (SAR).
SARs need to be made in writing and accompanied by proof of your address and identify. If someone is requesting information on your behalf, they will need to provide us with your written consent for us to release your information and proof of ID (both yours and theirs).
If you are seeking to obtain specific information (e.g. about a particular matter or that relates to a specific time period), please clarify the details of what you would like to receive in your written request.
We will provide a copy of your information free of charge. However, we can charge a ‘reasonable fee’ if your request is manifestly unfounded or excessive, particularly if it is repetitive. Our fee will be based on administrative costs incurred by us in providing your information.
Where your request is manifestly unfounded or excessive, we can refuse to respond. If we refuse to respond to your request, we will let you know why.
We have 30 days to provide you with the information you’ve requested (although we will try to provide this to you as promptly as possible). We may extend this period if your request is complex or we have received a number of requests from you. If this is the case, we will inform you within one month of the receipt of your written request, explaining why an extension is necessary.
The right to rectification
You can ask us to rectify your personal data if it is inaccurate or incomplete by contacting us using the contact details above. If you do, we will take reasonable steps to check its accuracy and correct it.
Where we have shared your personal data in question with others, we will contact each recipient and inform them of the rectification of your personal data, unless this proves impossible or involves disproportionate effort.
Please help us to keep our records accurate by keeping us informed of any changes in your personal information.
The right to stop or restrict processing
You have the right to require that our processing of your personal data stops, or does not begin, or ceases for a specified purpose or in a specified way. This is not an absolute right, and we will need to consider the circumstances of any such request and balance this against our need to continue processing the data, for example, to comply with a legal obligation. If we’re processing your data on the grounds of legitimate interests (as detailed earlier) we will consider whether our legitimate grounds override those of yours.
Your request needs to be made in writing. We have 21 days to comply with your request (although we will try to do this as promptly as possible). We may write to the Ombudsman requesting permission not to comply with this request if we believe we need to continue processing your data, for example, to comply with a legal obligation.
Where we have shared the personal data in question with others, we will contact each recipient and inform them of the cessation or restriction of the personal data, unless this proves impossible or involves disproportionate effort.
The right to stop direct marketing
You have an absolute right to ask us to stop processing your personal data for direct marketing at any time. This includes any profiling of data that is related to direct marketing. You must notify us in writing.
This is an absolute right and there are no exemptions or grounds for us to refuse. If we receive an objection from you to us processing your personal information for direct marketing purposes, we will stop processing your data for that purpose. If we are only holding your personal information for marketing purposes, we will erase that information.
If you feel we have not complied with your request, you have the right to complain to the Ombudsman (whose contact details are below).
Rights in relation to automated decision making and profiling
You can ask us to review any decisions that are determined by automated means (making a decision about you solely by automated means without any human involvement). You can also object to our use of your personal data for profiling (automated processing of personal data to evaluate certain things about you). Please contact us on the contact details above.
The right to complain/seek compensation
You have the right to complain to the Ombudsman if you believe we have breached or are in violation of the Data Protection law. You can complain on your own or someone else’s behalf. If you are complaining on behalf of another, you must provide us with written authorisation from that person.
If you suffer damage as a result of us violating the Data Protection law, you may seek compensation in the courts.
How to complain
If you are unhappy with why or how we have used your personal information, please contact us using the contact details above.
Alternatively, if you want to raise a complaint about our processing of your data or would like to seek an independent view, you can contact the Cayman Islands Ombudsman using the following contact details:
Ombudsman Cayman Islands