Privacy Policy

Last updated: 29 September 2025

Introduction

ConsultGC Ltd. (“ConsultGC”, “we”, “us”, or “our”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, share and protect personal data, and sets out your rights under The Data Protection (Bailiwick of Guernsey) Law, 2017 (the “Law”).

Who We Are and Scope

ConsultGC Ltd. is a governance, risk and regulatory advisory business established in Guernsey. This Policy applies to personal data we process when you visit our website, contact us, subscribe to updates, attend our events, engage us to provide services, or otherwise interact with us in the course of our business.

Controller and Contact Details

ConsultGC Ltd. is the controller of your personal data for the purposes described in this Policy. If you have questions or wish to exercise your rights, please contact us:

ConsultGC Ltd.
La Haute Banque
Rue Godfrey
Vale, Guernsey GY3 5EG

Email: info@consultgc.gg
Tel: +44 (0) 1481 763209

How We Collect Personal Data

We may collect personal data in the following ways:

  • Direct interactions: when you contact us, request information, engage us to provide services, complete forms, or meet with our team.
  • From third parties: including regulators, professional advisers, service providers, counterparties and open sources (e.g. corporate registries) in connection with our services and legal/regulatory checks (such as AML/CFT/CPF screening).
  • Automatically: via our website and communications, including through cookies and similar technologies (see “Cookies” below).

Types of Personal Data We Process

The personal data we process depends on your relationship with us and may include:

  • Identity and Contact Data (e.g. name, role, employer, postal address, email address, telephone number).
  • Business Information (e.g. details of services requested or provided, communications with you, meetings attended and site visits).
  • Financial Data (e.g. billing records and payment information).
  • Regulatory and Compliance Data (e.g. information required for AML/CFT/CPF, sanctions and other legal and regulatory obligations—this may include PEP and sanctions screening results).
  • Technical Data (e.g. IP address, device identifiers, browser type, operating system, pages viewed and interactions with our website).
  • Marketing Preferences and Event Data (e.g. your preferences, subscriptions, and events you register for or attend; we may capture images or video at our events).
  • Special Category / Criminal Data: only where necessary and lawful (e.g. criminal offence data or politically exposed person status for compliance purposes).

Our Legal Bases for Processing

We will only process personal data where a lawful basis under the Law applies. Depending on the context, our lawful bases include:

  • Contractual necessity such as entering into, providing services and managing our relationship.
  • Legal and regulatory obligations including to complying with AML/CFT/CPF, sanctions and data protection laws which may include processing Special Category Data or criminal offence data where permitted by the Law.
  • Our legitimate interests to:
    – deliver professional services and to conduct Our business efficiently with a view to enhancing client service,
    – maintain security including protecting its systems, staff and premises from being misused or the victim of any criminal activity,
    – manage client and other business relationships, and
    – keep you informed of relevant updates, insights and events and to manage such marketing and events,
    provided these interests are not overridden by your rights.
  • Consent including for processing Special Category Data as well as sending newsletters, insights, or marketing. You may withdraw consent at any time by emailing info@consultgc.gg

How We Use Personal Data

 

  • Providing and improving our governance, risk and regulatory advisory services.
  • Carrying out identity, background and compliance checks and managing risk.
  • Managing client onboarding, engagement files, billing and administration.
  • Communicating with you, including sending publications, insights, and event invitations, in line with your preferences and applicable law.
  • Operating, maintaining and improving our website and digital channels (including analytics and security).
  • Complying with legal, regulatory and professional obligations and responding to lawful requests.

Sharing Your Personal Data

We may share personal data with:

i. our professional advisers, insurers, auditors and service providers (e.g. IT, hosting, communications and screening providers);
ii. counterparties, consultants and other professional firms involved in a matter;
iii. regulators, law enforcement and public authorities when required; and
iv. third parties in connection with a business reorganisation.

We require recipients to protect personal data appropriately and only process it for specified purposes.

International Transfers

Where personal data is transferred outside the Bailiwick of Guernsey or the UK, we will ensure appropriate safeguards are in place in accordance with the Law (for example, adequacy decisions or standard contractual clauses).

Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected and to meet legal, regulatory or reporting requirements. In many cases this will be at least six years from the end of our engagement or as set out in Our Terms of Business, unless a longer period is required or permitted by law or necessary to establish, exercise or defend legal claims.

Security

We use appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure or destruction. Despite our efforts, no security controls can be completely infallible; please take care when transmitting information over the internet.

Marketing Communications

We may send you updates, publications and invitations where permitted by law, for example where you have subscribed or where we have a legitimate interest. You can unsubscribe at any time by following the instructions in our communications or by contacting us at info@consultgc.gg.

Cookies and Website Analytics

We use cookies and similar technologies to make our website work, to enhance functionality and to understand how it is used. You can control cookies through your browser settings. Some features may not function properly without certain cookies. For more information, please see our Cookie Policy.

Automated Decision-Making

We do not make decisions about you based solely on automated processing that have legal or similarly significant effects. If this changes, we will update this Policy and inform you where required by law.

Your Rights

Under the Law you have rights in relation to your personal data, including the rights to: information; access; rectification; erasure; restriction; objection; and data portability. Where processing is based on consent, you may withdraw consent at any time. You also have the right to complain to the Office of the Data Protection Authority (ODPA) in Guernsey (see “Complaints” below).

How to Exercise Your Rights

To exercise any of your rights, please contact us using the details above. We may need to verify your identity before responding to your request. We aim to respond within the timeframes set by the Law.

Complaints

We hope to resolve any query or concern you raise about our use of your information. If you remain dissatisfied, you may lodge a complaint with the ODPA:

Office of the Data Protection Authority (ODPA)
Block A, Lefebvre Court
Lefebvre Street
St Peter Port
Guernsey GY1 2JP

Tel: +44 (0)1481 742074
Email: info@odpa.gg

Changes to this Policy

We may update this Privacy Policy from time to time. The latest version will be available on our website. Where appropriate, we will notify you of significant changes.

Children’s Data

Our services are directed at professionals and organisations. We do not knowingly collect personal data relating to children.