Privacy Policy

Last Updated: 29 March 2025

In May 2018, Jersey introduced the Data Protection (Jersey) Law 2018, which reflects the principles of the European General Data Protection Regulations (GDPR). This legislation strengthens individual privacy rights and ensures the protection of your personal information.

Virteffic Limited (“we”, “us”, “our”) provides administration and secretarial support services in Jersey. The privacy, confidentiality, and security of our website visitors, clients, and team members’ data are of critical importance to us. This Privacy Policy outlines how we protect and use the information you provide when you engage with our services, work for us, or visit our website.

This Privacy Policy should be reviewed carefully to understand our practices regarding your Personal Data. It covers how we collect, manage, and protect your Personal Data in connection with the services we provide and our business operations. Additionally, it sets out your rights as a data subject under the Data Protection (Jersey) Law 2018 and GDPR.

Scope of this Policy

This policy applies to personal data collected via our website, in connection with the services we provide, and in relation to our employees, prospective employees, and team members. It does not cover any third-party websites linked to our site. If you leave our site via a link, we are not responsible for the protection and privacy of any information you provide to those sites.

For personal data collected directly by Virteffic, we act as the data controller. In cases where we process personal data on behalf of clients, we act as a data processor, and those clients are the data controllers for the purposes of applicable law.

Registration with the Data Protection Authority

Virteffic Limited is registered with the Office of the Information Commissioner (registration number: 67889). All Personal Data is processed strictly in compliance with the provisions of the Data Protection (Jersey) Law 2018 and the Data Protection Authority (Jersey) Law 2018.

Interpretation

• Applicable Law: Any relevant law, regulation, or rule, including the Data Protection (Jersey) Law 2018.
• Agreement: Any agreement between Virteffic and the Client to which this Privacy Policy applies.
• Personal Data: As defined in Article 2 of the Data Protection (Jersey) Law 2018, including contact details, employment data, and sensitive data such as health information.
• Process: Collecting, storing, altering, using, or disposing of Personal Data.

What Personal Data Do We Collect?

• Contact details: Name, job title, postal address, email address, phone number, and other similar details.
• Employment and prospective employment data: Employment history, academic background, references, background checks, contracts, performance reviews, payroll info, etc.
• Customer Due Diligence (CDD) records: Identity documents, date/place of birth, nationality, address, etc.
• Website use data: IP address, browser info, device data, cookies, etc.
• Social media: Comments/posts shared via platforms like Facebook, Instagram, LinkedIn, Twitter.

How We Collect Personal Data

• Forms on our website or during applications
• Direct communications (emails, phone calls, meetings)
• Employment-related documents and activities
• Cookies and similar automated tracking
• Third parties or public sources

How We Use Your Personal Data

• Service delivery
• Internal management
• Employee and team member management
• Improving services
• Marketing
• Compliance

Legal Basis for Processing

• Legitimate interests
• Consent
• Legal obligations

Data Sharing

• Service providers (IT, payroll, benefits)
• Professional advisers
• Regulatory authorities
• Recruitment service providers

We will not sell or lease your personal information to third parties unless we have your permission or are required by law. Where data is shared with clients, it is always done with prior awareness and agreement, in line with our confidentiality procedures.

Data Retention

• Service data: Duration of agreement + 5 years
• Employment and team member data: At least 6 years post-engagement or employment
• Recruitment data: Reasonable period unless deletion requested

Your Rights and How to Exercise Them

• Right of Access
• Right to Rectification
• Right to Erasure
• Right to Restriction
• Right to Object
• Right to Data Portability

You may also submit a Subject Access Request (SAR). We aim to respond within 4 weeks, or up to 8 weeks for complex/multiple requests, in accordance with the Data Protection (Jersey) Law 2018.

Contact us at tess.price@virteffic.com.

International Transfers

We do not routinely transfer data outside the UK/EEA. If necessary, we use appropriate legal safeguards such as Standard Contractual Clauses.

Data Security

We are committed to data security. Supported by Resolution IT, our cybersecurity includes:

• Microsoft 365 Business Premium and SharePoint
• UK-based servers with encryption in transit and at rest
• Two-factor authentication
• Regular patching and updates
• HTTPS encryption
• Secure platforms for HR and client data
• Continuous monitoring and AI-powered MDR with SOC

Cyber Essentials Certified

• Certified by: The IASME Consortium Ltd
• Certificate ID: 921bdc43-e187-4f6a-9804-56d82f571387
• Date of Certification: 20 March 2025
• Valid Until: 20 March 2026
• Scope: Whole Organisation

Data Breaches

In the event of a data breach, we will notify affected individuals and authorities as legally required.

Marketing and Consent

We send marketing to existing clients under legitimate interest. You can unsubscribe anytime by replying ‘STOP’ or emailing tess.price@virteffic.com.

Updates to this Policy

We may periodically update this Privacy Policy. Any updates will be posted on our website at https://virteffic.com/privacy/. By continuing to use our services or remain engaged as a team member, you accept the terms of the updated Privacy Policy.

Contact

If you have any questions or wish to exercise your rights, please contact:

If dissatisfied, you may contact: