top of page

We take your privacy seriously

Privacy and Cookie Policy


This Privacy Notice sets out how we obtain and use personal data about you before and after any relationship with me, in accordance with the Data Protection (Bailiwick of Guernsey) Law, 2017 (“GDP Law”) and in accordance with the European Union General Data Protection Regulation (2016/679) (“GDPR”). (“Jim Nicholls", "We", "Our", "Us", or the "Company") is a “data controller”. This means that Jim Nicholls is responsible for deciding how we hold and use your personal data. Jim Nicholls is required, under the data protection legislation detailed above, to notify you of the information contained in this privacy policy.

This notice applies to our clients (including their clients and their underlying principals, directors, officers and employees) service providers, intermediaries and other contacts of ours (whether current, prospective, declined, exited or former) and all users of our website, including those that sign up to our blog and other news items. Jim Nicholls may update this Policy at any time, however when we do, and the change is substantive, we will notify you.

Any questions in relation to this Privacy Policy or requests in respect of personal data should be directed to in the first instance.

The data we hold

The personal data we hold varies depending on the services provided by us, ensuring we only process personal data that is adequate, relevant and necessary for the purpose. The types of data we collect and process include:

Contact details

Information required to meet legal and regulatory requirements

Information provided during the provision of our services

Financial information, such as payment-related information

Any other information you may provide to us.

Purposes of processing use your personal data for the following purposes:

Purpose and Lawful Basis for Processing

  • To enter into or exit client relationships and provide culture assessment and other advisory or training services

  • To manage our client, intermediary and other business relationships

  • To seek to ensure our business is conducted efficiently and with a view to enhancing client service

  • To administer any contract we have entered into with you or where you are a party related to an entity for which we are contracted to provide services

  • To fulfil the contract we have entered into

  • To provide our contacts with marketing material. All marketing material is provided on the basis of consent. Consent may be withdrawn at any time by unsubscribing from our newsletter or emailing:

  • To ensure the security of any systems we use and prevent fraud

  • To obtain legal advice and/or representation

  • To meet all legal and ethical obligations including in respect of managing conflicts of interest

  • To ensure we meet all legal and ethical obligations incumbent on us.

Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and explain the legal basis which allows us to do so.

Please note: We may process your personal data without your knowledge or consent where this is required or permitted by law.

Failure to provide personal data

If you fail to provide certain personal information and data when requested, we may not be able to fulfil the contract we have entered into with you, or on your behalf, or provide the services requested or we may be prevented from complying with my legal obligations.

Sources of personal data

Our sources of data may include clients, data subjects directly, introducers, intermediaries, advisers, third parties connected to the data subject (for example: family member, employer or another service provider who provides services to the data subject) or open-source material.

We collect personal data via the completion of forms [electronic and paper] provided to you and completed by you, from documents provided including due diligence documents, from correspondence including email, from meetings and telephone conversations.

We will collect personal data throughout the course of our business relationship or while we provide services to clients connected to you.

Recipients of personal data

We rarely share information with third parties, however sometimes we may have to, including third party service providers, where required by law, where it is necessary to administer our business relationship, where it is necessary for us to provide the services to you or where we have another legitimate interest in doing so.

The following are potential recipients of personal data (in each case including respective employees, directors and officers):

Sub-contractors, agents, consultants or service providers such as insurance brokers, IT firms or other professional advisers of me or my clients, and their clients, and associated parties

bankers, auditors, accountants, investment brokers, managers or advisers, legal and other professional advisers, Guernsey and overseas regulators, or other government, or supervisory body and tax authorities when required by law.

Law enforcement agencies where considered necessary for me to fulfil our legal obligations

When we engage a third party to process your personal data, we will require them to process your personal data in accordance with this instruction and protect the data against unauthorised or accidental use, access, disclosure, loss or destruction.

They cannot use your personal data for their own purposes. They will only be permitted to process your personal data for a specified purpose and in accordance with instructions. Where they no longer need to your personal data to fulfil the contract, they will need to transfer the data back to me and/or destroy or delete any data held by them.

Transferring data outside of Guernsey and the EU

In the event any of the third parties detailed above are outside of Guernsey and the EU and where we are transferring personal data, which would be protected under the GDP Law or GDPR, we will ensure that we meet the relevant requirements prior to carrying out such a transfer.  This may include only transferring the data where we are satisfied that:

The non-European Union country has Data Protection laws similar to the Laws in Guernsey and the European Union

The recipient has agreed, through contract, to protect the information to the same Data Protection standards as Guernsey and the European Union

We have obtained consent from the relevant data subjects to the transfer, or

If transferred to the United States of America, the transfer will be to organisations that are part of the Privacy Shield or any subsequent reciprocal arrangement.

Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, altered, disclosed, used or accessed without authorisation. In addition, we restrict access to your personal data to those employees, agents, contractors, consultants and other third parties who have a business need to access these data.  They will only process your personal data on my instruction and they are subject to a duty of confidentiality.

We have in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator or a suspected breach where we are legally obliged to do so.

Data Retention

We only keep data for as long as is necessary to fulfil the purposes (as set out above) for which we collected it. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential for harm from unauthorised use or disclosure of the data, the purposes for which we process the personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Once our business relationship ends, we will retain and securely destroy your personal data in accordance with our record retention and destruction policy, applicable legislation and/or regulatory requirements.

Your Rights

As a data subject you have the following rights in respect of your personal data:

Right of access - you have the right to request a copy of the personal data that we hold about you and to check that we are lawfully processing that data. You will not have to pay a fee to access your personal data (or exercise any of the other rights) unless your request is clearly unfounded or excessive, in which case we may charge a reasonable fee or refuse to comply with the request.

Right of rectification - you have the right to correct data that we hold about you, which is inaccurate or incomplete.

Right of erasure - of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us to continue to process it.

Right to restrict processing - this enables you to ask us to suspend the processing of your personal data for example: if you want us to establish its accuracy or the reasons for processing it.

Right of portability - you have the right to have the data we hold about you transferred.

Right to object - you have the right to object to certain types of processing including direct marketing. You also have the right to ask us to delete or remove personal data where you have exercised your right to object.

Right to object to automated processing including profiling - you have the right not to be subject to decisions based on automated processing or profiling.  We do not currently undertake any automated processing or profiling.

If you wish to exercise these rights, you should send the request in the first instance to


This Privacy Policy sets out our current policy as regards the maintenance and processing of personal data.  It does not form, and should in no way be construed as, a contract and no contractual rights or causes of action shall arise in relation to or consequence of the content of this Policy.

Changes to this Privacy Policy

This Privacy Policy is kept under review and any updates will appear on my website at


In the event you wish to make a complaint about how your personal data is being processed or how your complaint has been handled you have the right to lodge a complaint directly with the Office of the Data Protection Authority (“ODPA”) either via email or by post at:

The Office of the Data Protection Authority

St Martin’s House

Le Bordage

St. Peter Port



You may also appeal to certain courts against (i) any failure of the ODPA to give written notice of whether the complaint is either being investigated or not being investigated and where applicable, the process and outcome of the investigation and (ii) a determination of the ODPA not to investigate the complaint or a determination that a controller or processor has not breached or is not likely to breach an operative provision in connection with the complaint.

Cookie Policy

Cookies are small text files which are transferred to your computer or mobile when you visit a website or app.

We use them to:

  • Remember information about you, so you don’t have to give it to me again. And again. And again

  • Keep you signed in [if required], even on different devices

  • Help us understand how people are using our services, so we can make them better

  • To deliver advertising to websites outside of the UK

  • To find out if our emails have been read and if you find them useful

First Party Cookies

These cookies are set by the website you’re visiting. And only that website can read them.

Third Party Cookies

These cookies are set by someone other than the owner of the website you’re visiting. Some of our web pages may also contain content from other sites, which may set their own cookies. Also, if you share a link to a page on our website, the service you share it on (for example, LinkedIn) may set a cookie on your browser. We have no control over third-party cookies - you can turn them off, but not through us.

Session Cookies

These cookies only last as long as your online session, and disappear from your computer or device when you close your browser (like Internet Explorer or Safari).

Persistent Cookies

These cookies stay on your computer or device after your browser has been closed and last for a time specified in the cookie. We might use persistent cookies when we need to know who you are for more than one browsing session. For example, we use them to remember your preferences for the next time you visit, if you use the members area.

Strictly Necessary Cookies

These cookies let you use all the different parts of our website. Without them, services that you’ve asked for can’t be provided. Also, we may collect data from you to help us understand how you are using the website, so we can make it better.

Other Tracking Technologies

Some sites use things like web beacons, clear GIFs, page tags and web bugs to understand how people are using them and to target advertising to them.

They usually take the form of a small, transparent image that is embedded in a web page or email. They work with cookies and capture data like your IP address, when you viewed the page or email, what device you were using and where you were.

Contact details

If you have any questions about this Privacy and Cookie Policy or any data which I hold about you, please contact me:


Telephone:      +44 (0) 7839197208

Privacy policy: Text
bottom of page