PRIVACY POLICY   

What is Hive Law? 

 In this privacy policy (the Policy), “Hive Law” (or “we”/”us”/”our”), refers to Hive Law Ltd, being the entity that will be responsible for processing your personal data and which is identified in the retainer with you. That retainer will be set out in an engagement letter or email and accompanying terms and conditions.   

What is this Policy about? 

Under Cayman’s Data Protection Act (Revised) (the Act), data controllers and data processors that process personal data, especially sensitive personal data, must comply with legislated data protection principles. In relation to personal data pertaining to you as the data subject, we will be the data controller and our trusted third–party service provider, Crestbridge, will be a data processor. Reflecting our commitment to protecting your personal data, the purpose of this Policy is to set out how we satisfy those principles. 

More particularly, this Policy describes how we collect, use, and store your personal information. The Act defines “personal data” as “data relating to a living individual who can be identified”, followed by some inclusive examples. Put another way, personal data is data about you or data that can be used to identify you, such as your name, address, phone number, email address, or IP address. In this Policy, “personal data” has the meaning given in the Act.  

Under the Act, certain personal data is reserved for an additional level of protection: “sensitive personal data”. Sensitive personal data of a data subject consists of (in relation to that data subject): 

• the subject’s racial or ethnic origin; 
• the subject’s political opinions;  
• the subject’s religious beliefs or other beliefs of a similar nature; 
• the subject’s trade union membership; 

• the subject’s genetic data; 
• data concerning the physical or mental health or condition of the subject; 
• the subject’s medical data; 
• data concerning the subject’s sex life; 
• data concerning commission, or alleged commission, of an offence by the subject; 

• data concerning any proceedings for any offence committed, or alleged, to have been committed by the subject, the disposal of any such proceedings or any sentence of a court in the Islands or elsewhere. 

We may collect data from you through your use of this website (the Site), when you request information from us, when you engage our services, or as a result of your relationship with one or more of our attorneys or otherwise in the course of our business. A reference in this Policy to “your personal data” includes personal data that you provide to us or data about you which we otherwise gather in the course of operating our business. 

What personal data can we collect? 

The types of personal data about you that we may collect include:  

• your identification data:  

(This class of data includes any or all of the following: your name; your passport details; your nationality; your place and date of birth; your IP address; your gender; personal data relating to claims, court cases and convictions; your politically exposed person (“PEP”) status, if any; personal data available in the public domain; and such other data/information as may be necessary for Hive Law to provide its services, and to complete its customer–due–diligence process and to discharge its anti-money–laundering (“AML”) obligations, it obligations to combat the–financing of terrorism (“CFT”), and its non-proliferation-financing obligations); 

• your contact data:  

(This class of data includes the following: your postal residential and business address; personal and business email addresses; and your home, business and mobile telephone numbers);  

• your family–relationships data:  

(This class of data may include some or all of the following: your marital status; the identity of your spouse/partner, if any; and the number of any children you have);  

• your professional and employment data:

(This class of data may include any or all of the following: your level of education and professional qualifications; details of your current employment and your employment history; your employer’s name; and details of directorships and other offices that you may hold); 

• financial data, and data about your sources of wealth and your assets:

(This class of data may include some or all of the following: details of your assets, sources of wealth, shareholdings and your beneficial interest in assets; your bank details; and your credit history);

• data about client matters:

• (This class of data comprises a wide range of personal data, including, but not limited to, the following: information about your employment, your health status; information about family issues and relationships; and information about your regulatory status).

We may also collect, and (through our trusted data processor) process, personal data regarding people connected with you, either by way of professional (or other) association or by way of family relationships. 

If you apply for a position with us, we may collect personal data relating to any or all of the following: your past employment; your professional qualifications and education; your nationality and immigration/residential status; opinions from third parties about you (such as references); and other details about you which may be gathered during the recruitment process. We may also review publicly available information about you on your social media accounts.  

Where can we collect your information?  

 We can collect your information from the following sources:  

• personal data which you give to us, such as:  

• such other forms and documents as we may request that are completed in relation to the administration/management of any of our services; 
• information gathered through client due diligence carried out as part of our compliance with regulatory requirements; and 
• any personal data provided by way of correspondence with us by phone, email or otherwise; 

• personal data we receive from third–party sources, such as: 

• our clients in connection with matters upon which we are or may be instructed (for example, where you are a counterparty to a transaction or an employee of one of our clients or where you are a witness in a dispute–resolution matter); 
• entities in which you or someone connected to you has an interest; 
• your legal and/or financial advisors; 

• financial institutions who hold and process your personal information;  
• credit–reference agencies and financial–crime databases for the purposes of complying with our regulatory requirements; and 
• personal data received in the course of dealing with advisors, regulators, official authorities and service providers by whom you are employed or engaged or for whom you act.

What personal data may we collect through our Site?  

You are not required to provide any personal data on the public areas of our Site; however, you may choose to do so by completing any of the forms that are included on the following pages (or similar pages):

• homepage; and  
• contact us.  

In addition to the data you knowingly provide, we collect the domain names and IP addresses of our visitors, along with usage statistics, analytics and browsing history. This data is used to promote our services. Please see our Cookies Policy for more details about this. You may also provide us with personal data if you contact us by email, telephone or letter.  

How may we use your information?  

We are committed to protecting and respecting your privacy. We provide legal and other professional services to our clients, and we use your personal data for those purposes. Normally the purposes for which we use your personal data will be clear when we collect that data. We will not use your personal data for purposes that are not clear when we collect that data; and we will only use your personal data for one or more of the following purposes:  

• to provide our legal and other services to you and/or to improve those services; 
• to conduct administrative or operational processes within our business; 
• to compile anonymous statistics, for example, website–usage statistics; 

• to perform a contract that we may have with you; 
• to comply with our legal and regulatory obligations; 
• to establish, exercise or defend the legal rights of Hive Law and/or for the purpose of legal proceedings; 
• to process and respond to requests, enquiries or complaints received from you or someone connected to you; 
• to send you marketing material (e.g., client briefings and legal updates); 

• to provide you with personalised content; 
• to invite you to events; 
• to review and process your application should you apply for a position with us; and 
• for other legitimate business purposes. 

How, and why, may we share your personal data?  

Your personal data may be transferred to locations outside the Cayman Islands as well as within the Islands for any of the purposes described above. We may also share your personal data outside Hive Law. This may include disclosures such as any of the following:  

• to third–party agents, suppliers or contractors, in connection with the processing of your personal any for any of the purposes described in this Policy, which may include but is not limited to:  

• our trusted data processors; 
• IT and communications service providers; and 
• our own advisers, such as auditors and accountants, and any external legal advisors that we may instruct from time to time; 

• to third parties relevant to the legal and other services that we provide, which may include, but is not limited to, the following: (i) counterparties to transactions or litigation (including law firms acting for other parties); (ii) other professional service providers; (iii) regulators; (iv) law–enforcement agencies: (v) governmental institutions; and (vi) tribunals and courts; and

• to the extent required by law, regulation or court order (for example, if we are under a duty to disclose your personal information in order to comply with any legal obligation such as our AML/CFT obligations).

We may also disclose your personal information for the purposes of seeking references and confirming the details that you have provided should you apply for a position with us.

Under what circumstances may we make international transfers of your personal data? 

Where we transfer your personal data outside the Cayman Islands, we will ensure that it is protected and transferred in a manner consistent with legal requirements applicable to the data. This can be done in a number of different ways.  

For instance, we may send the data to a country in the European Economic Area (the EEA) that is protected by the EU’s stringent data-protection regulation, currently the General Data Protection Regulation (679/2016/EU) (GDPR). Alternatively:  

• the country to which we send your personal data may have been assessed by the European Commission as providing an “adequate” level of protection for personal information; and  
• the recipient may have signed a contract based on standard contractual clauses approved by the European Commission. 

In other circumstances, the law may permit us to otherwise transfer your personal information outside the Cayman Islands. In all cases, however, any transfer of your personal data will be compliant with applicable data–protection law.    

What is our policy regarding direct marketing?

We may ask whether you wish to receive marketing from us, and this will be presented to you as an option on the relevant application form or page on our website where necessary. We may also contact you by email or other means to inform you about other services or events which may be of interest to you. You have the right at any time to stop us from contacting you for marketing purposes. If you wish to do so, please either unsubscribe or contact admin@hivelaw.ky   

What is our policy regarding retention of personal data and its security?  

Your personal information will be retained for as long as required:

• for the purposes for which the personal information was collected; 
• in order to establish or defend legal rights or obligations or to satisfy any reporting or accounting obligations; 
• as required by data–protection laws and any other applicable laws or regulatory requirements.

We will ensure that the personal information that we hold is subject to appropriate security measures.

What rights do you have in relation to your personal data?

Under the Act, you have certain legal rights in respect of your personal data. These rights (some of which are subject to certain exemptions and conditions) include:

• the right to access your personal data and to and to obtain information about how we process it; 
• the right to object to the processing of, or restrict the processing of, your personal data. We may continue to process your data if we have another legitimate reason or legal obligation for doing so;  
• in some circumstances, the right to receive certain data you have provided to us in an electronic format and/or request that we transmit it to a third party; 
• the right to request that we rectify your personal data if it is inaccurate or incomplete; 
• in some circumstances, the right to request that we erase your personal data. We may continue to retain your data if we are entitled or required to retain it; 

• the right to withdraw your consent previously given to processing of your personal data; and  
• the right to request the transfer of your personal data to another party.

If you choose not to provide any personal data or to exercise one or more of the rights above to restrict the processing of your personal data, this may restrict the services which Hive Law is able to provide or we may have to decline to act on your behalf.

If you wish to exercise any of the rights set out above, please contact our group information security and data protection officer at dataprotection@hivelaw.ky

You also have the right to lodge a complaint about the processing of your personal data, either with us or with the data protection authority listed below.

Inaccurate or amended information

Please let us know as soon as possible if any of your personal data changes (including your correspondence details). Failure to provide accurate data or to update data when it changes may have a detrimental impact upon our ability to provide services to you.

Questions and contact information

If you have any questions in relation to this Policy, please contact Hive Law’s information–security–and–data–protection officer by emailing dataprotection@hivelaw.ky

 Changes to this Policy

This Policy may be updated from time to time. Any updates will be published on our website at www.hivelaw.ky

We last updated this Policy on 1 March 2024