Privacy Notice


Your privacy is very important to us. This notice (this “Privacy Notice”) is provided by HighWater Limited (“HighWater”) and sets forth our policies for the collection, use, storage, sharing, disclosure (collectively, “processing”) and protection of personal data relating to current, prospective and former clients, as applicable. References to “you” or a “client” in this Privacy Notice means any client who is an individual, or any individual connected with a client who is a legal person, as applicable.

Who to Contact About This Privacy Notice

If you have any concerns about the Privacy Notice, please contact our Compliance Officer, Ms. Jessica Anderson on or by writing to the following address – P.O. Box 30599, Grand Cayman, Cayman Islands, KY1-1203 for any questions about this Privacy Notice or requests with regards to the personal data we hold. 

This Privacy Notice is being provided in accordance with the Cayman Islands Data Protection Law 2017 (the “Data Protection Law”). The Data Protection Law comes into effect on 30 September 2019. Under the Data Protection Law, HighWater is considered to be a ‘data controller’ in respect of any personal information we hold about you. This means that HighWater determines the purposes and the means of the processing of your personal information.

The Types of Personal Data We May Collect and Use

The categories of personal data we may collect include names, residential or business addresses, or other contact details, signature, nationality, passport number, date of birth, place of birth, photographs, copies of identification documents, or other personal information that may be requested from time to time to meet regulatory requirements or other requests from special regulatory bodies or agencies

How We Collect Personal Data

We may collect personal data about you through: (i) information provided directly to us by you, or another person on your behalf; and (ii) information that we obtain in relation to any transactions between you and us in the normal course of business and in meeting our regulatory obligations. 

We also may receive your personal information from third parties or other sources, such as publicly accessible databases or registers, tax authorities, governmental agencies and supervisory authorities, regulatory bodies, credit agencies, fraud prevention and detection agencies, or other publicly accessible sources, such as the Internet.

How We May Use Personal Information

We may process your personal data  in line with our business relationship with you, and in complying with applicable legal or regulatory requirements to which we are bound (including anti-money laundering, fraud prevention, tax reporting, sanctions compliance, or responding to requests for information from supervisory authorities, or law enforcement agencies). 

With respect to our business relationship with you, we will acquire, process, store and where applicable, disseminate, your personal data in accordance with our Director Services Agreement and the ancillary services we provide. We are also required to comply with all legal and regulatory obligations applicable to us; and this may result in your personal data being provided to various regulatory and statutory bodies, law enforcement agencies, respond to court orders and our insurance provider. We will also release information about you if you direct us to do so.

Due to the international nature of our business, your personal data may be transferred to jurisdictions that do not offer equivalent protection to personal data as under the Data Protection Law. In such cases we will process personal data in accordance with the requirements of the Data Protection Law.

What are the Consequences of Failing to Provide Personal Information

Where personal data is required to satisfy a statutory obligation (including compliance with applicable anti-money laundering or sanctions requirements) or a contractual requirement, failure to provide such information may result in HighWater being unable to accept you as a client. Where there is suspicion of unlawful activity, failure to provide personal data may result in the submission of a report to the relevant law enforcement agency or supervisory authority.

Retention Periods and Security Measures

We will not retain personal data for longer than is necessary in relation to the purpose for which it is collected. Your personal data will be retained for the duration of your period as a client and for any relevant period for the purpose of compliance with applicable law in the Cayman Islands. From time to time, we will review the purpose for which personal data has been collected and decide whether to retain it or to delete if it no longer serves any purpose to us.

As data controller, we have taken steps to safeguard your personal information from unauthorised access and use. These measures include various computer, file and physical safeguards. 

We will notify you of any material personal data breaches affecting you in accordance with the requirements of the Data Protection Law.

Your Rights Under the Data Protection Law

You have certain rights under the Data Protection Law, including: (i) the right to be informed; (ii) the right of access; (iii) the right to rectification; (iv) the right to stop or restrict processing; (v) the right to stop direct marketing; (vi) rights in relation to automated decision making; (vii) the right to seek compensation; and (viii) the right to complain to the supervisory authority. A complaint may be lodged with the Office of the Ombudsman in the Cayman Islands. Please use the contact details under Who to Contact About This Privacy Notice if you wish to exercise these rights.