Back

Privacy Notice

Introduction

This Privacy Notice applies to clients, investors, shareholders, beneficial owners, directors, officers and authorised representatives, service providers, business referrers, intermediaries and other contacts of Sevoria (whether current, prospective, declined, exited or former) and users of our website (“you” and “your” as the context permits).

Sevoria respects your privacy and is committed to protecting your personal data. This Privacy Notice sets out how we obtain and use personal data about you before and after your relationship with us, in accordance with the Data Protection (Bailiwick of Guernsey) Law, 2017 (“DP Law”) and in accordance with the European Union General Data Protection Regulation (2016/679) (“GDPR”). We may update this Privacy Notice from time to time and a copy of the current version is available on our website www.sevoria.group.

Sevoria is a “data controller”. This means that we are responsible for deciding how we hold and use your personal data. We are required under the data protection legislation detailed above to notify you of the information contained in this Privacy Notice.

Any questions in relation to this Privacy Notice or requests in respect of personal data should be directed to dataprivacy@sevoria.group in the first instance.

Who we are

Sevoria Limited is a corporate services provider and fund administrator regulated by the Guernsey Financial Services Commission. Sevoria and “we”/”us”/”our” for the purposes of this Privacy Notice includes Sevoria Limited and its subsidiary companies (as set out in the section below titled “Sevoria entities”). Sevoria Limited is the primary data controller responsible for the personal data we collect and process in connection with the services we provide.

We use selected cloud-based systems operated by reputable third-party providers to manage and store personal data, which may be hosted and/or processed in Guernsey, the United Kingdom, the European Economic Area or in other jurisdictions recognised as providing an adequate level of protection.

Inaccurate or amended information

It is important that the personal data we hold about you is accurate and up to date. Please let us know as soon as possible if any of your personal information changes (including your correspondence details). If you fail to provide certain personal information to us or fail to notify us when information provided has been updated, we may not be able to fulfil the contract we have entered into for you, or on your behalf, or to provide the services requested or we may be prevented from complying with our legal obligations.

The data we collect, store and use

Personal data, or personal information, means any information about an individual from which the person can be identified. It does not include data where the identity has been removed (anonymous data). We may collect, use, store and transfer various types of personal data about you, grouped together as follows:

  • Identity data including title, first name, middle name(s), last name, former name(s), aliases or similar identifiers, marital status, the identity of your spouse, the number of children you have and other family relationships, gender, date of birth, place of birth, nationality(ies), country of residence, your professional and employment information and history, details of directorships and other offices you may hold, politically exposed person status and connections, passport number, driving licence ID number, tax status, tax residency and identification number(s).
  • Contact data including residential address, postal address, billing address, e-mail address, telephone numbers and other contact information.
  • Financial data including bank details and credit history, payment card details, income, details of your assets, source of wealth, source of funds, shareholdings and beneficial interest in assets, tax related information, details of criminal convictions (where permitted by law) and disqualifications, history of bankruptcy and details of investigations by a formal official body and/or if you are named on a sanctions list, details of involvement in high-risk or high-profile activities.
  • Transaction data including details about payments to and from you and other details of services you have engaged us for.
  • Technical data including internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website.
  • Marketing and communications data including your preferences in receiving marketing from us and your communication preferences.

This list is not exhaustive and we may collect personal data not detailed above.

We may also collect, store and use Special Category Data. Special Category Data requires a higher level of protection and will only be processed where we have received explicit consent or the processing is necessary for compliance with a legal obligation. We may collect:

  • data relating to a person’s racial or ethnic origin or political opinion;
  • biometric data via your optional use of the biometric ID verification feature in Mesh ID, our onboarding system. Your explicit consent is required to process your biometric data via Mesh ID, which is offered as a secure, quick and convenient way to verify your identity. You are under no obligation to use this feature and have your biometric data processed; and
  • data relating to a person’s criminal record or alleged criminal activity.

How is your personal data collected?

We collect your personal information from the following sources:

  • Directly – you may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by email, telephone, post, in person or otherwise. This includes personal data you provide when you:
    • contact us with a view to establishing a business relationship;
    • apply for our services;
    • engage in a business relationship with us; and
    • respond to requests from us for due diligence information and documentation in connection with prospective or existing client relationships.
  • Automated technologies or interactions – as you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies.
  • Third parties and publicly available sources – we may receive personal data about you from various third parties (including someone acting as your representative) as follows:
    • your employer, or any entity on which you are appointed as a corporate officer;
    • entities or structures in which you or someone connected to you has an interest;
    • your legal and/or financial advisers;
    • other financial institutions who hold and process your personal data;
    • Credit reference agencies and due diligence, risk assessment and screening service providers, financial crime databases and from the public domain; and
    • Identity and Contact Data from publicly available sources such company registries and electoral registers.
  • Other sources – where applicable, we may receive personal data about you through Closed Circuit Television and swipe card systems when you visit our offices in person.

How we use your information

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Where we need to perform the contract we are about to enter into or have entered into with you, or with an entity in which you have an interest.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where we need to comply with a legal or regulatory obligation.

Purpose for which we use your personal data

The table below sets out the ways we plan to use your personal data and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Note that we may process your personal data on more than one legal ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.

Purpose/ActivityType of dataLawful basis for processing including basis of legitimate interest
To register you as a new customer, or potential new customer, when you engage with us in respect of the provision of services
  • Identity
  • Contact
  • Necessary for our legitimate interests (to stay in contact with you through the potential new business process).
  • Necessary to comply with a legal obligation.
To onboard you as a customer and undertake compliance, customer due diligence and risk assessment checks such as identification and verification checks to enable us to comply with our anti-money laundering, counter terrorist financing and counter proliferation financing obligations and for the purposes of crime and fraud prevention
  • Identity
  • Contact
  • Financial
  • Transaction
 Necessary to comply with a legal obligation.
To provide corporate management and administration services, and fund administration services, including company secretarial, governance, bookkeeping and accounting services
  • Identity
  • Contact
  • Financial
  • Transaction
 To perform a contract as a service provider.
To administer any contract we have entered into with you or where you are a party related to an entity for which we are contracted to provide services (including managing payments, fees and charges, collecting money owed to us and enforcing any rights under the contract).
  • Identity
  • Contact
  • Financial
  • Transaction
  • To perform a contract as a service provider
  • Necessary for our legitimate interests
Making arrangements for the termination of our business relationship
  • Identity
  • Contact
  • Financial
  • Transaction
 To perform a contract (to conclude the contract and seek to ensure that business relationships are terminated efficiently and effectively).
Managing our client, intermediary and other business relationships
  • Identity
  • Contact
  • Financial
  • Transaction
  • To perform a contract
  • Necessary for our legitimate interests (seeking to ensure that our client, intermediary and other business relationships are conducted efficiently with a view to enhancing business services).
To obtain legal and/or tax advice or representation
  • Identity
  • Contact
  • Financial
  • Transaction
 To perform a contract (to seek to ensure that our clients are able to engage relevant tax or legal advisers and/or representation).
To ensure the security of Sevoria systems and staff and to prevent fraud.
  • Identity
  • Contact
  • Financial
  • Technical
  • Necessary for our legitimate interests (protecting systems and staff from being misused or the victim of criminal activity)
  • Necessary to comply with a legal obligation
To provide you with information, invite you to events and make suggestions and recommendations to you about services that may be of interest to you.
  • Identity
  • Contact
  • Technical
  • Marketing & Communications
 Necessary for our legitimate interests (to develop our products/services, enhance client, intermediary and other business relationships and grow our business).

Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data in compliance with the above policies without your knowledge or consent where this is required or permitted by law.

How and why we share your information

We may share personal information with third parties, including third party service providers, where it is

  • required by law;
  • necessary to administer our business relationship;
  • necessary to fulfil a contract;
  • necessary for us to provide the services to you; or
  • where we have another legitimate interest in doing so.

The following are potential recipients of personal data (in each case including respective employees, directors and officers):

  • Sub-contractors, suppliers, agents, consultants, or service providers such as software/hosting providers, insurance brokers, compliance and IT firms;
  • Bankers, auditors, accountants, investment brokers, managers or advisers, legal and other professional advisers of Sevoria or its clients;
  • Company formation agencies and registries;
  • Land or property agents and registries;
  • Guernsey and overseas regulators, or other government or supervisory bodies and tax authorities when required by law;
  • Law enforcement agencies where considered necessary for Sevoria to fulfil its legal obligations.
  • In the event of a sale, merger, re-organisation or transfer of business assets, personal data may be transferred to the successor entity (subject to appropriate safeguards).

When Sevoria engages a third party to process your personal data, we will require them to process it in accordance with our instructions and protect the data against unauthorized or accidental use, access, disclosure, loss or destruction. We do not allow them to use your personal data for their own purposes. They will only be permitted to process your personal data for a specified purpose and in accordance with our instructions. When they no longer need to process your personal data to fulfil the contract, they must transfer the data back to us and/or destroy or delete any data held by them in accordance with our instructions.

International transfers

Where we transfer your personal information outside of Guernsey and the European Economic Area (the "EEA"), we will ensure that it is protected and transferred in a manner consistent with legal requirements applicable to the information. This can be done in several different ways, for instance:

  • The country to which we send the personal information may have been assessed by the European Commission ("EC") as providing an "adequate" level of protection for personal data (this includes Guernsey, Jersey, the UK and the Isle of Man).
  • The recipient may have signed a contract based on standard contractual clauses approved by the EC.

In other circumstances, the law may permit us to transfer your personal information outside the EEA. In all cases, however, any transfer of your personal information will be compliant with applicable data protection law.

Data Security

We have put in place appropriate security measures (including physical, electronic and procedural measures) to prevent your personal data from being accidentally lost, altered, disclosed, used or accessed without authorisation. In addition, we restrict access to your personal data to those employees, agents, contractors, consultants and third parties who have a business need to access the data. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have in place procedures to deal with any suspected data security breach and will notify you and/or any applicable regulator of an actual or suspected breach where we are legally obliged to do so.

Data Retention

We will only retain your personal data for as long as necessary to fulfil the purposes (set out above) for which we collected it, including for the purposes of satisfying any legal, accounting or reporting requirements. Details of retention periods for different aspects of your personal data are available in our retention policy, which can be requested from the Data Protection Representative or your usual relationship contact. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential for harm from unauthorised use or disclosure of the data, the purposes for which we process the personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Once our business relationship ends, we will retain and securely destroy your personal data in accordance with our record retention policy, applicable legislation and/or regulatory requirements.

In some circumstances you can ask us to delete your data: see Request erasure below for further information. When digital records are erased, an offline archive may continue to exist within our backup library. It is our policy not to restore any individual’s data for which the “right to be forgotten” has been exercised.

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

Data Subject Rights

As a data subject, you have certain rights in respect of your personal data, as follows:

  • Right of access – to request a copy of personal data we hold about you and to check that we are lawfully processing that data.
  • Right of rectification – to correct data we hold about you which is inaccurate or incomplete.
  • Right of erasure – to ask us to delete or remove personal data where there is no good reason for us to continue to process it.
  • Right to restrict processing – to ask us to suspend the processing of your personal data, for example, if you want us to establish its accuracy or the reasons for processing it.
  • Right to object – to object to certain types of processing, including direct marketing. You also have the right to ask us to delete or remove personal data where you have exercised your right to object.
  • Right to withdraw consent – where we are processing your data on the basis of your consent, you have the right to withdraw that consent at any time.
  • Right of portability – to ask us to provide your personal data to you or another controller in a structured, machine-readable format.
  • Right not to be subject to automated decision-making or profiling – Sevoria does not currently undertake any automated decision-making or profiling.

Exercising your rights

If you wish to exercise any of the rights set out above, please contact us at dataprivacy@sevoria.group and clearly identify who you are.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

You will not usually have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

Status

This Privacy Notice sets out our current policy as regards the maintenance and processing of personal data. It does not form, and should in no way be construed as, a contract and no contractual rights or causes of action shall arise in relation to or in consequence of the content of this Privacy Notice.

Third party links

Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

Changes to this Privacy Notice

We keep this Privacy Notice under review and any updates will appear on our website www.sevoria.group. We last updated this policy on 15 April 2026.

Contact Details

Sevoria has a Data Protection Representative and all enquiries in respect of this Privacy Notice, any complaints about the way in which your personal data is being processed, or any request to exercise any of the rights set out above should be directed to the Data Protection Representative via email at dataprivacy@sevoria.group or by post to Suite 03-02, Mill Place, Rue du Pre, St Peter Port, Guernsey GY1 1LT.

Complaints

If you wish to make a complaint about how your personal data is being processed or how your complaint has been handled, you have the right to lodge a complaint directly with the Office of the Data Protection Authority via the website www.odpa.gg or via email info@odpa.gg or by post to The Office of the Data Protection Authority at Block A, Lefebvre Court, Lefebvre Street, St Peter Port GY1 2JP.

Sevoria entities

Sevoria Limited is a non-cellular company limited by shares, registered in Guernsey with registration number CMP74747 and registered office situated at Mill Place, Rue due Pre, St Peter Port, Guernsey GY1 1LT. Sevoria is registered under the Data Protection (Bailiwick of Guernsey) Law, 2017 with registration number DPA11470.

Sevoria Limited has two wholly owned subsidiaries, SV Directors Limited and BH Nominees Limited, which are each a non-cellular company limited by shares, registered in Guernsey with registration number CMP77145 and CMP77146 respectively. The registered office address of both companies is the same as Sevoria Limited.

Sevoria Limited is licensed and regulated by the Guernsey Financial Services Commission (GFSC Reference 3084435) under The Regulation of Fiduciaries, Administration Businesses and Company Directors, etc. (Bailiwick of Guernsey) Law, 2020 (“Fiduciary Law”) and The Protection of Investors (Bailiwick of Guernsey) Law, 2020. SV Directors Limited (GFSC Reference 3084437) and BH Nominees Limited (GFSC Reference 3084438) are secondary licensees under the Fiduciary Law.