Contact details:

Data Controller – The Jersey Charity Commissioner (JCC)
Data Protection Officer – Head of Office tel: 01534 760810

Email: info@charitycommissioner.je  with ‘Subject Access Request’ in the subject.
OR write to Office of the Jersey Charity Commissioner, Office 3, Cumulus 1, Forum 3, Grenville Street, St Helier Jersey JE2 4UF

Jersey Office of the Information Commissioner’s Registration Number – 58407

1. Introduction

The Office of the Jersey Charity Commissioner (JCC) is established by the Charities (Jersey) Law 2014 (CJL 2014) as a corporation sole, independent of both the Ministry and the legislature. This notice tells you what to expect when the JCC collects personal information. Any personal information collected by the JCC will be used in accordance with the Data Protection (Jersey) Law 2018 and our Data Protection Policy.  

We are committed to respecting your privacy and protecting your personal information in line with the requirements of the Data Protection (Jersey) Law 2018 (DPJL 2018).

In this notice we help you understand what steps we take with respect to the collection, use and disclosure of personal information collected about you. 

2. What is personal data?

Personal data is any information about you from which you can be identified. The DPJL 2018 provides that personal data means any information which relates to a real, living person from which that person can or could be identified. Typical identifiers can include:  a name, identification number, address or other location data, an online identifier such as email address, login or profile data, ‘cookies’ or an IP address.

Other things which could allow a person to be identified include: genetic make-up (your DNA), health, economic circumstance or social, cultural, religious or political identity.

Your personal information does not include personal data where identifiers that associate that data with you have been removed. This is called pseudonymization. The JCC may use pseudonymization to inform research into the charity sector in Jersey.

JCC collects, uses and shares aggregated data such as statistical or demographic data. Aggregated data could be derived from personal data that we hold but it is not considered personal data in terms of the DPJL 2018 as this information will not directly or indirectly reveal your identity.

3. Why do we need your personal data?

JCC needs to collect the personal details of all people who are proposing to act as charity governors.  We also need a nominated Principal Contact for the charity, to whom we can send important information relating to the running of the charity, or useful information such as news about JCC guidance or events we are running.

Charities have a registered charity user on JCC’s online portal system which is used to complete annual returns, submit accounts and update charity governor details.  We hold personal data in relation to these charity users.

The first and last name of each charity governor are published on the Public Charity Register . This enhances transparency and public trust, allowing donors, funders, and the public to see who is responsible for governing each charity. Individual governors are able to apply for their name not to be published. On application the Commissioner may designate a matter as not being a public part of the register, in relation to that registered charity, if the Commissioner considers, in relation to a particular registered charity, that the safety or security of any person, property or premises would be significantly put at risk by public access to a matter entered on any section of the register in respect of that charity. 

The JCC is the registrar and regulator of all Jersey charities and is required to collect this information by law.  Without these details we would be unable to consider an application for charitable status or carry out our other regulatory tasks including making inquiries into charities.

4. Do we share your information?

The JCC may share information including personal data with another public body or office-holder to enable us to carry out our regulatory functions or to enable or assist another public body or office-holder to exercise any functions. The sharing of information with other public bodies or office-holders is permitted by Article 30-31 of the Charities (Jersey) Law 2014.

We do not share any of your information with other organisations unless we have an agreement in place and sharing is relevant to our regulatory interests. We must share a charity’s information with the Comptroller for tax purposes, although personal information is not shared as a matter of course. We must disclose information to the Jersey Financial Services Commission (JFSC) if required by the JFSC for the purpose of enabling the JFSC to discharge any of its functions under the Non-Profit Organisations (Jersey) Law 2008.

We also have Memoranda of Understanding in place with other regulators and organisations where our interests overlap, such as the Jersey Care Commission.

Any information shared with these organisations is done so in compliance with data protection and charities legislation as appropriate.

5. Information displayed on the Public Charity Register

The CJL 2014 requires the JCC to keep a public register of charities, review it from time to time, and keep it up to date. The information to be recorded and shown on the public register is:

• the name of the charity
• the name of each of its charity governors
• the principal office address or, if the charity does not have a principal office, the name and address of one of the charity governors as a principal contact
• the charity’s purposes
• certain other financial and non-financial information

Under Article 10(5) of the 2014 Law a charity [or any of its charity governors] can apply to ask us not to publish [their name], its principal office or where a charity does not have a principal office the name and address of a charity governor on the publicly available Charity Register. We can only exclude the information from the Register if publishing this information is likely to jeopardise the safety or security of any person or premises.

If you consider that a charity address [or the name of a charity governor] should not be displayed on the public register, please apply to us requesting that information is excluded.  

6. Ways we collect information

We collect information in a number of ways:

• when you visit our website (see the Cookies section below)
• when you submit annual returns
• when you apply on behalf of an organisation to become a charity
• when you apply for consent to make changes or to wind-up your charity
• when you raise a concern about a charity
• when you make a complaint or enquiry
• when making inquiries about charities or investigating potential misconduct, mismanagement or misrepresentation
• when you request information from us.

Information is used by us for the following purposes:

• to determine whether bodies are charities
• to keep a public register of charities
• to regulate charities in Jersey
• to inform investigations into allegations of misconduct, mismanagement or misrepresentation
• to develop a regime of proactive monitoring
• to encourage and facilitate compliance and best practice within charities
• to inform research into the charity sector in Jersey.

7. Will my data be secure?

We are required by legislation to ensure the ‘Integrity and Confidentiality’ of data.  This means that we must process personal data with suitable security to stop any unauthorised access to the data; making sure it’s safe from accidental loss or damage by ensuring we have sufficient technical safeguards and codes of conduct for our staff in place.    

We take security very seriously at the JCC:

• all staff complete Data Protection training annually
• we have regular cyber security checks
• we have strong security covering our systems from all points of access  
• where we have contracts with external suppliers, which mean they have access to our data, the responsibilities of the JCC and the suppliers in relation to the use and security of data are clearly stated in the contracts
• all our IT equipment including individual laptops, tablets and mobile phones are encrypted to stop any unauthorised access, particularly if they are lost or stolen
• we only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for.

8. Do I need to give consent to the use of my information?

Generally, we do not rely on consent as a legal basis for processing your personal information except where applicable law requires this – for example some marketing activities. Where you have given consent, this can be withdrawn at any time by contacting us.

We need the personal information of charity governors as part of a legal requirement to complete the Charity Application Process and JCC’s duty to keep the Public Charity Register – see Articles 8 and 10 of the 2014 Law.

We will hold the personal information for charity governors within our online portal.  The information held for each charity governor includes:

• first and last name
• known as name (if applicable)
• address
• email address
• phone number
• date of appointment and resignation (where applicable)
• whether a fit and proper person declaration has been signed
• any reportable matters relating to the governor

We also hold the principal contact details (name, address, telephone number and email address) via the portal.  Where the principal contact is a person, (some bodies use business advisors, such as Accountants as their contacts), the contact will only be sent information or news items directly related to the charity’s operational or statutory obligations.

We keep details of charity users via the portal. The information held is the users name and email address.  

The charity governor first and last names will be published on the charity’s register entry on the Public Charity Register, unless an exemption has been granted by the Charity Commissioner.

We carry out some research using information provided by charities, however personal information is not generally relevant to the research. Were any personal information to be used, research findings would be anonymised before being shared.

9. Cookies

A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.

Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.

Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.

Cookies that we use

We use cookies to help us to analyse the use and performance of our website and services.

Cookies used by our service providers

We use Google Analytics to analyse the use of our website. Google Analytics gathers information about website use by means of cookies. The information gathered relating to our website is used to create reports about the use of our website. Google’s privacy policy is available at: https://www.google.com/policies/privacy/.

Managing cookies

Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can however obtain up-to-date information about blocking and deleting cookies via these links:

(a) https://support.google.com/chrome/answer/95647?hl=en (Chrome);

(b) https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences (Firefox);

(c) http://www.opera.com/help/tutorials/security/cookies/ (Opera);

(d) https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies (Internet Explorer);

(e) https://support.apple.com/kb/PH21411 (Safari); and

(f) https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy (Edge).

Blocking all cookies will have a negative impact upon the usability of many websites.

If you block cookies, you will not be able to use all the features on our website.

10. Do you send out marketing emails?

We occasionally send emails to those people relating to pertinent issues such as changes to the law or guidance.  Those registered as principal contacts for a charity will also receive email alerts and reminders relating to the charity governor duties such as submission of annual returns and accounts and any changes in processes, regulation or other useful information related to the charity.

We will never sell your information to any third party.

11. What happens to my data when you have finished with it?

If you have provided your information in paper form, then we scan this into our electronic system and maintain the original paper copy.  When we have scanned the information, or if we have received it electronically, we keep it until the agreed retention period for the information is reached.  We carry out regular checks to ensure that we do not keep information for longer than we need it.

12. If my information is not correct can it be fixed? 

If you find the information we hold about you is not correct, then you can tell us and ask us to correct it.  We must do this as soon as possible and in any case within a month. (Exceptionally, if the correction is complicated, there is scope for us to get an additional two months to correct it – where this is the case, we will always tell you.)

If we decide not to correct it as you ask, we will tell you why and tell you what your next steps will be if you disagree with our decision. We might add a note to explain the difference in the information and we can restrict access to the information while we investigate the accuracy of it.

13. What if I don’t want you to use or hold my information anymore?

Often called the ‘Right to be forgotten’ there are a number of reasons that you can ask for the information we hold about you to be erased.  These are

(a) We no longer need the information,

(b) You have withdrawn consent and our legal grounds are no longer relevant,

(c) You have successfully objected under the law

(d) The processing was unlawful

(e) We have a legal obligation to erase it

(f) The information was processed online with parental consent.

We may not always need to comply with your request. For instance, when we still have official authority to keep the data or we are holding the information because you are bringing a legal action against us, and we need to retain it to defend the action.

When we receive a request we consider it carefully and during that time we will make your information ‘unavailable’ for use until we have made a decision. We will keep your contact details (name, address, telephone number and email address) on a Suppression List to ensure that you are not contacted by us in the future.  This file will be kept securely in our electronic records management system with limited accessibility.   

14. Getting a copy of my information – Making a Subject Access Request (SAR)

Under the DPJL 2018, individuals have a Right of Access to their personal Data. If you wish to exercise this right you can do this by making a Subject Access Request (SAR).

When making a SAR it is important for you to be aware of the following:

1. The request must be in writing to the Data Protection Officer at the address at the beginning of this guide.  A SAR can also be submitted by email to info@charitycommissioner.je, and we must respond within one month of receiving your request.  
2. Subject Access Requests will normally be free to the person asking for them. There are some circumstances when we might charge or even refuse to provide the information these are: a) the request is something which has no basis (for instance there is no reason to believe that we hold the information) or we have responded before to the same request. b) The request involves a large amount of work to check for the data and then respond to it.
3. Occasionally we might ask to you to reduce the amount of searching or data we need to look at to fit your needs.  If we refuse to provide the data we need to be able to explain to you why we refused.
4. You do not need to tell us why you are making the request, but it may be helpful for you to do so.

Before considering your request, we will ask you to confirm your identity, by providing some kind of proof, such as a copy of your passport or photo driving licence and some official letter with your address on it. If you are making a request, you may want to submit this information along with your request, to save time later.

Anyone, including children, can make a Subject Access Request under DPJL 2018, as long as it is considered that they have capacity to make the request. We will make an informed view on any SAR’s submitted by children, considering each request on a case by case basis. 

5. Someone else such as a solicitor may submit a SAR on your behalf, but we will only respond to a third party request once we are satisfied that the third party has authority to act on your behalf. This is likely to involve the third party or you being contacted by us, and asked to provide evidence of written authority for them to act for you. Since SAR’s relate to personal data, a vital part of the response process for the JCC is satisfying itself that the request is legitimate, not to do so could result in the release of personal information inappropriately, which would be in breach of the regulation and could involve the JCC being fined.
6. It might well be that some of your personal data is held in a record which includes personal data relating to other people. Where this is the case, the personal data relating to other people will not normally be given to you and any copies of documents you receive from us in our response may contain areas where the names of other people have been blanked out. Alternatively, we may extract your personal data to create a summary document we can send to you.

There are some situations when personal data about others may be included, but in general terms where third party information is involved its release will be considered on a case by case basis.

7. If your SAR is submitted electronically e.g. by email, then the response issued to you will also be sent electronically.
8. A single copy of any information held will be supplied. We may charge you for any further copies requested.
9. General information about SARs

You have the right to know if your personal data is being processed or used and our reasons for processing it. You will find what we use your information for in the sections ‘Why do we need your personal data?’ and ‘What do we do with the information?’ sections above.

The JCC does not make automated decisions about you or use personal information as part of profiling activity, if we did we will tell you about it and our reasons for doing so.

In most cases we will give you the information you ask for, or if we do withhold it we will explain why. 

The JCC as the regulator of Jersey charities can get reports of alleged criminality and other information which may lead to the apprehension or prosecution of offenders. Any information we hold which is in these categories is covered by exemptions, meaning that if we do hold it the way we deal with it is different and we do not have to disclose it or even tell you that we have it, in response to a request.

15. Can I get a digital copy of my information? 

We will always try to provide the information electronically unless you have asked for it in another format, such as paper. This does not include the right to data portability automatically as not all data held will be included in that right, we may simply hold copies of paper forms and other letters or emails which cannot be converted into the portable formats talked about in the next section.

16. What is data portability?

This means that we must be able to give you your personal data you request in a way which can be automatically read by a machine or computer. These formats must be freely available to everyone.  Data Portability only applies:-

1. to personal data an individual has provided to a controller
2. where the processing is based on the individual’s consent or for the performance of a contract; and
3. when processing is carried out by automated means.

If we do not hold your information in that format then this rule does not apply to us – meaning that if we only receive paper forms with you information on and do not do anything else with the information then we would not have to convert it later just for you.

17. What happens if you lose my information?

All organisations which process data are required to report any losses or incidents to the relevant authority, the Jersey Office of the Information Commissioner. If you need more information about what they do, the website is here at; JOIC. The report must be made within 72 hours of us finding out about the loss or incident.  Depending on the circumstances of the incident a Civil Monetary Penalty (fine) could be given to the organisation responsible for the incident.

18. Can I complain to the JOIC if I think you are using my information illegally?

Yes, you can complain to the Information Commissioner about us if you believe that we are not using the information we hold about you properly or have breached your rights.  You can find information about that at their website  Jersey Office of the Information Commissioner – Make a Complaint

19. Will I get Compensation if my data is lost or misused?

The Data Protection (Jersey) Law 2018 allows a person to seek compensation if they “suffer financial loss, distress and other adverse effects”. Generally, this would be more likely to happen if we had committed an offence under the 2018 Law or had been reckless in our approach to data security. 

Other websites

This website contains links to other sites. The JCC cannot be held responsible for the contents of any pages referenced by an external link. Please be aware that the JCC is not responsible for the privacy practices or use of cookies on other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every website that collects personal information.

This privacy policy applies solely to information collected by the JCC.

Changes to this policy

Our policy was last updated on 2 October 2025.