Privacy Notice

TenTrinity (Guernsey) Ltd

1. About this notice

This privacy notice (the “Notice”) explains how TenTrinity (Guernsey) Ltd (the “Company”, “we”, “us”, or “our”), a non-cellular company limited by shares incorporated under the laws of the Bailiwick of Guernsey under company registration number CMP76555 (formerly known as Quadret Holding Limited), with its registered office at Suite G, St Peter Port House, Sausmarez Street, St Peter Port, Guernsey GY1 2PT, Channel Islands, collects, uses, retains, transfers, discloses, and otherwise processes personal data in connection with:

(a) the website at tentrinity.group (the “Website”);

(b) any inquiry, application, or communication you submit to us through the Website or otherwise; and

(c) any business relationship, prospective business relationship, or counterparty engagement between you (or the entity you represent) and the Company.

“TenTrinity Group” is a trading name and brand of the Company and not a separate legal entity. The Company may carry on and present distinct lines of business under brand divisions; no such brand division has separate legal personality. All processing of personal data described in this Notice is carried out by the Company in its own capacity, regardless of the trading name or brand division under which any communication is presented.

This Notice should be read together with the Legal Notice and Important Information and the Terms of Use published on the Website.

2. Data controller

The Company is the data controller (or, where the United Kingdom General Data Protection Regulation or Regulation (EU) 2016/679 applies, the “controller”) in respect of the personal data processed as described in this Notice.

We process personal data in accordance with the Data Protection (Bailiwick of Guernsey) Law, 2017 (the “Guernsey Data Protection Law”) as the primary applicable regime. Where the United Kingdom General Data Protection Regulation, the EU General Data Protection Regulation (Regulation (EU) 2016/679), the Swiss Federal Act on Data Protection, the Brazilian Lei Geral de Proteção de Dados, the California Consumer Privacy Act as amended by the California Privacy Rights Act, the Personal Information Protection Law of the People’s Republic of China, the Personal Information Protection Act of the Republic of Korea, or any other data protection law applies to a given processing activity, we will comply with that law to the extent of its applicability.

The supervisory authority for the Guernsey Data Protection Law is the Office of the Data Protection Authority of the Bailiwick of Guernsey.

For all matters relating to your personal data, including the exercise of the rights described in section 10 of this Notice, please contact us using the details set out in section 16.

3. Personal data we collect

The personal data we collect about you depends on the nature of your interaction with the Company. The categories of personal data we may collect are as follows.

3.1 Information you provide to us through the Website

When you submit an inquiry through the engage form on the Website, you may provide:

(a) identification data, including your name, the organisation you represent (if any), and your job title or role;

(b) contact data, including your email address, telephone number, and country of operation;

(c) commercial context data, including the nature and indicative scale of your interest in our activities, the matters in respect of which you wish to begin a conversation, and any indication you provide as to your willingness to enter a non-disclosure or non-circumvention arrangement; and

(d) the free-text content of any message you submit.

You are responsible for ensuring that any personal data you submit about persons other than yourself, including colleagues, advisers, or beneficial owners of the organisation you represent, has been provided to us with the authority of those persons and on the basis of a fair processing notice provided to those persons.

3.2 Information you provide to us outside the Website

Where you communicate with the Company by email, telephone, video conference, in person, or through other channels, we may collect any personal data that you provide in the course of that communication, including content of correspondence, meeting notes, and records of telephone conversations.

3.3 Information collected through customer due diligence

Where the Company enters or proposes to enter a business relationship with you or the entity you represent, we may collect personal data necessary for the Company to discharge its obligations under applicable anti-money-laundering, counter-terrorism-financing, sanctions, anti-bribery, and tax-reporting laws. This may include:

(a) identification documents, including passport, national identity card, or driving licence;

(b) proof of residential address;

(d) nationality and tax residency;

(e) source-of-funds and source-of-wealth information;

(f) beneficial ownership and control information in respect of any entity you represent;

(g) information from politically-exposed-person, sanctions, and adverse-media screening databases; and

(h) any further information reasonably requested by the Company or by its fiduciary, administrator, or external counsel.

3.4 Information collected automatically through the Website

When you access the Website, we and our service providers may automatically collect certain technical data, including:

(a) your internet protocol (IP) address, in truncated or full form;

(b) the type and version of the browser and operating system you use;

(d) the pages of the Website you access and the referring URL;

(e) approximate geographic location derived from your IP address; and

(f) cookie identifiers and similar device-level identifiers, as described in section 12.

The Website uses Vercel Web Analytics, a cookieless, privacy-preserving analytics product operated by Vercel Inc. on our behalf. The product records page views, referrers, and approximate geographic location derived from your IP address; it does not set persistent identifiers in your browser, does not track you across other websites, and does not feed any advertising network. Vercel processes this information as our processor under written terms. The Website does not use any other third-party analytics service and does not use advertising services. If we introduce additional services in future, this Notice will be updated.

3.5 Information from third parties

We may receive personal data about you from third parties in limited circumstances, including:

(a) introducers, advisers, or other counterparties who introduce you to the Company;

(b) public sources, including company registries, sanctions lists, regulatory registers, and credible news media;

(d) our fiduciary, administrator, banker, or external counsel in the course of customer due diligence and transaction execution.

3.6 Consent records

We record your acceptance of our Terms of Use, this Privacy Notice, and the Legal Notice, including the means of acceptance, the timestamp, the version of the documents then in force, the apparent jurisdiction of your access, and limited technical metadata sufficient to evidence that acceptance was given. The retention period for these consent records is described in section 11.

4. Categories of special data

The Company does not seek to collect special category personal data (which under the EU GDPR and UK GDPR includes data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health, or data concerning sex life or sexual orientation), nor personal data relating to criminal convictions and offences, save where:

(a) such data is unavoidably disclosed to us in the course of customer due diligence (for example, where adverse media screening reveals an allegation of criminal conduct against a beneficial owner);

(b) you voluntarily provide such data in the free-text content of a message; or

(c) you provide equal-opportunities monitoring data in the course of an application for employment, in which case we process such data only on the legal basis described in section 8 and only with your separate explicit consent.

Where we process such data, we do so on the legal bases described in section 6 and in compliance with the additional safeguards required by the Guernsey Data Protection Law and, where applicable, the UK GDPR or the EU GDPR.

5. Purposes for which we process personal data

We process personal data for the following purposes:

(a) to operate, maintain, secure, and improve the Website;

(b) to respond to inquiries submitted through the Website or by other means;

(d) to perform contracts to which you or the entity you represent are party;

(e) to conduct customer due diligence and ongoing monitoring of business relationships in accordance with applicable anti-money-laundering, counter-terrorism-financing, sanctions, anti-bribery, and tax-reporting laws;

(f) to discharge regulatory and other legal obligations to which the Company is subject in Guernsey and in any other jurisdiction whose laws apply to the relevant processing;

(g) to communicate with you in respect of our activities, including the publication of research, market commentary, and operational updates, where you have indicated that you wish to receive such communications or where we have a legitimate interest in providing them to you in the context of an existing or prospective business relationship;

(h) to manage and develop the Company’s business, including risk management, internal reporting, audit, financial accounting, and strategic planning;

(i) to defend or pursue legal claims, to enforce our contractual rights, and to seek legal advice;

(j) to comply with requests, orders, and binding directions from courts, regulators, tax authorities, law enforcement authorities, and other competent public authorities in Guernsey and in any other jurisdiction whose laws apply; and

(k) to consider candidates and prospective employees, on the basis described in section 8.

6. Legal bases for processing

Under the Guernsey Data Protection Law, the UK GDPR, and the EU GDPR (where applicable), we must have a lawful basis for each act of processing. The lawful bases we rely on are as follows.

6.1 Performance of a contract or steps prior to entering a contract

Where you have asked us to take steps with a view to entering a contract, or where processing is necessary to perform a contract to which you or the entity you represent are party. This basis is principally relevant to the processing described in section 5(b), 5(c), and 5(d).

6.2 Compliance with a legal obligation

Where we are required by law to process the personal data. This basis is principally relevant to the processing described in section 5(e), 5(f), 5(i), and 5(j), and applies to legal obligations under the law of Guernsey and, where the relevant processing is in scope, under the law of any other jurisdiction to which the Company is subject in respect of that processing.

6.3 Legitimate interests

Where the processing is necessary for the legitimate interests pursued by the Company or by a third party, and those interests are not overridden by your interests, rights, or freedoms. We rely on this basis for the processing described in section 5(a), 5(g), 5(h), and 5(i). The legitimate interests we rely on include:

(a) operating, securing, and improving the Website;

(b) developing the Company’s business and managing the Company’s commercial relationships;

(c) communicating with prospective and existing counterparties in a manner consistent with our institutional positioning;

(d) protecting the Company against fraud, financial crime, and reputational risk; and

(e) defending the Company’s legal rights.

Where we rely on legitimate interests, we have conducted a balancing assessment to satisfy ourselves that our interests are not overridden by your interests, rights, or freedoms. You may request further information about that assessment by contacting us using the details in section 16.

6.4 Consent

Where you have provided your specific, informed, and unambiguous consent to a particular act of processing. Where we rely on consent, we will tell you at the point of collection, and you may withdraw your consent at any time without affecting the lawfulness of processing carried out on the basis of your consent before its withdrawal.

6.5 Substantial public interest, vital interests, or other lawful bases

In rare circumstances, we may process personal data on other lawful bases recognised by the Guernsey Data Protection Law, the UK GDPR, or the EU GDPR.

7. Disclosure of personal data to third parties

The Company does not sell personal data and does not disclose personal data to third parties for direct marketing purposes.

We may, however, disclose personal data to the following categories of recipient where necessary for the purposes described in section 5 and on the legal bases described in section 6:

(a) our fiduciary, corporate administrator, banker, custodian, and registry-account provider, in each case in their capacity as service providers to the Company;

(b) our external counsel, accountants, auditors, and other professional advisers, in each case under duties of professional confidentiality;

(c) commercial due-diligence service providers, sanctions-screening database providers, and adverse-media screening service providers;

(d) information-technology service providers that host or maintain the Website, our email systems, our customer-relationship-management system, and our internal document management system, in each case under written processing terms that meet the requirements of applicable data protection law;

(e) introducers, advisers, and counterparties with whom we are engaged on a particular transaction or mandate, where disclosure is necessary for the purposes of that transaction or mandate and where you have authorised, or would reasonably be expected to have authorised, the disclosure;

(f) actual or proposed assignees, transferees, purchasers, or successors of all or part of the Company’s business, and their professional advisers;

(g) courts, regulators, tax authorities, law enforcement authorities, and other competent public authorities, where disclosure is required by law, by binding direction, or in order to defend our legal rights; and

(h) any other third party to whom disclosure is required by law or to whom you have consented to disclosure.

Where we engage a third-party service provider that processes personal data on our behalf, we enter written terms with that provider that comply with the requirements of the Guernsey Data Protection Law and, where applicable, the UK GDPR or the EU GDPR, and we take reasonable steps to satisfy ourselves that the provider has implemented appropriate technical and organisational security measures.

8. Candidates and prospective employees

This section supplements the general Privacy Notice in respect of personal data we process about candidates and prospective employees who apply for a role with us or who are otherwise considered for employment.

We process the following additional categories of personal data about candidates: contact and identification data; the contents of the application (curriculum vitae, cover letter, work samples, responses to application questions); right-to-work documentation; the outcomes of pre-employment checks (identity verification, sanctions and politically-exposed-persons screening, adverse-media screening, professional and regulatory references, and, where required by the role, criminal record and credit checks); equal opportunities monitoring data (only where you have provided this and have given your separate explicit consent); records of interviews and assessments; and, on completion of the application process, records of the outcome.

The legal bases on which we process candidate personal data are:

(i) steps taken at your request prior to entering into a contract (the consideration of your application);

(ii) our legitimate interests in identifying, screening, and selecting suitable individuals for engagement with us, and in maintaining records of the application process for the purposes of legal defence, regulatory enquiry, and equal-opportunities monitoring on an aggregated basis;

(iii) compliance with legal obligations, including verification of right to work and the screening obligations applicable to regulated functions;

(iv) for equal opportunities monitoring data only, your explicit consent under Article 9(2)(a) of the UK GDPR and the EU GDPR and the equivalent provisions of the Guernsey DPL;

(v) for talent-pool retention only, your explicit consent to the extended retention.

We share candidate personal data with our directors and authorised employees on a need-to-know basis; with professional advisers and recruitment partners engaged to support the recruitment process; with screening, identity-verification, and reference-checking service providers; and with regulators or law-enforcement authorities where required.

We retain candidate personal data for the following periods:

if your application is unsuccessful and you have not consented to talent-pool retention: six months from the date of decision, after which the application materials are deleted or anonymised except as required for legal-defence or regulatory purposes;

if your application is unsuccessful and you have consented to talent-pool retention: up to twenty-four months from the date of decision, after which the materials are deleted unless you renew your consent;

if your application is successful: your candidate file is transferred to your employee file and retained in accordance with our employee data retention policy;

equal opportunities monitoring data, where consented to, is held only in aggregated, anonymised form for reporting and is deleted in its identified form once aggregation is complete.

You have the rights set out in section 10 of this Notice. The right to withdraw consent applies in particular to the equal opportunities monitoring data and to the talent-pool retention. Withdrawal of either does not affect the lawfulness of any processing carried out before the withdrawal. To withdraw consent, please email privacy@tentrinity.group, citing the role applied for and the consent you wish to withdraw.

9. International transfers of personal data

The Company is established in the Bailiwick of Guernsey. The recipients listed in section 7 may be established in, or process personal data from, jurisdictions outside the Bailiwick of Guernsey, the United Kingdom, and the European Economic Area.

Where we transfer personal data to a jurisdiction outside the Bailiwick of Guernsey, we satisfy ourselves that the transfer is permitted under the Guernsey Data Protection Law on one of the following bases:

(a) the destination jurisdiction has been determined by the Office of the Data Protection Authority, or under the Guernsey Data Protection Law, to provide an adequate level of protection for personal data;

(b) the transfer is made under appropriate safeguards recognised by the Guernsey Data Protection Law, including standard contractual clauses, binding corporate rules, or an approved code of conduct;

(d) the transfer is necessary for the establishment, exercise, or defence of legal claims; or

(e) the transfer is otherwise permitted by the Guernsey Data Protection Law.

Where the United Kingdom GDPR or the EU GDPR applies to a transfer, we satisfy ourselves that the transfer meets the equivalent requirements of those regimes.

You may obtain further information about the safeguards applicable to international transfers, including a copy of the relevant standard contractual clauses where used, by contacting us using the details in section 16.

10. Your rights

Under the Guernsey Data Protection Law and, where applicable, the UK GDPR and the EU GDPR, you have a number of rights in respect of your personal data. These rights are not absolute and may be subject to conditions, exceptions, or limitations under applicable law.

10.1 Right of access

You have the right to obtain confirmation as to whether or not we process personal data concerning you, and where we do, access to that personal data together with certain related information.

10.2 Right to rectification

You have the right to require us to rectify any personal data we hold about you that is inaccurate, and to complete personal data that is incomplete.

10.3 Right to erasure

You have the right, in certain circumstances, to require us to erase personal data we hold about you. This right does not apply where we are required to retain the personal data by law, where we need to retain it for the establishment, exercise, or defence of legal claims, or where another exception under applicable data protection law applies.

10.4 Right to restriction of processing

You have the right, in certain circumstances, to require us to restrict our processing of personal data we hold about you.

10.5 Right to data portability

You have the right, in certain circumstances, to receive personal data you have provided to us in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.

10.6 Right to object to processing

You have the right, in certain circumstances, to object to our processing of personal data we hold about you, including where we rely on legitimate interests. Where you object and we have no overriding legitimate ground to continue processing, we will cease the processing in question.

10.7 Right to withdraw consent

Where we rely on your consent to process personal data, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent before its withdrawal.

10.8 Right to lodge a complaint

You have the right to lodge a complaint with a supervisory authority. The supervisory authority in the Bailiwick of Guernsey is the Office of the Data Protection Authority (Block B, Lefebvre Court, Lefebvre Street, St Peter Port, Guernsey GY1 2JP; enquiries@odpa.gg; +44 1481 742074). Where the UK GDPR or the EU GDPR applies, you may also have the right to lodge a complaint with the Information Commissioner’s Office in the United Kingdom or with the supervisory authority of the European Union Member State in which you are habitually resident, in which you work, or in which the alleged infringement took place.

We would, however, appreciate the opportunity to address any concern you have before you approach a supervisory authority. Please contact us using the details in section 16.

11. Retention of personal data

We retain personal data only for as long as is necessary for the purposes for which it was collected, including:

(a) for as long as the relationship between you (or the entity you represent) and the Company is active;

(b) for the period required to satisfy any legal, regulatory, tax, accounting, or reporting obligation to which the Company is subject. In the case of customer due diligence records, this is generally a minimum of five years from the end of the relevant business relationship, as required by the Criminal Justice (Proceeds of Crime) (Bailiwick of Guernsey) Law, 1999 and regulations made thereunder, and may be longer where required by the law of any other jurisdiction to which the Company is subject in respect of the relevant processing;

(c) for the period required to defend any actual or potential legal claim, which is generally not less than the longest applicable limitation period in any jurisdiction in which a claim might reasonably be brought; and

(d) for any longer period that we consider, acting reasonably and proportionately, to be necessary for the legitimate interests of the Company or of a third party.

Where personal data is no longer required for any of the purposes above, we will securely delete or anonymise it.

Inquiry-form submissions made through the Website by persons with whom no business relationship subsequently arises are retained for a period of twenty-four months from the date of submission, after which they are deleted, unless we are required by law to retain them for longer.

Consent records (described in section 3.6) are retained for a minimum period commensurate with the limitation periods applicable to claims relating to the underlying access or communication, and in any event for not less than seven years.

12. Cookies and similar technologies

The Website uses cookies and similar technologies for the purposes of operating, securing, and improving the Website.

12.1 Strictly necessary cookies

These cookies are essential for the Website to function and to deliver the services you have requested. They include cookies that record your acceptance of cookies, that maintain the security of the Website, and that distinguish individual sessions. These cookies are set on the legal basis of our legitimate interest in providing a functioning, secure Website. They cannot be disabled without affecting the operation of the Website.

12.2 Functional and preference cookies

These cookies enable the Website to remember choices you have made, including your acceptance of the Terms, Privacy Notice, and Legal Notice, and any preference relating to ambient audio. These cookies are set on the legal basis of our legitimate interest in providing a usable Website, or on the basis of your consent where required by applicable law.

12.3 Analytics

The Website uses Vercel Web Analytics, which is cookieless: no cookie or persistent identifier is set in your browser for analytics purposes. Aggregate page-view, referrer, and approximate-geography data is processed by Vercel Inc. as our processor as described in section 3.4. Because no cookie is set, consent through a cookie banner is not required for this processing.

12.4 Advertising cookies

The Website does not use advertising cookies and will not be used to deliver behavioural advertising.

You may manage and delete cookies through the settings of your browser. Doing so may affect the operation of the Website.

13. Geographic detection and use of virtual private networks

In order to determine which consent and disclosure mechanisms to present to you, the Website performs an automated, network-level geographic detection upon your access. This detection processes your internet protocol address and limited related signals. The result is used solely to determine whether to display the consent banner described in our Terms of Use, and is retained only to the extent and for the period necessary to evidence the choice presented and the choice (if any) recorded.

Geographic detection may be inaccurate, incomplete, or defeated by technical means, including the use of virtual private networks, proxies, anonymising networks, or location-spoofing tools. Where you use any such means, the position set out in the Terms of Use applies, and in particular you are bound by the consent and disclosure regime applicable to your True Location (as defined in the Terms of Use) as if it had been presented to you.

We do not rely on geographic detection as a basis for any decision producing legal effects concerning you or similarly significantly affecting you, within the meaning of any data protection law that addresses solely automated decision-making. Geographic detection serves only to choose the appropriate disclosure pathway.

14. AI and text-and-data-mining reservation

The content of the Website may not be used, in whole or in part, for the training, fine-tuning, evaluation, or development of any artificial intelligence model, system, agent, or product, nor for inclusion in any dataset intended for such purposes. This statement constitutes an express reservation of rights for the purposes of any text or data mining exception under applicable law, including Article 4(3) of Directive (EU) 2019/790.

15. Security

The Company has implemented technical and organisational measures designed to protect personal data against unauthorised or unlawful processing and against accidental loss, destruction, damage, alteration, or disclosure. These measures include access controls, encryption in transit, encryption at rest where appropriate, regular review of access permissions, staff training, and contractual controls on third-party service providers.

No system of electronic transmission or storage is, however, entirely secure. You are responsible for protecting the security of any device, account, or credential you use to access the Website or to communicate with the Company.

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of affected individuals, the Company will notify the Office of the Data Protection Authority, and where required will notify affected individuals, in each case within the timescales and on the conditions prescribed by the Guernsey Data Protection Law and, where applicable, the UK GDPR or the EU GDPR.

16. Contact

For any matter relating to your personal data, including the exercise of the rights described in section 10, please contact:

TenTrinity (Guernsey) Ltd
Suite G, St Peter Port House
Sausmarez Street
St Peter Port
Guernsey GY1 2PT
Channel Islands

For the attention of: the Compliance Officer.

For candidate matters described in section 8, including the withdrawal of consent to equal-opportunities monitoring or to talent-pool retention, please email privacy@tentrinity.group.

We will acknowledge receipt of any request relating to your personal data within five business days and will respond substantively within one calendar month of receipt, save where the request is complex or where we have received a number of requests from you, in which case we may extend the response period by a further two months and will notify you of any such extension.

We may, where permitted by applicable law, require you to verify your identity before responding to a request relating to your personal data.

17. Modifications to this notice

The Company may amend this Notice from time to time by publication of a revised version on the Website. The date of the most recent amendment is shown below.

Where an amendment is, in the Company’s reasonable opinion, material, the Company will take reasonable steps to draw the amendment to the attention of regular users of the Website at the point of next access.

Continued use of the Website following any amendment constitutes acknowledgement of this Notice as amended.

This Notice was last amended on 8 June 2026.