Home / Privacy Policy

Privacy Policy


The Summit Group operates in multiple jurisdictions, through our member companies, which are all subject to their own data protection and privacy requirements, listed below.  We keep our Privacy Statements and Notices under regular review and any updates will be posted on our website in the most recent version.



Summit Trust (Cayman) Limited Privacy Statement

Summit Trust (Cayman) Limited (“STCL”) is subject to the Data Protection Law, 2017 in the Cayman Islands (“the DPL”), which took effect on 30th September 2019. STCL is a data controller for the purposes of the DPL and any settlor, beneficiary, enforcer or protector who is in a trust-based relationship with STCL will be a data subject as defined in the DPL as will any person having a contractual relationship with STCL. STCL collects and processes certain personal data in order to fulfil its legal duties and responsibilities as trustee or as company manager or agent; it does not transfer such data for marketing purposes. STCL may transfer personal data to third party professionals or financial institutions as a consequence of the services it provides or to other companies in the Summit Trust Group in connection with the purchase of administration services or to comply with international tax reporting obligations.

The personal data that is typically collected include an individual’s name, address, date & place of birth, nationality, tax residency, taxpayer identification numbers, contact details, personal financial information, educational information and bank details. In some cases other information may be sought and processed.

Data subjects have various rights under the DPL. Reference to the DPL should be made for details of the individual rights of data subjects. Data is retained in accordance with the DPL and certain information will be kept for 5 years after the termination of a business relationship.

All requests concerning data protection and any complaints should be made to privacy@summittrustgroup.com, and we will do our utmost to revert to you within a month of receiving your correspondence.

This policy statement may be revised from time to time in accordance with the law and in the light of regulations issued by the Information Commissioner in the Cayman Islands.



Aquitaine Group Ltd Privacy Statement

Aquitaine Group Limited and its affiliated companies (which we refer to in the rest of this statement collectively as “Aquitaine“, “we” or “us“), as data controllers, are dedicated to safeguarding your personal information. This privacy statement contains an explanation of what happens to the personal data that we collect from you or about you. Please read it carefully and ask us about anything that you do not understand.


We are required by law to verify the identity and activity of clients, potential clients and people with close connections to them. We must do this to reduce the risk of our services being used for illegal purposes.

If you apply to use our fiduciary services, we may ask for extensive personal information from you. By law, we may also collect personal information on people who have a close connection to clients and people applying to be our clients. If a potential client applies for us to provide services to their company, we must collect information about that company’s owners, directors, officers and agents. If a potential client applies for us to provide services to their trust, we must collect information about its settlors, beneficiaries, enforcers and protectors. If a potential client applies for us to provide services to their foundation, we must collect information about its guardians, founders, members and agents. If you are any of these people or someone else who has control or a close connection to one of our clients, then we may need to collect information about you. If you become one of these people due to a change in a company, trust or foundation to which we provide services, then we may also need to collect information about you. If you are not our client or an applicant, we may ask the client or applicant for your information if we cannot obtain it from you.

The personal information that we may request includes your name, addresses, telephone numbers, nationalities, date of birth, tax residency, length of residence, tax and social insurance numbers, passport numbers, marital status, wealth and business activities. We may also ask for some of this information about your family members and associates. We may also ask you if you have political, military or judicial roles or connections. We may also ask if you have connections with regulatory or criminal infractions or investigations, or with activities that have a high risk of being associated with regulatory or criminal infractions. We may ask for copies of official documents that prove your identity and place of residence.

We will use the information that we collect to conduct background checks on you. We may search for information about you, both on publicly-available internet search engines and in subscription-based databases that keep records of people involved in illegal or risky activities. This information will help us decide whether to do business with you or the person or body that you are connected with. If you or the person or body connected to you becomes our client, we will repeat these background checks periodically. The information will help us decide whether to continue to do business with you or the person or body connected to you, or whether to change the type of services that we provide. If you do not provide us with the information that we request, we may refuse to accept you or the person or body connected to you as a client, or terminate our services if you or they are existing clients. This information will be kept on file for as long as required by law and our regulator, even after you, or someone connected with you, stops doing business with us.

Political opinions and criminal data are “special category data” which requires your permission for us to collect, use and keep in our files. Your application to use our services, or your agreement to be bound by this privacy statement, includes your agreement that we may collect and keep “special category data” about you, and in particular about your political connections and any connection to criminal activity, for as long as we are required by the laws and regulations that apply to us. You may withdraw this agreement at any time. If you withdraw your agreement, or someone connected with you withdraws their agreement, we may be forced to terminate our services.

Our services as a licensed fiduciary may require us, both by law and under contract, to act on behalf of our client or in the best interests of our client. If you are our fiduciary client, or if we have a duty to act in your best interests, we may use personal information that we have about you to judge how best to act on your behalf or in your interests.

We are required by laws and regulations that apply to us as licensed fiduciaries to keep accurate and updated client records, which we may need to demonstrate to our regulator from time to time. This means that we may need to keep your personal information in our files for the length of time satisfactory to our regulator or those authorised by our regulator to inspect our files. These inspections are kept confidential as required by laws and regulations.

We may receive requests for your personal information from people or firms dealing with you or a company, trust or foundation connected to you. For example, bankers, agents, accountants, auditors, lawyers, fund administrators, financial advisors and other professionals may be required by law to have your personal information to verify your identity before providing their services. We may provide such information to them if we have been authorised by you. We may also provide such information if we have been authorised or required to act on your behalf or in your interest as part of our fiduciary duty or our contractual services, or if we are required or permitted by law.

If we are setting up a company, trust, foundation or other body outside Guernsey for you or a company, trust or foundation that is connected to you, we will need to send your personal information to an agent outside Guernsey.

Guernsey, the United Kingdom and the Crown Dependencies have data protection laws equivalent to the European Union, but this is not true of every country or territory outside the European Union. If we send your data outside the European Union or somewhere without equivalent laws, you may not have the same rights to protect your data there, or as many ways to stop or punish those who misuse your data. It is your right to know if any country or territory where we send your data has equivalent data protection laws to Guernsey, or what other safeguards for your data exist.

We do not make decisions based on the automated processing of your personal data. If we ever intend to do so in the future, we will let you know the reason for doing so and your rights in relation to such processing.


Except as required by law or our regulator, we will generally keep your personal information as long as we need it to reply to your queries or, if you are a client or connected to our client, for as long as we need it to provide the client services. We also have a document retention policy of keeping records for an additional number of years after our relationship with you is over, to make sure that we have fulfilled all of our fiduciary and contractual duties and that the documents are not needed to resolve disputes or legal issues. This retention is both for our protection and yours, to balance our legitimate interest and the need to properly conclude our relationship with you. If you would like details on our retention policy at any time, please contact us by email or post.


You may request us to confirm whether or not we are holding personal information about you. You may request a copy of any personal information that we hold about you. Please contact us by email or post if you wish to make such a request. The first copy of your information is free of charge, although we reserve the right to charge a fee if the request is excessive.

Guernsey fiduciary law protects the confidentiality of certain information which may limit your general right of access.

You have the right to ask us to correct any incorrect or incomplete information, or update out-of-date information that we have about you. If you would like to make this request, please send us an email explaining what information that you believe is incorrect, incomplete or out of date, and how you believe that it should be corrected, completed or updated. You may request that we not use information until having determined if it needs correction or updating. If we no longer need information that is incorrect or out of date, you may ask us to delete it. You may also ask us to delete incorrect or out of date information that we need your consent to keep or that we do not hold in accordance with the data protection laws. If we have shared your incorrect or incomplete information with third parties, you may ask us to have it corrected or completed, if it is practicable and proportionate to do so.

You may ask us to provide you with your personal information in a commonly-used, machine readable format of any of your personal information that we process automatically, if you ever switch from our services to another provider. This will not apply to information that we have in our files which we must keep by law, such as our background checks on you.


If you have any queries, comments or requests regarding this Privacy Policy, please contact the data controller at datacontroller@aquitainetrust.com or by post at P.O Box 357, Level 5, Mill Court, La Charroterie, St Peter Port, Guernsey GY1 3XH. If we have appointed a data protection officer, he or she may be contacted at this address.

Your personal information is protected by the Data Protection (Bailiwick of Guernsey) Law, 2017. If you believe that we have not respected (or will not respect) your rights under this law, you may make a complaint to Guernsey’s Data Protection Authority. Decisions of the Data Protection Authority can be appealed in court.



Garfield-Bennett Trust Company Limited Privacy Statement


This Privacy Policy, describes how we process personal information received during the course of our business. This Policy may be amended from time to time and new versions will be published on this page.


This Privacy Notice applies to all personal information processing activities carried on by the businesses of Garfield-Bennett Trust Company Limited and its affiliates “GBTC”. It also extends to directors and employees who act as data controllers on behalf of GBTC. GBTC is the data controller of all personal information you provide during your relationship with us.

Garfield-Bennett Trust Company Limited also trades as Garfield-Bennett and GBTC.

Our business address is First Floor, Durell House, 28 New Street, St. Helier, Jersey JE2 3RA.

Our services are not offered to any person in any jurisdiction where their advertisement, offer or sale is restricted or prohibited by law or regulation or where we are not appropriately licensed.

GBTC is registered under the Data Protection (Jersey) Law 2018 (the “Law”). GBTC will process personal information in accordance with the provisions of the Law.

GBTC is regulated by the Jersey Financial Services Commission in the carrying on of Trust Company Business and Funds Services Business.


For clarification the following items are defined:

“Clients” means the persons defined as “Clients” in GBTC’s Terms of Business;

“Law” means the Data Protection (Jersey) Law 2018, as amended, and other applicable laws and regulations;

“Entity” means a trust, company, foundation, fund or other entity which GBTC forms, manages or to which GBTC provides Services.


We collect and process various categories of personal information at the start of and during your relationship with us. We limit the collection and processing of information to information necessary to achieve one or more legitimate purposes as identified herein. Personal information may include:

  • Identification information such as name and residential address, date of birth, occupation, contact details; signature, marital status;
  • Photographic images (through copies of passports or other forms of ID);
  • Information about you such as your occupation, profession, any disputes or legal proceedings you may be involved in;
  • Information about your family (including spouse, dependants and next of kin), lifestyle etc. including connections with politically exposed persons;
  • Financial information including personal wealth, assets and liabilities, income and expenditure, education, qualifications and employment information, financial needs and considerations together with information to make payments and transactional history; and
  • Information on goods and services that we provide you together with associated information on billing and fee collection.

We may collect personal information relating to the beneficiaries or potential beneficiaries of a trust without their knowledge or consent, but only where we are lawfully permitted to do so, for example under Article 47 of the Law which gives certain exemptions to trustees in relation to transparency, or if it is in the legitimate interest of such beneficiaries or potential beneficiaries. In cases where we hold information on beneficiaries, we normally only hold minimal identity information, such as their name, date of birth and relationship to the trust or settlor or other relevant parties and, for minor beneficiaries, their parents’ contact details. On occasion, we may be provided with information relating to potential beneficiaries such as copies of passports and verifications of address and other information considered to be relevant to the nature of the trustees’ discretions which we keep on file in the legitimate interests of that beneficiary.

We may also collect special category information for specific and limited purposes such as detecting and preventing financial crime or making decisions as trustee. We will only process special category information where we have your specific consent or are otherwise lawfully permitted to do so, for example due to the legitimate interest of a beneficiary or potential beneficiary. Examples of special category information that we may collect include:

  • Physical or psychological health details and/or medical conditions;
  • Information about racial or ethnic origin; or
  • Religious or philosophical beliefs.

Where permitted by law, we may process information about criminal convictions or offences and alleged offences for specific purposes. Primarily this is to enable us to perform and record checks to prevent and detect crime and comply with laws relating to money laundering, fraud, terrorist financing, bribery and corruption and international sanctions. It may involve investigating and gathering intelligence on suspected financial crime, fraud and threats and sharing data with law enforcement and regulatory bodies.


Individuals provide us with personal information when they apply for services using our application forms and throughout the business relationship in various ways, including through correspondence, telephone calls and meetings and undertaking transactions with you or between you and relevant Entities.

We may obtain information from third parties including third parties who provide services to your Entities and other parties such as family members connected with the Entity. If you provide information in respect of a third party, we may need to make them aware of how their information was obtained. However, we do not make potential beneficiaries aware of information we hold relating to them unless it is considered necessary and relevant to do so.

To check the identity of an individual and to prevent or detect fraud or money laundering we may also search the files of address validation directories, the electoral register, internet databases (and similar) and may contact an individual’s referees, bankers, persons certifying or providing relevant documentation or information, to confirm details given to us and may make such other enquiries of relevant third parties e.g. of another financial institution or party providing funds, as we deem necessary either in connection with our take-on process or at any other time in connection with the provision of Services to you.


• Legitimate interests

Under the Law, we may process your information where it is in our legitimate interests to do so as a business, as long as it does not prejudice your interests and fundamental rights and freedoms. We process the personal information of Clients and persons associated with Entities because it is in our legitimate interest to do so in order to run a business providing services to Clients or to Entities.

In most circumstances, our legitimate interest to process your personal data aligns with your interest to be able to avail yourself of our services or benefit from Entities that we manage. We need certain personal data in order to provide services and undertake transactions on your behalf or for your benefit. In other words, being able to process your data is usually in both of our interests.

We continually seek to develop and improve as an organisation, adapt our services to the commercial and legal environment and offer the most appropriate and beneficial services to Clients, Entities and those who benefit from Entities. To achieve this, we may need to process your information to enable us to send you relevant updates and information about services we offer. We may also use your information to assist us to monitor and review Entities under management to assess the performance and effectiveness of products and services, undertake staff training, analyse customer complaints and shortfalls in standards and risk management generally. Our legitimate interest to process your personal data to ensure that we review and assess services and inform you of options, updates and changes that may benefit you, aligns with your interest in remaining informed of such options, updates and changes which in turn will assist you to make informed choices in relation to services you require. You can always indicate you do not want to receive updates and information from us and such notice will override the legitimate interest and your information will be excluded from processing until you indicate your consent.

• Other lawful bases for processing

Whilst we consider that our legitimate interest provides us with a lawful basis for processing most of your data, we may also rely on the following lawful bases to process data:

  • Processing data to fulfil a contractual obligation: the contractual arrangements that we enter into on behalf of Entities may give rise to certain contractual obligations in relation to how we use your personal information, including obligations to share information with third parties such as banks and other regulated financial institutions providing services.
  • Processing data to fulfil a legal or regulatory obligation: we may be required to process data to fulfil a legal or regulatory obligation, for example, to meet our obligations to verify the identity of an individual, for the purposes of participating in any proceedings, enquiries or disputes arising from the business relationship with an individual and to meet our international reporting obligations as provided in paragraph 12 below.

• Using Data as Processor

GBTC also processes data on behalf of Clients and/ or Entities, for example if we provide services to an entity which is itself a data controller. Data we process may include information about officers and other parties associated with underlying investments as well as tenants of properties and suppliers. GBTC processes information and screens such parties to ensure there is no risk known in the public domain with regard to money laundering or sanctions.


Following the termination of the business relationship to which an individual is connected, in order to satisfy legal requirements in Jersey we will normally keep all personal information for a minimum of 10 years from the date of termination. At the expiration of the 10-year period, if there are outstanding proceedings, enquiries or disputes concerning that business relationship, we will keep the records of connected Individuals for such additional time as is reasonable in all the circumstances and otherwise we shall destroy your records in such a manner as we see fit.


We are committed to ensuring that your information is secure with us and with the third parties who act on our behalf. Our processes for security include organisational and physical security measures as well as protection of networks and information systems.

Unencrypted email is not secure. We recommend that where possible you use a secure email function or contact us to find out your options for secure communication with us. We never recommend you include personal or confidential information in an unencrypted email.

If you receive an unsolicited call that claims to be from Garfield-Bennett which you do not recognise, do not continue but instead call back our general telephone number (or the mobile phone of your usual contact).

We will not rely on information for the purposes of transactions without verifying it with you in person.


Personal information of an individual is confidential and we will only disclose that information in the following situations:

  • with an individual’s consent or, if the individual is a minor, with the consent of the individual’s parent or guardian;
  • to third parties who are providing a service directly to the Entity, for example financial institutions which provide banking or investment services;
  • to persons acting as our agent for the provision of services;
  • if we are obliged to do so, by regulations or law or pursuant to an order of a competent court, government department, regulatory authority or auditor or to meet our regulatory or legal obligations;
  • if we consider that disclosure is necessary for GBTC to fulfil its internal policies and its regulatory obligations in respect of anti-money laundering, combatting terrorist financing, anti-bribery and anti-corruption legislation and such other regulations and laws that may apply from time to time;
  • if we consider that disclosure is necessary to defend ourselves in any legal action threatened or brought against us or any Entity; and
  • where failure to disclose information would expose GBTC to civil liability or the risk of prosecution in any jurisdiction.


Most of the information we hold on you will be used and stored in Jersey and Guernsey. We will only transfer data to persons in jurisdictions that do not have equivalent data protection laws, with consent or in such manner which is otherwise compliant with the Law.


GBTC uses Clarity Limited which is based in Guernsey as its principal data processor (the “Data Processor”). The Data Processor is responsible for the provision of our network platform and for all operational support with regard to our IT systems processing, including arrangements for back-up and disaster recovery. The Data Processor may not make any decisions on day to day data management and accuracy, may not perform any data processing for its own purposes and shall only store and retain the personal data in accordance with the contractual arrangements established by GBTC as data controller.

GBTC also uses other data processors for screening services using limited information or information processed on a one-off temporary basis. It also uses an external data processor to collate information for tax returns.

Each data processor will be subject to a legal agreement and may not enter into any sub-contract arrangements without the prior knowledge and consent of GBTC.


If Jersey enters into any agreements with other jurisdictions for the automatic exchange of tax or other information, we may be required to collect and disclose reportable information in respect of an Individual or Entity or other relevant person connected to the individual or Entity, to foreign tax or governmental authorities either directly or via relevant Jersey statutory bodies. This obligation to obtain, disclose and exchange reportable information extends beyond the ultimate beneficial owner of the Entity to other relevant parties such as the directors, minority shareholders and persons who receive certain payments from the Entity.


Unless you have told us not to we will send you marketing information relating to our services that we think will be of interest and relevant to you. It is our legitimate interest as a business to process personal information to communicate with you regarding issues, developments and topics that may be of interest to you. If you change your mind and no longer wish to receive these communications, please exercise your right.

GBTC does not share information with third parties for their own marketing purposes without your express permission.


You have rights under the Law which are summarised below together with the circumstances in which they arise. As we are a regulated business such rights cannot override our legal obligation to hold certain minimum data and information about our customers. If this information is not available, we will not be able to continue to provided services. If you wish to exercise your rights or have any other queries about the use of your personal information then please speak to your usual contact at GBTC or contact the data protection officer using dpo@garfieldbennett.com.

Under the Law, you have the following rights:

Right of access to personal data – If you would like to access your personal data please send a written request to: the Data Protection Officer, Garfield-Bennett Trust Company Limited, First Floor, Durell House, 28 New Street, St. Helier, Jersey JE2 3RA or to dpo@garfieldbennett.com. Please note for your security we may need to verify the request and depending on the nature of the request we may need to collect more information as to your specific requirements.

Right of rectification – You have a right to rectification of inaccurate personal information and to update incomplete personal information. If you believe something we hold is inaccurate please contact us so we can correct the information. We may require supporting information to ensure such changes are valid. We can provide more information if required.

Right of erasure – You have a right to request that we delete your information but please note that this may impact on the services we can provide and certain information is held in order to comply with our legal and regulatory obligations and cannot therefore be deleted if transactions have taken place. We can provide more information if required.

Right to restrict processing – You have a right to request us to restrict the processing of your personal information but please note that this may result in us having to suspend the operation of your Entity or transactions.

Right to objection – You have the right to object to us processing your personal information (and restrict processing, see above) unless we can demonstrate compelling and legitimate grounds for the processing which may override your own interests or where we need to process your information to investigate and protect us or others from legal claims.

Marketing – You have a right to object to direct marketing.

Withdraw consent – You have a right to withdraw consent where we rely on your permission to process your personal information. Please note that this may result in further operation of the entity or transactions may not be possible for legal reasons.

Lodge complaints – You have a right to lodge a complaint in the first instance we recommend you contact our Data Protection Officer who will investigate the matter. We would hope to be able to address your concerns but you can always contact the Jersey Information Commissioner. For more information, please visit wwww.dataci.je.



Summit Trust International SA (“STI”) Privacy Statement

Data Protection and Privacy Notice to Settlors, Beneficiaries and other Interested Persons

STI, like other financial services businesses, is subject to Swiss laws on the protection of personal data. Where STI deals with persons resident in European Union Member States, the General Data Protection Regulation is also relevant. This document provides a summary of the rights that you have as a data subject by STI as a data controller and the policies STI has adopted to control the processing of personal data in accordance with the law.

Reasons for Collecting Data

STI only collects personal data in order to administer trusts, companies, foundations, partnerships and other fiduciary structures (“fiduciary relationships”) that it administers for its client families. Personal data is not sold for marketing purposes to third parties.

Personal Data

The personal data that we collect includes name; date of birth; address; taxpayer or social security numbers; identity documents such as passport, driving licence, and national identity cards; proofs of address; bank account details so that payments can be made; information about your personal financial and domestic situation so that trustee discretions can be properly made, which may include information about your dependants; and other information that we may consider necessary in connection with our fiduciary duties and legal obligations.

Personal data is usually provided to us by you upon request but may be obtained by us from third parties and other sources such as databases and internet searches as well as from professional advisers such as lawyers, accountants, bankers and financial advisers.

Data Transfer

STI may transfer such data to third parties such as law firms, accountancy firms, banks, asset managers, securities custodians, and investment advisers in order to comply with laws such as those directed against money laundering or to obtain legal or tax advice required in connection with the administration of a fiduciary relationship. Personal data may be viewed by our auditors and can be produced to regulators and law enforcement bodies if requests are made. Personal data may also be reported to tax authorities under various international tax reporting obligations such as FATCA (where the United States is concerned) or the Automatic Exchange of Information provisions (for most countries outside of the United States). Personal data may also be exchanged as part of due diligence exercises in connection with the acquisition, merger or sale of trust businesses including STI and its subsidiaries. Personal data may also be transferred by STI to its subsidiaries or affiliated companies.

Storage of Personal Data

STI maintains electronic records of personal data on servers in Switzerland and on back-up servers in a separate location in Switzerland. Personal data is also maintained on paper files in its offices in Geneva. Paper files are kept in locked cabinets overnight and the office is protected by an alarm system when not staffed overnight or at weekends. Staff are bound by personal undertakings to maintain client confidentiality, which includes protection of personal data, and office policies require that files containing personal data are filed away at night and not left on desktops. Where personal data is transferred outside of Switzerland, it will either be transferred to a jurisdiction that has equivalent legislative protection for personal data (e.g. the UK or a country within the European Economic Area) or we will, in other cases, take steps to secure equivalent protection for personal data by means of contractual undertakings.

Personal data will be retained by us for as long as you are the subject of or might be concerned with a fiduciary relationship with us and for such periods as may be prescribed by law from time to time afterwards such as under the anti-money laundering legislation.

Once personal data is no longer required, STI will anonymise or erase it.

Personal Data Information Rights

STI will adequately inform you when personal data is collected from yourself or a third party. The use of sensitive data is subject to your express consent.

When personal data is communicated outside Switzerland, STI will inform you of the name of the third State or international body to which the data is to be communicated.

You may also request that we provide you with information about the personal data that we may hold about you and copies of that information. We will provide copies of information or documents we hold about you upon written request under the ‘Contact’ section below. If the information we hold about you is inaccurate you may require us to correct it by written request. You may also request that we cease to process information about you but in such cases this may impede our ability to provide financial benefits to you under a fiduciary relationship.

You may request that we erase all of your personal data under the “right to be forgotten” if (i) it is no longer necessary for us to hold that personal data with respect to the original purpose for which it was obtained; or (ii) where your consent was the basis of our receiving your personal data, you wish to withdraw that consent; or (iii) you have objections to our processing your personal data and there is no overriding legitimate interest that would entitle us to continue doing so; or (iv) your personal data has been processed unlawfully; or (v) your personal data has to be erased in order to comply with a particular legal or regulatory obligation. Erasure of personal data will prevent us from providing any financial benefit to you as without such information it would not be lawful for us to administer a fiduciary relationship from which you could benefit.

In Switzerland, the government body responsible for supervising data processing is the Federal Data Protection and Information Commissioner (FDPIC) whose address is: Office of the Federal Data Protection and Information Commissioner FDPIC, Feldeggweg 1, CH-3003 Bern, Switzerland. Telephone: +41 58 462 43 95; Fax: +41 58 465 99 96.

Information about data protection in Switzerland is available from the FDPIC website: www.edoeb.admin.ch


If you have any questions about our data protection policy please contact your usual trust officer or director contact or write to The Data Protection Officer, Summit Trust International SA, 6 Place des Eaux-Vives, CH-1207 Geneva, Switzerland. Tel +41 22 707 8399; fax +41 22 707 8395.




Summit Trust Company LTD (“STCL”) Privacy Statement

This note sets out how the personal information that we collect about you will be used. For the purposes of data protection legislation STCL is a “controller” meaning that we determine the purpose and means of processing the information we collect from you.

The types of personal information we may collect about you includes your name, marital status, title, nationality and date of birth; identification data includes taxpayer identification numbers, passport details, driving licence or other identification documents; contact data includes postal addresses, email address and telephone numbers; and financial data includes details of your financial position and bank details if payments are to be made to you.

We use your information in order that we may provide services as trustee and to comply with the law and regulatory requirements in the UK generally. Specifically this is to enable us to confirm your identity and allow us to carry out checks in the interest of security and to prevent and detect fraud; to administer and maintain fiduciary structures you may have established or which may benefit you; to respond to your queries; and to carry out our obligations under any contracts entered into between you and us.

We do not send you marketing messages but may respond to specific inquiries received if we consider it appropriate to do so.

We will not pass your information on to third parties except to other companies in the Summit Trust Group which are subject to equivalent data protection laws as apply in the UK or to professionals such as lawyers and accountants where there is a legitimate reason to do so or to information technology and information security providers used in connection with our business as trustees or to third parties where you have given your consent (e.g. legal or tax advisers who are aware of the fiduciary structure with which you are concerned or connected) or to banks, asset managers, securities custodians and other agents who are engaged to provide banking or asset management or related services to trust structures that we administer.

In addition, information may be passed on to law enforcement agencies, fraud prevention agencies and regulators where we are under a duty to disclose or share your information in order to comply with any legal or regulatory obligation, or if we reasonably consider that this is necessary to help prevent or detect fraud or other crime or to protect the rights, property, or safety of STCL, or if we are under a duty to disclose or share your information with HM Revenue & Customs (HMRC), who may then transfer it to the government or the tax authorities in another country where you may be subject to tax, or if STCL (or all or part of its assets) were to be acquired by a third party, in which case personal data about you would be one of the transferred assets as part of a due diligence exercise or business sale, or if you have consented to any disclosure to a third party.

We currently transfer data to Switzerland, which is outside of European Economic Area (“EEA”). The transfer, use and/or storage of your personal information outside of the EEA may not offer the same standard of protection for personal information as in the UK.

Transfers to our third party service providers are to enable them use and store your personal information on our behalf. We will, however, put in place appropriate security procedures in order to protect your personal information. We also ensure that, where your information is transferred to any country outside the EEA this is done using specific legally-approved safeguards.

We will keep your information only for as long as necessary depending on the purpose for which it was provided or to comply with our legal obligations and duties. Information provided in connection with trusts may by its very nature require to be kept for a very long time.

We have put in place measures to protect the security of your information. These measures are intended to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we are providing you with the information in this notice. The various rights are not absolute and each is subject to certain exceptions or qualifications.

Under certain circumstances, by law you have the right (1) to object to the processing of your personal information where we are relying on a legitimate interest (or that of a third party); (2) to request access to your personal information which enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it; (3) request correction of the personal information that we hold about you; (4) request erasure of your personal information; (5) request the restriction of processing of your personal information; and (6) request the transfer of your personal information to another party in a machine-readable, commonly used and structured format.

If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact the Data Protection Officer in writing at the address below. You will not have to pay a fee to gain access to your personal information (or to exercise any of the other rights). In some cases, we may charge a reasonable fee if your request for access is clearly unfounded or excessive, or if you request multiple copies of the information. Alternatively, we may refuse to comply with the request in such circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

If you wish to request further information about any of the above rights, or if you have any questions concerning data protection please contact, by post, The Data Protection Officer, Summit Trust Company Ltd, 17 Cavendish Square, London W1G 0PH, United Kingdom.

If you are not satisfied with our response to any complaint you may make concerning data protection or believe our processing of your information does not comply with data protection law, you can make a complaint to the Information Commissioner’s Office (“ICO”): https://ico.org.uk/global/contact-us     ICO Helpline: + 44 (0) 303 123 1113.