SUMMIT TRUST COMPANY LTD (‘STCL’) – DATA PRIVACY & PROTECTION STATEMENT (Effective 25 May 2018)

This note sets out how the personal information that we collect about you will be used. For the purposes of data protection legislation STCL is a “controller” meaning that we determine the purpose and means of processing the information we collect from you.

The types of personal information we may collect about you includes your name, marital status, title, nationality and date of birth; identification data includes taxpayer identification numbers, passport details, driving licence or other identification documents; contact data includes postal addresses, email address and telephone numbers; and financial data includes details of your financial position and bank details if payments are to be made to you.

We use your information in order that we may provide services as trustee and to comply with the law and regulatory requirements in the UK generally. Specifically this is to enable us to confirm your identity and allow us to carry out checks in the interest of security and to prevent and detect fraud; to administer and maintain fiduciary structures you may have established or which may benefit you; to respond to your queries; and to carry out our obligations under any contracts entered into between you and us.

We do not send you marketing messages but may respond to specific inquiries received if we consider it appropriate to do so.

We will not pass your information on to third parties except to other companies in the Summit Trust Group which are subject to equivalent data protection laws as apply in the UK or to professionals such as lawyers and accountants where there is a legitimate reason to do so or to information technology and information security providers used in connection with our business as trustees or to third parties where you have given your consent (e.g. legal or tax advisers who are aware of the fiduciary structure with which you are concerned or connected) or to banks, asset managers, securities custodians and other agents who are engaged to provide banking or asset management or related services to trust structures that we administer.

In addition, information may be passed on to law enforcement agencies, fraud prevention agencies and regulators where we are under a duty to disclose or share your information in order to comply with any legal or regulatory obligation, or if we reasonably consider that this is necessary to help prevent or detect fraud or other crime or to protect the rights, property, or safety of STCL, or if we are under a duty to disclose or share your information with HM Revenue & Customs (HMRC), who may then transfer it to the government or the tax authorities in another country where you may be subject to tax, or if STCL (or all or part of its assets) were to be acquired by a third party, in which case personal data about you would be one of the transferred assets as part of a due diligence exercise or business sale, or if you have consented to any disclosure to a third party.

We currently transfer data to Switzerland, which is outside of European Economic Area (“EEA”). The transfer, use and/or storage of your personal information outside of the EEA may not offer the same standard of protection for personal information as in the UK.

Transfers to our third party service providers are to enable them use and store your personal information on our behalf. We will, however, put in place appropriate security procedures in order to protect your personal information. We also ensure that, where your information is transferred to any country outside the EEA this is done using specific legally-approved safeguards.

We will keep your information only for as long as necessary depending on the purpose for which it was provided or to comply with our legal obligations and duties. Information provided in connection with trusts may by its very nature require to be kept for a very long time.

We have put in place measures to protect the security of your information. These measures are intended to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we are providing you with the information in this notice. The various rights are not absolute and each is subject to certain exceptions or qualifications.

Under certain circumstances, by law you have the right (1) to object to the processing of your personal information where we are relying on a legitimate interest (or that of a third party); (2) to request access to your personal information which enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it; (3) request correction of the personal information that we hold about you; (4) request erasure of your personal information; (5) request the restriction of processing of your personal information; and (6) request the transfer of your personal information to another party in a machine-readable, commonly used and structured format.

If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact the Data Protection Officer in writing at the address below. You will not have to pay a fee to gain access your personal information (or to exercise any of the other rights). In some cases, we may charge a reasonable fee if your request for access is clearly unfounded or excessive, or if you request multiple copies of the information. Alternatively, we may refuse to comply with the request in such circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

If you wish to request further information about any of the above rights, or if you have any questions concerning data protection please contact, by post, The Data Protection Officer, Summit Trust Company Ltd, 17 Cavendish Square, London W1G 0PH.

If you are not satisfied with our response to any complaint you may make concerning data protection or believe our processing of your information does not comply with data protection law, you can make a complaint to the Information Commissioner’s Office (“ICO”): https://ico.org.uk/global/contact-us ICO Helpline: 0303 123 1113.

We keep our Privacy Notice under regular review and any updates will be posted on our website in the most recent version of this Privacy Notice.

Summit Trust Company Ltd
Revision: 12 June 2018