Summit Trust International SA (“STI”)
Data Protection and Privacy Notice to Settlors, Beneficiaries and other Interested Persons
STI, like other financial services businesses, is subject to Swiss laws on the protection of personal data. Where STI deals with persons resident in European Union Member States, the General Data Protection Regulation is also relevant. This document provides a summary of the rights that you have as a data subject by STI as a data controller and the policies STI has adopted to control the processing of personal data in accordance with the law.
Reasons for Collecting Data
STI only collects personal data in order to administer trusts, companies, foundations, partnerships and other fiduciary structures (“fiduciary relationships”) that it administers for its client families. Personal data is not sold for marketing purposes to third parties.
The personal data that we collect includes name; date of birth; address; taxpayer or social security numbers; identity documents such as passport, driving licence, and national identity cards; proofs of address; bank account details so that payments can be made; information about your personal financial and domestic situation so that trustee discretions can be properly made, which may include information about your dependants; and other information that we may consider necessary in connection with our fiduciary duties and legal obligations.
Personal data is usually provided to us by you upon request but may be obtained by us from third parties and other sources such as databases and internet searches as well as from professional advisers such as lawyers, accountants, banks and financial advisers.
STI may transfer such data to third parties such as law firms, accountancy firms, banks, asset managers, securities custodians, and investment advisers in order to comply with laws such as those directed against money laundering or to obtain legal or tax advice required in connection with the administration of a fiduciary relationship. Personal data may be viewed by our auditors and can be produced to regulators and law enforcement bodies if requests are made. Personal data may also be reported to tax authorities under various international tax reporting obligations such as FATCA (where the United States is concerned) or the Automatic Exchange of Information provisions (for most countries outside of the United States). Personal data may also be exchanged as part of due diligence exercises in connection with the acquisition, merger or sale of trust businesses including STI and its subsidiaries. Personal data may also be transferred by STI to its subsidiaries or affiliated companies.
Storage of Personal Data
STI maintains electronic records of personal data on its servers in Geneva and on a back-up server in a secure location in Switzerland. Personal data is also maintained on paper files in its offices in Geneva. Paper files are kept in locked cabinets overnight and the office is protected by an alarm system when not staffed overnight or at weekends. Staff are bound by personal undertakings to maintain client confidentiality, which includes protection of personal data, and office policies require that files containing personal data are filed away at night and not left on desktops. Where personal data is transferred outside of Switzerland, it will either be transferred to a jurisdiction that has equivalent legislative protection for personal data (e.g. the UK or a country within the European Economic Area) or we will in other cases, take steps to secure equivalent protection for personal data by means of contractual undertakings.
Personal data will be retained by us for as long as you are the subject of or might be concerned with a fiduciary relationship with us and for such periods as may be prescribed by law from time to time afterwards such as under the anti-money laundering legislation.
Once personal data is no longer required, STI will anonymise or erase it.
Personal Data Information Rights
STI will adequately inform you when personal data are collected from yourself or a third party. The use of sensitive data is subject to your express consent.
When personal data are communicated outside Switzerland, STI will inform you of the name of the third State or international body to which the data are to be communicated.
You may also request that we provide you with information about the personal data that we may hold about you and copies of that information. We will provide copies of information or documents we hold about you upon written request under the ‘Contact’ section below. If the information we hold about you is inaccurate you may require us to correct it by written request. You may also request that we cease to process information about you but in such cases this may impede our ability to provide financial benefits to you under a fiduciary relationship.
You may request that we erase all of your personal data under the “right to be forgotten” if (i) it is no longer necessary for us to hold that personal data with respect to the original purpose for which it was obtained; or (ii) where your consent was the basis of our receiving your personal data, you wish to withdraw that consent; or (iii) you have objections to our processing your personal data and there is no overriding legitimate interest that would entitle us to continue doing so; or (iv) your personal data has been processed unlawfully; or (v) your personal data has to be erased in order to comply with a particular legal or regulatory obligation. Erasure of personal data will prevent us from providing any financial benefit to you as without such information it would not be lawful for us to administer a fiduciary relationship from which you could benefit.
In Switzerland, the government body responsible for supervising data processing is the Federal Data Protection and Information Commissioner (FDPIC) whose address is:
Office of the Federal Data Protection and Information Commissioner FDPIC,
Feldeggweg 1, CH-3003 Berne, Switzerland,
Telephone: +41 58 462 43 95; Fax: +41 58 465 99 96.
Information about data protection in Switzerland is available from the FDPIC website: www.edoeb.admin.ch
If you have any questions about our data protection policy please contact your usual Trust Officer or director contact or write to
The Data Protection Officer, Summit Trust International SA,
6 Place des Eaux-Vives, CH-1207
tel + 41 22 707 8399; fax + 41 22 707 8395.
Summit Trust Company LTD (“STCL”)
Data Privacy & Protection statement (Effective 25 May 2018)
This note sets out how the personal information that we collect about you will be used. For the purposes of data protection legislation STCL is a “controller” meaning that we determine the purpose and means of processing the information we collect from you.
The types of personal information we may collect about you includes your name, marital status, title, nationality and date of birth; identification data includes taxpayer identification numbers, passport details, driving licence or other identification documents; contact data includes postal addresses, email address and telephone numbers; and financial data includes details of your financial position and bank details if payments are to be made to you.
We use your information in order that we may provide services as trustee and to comply with the law and regulatory requirements in the UK generally. Specifically this is to enable us to confirm your identity and allow us to carry out checks in the interest of security and to prevent and detect fraud; to administer and maintain fiduciary structures you may have established or which may benefit you; to respond to your queries; and to carry out our obligations under any contracts entered into between you and us.
We do not send you marketing messages but may respond to specific inquiries received if we consider it appropriate to do so.
We will not pass your information on to third parties except to other companies in the Summit Trust Group which are subject to equivalent data protection laws as apply in the UK or to professionals such as lawyers and accountants where there is a legitimate reason to do so or to information technology and information security providers used in connection with our business as trustees or to third parties where you have given your consent (e.g. legal or tax advisers who are aware of the fiduciary structure with which you are concerned or connected) or to banks, asset managers, securities custodians and other agents who are engaged to provide banking or asset management or related services to trust structures that we administer.
In addition, information may be passed on to law enforcement agencies, fraud prevention agencies and regulators where we are under a duty to disclose or share your information in order to comply with any legal or regulatory obligation, or if we reasonably consider that this is necessary to help prevent or detect fraud or other crime or to protect the rights, property, or safety of STCL, or if we are under a duty to disclose or share your information with HM Revenue & Customs (HMRC), who may then transfer it to the government or the tax authorities in another country where you may be subject to tax, or if STCL (or all or part of its assets) were to be acquired by a third party, in which case personal data about you would be one of the transferred assets as part of a due diligence exercise or business sale, or if you have consented to any disclosure to a third party.
We currently transfer data to Switzerland, which is outside of European Economic Area (“EEA”). The transfer, use and/or storage of your personal information outside of the EEA may not offer the same standard of protection for personal information as in the UK.
Transfers to our third party service providers are to enable them use and store your personal information on our behalf. We will, however, put in place appropriate security procedures in order to protect your personal information. We also ensure that, where your information is transferred to any country outside the EEA this is done using specific legally-approved safeguards.
We will keep your information only for as long as necessary depending on the purpose for which it was provided or to comply with our legal obligations and duties. Information provided in connection with trusts may by its very nature require to be kept for a very long time.
We have put in place measures to protect the security of your information. These measures are intended to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we are providing you with the information in this notice. The various rights are not absolute and each is subject to certain exceptions or qualifications.
Under certain circumstances, by law you have the right (1) to object to the processing of your personal information where we are relying on a legitimate interest (or that of a third party); (2) to request access to your personal information which enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it; (3) request correction of the personal information that we hold about you; (4) request erasure of your personal information; (5) request the restriction of processing of your personal information; and (6) request the transfer of your personal information to another party in a machine-readable, commonly used and structured format.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact the Data Protection Officer in writing at the address below. You will not have to pay a fee to gain access your personal information (or to exercise any of the other rights). In some cases, we may charge a reasonable fee if your request for access is clearly unfounded or excessive, or if you request multiple copies of the information. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
If you wish to request further information about any of the above rights, or if you have any questions concerning data protection please contact, by post, The Data Protection Officer,
Summit Trust Company Ltd,
17 Cavendish Square,
London W1G 0PH.
If you are not satisfied with our response to any complaint you may make concerning data protection or believe our processing of your information does not comply with data protection law, you can make a complaint to the Information Commissioner’s Office (“ICO”): https://ico.org.uk/global/contact-us
ICO Helpline: 0303 123 1113.
We keep our Privacy Notice under regular review and any updates will be posted on our website in the most recent version of this Privacy Notice.
Summit Trust Company Ltd
Revision: 12 June 2018
Summit Trust (Cayman) Limited
Summit Trust (Cayman) Limited (“STCL”) is subject to the Data Protection Law, 2017 in the Cayman Islands (“the DPL”), which took effect on 30th September 2019. STCL is a data controller for the purposes of the DPL and any settlor, beneficiary or protector who is in a trust-based relationship with STCL will be a data subject as defined in the DPL as will any person having a contractual relationship with STCL. STCL collects and processes certain personal data in order to fulfil its legal duties and responsibilities as trustee or as company manager or agent; it does not transfer such data for marketing purposes. STCL may transfer personal data to third party professionals or financial institutions as a consequence of the services it provides or to other companies in the Summit Trust Group in connection with the purchase of administration services or to comply with international tax reporting obligations.
The personal data that is typically collected include an individual’s name, address, date & place of birth, nationality, tax residency, taxpayer identification numbers, contact details, personal financial information, educational information and bank details. In some cases other information may be sought and processed.
Data subjects have various rights under the DPL. Reference to the DPL should be made for details of the individual rights of data subjects. Data is retained in accordance with the DPL and certain information will be kept for 5 years after the termination of a business relationship.
This policy statement may be revised from time to time in accordance with the law and in the light of regulations issued by the Information Commissioner in the Cayman Islands.
Dated: 17th October 2019