Cone Marshall SG Pte. Ltd. & Cone Marshall SG Trustees Pte. Ltd. Privacy Policy

Last updated: April 2026

This Privacy Policy governs the collection, use, disclosure and other processing by Cone Marshall SG Pte. Ltd. And Cone Marshall SG Trustees Pte. Ltd (“Cone Marshall SG”, “we”, “us” or “our”) of any information which, either alone or in combination with other data, enables you to be directly or indirectly identified (“personal data”).

By accepting this Privacy Policy, you: (a) acknowledge that you have the right, capacity and authority to accept this Privacy Policy; (b) acknowledge that you have read and understand this Privacy Policy; and (c) consent to the processing of your personal data by Cone Marshall SG in accordance with this Privacy Policy. If you do not agree to this Privacy Policy, do not accept it and do not access or use the Cone Marshall website and/or Cone Marshall SG’s services.

Our contact details

Attention To: Data Protection Officer of Cone Marshall SG

E-mail: privacy@conemarshall.com

The type of personal data we collect

We currently collect and process the following data:

  • For marketing purposes, we collect personal identifiers, contact information such as email address and phone number, and professional details, such as position, place of work, and location.
  • For our clients, we collect all personal identifiers contained in an individual’s passport, identification documents and address proofs. Additionally, we collect:
    • Email address, phone number
    • Tax identification number
    • National Registry Identity Card (NRIC) number
    • Country of tax residence
    • Financial information received in the source of wealth information/documentation
    • Family/ related party’s information, including names, date of birth and addresses of family members/ related party
    • Profession
  • For job applicants, we collect information in your resumes, such as personal identifiers, contact information (such as email address and phone number) and educational and employment history.

 

How we get the personal data and why we have it

Most of the personal data we process is provided to us directly by you for one of the following reasons:

  • We mainly collect clients’ personal data, including contact information, identification documents, tax information, source of wealth (see further above) for compliance and regulatory reporting purposes.
  • We mostly collect information and supporting documents by email, however the data is also collected during meetings with clients, intermediaries (including financial advisors engaged by our clients), agents, and/or other persons acting for or on behalf of Cone Marshall SG.
  • More limited information is collected for marketing purposes (see further above).
  • In that context, we collect contact information of professionals in wealth planning and High-Net-Worth client services.

We also receive personal data indirectly, from the following sources in the following scenarios:

  • Our intermediaries, engaged by our clients and job applicants, provide end clients’ and job applicants’ personal data.

We use the information that you have given us to:

  • deliver services outlined in our engagement letter,
  • manage our relationship with you,
  • fulfil necessary compliance and regulatory obligations (or assist your intermediaries with doing so),
  • support marketing and business development efforts, including through market research and statistical analysis,
  • perform any additional services agreed upon and documented in an addendum to our engagement letter or otherwise agreed,
  • conduct internal operational and administrative processes, such as risk management, quality control, staff training and record-keeping,
  • personalise our services to you and respond to queries and requests,
  • detect, investigate and prevent fraudulent, illegal or malicious activity, and
  • enforce or defend our rights.

These purposes may continue to apply even after your relationship with us is terminated or modified in any way.

Please note that if you choose not to provide your personal data to us or object to our processing of your personal data, we may not be able to provide some or all of our services to you, evaluate your job application or respond to your queries or requests.

 

How we share your personal data

We may share your personal data with one or more of a network of related companies which are referred to as “group companies” (see Appendix), government and/or public authorities in Singapore and overseas as part of compliance and regulatory obligations and business partners, third-party service providers and agents in Singapore and overseas providing business and administrative support to us.

 

How we store, secure and retain your personal data

  1. Identification of Data: Upon termination of services with a client, all client data will be reviewed to identify information that is no longer required for legal, regulatory, or business purposes.
  2. Secure Storage: Client data that is still required for legal, regulatory, or business purposes will be securely stored in accordance with our data retention framework.
  3. Data Disposal: After a period of 10 years following the termination of services, client data that is no longer required may be disposed of in a secure and irreversible manner. This may include shredding physical documents and securely deleting electronic files.
  4. Compliance: All data disposal activities will be conducted in compliance with relevant data protection regulations, including but not limited to the Personal Data Protection Act 2012 (PDPA) and applicable industry-specific regulations at such relevant time.

Should a contact request to unsubscribe from receiving our emails, we will remove the data from our systems.

An external security team oversees our systems. We conduct regular security reviews of our tenant, as well conduct external penetration tests to continuously identify and mitigate risks. In general, we allocate access to data on a need-to-know basis and have segmented data for security and confidential reasons. Access to various data sets is restricted by relevant multi factor authentication methods and strong password requirements.

We align with the requirements from the National Institute of Standards and Technology Cybersecurity Framework.

 

Transfer of personal data outside Singapore

Your personal data may be transferred to group companies and government and/or public authorities outside Singapore.

For our clients, we store personal data in Australia, where our document databases are located.

For contacts who subscribe to our updates, we store personal data in the United States and Australia for our CRM database and newsletter manager.

Where we transfer, store or process personal data outside Singapore, we shall ensure that such personal data will receive a level of protection that is at least comparable to the protection provided under the PDPA and this Privacy Policy.

 

Your data protection rights

Under data protection law, you have rights including:

Your right of access – You have the right to ask us for copies of your personal data, unless an exception applies.

Your right to rectification – You have the right to ask us to rectify personal data you think is inaccurate and to complete information you think is incomplete, unless an exception applies.

Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal data in certain circumstances. However, if you choose to do so, we may not be able to provide some or all of our services to you or respond to your other requests.

Your right to object to processing – You have the the right to object to the processing of your personal data in certain circumstances. However, if you choose to do so, we may not be able to provide some or all of our services to you or respond to your other requests.

Unless you are notified in writing that a fee is chargeable to access the information you requested to cover the cost of retrieving such information, you are not required to pay any charge for exercising your rights. If you make a request, we have 30 calendar days to respond to you. We may take steps to verify your identity and authority to make a request.

Please contact us at privacy@conemarshall.com, for the attention of the Data Protection Officer of Cone Marshall SG, if you wish to make a request.

 

How to complain

If you have any concerns about our use of your personal data, you can make a complaint to us at privacy@conemarshall.com, for the attention of Pulkit Agrawal.

 

Changes to this Privacy Policy

We may update this Privacy Policy at any time by posting the amended version on the Cone Marshall website including the effective date of the amended version, so please check frequently to see if there are any updates and changes. Your continued access to or use of the Cone Marshall website and/or Cone Marshall SG’s services constitutes your acknowledgment and acceptance of such changes.

 

Appendix – Group Companies

The companies that comprise the Cone Marshall Group are:

  1. Teton Trust Company LLC
  2. Cone Marshall Brazil
  3. Cone Marshall (BVI) Ltd
  4. Cone Marshall (BVI) Trustees Ltd
  5. Cone Marshall HK Limited
  6. CM Holdings HK Ltd
  7. CM Management HK Ltd
  8. Cone Marshall Trustees (Italia) Srl
  9. Cone Marshall Limited
  10. Cone Marshall (San Marino) S.r.l.
  11. Cone Marshall SG Trustees Pte. Ltd.
  12. Cone Marshall Swiss Trustees SA
  13. Cone Marshall Swiss Services SA
  14. Cone Marshall Middle East CSP LLC
  15. CM Services UY SA
  16. Cone Marshall Management Ltd
  17. Conical Consultants SA
  18. Davies Street Trustees Ltd
  19. Cone and Company Paraguay S.A.
  20. Cone Marshall SG Pte. Ltd.