Our contact details

Name: Matthew Gamman, Data Protection Officer and Director

Address: 53 Davies Street Mayfair, London, United Kingdom W1K 5JH

E-mail: privacy@conemarshall.com

Privacy Policy Completed: April 2024

The type of personal information we collect

We currently collect and process the following information:

How we get the personal information and why we have it

Most of the personal information we process is provided to us directly by you for one of the following reasons:

We also receive personal information indirectly, from the following sources in the following scenarios:

We use the information that you have given us including to deliver services outlined in our engagement letter, fulfil necessary compliance and regulatory obligations, support marketing and business development efforts and to perform any additional services agreed upon and documented in an addendum to our engagement letter or otherwise agreed.

We may share this information with one or more of a network of related companies which are referred as “group companies” (see appendix), government and/or public authorities as part of compliance and regulatory reporting obligations.

Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing this information are:

(a) Your consent. You are able to remove your consent at any time. You can do this by contacting unsubscribing via the link provided in our emails, or emailing privacy@conemarshall.com

(b) We have a contractual obligation, including pursuant to our letter of engagement.

(c) We have a legal obligation-, including regulatory and compliance as above.

(f) We have a legitimate interest, which include: providing services to clients and potential clients on the market; ensuring the commercial health of Cone Marshall and the wider group companies; and, assisting intermediaries of clients to comply with regulatory and legal obligations by updating them on relevant developments, thereby ensuring that services can be provided most effectively and with minimal disruption.

How we store your personal information

  1. Identification of Data: Upon termination of services with a client, all client data will be reviewed to identify information that is no longer required for legal, regulatory, or business purposes.
  2. Secure Storage: Client data that is still required for legal, regulatory, or business purposes will be securely stored in accordance with our data retention framework.
  3. Data Disposal: After a period of 10 years following the termination of services, client data that is no longer required will be disposed of in a secure and irreversible manner. This may include shredding physical documents and securely deleting electronic files.
  4. Compliance: All data disposal activities will be conducted in compliance with relevant data protection regulations, including but not limited to the UK General Data Protection Regulation (GDPR) and applicable industry-specific regulations at such relevant time.

Should a contact request to unsubscribe from receiving our emails, we will remove the data from our systems.

For our clients, we store information in the UK and Australia, where our document databases are located.

For contacts who subscribe to our updates, we store information in the United States and Australia for our CRM database and newsletter manager.

An external security team oversees our systems. We conduct regular security reviews of our tenant, as well conduct external penetration tests to continuously identify and mitigate risks. In general, we allocate access to data on a need-to-know basis and have segmented data for security and confidential reasons. Access to various data sets is restricted by relevant multi factor authentication methods and strong password requirements.

We align with the requirements from the National Institute of Standards and Technology Cybersecurity Framework.

Your data protection rights

Under data protection law, you have rights including:

Your right of access – You have the right to ask us for copies of your personal information.

Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.

Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.

Your right to object to processing – You have the the right to object to the processing of your personal information in certain circumstances.

Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Please contact us at privacy@conemarshall.com, if you wish to make a request.

How to complain

If you have any concerns about our use of your personal information, you can make a complaint to us at privacy@conemarshall.com.

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address:

Information Commissioner’s Office

Wycliffe House

Water Lane




Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk


The companies that comprise the Cone Marshall Group are:

  1. Teton Trust Company LLC
  2. Cone Marshall Brazil
  3. Cone Marshall (BVI) Ltd
  4. Cone Marshall (BVI) Trustees Ltd
  5. Cone Marshall HK Limited
  6. CM Holdings HK Ltd
  7. CM Management HK Ltd
  8. Cone Marshall Trustees (Italia) Srl
  9. Cone Marshall Limited
  10. Cone Marshall (San Marino) S.r.l.
  11. Cone Marshall SG Trustees Pte Ltd
  12. Cone Marshall Swiss Trustees SA
  13. Cone Marshall Swiss Services SA
  14. Cone Marshall Middle East CSP LLC
  15. CM Services UY SA
  16. Cone Marshall Management Ltd
  17. Conical Consultants SA
  18. Davies Street Trustees Ltd
  19. Cone and Company Paraguay S.A.