Our contact details
Name: Matthew Gamman, Data Protection Officer and Director
Address: 53 Davies Street Mayfair, London, United Kingdom W1K 5JH
E-mail: privacy@conemarshall.com
Privacy Policy Completed: April 2024
The type of personal information we collect
We currently collect and process the following information:
- For marketing purposes, we collect personal identifiers, contact information such as email address and phone number, and professional details, such as position, place of work, and location.
- For our clients, we collect all personal identifiers contained in individual’s passport, identification documents and address proofs. Additionally, we collect:
- Email address, phone number
- Tax identification number
- Country of tax residence
- Financial information received in the source of wealth information/documentation
- Family information, including names, date of birth and addresses of family members
- Profession
How we get the personal information and why we have it
Most of the personal information we process is provided to us directly by you for one of the following reasons:
- We mainly collect clients’ personal information, including contact information, identification documents, tax information, source of wealth (see further above) for compliance and regulatory reporting purposes.
- We mostly collect information and supporting documents by email, however the data is also collected during meetings with clients, intermediaries (including financial advisors engaged by our clients), agents, and/or other persons acting for or on behalf of Cone Marshall.
- More limited information is collected for marketing purposes (see further above).
- In that context, we collect contact information of professionals in wealth planning and High-Net-Worth client services.
We also receive personal information indirectly, from the following sources in the following scenarios:
- Our intermediaries, engaged by our clients, provide end client’s personal information.
We use the information that you have given us including to deliver services outlined in our engagement letter, fulfil necessary compliance and regulatory obligations, support marketing and business development efforts and to perform any additional services agreed upon and documented in an addendum to our engagement letter or otherwise agreed.
We may share this information with one or more of a network of related companies which are referred as “group companies” (see appendix), government and/or public authorities as part of compliance and regulatory reporting obligations.
Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing this information are:
(a) Your consent. You are able to remove your consent at any time. You can do this by contacting unsubscribing via the link provided in our emails, or emailing privacy@conemarshall.com
(b) We have a contractual obligation, including pursuant to our letter of engagement.
(c) We have a legal obligation-, including regulatory and compliance as above.
(f) We have a legitimate interest, which include: providing services to clients and potential clients on the market; ensuring the commercial health of Cone Marshall and the wider group companies; and, assisting intermediaries of clients to comply with regulatory and legal obligations by updating them on relevant developments, thereby ensuring that services can be provided most effectively and with minimal disruption.
How we store your personal information
- Identification of Data: Upon termination of services with a client, all client data will be reviewed to identify information that is no longer required for legal, regulatory, or business purposes.
- Secure Storage: Client data that is still required for legal, regulatory, or business purposes will be securely stored in accordance with our data retention framework.
- Data Disposal: After a period of 10 years following the termination of services, client data that is no longer required will be disposed of in a secure and irreversible manner. This may include shredding physical documents and securely deleting electronic files.
- Compliance: All data disposal activities will be conducted in compliance with relevant data protection regulations, including but not limited to the UK General Data Protection Regulation (GDPR) and applicable industry-specific regulations at such relevant time.
Should a contact request to unsubscribe from receiving our emails, we will remove the data from our systems.
For our clients, we store information in the UK and Australia, where our document databases are located.
For contacts who subscribe to our updates, we store information in the United States and Australia for our CRM database and newsletter manager.
An external security team oversees our systems. We conduct regular security reviews of our tenant, as well conduct external penetration tests to continuously identify and mitigate risks. In general, we allocate access to data on a need-to-know basis and have segmented data for security and confidential reasons. Access to various data sets is restricted by relevant multi factor authentication methods and strong password requirements.
We align with the requirements from the National Institute of Standards and Technology Cybersecurity Framework.
Your data protection rights
Under data protection law, you have rights including:
Your right of access – You have the right to ask us for copies of your personal information.
Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Your right to object to processing – You have the the right to object to the processing of your personal information in certain circumstances.
Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Please contact us at privacy@conemarshall.com, if you wish to make a request.
How to complain
If you have any concerns about our use of your personal information, you can make a complaint to us at privacy@conemarshall.com.
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
Appendix
The companies that comprise the Cone Marshall Group are:
- Teton Trust Company LLC
- Cone Marshall Brazil
- Cone Marshall (BVI) Ltd
- Cone Marshall (BVI) Trustees Ltd
- Cone Marshall HK Limited
- CM Holdings HK Ltd
- CM Management HK Ltd
- Cone Marshall Trustees (Italia) Srl
- Cone Marshall Limited
- Cone Marshall (San Marino) S.r.l.
- Cone Marshall SG Trustees Pte Ltd
- Cone Marshall Swiss Trustees SA
- Cone Marshall Swiss Services SA
- Cone Marshall Middle East CSP LLC
- CM Services UY SA
- Cone Marshall Management Ltd
- Conical Consultants SA
- Davies Street Trustees Ltd
- Cone and Company Paraguay S.A.