Privacy notice

This Privacy Notice explains how Exmoor Fiduciary Limited (“the Company”) collects, uses, and discloses your personal data, and your rights in relation to the personal data it holds.

In this Privacy Notice, “us”, “we” and “our” refers to the Company.

The Company is the data controller of your personal data and is subject to the Data Protection Act 2018 and to the United Kingdom General Data Protection Regulation. Our Data Protection Officer is Mr. Cesare Milani. His contact details are: email - - tel. +44 20 7087 0136.

We may amend this Privacy Notice from time to time, to reflect any changes in the way that we process your personal data. This Privacy Notice supersedes any previous version of this notice with which you may have been provided, or had sight of, before the date stated below, as well as anything to the contrary contained in any agreement with us.

You have the following rights:

  • To obtain access to, and copies of, the personal data that we hold about you;
  • To require that we cease processing your personal data if the processing is causing you damage or distress;
  • To require us not to send you marketing communications;
  • To require us to erase your personal data;
  • To require us to restrict our data processing activities;
  • To receive from us the personal data we hold about you which you have provided to us, in a reasonable format specified by you, including for the purpose of you transmitting that personal data to another data controller;
  • To require us to correct the personal data we hold about you if it is incorrect.

Please note that the above rights are not absolute, and we may be entitled to refuse requests where exceptions apply. You can find out more about your rights under data protection legislation at

If you have any questions about how we use your personal data, or you wish to exercise any of the rights set out above, please contact our Data Protection Officer using the following:

By post - 6 St James's Square, London, SW1Y 4JU, United Kingdom

By email -

By telephone - +44 20 7087 0136

If you are not satisfied with how we are processing your personal data, you can make a complaint to the Information Commissioner (

We may collect your personal data in a number of ways, for example:

  • From the information you provide to us when you meet with us, or from an employee or employees of one of our Stonehage Fleming Group companies or from a family member;
  • When you communicate with us by telephone, fax, email or other forms of electronic communication. In this respect, we may monitor, record and store any such communication;
  • When you complete, or we complete on your behalf, client on-boarding, application or other forms;
  • From other companies in our Group;
  • From the trustee(s) of any trust in respect of which you are a settlor or a beneficiary or which you are otherwise connected;
  • From your agents, advisers, intermediaries, insurance companies, fund managers, investment managers and custodians of your assets;
  • From publicly available sources, or from third parties, where we need to conduct background checks about you.

We may collect the following categories of personal data about you:

  • Your name and contact information such as address, email address and telephone number, as well as your date of birth, your passport number or national identity card details, country of domicile and your nationality;
  • Information relating to your financial situation such as income, expenditure, assets and liabilities, sources of wealth, as well as your bank account details;
  • Information relating to your tax affairs including your tax status and tax identification number;
  • Information about your knowledge and experience in the investment field;
  • Information regarding your goals and objectives in connection with your wealth;
  • Information about your employment, education, family or personal circumstances, and interests;
  • Information relating to your industry, marketing segment and the services we offer which may be of interest to you;
  • Information, some of which is collected daily, to assess whether you may represent a money laundering, terrorist financing or reputational risk to the Group. This includes whether you are a Politically Exposed Person, are involved in a high risk business, have been arrested, charged or convicted of a crime, are on a sanctions list or expose us to tax, litigation, bribery or corruption risk;
  • Information concerning trust beneficiaries which may include names, date of birth, address, nationality, passport details and tax identification number.

Where We Process Your Data Other Than With Your Consent

We may process your personal data without your specific consent because it is necessary for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into a contract.

In this respect, we use your personal data for the following:

  • To prepare preliminary information or a proposal for you regarding the services we offer;
  • To provide you with the services as set out in our terms of engagement with you or as otherwise agreed with you from time to time;
  • To deal with any complaints or feedback you may have;
  • For any other purpose for which you provide us with your personal data.

In this respect, we may share your personal data with the following:

  • Your advisers or agents or employees of firms with which you are associated;
  • Companies, partnerships, other entities or the trustees of trusts, and the directors and/or employees of such companies, partnerships, other entities or trustees of trusts, in respect of which fiduciary and/or administrative services are provided, and in respect of which you are connected or have an interest;
  • Our advisers where it is necessary for us to obtain their advice or assistance;
  • Other third parties such as intermediaries, insurance companies, fund managers or investment managers whom we may introduce to you;
  • Companies or Trusts within our Group;
  • Payment processors where we are making payments;
  • Our data storage providers.

We may also process your personal data because it is necessary for our legitimate interests.

In this respect, we may use your personal data for the following:

  • To run, grow and develop our business;
  • To ensure a safe environment for our employees and visitors, including website visitors;
  • To provide client services;
  • To conduct market research and carry out business development activities;
  • To train our staff or monitor their performance;
  • For the administration and management of our business including carrying out internal group administrative functions and recovering money you owe to us;
  • To seek advice and guidance on our rights and obligations, such as where we require our own legal advice;
  • To mitigate the risks we face.

In this respect, we may share your personal data with the following:

  • Our advisers, agents, settlors or protectors of trusts where it is necessary for us to obtain their advice or assistance.
  • With third parties and their advisers where those third parties are acquiring, or considering acquiring all or part of our business.

If we rely on our (or another person's) legitimate interests for using your personal information, we will undertake a balancing test to ensure that our (or the other person's) legitimate interests are not outweighed by your personal interests or fundamental rights and freedoms which require protection.

We may also process your data for our compliance with a legal obligation which we are under.

In this respect, we may use your personal data for the following:

  • To meet our compliance and regulatory obligations, such as compliance with anti-money laundering, tax and beneficial ownership laws.

In this respect, we may share your personal data with the following:

  • Our advisers where it is necessary for us to obtain their advice or assistance;
  • Our auditors where it is necessary as part of their auditing functions;
  • With third parties who assist us in conducting background checks, such as whether you are on a sanctions list;
  • With relevant regulators or law enforcement agencies, where we are required to do so.

In sharing your personal data for the reasons set out elsewhere in this Privacy Notice, we may need to transfer it to other Group companies located in Switzerland, Israel, Jersey, Liechtenstein, Luxembourg, Guernsey, Malta, Isle of Man or Canada, which are countries which provide the same or a similarly adequate level of protection for your personal data as provided within the United Kingdom. We may also share your personal data with Group companies located in the United States of America, South Africa, Monaco and Mauritius which do not have laws which provide the same level of protection to your personal data as provided within the United Kingdom. Where applicable, we will use Standard Contractual Clauses, as a safeguard, when making transfers to these third countries or will do so with your explicit consent.

We may also share your personal data with other companies or service providers that we have engaged to assist us in providing services to you. These companies or service providers may be located in jurisdictions which currently do not have laws which provide the same level of protection to your personal data as provided within the United Kingdom. Where we share your personal data with a company or service provider in a non-adequate jurisdiction we will do this using either a contractual data sharing arrangement, another available safeguard or with your explicit consent.

If you wish to receive details regarding all of the companies or service providers which we have engaged to assist in delivering services to you or to entities in respect of which you are connected or have an interest and with whom we have shared your information please contact us at:

We retain your personal data for a period of twenty years after the termination of our relationship with you in case of a tax investigation arising out of the provision of our services to you. However, where we have collected personal data as required by anti-money laundering (AML) laws, we retain that AML related personal data for five years after the termination of our relationship, unless we are required to retain this information for a longer period by another law or for the purposes of court proceedings.

Date: 11 October 2022