The basics

You may visit this site without revealing any personal information. However, if you request specific information, provide feedback, participate in a marketing initiative or apply for a job online you will be disclosing personal data to us. We will take all reasonable steps to ensure your personal data is protected against unauthorized access and it will not be disclosed or sold to another company or organization. The only time we may disclose your personal data is when we are legally bound to do so or as required by our regulators.

These policies are subject to periodic review and any changes will be included in this section of the site.

The detail

Hamilton Trust Company Limited is a member firm of Moore Stephens International Limited (“MSIL”), a worldwide network of independent accounting and consulting firms. MSIL and its member firms are legally distinct and separate entities. They are not and nothing shall be construed to place these entities in the relationship of parents, subsidiaries, partners, joint ventures, or agents. No member firm of MSIL has any authority (actual, apparent, implied or otherwise) to oblige or bind MSIL or any other MSIL member firm in any manner whatsoever.

For the purposes of this Privacy Statement, member firms and correspondent firms of Moore Stephens International Limited are together described as Participant Firms.

This page contains the information gathering and use policies adopted by Hamilton Trust Company Limited in connection with this website (“the Site”). These policies are subject to review and any changes will be included within this section of this Site.

Hamilton Trust Company Limited is not responsible for the privacy policies of third party sites to which links are provided (including sites of Participant Firms). The privacy policies on such sites should be checked before providing any personal information.

Hamilton Trust Company Limited is committed to the protection of personal information supplied by users of this Site.

Collection of information

Hamilton Trust Company Limited will only collect and use personal data voluntarily and openly provided to this website. A user may choose to provide Hamilton Trust Company Limited with limited personal data as required in order to register for certain services; once registered the information will only be used for the specified purpose(s).

At the present time IP addresses of authorized users are not logged for either administrative or other purposes. It will normally be clear when personal information is being collected. The information required is the minimum necessary to enable Hamilton Trust Company Limited to deal with the services requested, but additional information may be requested in order for Hamilton Trust Company Limited to provide the most appropriate response. If such additional information is requested it is highlighted and its provision is voluntary.

Sensitive personal data includes gender, race or ethnic origin, political opinions, religious or other beliefs, trade union membership, physical or mental health, sexual life or criminal records. We do not solicit sensitive personal data through the Site except where legally required to do so.

Use of information

Information is used only for the specific purpose for which it was provided except where there has been an explicit selection to receive other information from Hamilton Trust Company Limited. Personal data provided through the Site will be made available to the provider of the information on request. Personal information may be deleted at any time. Requests for copies or deletion of information may be made by e-mailing

Provision of information to third parties

Hamilton Trust Company Limited will only provide personal information to third parties in the following circumstances:

  • where the transfer is necessary to fulfill the requirements of the operation for which the information was provided, and the third party is a Participant Firm;
  • in order to fulfill a request which involves other Participant Firms;
  • so as to assist Hamilton Trust Company Limited’s professional advisors regarding matters referred to them concerning the operation of the Site:
  • where requested explicitly by an authorized user of the Site; or
  • as required by a court order or any other legal or regulatory requirement.

Hamilton Trust Company Limited does not collect or compile personal data or information obtained through the Site for dissemination or sale to outside parties. Hamilton Trust Company Limited does not undertake marketing activities for third parties.

Accuracy of information

Hamilton Trust Company Limited assumes responsibility for keeping an accurate record of personal data once it has been submitted, but not for confirming the ongoing accuracy of the personal information. If Hamilton Trust Company Limited is advised that the personal data is no longer accurate, it will be amended (where practical).

Retention of information

Information collected from users of the Site will only be kept in order to provide the required services. From time to time, we may wish to contact you about seminars, workshops, other events, publications or services, which we think will be of benefit to you. You may at any time request us to stop using your personal data for direct marketing purposes. If you wish to do this, please contact us.

Where the information has been collected in connection with an expression of interest in working for Hamilton Trust Company Limited or a Participant Firm, Hamilton Trust Company Limited or a Participant Firm may use, hold and destroy personal data supplied in connection with the initial expression of interest in accordance with the firm’s standard recruitment procedures:
# details may be retained for up to the next twelve months for the purpose of notification of suitable vacancies that might arise;
# details may be used for the purpose of research and analysis designed to improve recruitment and human resources’ policies and practices.

Where the authorized user of the Site has provided additional information, personal details will be retained for a period of time reasonable in the context of the nature of the request.

If these conditions are not acceptable the site should not be further used.

Security of information

Hamilton Trust Company Limited has implemented accepted standards of technical measures and security policies that are aimed at protecting the personal data it has under its control from:

  • unauthorized access;
  • improper use or disclosure;
  • unauthorized modification;
  • unlawful destruction or accidental loss.

All Hamilton Trust Company Limited and Participating Firm’s personnel are required to keep personal information confidential and only authorized persons have access to such information.


We understand the importance of protecting children’s privacy especially in an online environment. This Site is not intentionally designed or directed at children 13 years of age or younger and it is our policy never to knowingly collect or maintain information about anyone under the age of 13 years.


“Cookies” are not used on this Site.

Inaccuracies and corrections

We would like to keep your personal data accurate and up to date. If you become aware of any errors or inaccuracies please let us know by contacting us.

Other matters

Please note that the Site contains links to other sites (including sites maintained by Participant Firms) which are not governed by this privacy statement.

If you have any questions about this privacy statement please email

GDPR Privacy Notice

Purpose of this notice

This privacy notice describes how Hamilton Trust Company Limited and International Mangers Bermuda Ltd. (“HTCL/IMBL”, “we”, “us” or “our”) collects and uses Personal Data, in accordance with the General Data Protection Regulation (GDPR), and any other applicable data protection laws in the United Kingdom and EU (collectively “data protection laws”).  GDPR extends the scope of current EU data protection regulations to data controllers and data processors located outside of the EU where data is processed in connection with the offer of goods and services to individuals in the EU.
Personal Data is any information relating to an identified or identifiable living person. Words used with first letter capitalisation (e.g. Personal Data), unless otherwise defined in this policy, have the same definition and meaning as under data protection law.
We are committed to protecting your personal, financial and business information.

Types of Personal Data

Given the diversity of the services we provide to clients we may process many categories of Personal Data. By way of example, we could collect and process:

  • contact and personal details (including name, address, date of birth, employer name, contact title, phone, email and other business or family contact details);
  • business activities;
  • family information;
  • information related to transactions or financial behaviour arising from your relationship with us and from other financial institutions;
  • information that you provide on an application form for any services that we provide;
  • in respect of corporate or institutional customers, information on persons including but not limited to shareholders, partners, trustees, settlors, protectors, beneficiaries etc…
Collection of Personal Data

We will only collect such Personal Data that is necessary for us to perform our services and comply with regulatory requirements and we ask our clients only to share such Personal Data as required for that purpose. Where we identify that a client has provided us with unnecessary Personal Data we will either return that information to its source or destroy it, taking into account our client’s preference wherever possible.   We may collect and confirm your information during the course of our relationship with you and will only use personal information which constitutes personal data in accordance with relevant data protection laws.
Generally, we collect Personal Data from our clients or from third parties acting on the instructions of the relevant client. Examples of this collection include when:
  • we are contacted about our services;
  • a proposal is requested from us in respect of the services we provide;
  • our clients engage us to provide our services and also during the provision of those services;
  • from third parties (e.g. agents of our clients, or from corporate entities who employ Data Subjects) and/or publicly available resources.
Use of Personal Data
Here we set out the basis upon which we process Personal Data. Please note that we may process Personal Data for more than one lawful basis, depending on the specific purpose for which we are using that information.
We may use or process your information for the following purposes:
  • To verify your identity and investigate your personal background;
  • To facilitate or otherwise assist in the provision of your trust and or company with us or any service provided by us to you;
  • To service any of your other relationships within the Moore Stephens International group
  • To meet our regulatory and or legal and or financial and or other reporting obligations in any jurisdiction (as applicable);
  • To comply with laws, regulations or court orders in any jurisdiction;
  • To prevent or detect fraud, money laundering, terrorist financing or other criminal conduct (including but not limited to compliance with HTCL and IMBL’s internal know your client, anti-money laundering and anti-terrorist financing and anti-bribery and corruption policies.
  • As a record of any information obtained from or about you in the course of our relationship; and
  • To allow for certain efficiencies including operating and managing systems, systems back-up and data recovery, risk evaluations, know your client procedures to verify client identity, and anti-money laundering screening.
Many of our services require us to process Personal Data for purposes necessary for the performance of our relationship with our clients. For example, this may include processing Personal Data to provide trust and or corporate services to our client, or processing the Personal Data of a Data Subject who is the employee, subcontractor, supplier or customer of our client.
Legitimate interests
We may process Personal Data for the purposes of our own legitimate interests in the effective delivery of information and services to our clients, and in the effective and lawful operation of our businesses, provided that those interests do not override the interests, rights and freedoms of a Data Subject which require the protection of that Personal Data.
Examples of such processing activities include:
  • managing our relationship with clients;
  • developing our businesses and services (such as identifying client needs and improvements in service delivery);
  • monitoring the services we provide clients for quality control purposes, which may involve processing the Personal Data stored on the relevant professional file;
  • managing risk in relation to client engagements and to the firm generally;
  • maintaining and using IT systems, including security monitoring to identify harmful programs;
  • hosting or facilitating the hosting of events;
  • administering and managing our website and systems and applications.
Compliance with a legal obligation
As with any provider of professional services, we are subject to legal, regulatory and professional obligations. We will process Personal Data as necessary to comply with those obligations.
One example of such processing includes anti-money laundering activities such as carrying out searches (such as internet searches and sanctions lists) to identify politically exposed persons and heightened risk individuals and organisations, and to check that there are no issues that would prevent us from working with a particular client (such as sanctions, criminal convictions (including in respect of company directors), conduct or other reputational issues).
In certain limited circumstances, such as where a Data Subject has agreed to receive marketing communications from us, we may process Personal Data by consent. Where consent is the only basis upon which Personal Data is processed the relevant Data Subject shall always have the right to withdraw their consent to processing for such specific purposes.
It is our policy to only process Personal Data by consent where there is no other lawful basis for processing.
Data retention
We retain the Personal Data processed by us for as long as is considered necessary for the purpose for which it was collected (including as required by applicable law or regulation).
In the absence of specific legal, regulatory or contractual requirements, our standard retention period for records and other documentary evidence created in the provision of services is 10 years.
Our standard email retention period is 10 years.
We continually review our data retention policies, and we reserve the right to amend the above retention periods without notice.
Other records, which are not required to be retained as part of our professional services, will be kept for a period of time depending on:
  • the type, amount and categories of Personal Data we have collected;
  • the requirements of our business and the services we provide;
  • the purposes for which we originally collected the Personal Data;
  • the lawful grounds upon which we based our processing;
  • any relevant legal or regulatory obligations;
  • whether the purpose of the processing could be reasonably fulfilled by other means.
Data Security
We take the security of all the data we hold very seriously. We have a framework of policies, procedures and training in place covering data protection, confidentiality and security and regularly review the appropriateness of the measures we have in place to keep the data we hold secure.
We have put in place appropriate security measures to prevent Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. This is not only in accordance with our obligations under GDPR, but also in accordance with our regulatory obligations of confidentiality.
In addition, we limit access to Personal Data to those employees, agents, contractors and other third parties who have a business need to know, and our IT systems operate on a ‘least privileged’ basis by default. Third parties will only process Personal Data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify any affected Data Subject and any applicable regulator of a suspected breach where we are legally required to do so.
In some circumstances we may anonymise or pseudonymise Personal Data so that it can no longer be associated with the Data Subject, in which case we may use it without further notice.
Data transfers
We will share Personal Data with third parties where we are required by law, where it is necessary to administer our relationships between clients and Data Subjects, or where we have another legitimate interest in doing so.
We are part of a global network of firms and accordingly Personal Data may be transferred to other member firms of the Moore Stephens International network. This may result in Personal Data being transferred outside the countries where we and our clients are located. This includes to countries outside the European Union (EU) and to countries that do not have laws that provide specific protection for personal data. All Personal Data will be provided with adequate protection and all transfers of Personal Data outside the EU are done lawfully. Where we transfer Personal Data outside of the EU to a country not determined by the European Commission as providing an adequate level of protection for Personal Data, the transfers will be under an agreement which covers the EU requirements for the transfer of personal data outside the EU, such as the European Commission approved standard contractual clauses.
Please also see for a list of firms and countries in which member firms of the Moore Stephens International network operate. We will also share Personal Data with other entities within our group, subject to the safeguards mentioned above.
We will also share Personal Data with third-party service providers.  For example, we use third parties to provide:
  • our IT and cloud services, and to operate and manage these services;
  • professional advisory services (including auditors);
  • administration services;
  • marketing services;
  • banking services.
All of our third-party service providers are required to take commercially reasonable and appropriate security measures to protect your personal data. We only permit our third-party service providers to process your personal data for specified purposes and in accordance with our instructions.
Rights and responsibilities
A Data Subject’s duty to inform us of changes
It is important that the Personal Data we hold about is accurate and current. Should your personal information change, please notify us of any changes of which we need to be made aware by contacting us, either through your usual contact at HTCL or IMBL or by using one of the means set out at the end of this privacy notice.
A Data Subject’s rights in connection with Personal Data
If you believe that any of the centrally held information including your personal information is incorrect or inaccurate, you should notify us so that the information can be updated or corrected as appropriate.  Data Subjects may have certain rights in relation to the Personal Data held by us about them. In particular, they may have a right to:
  • request access to their Personal Data. This enables a Data Subject to receive details of the Personal Data we hold about them and to check that we are processing it lawfully;
  • ask that we update the Personal Data we hold about them, or correct such Personal Data that they think is incorrect or incomplete;
  • request erasure of their Personal Data. This enables a Data Subject to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. Data Subjects also have the right to ask us to delete or remove Personal Data where they have exercised their right to object to processing (see below). Please note that we may not always be able to comply with a request for deletion of Personal Data for legal reasons which will be notified, if applicable, after receiving such a request;
  • request the restriction of processing of their Personal Data. This enables a Data Subject to ask us to suspend the processing of Personal Data about them, for example if they want us to establish its accuracy or the reason for processing it;
These rights are subject to any applicable exemptions under relevant data protection laws.
Withdrawal of consent
You can withdraw your consent to the processing of personal information (where we are processing your personal information based on your consent).  If you object to the processing of your personal information, or if you have provided your consent to processing and you later choose to withdraw it, we will respect that choice in accordance with our legal obligations.   However, this may limit or prevent us from providing the services you have asked for.   It may also make it more difficult to advise you or suggest appropriate alternatives.  
If you feel that we do not comply with applicable privacy rules you have the right to lodge a complaint with the competent data protection authority.
To withdraw consent to our processing of your Personal Data please email us at .
Contacting us to exercise a right
You may seek to exercise these rights at any time by sending a request by email to or by writing to Data Protection Officer, Hamilton Trust Company Limited and or International Managers Bermuda Ltd., Wessex House, 45 Reid Street, Hamilton HM 12, Bermuda and providing further information (including appropriate proof of identity) as requested by us. 
Please note that it our policy not to provide copy documents if we are contacted by Data Subject seeking access to their Personal Data. We will comply with this request in another way, usually by providing a newly created document listing the information we are required to provide under data protection law.
We may need to request specific information from those individuals who contact us to help us confirm their identity and ensure their right to access their personal data (or to exercise any of their other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact an individual to ask them for further information in relation to their request to speed up our response.
We try to respond to all legitimate requests within six weeks. Occasionally it may take us longer than six weeks if a request is particularly complex. In this case, we will notify the individual concerned and keep them updated.
Changes to this notice
We recognise that transparency is an ongoing responsibility so we will keep this privacy statement under regular review.
This privacy statement was last updated on 15 May 2018.
If there are any questions regarding this notice or if anyone would like to contact us about the manner in which we process their Personal Data, please email our Data Privacy Principal at: