Privacy Policy

Privacy Policy

The Regulation (EU) 2016/679 of the European Parliament and of the council (GDPR) replaced the existing EU Data Protection Directive n. 95/46/EC.

GDPR is now in force in the European Union (EU). The Principality of Monaco is not a member of the EU although it has entered into specific treaties with the EU, in particular on financial matters.

GDPR is out of the scope of such treaties. In principle, GDPR should not affect business in Monaco. However, any processing by an entity based in Monaco of personal data from clients residing in a UE country is potentially subject to GDPR provisions. Any cross border activity a Monegasque company may carry out on UE territory is within scope. Monaco entities offering services or products to UE clients have to comply with both Monaco data protection laws and GDPR.

The aim of the GDPR is to harmonize privacy law across all EU member states and to help promote the digital economy. It has also introduced new legal rights for individuals to better control and protect their personal data. Organizations holding personal data will need to provide evidence of compliance if requested to do so by clients or regulators.

The GDPR came into effect across the EU from 25 May 2018. As the UK will still be a member of the EU at this date, the GDPR also apply to the UK, and will continue to apply after its eventual exit from the EU. With the following information, we would like to give you an overview of how we process your data and of your rights according to data privacy laws. The details on what data is processed and which method is used depend significantly on the services applied for or agreed upon.

24, Boulevard Princesse Charlotte
MC 98000 Monte Carlo
Switchboard: +377
Web site:

We process personal data in accordance with the provisions of the European General Data Protection Regulation:

For fulfilment of contractual obligations (Art. 6 para. 1b of the GDPR): data is processed in order to provide fiduciary and Trust services (e.g. corporate, trust and wealth services) in the context of carrying out our business with our clients or to carry out pre-contractual measures. You can find other details about the purposes of data processing in the relevant contract documents and terms and conditions.

For the purposes of the legitimate interests pursued by us or a third party (e.g. asserting legal claims and defence in legal disputes); As a result of your consent (Art. 6 para. 1a of the GDPR) as long as you have granted us consent to process your personal data for certain purposes (e.g. for marketing purposes). Consent given can be withdrawn at any time. Withdrawal of consent does not affect the legality of data processed prior to withdrawal.

Furthermore, we are subject to various legal obligations and regulatory requirements (e.g. Anti-Money Laundering Regulations, FCA, HMRC and NCA ordinances and circulars, tax laws). Purposes of processing include identity and age checks, fraud and money laundering prevention, fulfilling control and reporting obligations.

We process personal data that we obtain from our clients in the context of our business relationship. We also process personal data that we obtain from publicly accessible sources, (e.g. debt registers, commercial and association registers, press, internet) or that is legitimately transferred to us by other companies or from other third parties.

Relevant data are personal information (e.g. name, address and other contact details, date and place of birth, and nationality), identification data (e.g. ID card details), and authentication data (e.g. sample signature). Furthermore, this can also be data from the fulfilment of our contractual obligations (e.g. payment transactions), information about your financial situation (e.g. origin of assets) and other data similar to the categories mentioned.

Within the company, every unit that requires your data to fulfil our contractual and legal obligations will have access to it.

We may pass on information about you only if legal provisions demand it, or if you have given your consent, or if we have been authorized by a contract.

Recipients of personal data can be, for example:

Other fiduciary or trustee institutions, advisors, banks, other third parties to which we may transfer your personal data in order to carry out a business relationship with you (depending on the contract). Service’s providers and agents appointed by us can receive access to data for the purposes given only if they maintain an adequate degree of confidentiality.

Public entities and institutions (e.g. criminal prosecution authorities) upon providing a legal or official obligation.

Data transfer in states outside the EU (known as third countries) takes place so long as:
It is necessary for the purpose of carrying out a contract with you
It is required by law (e.g. reporting obligations under fiscal law), or
You have granted us your consent.

In the context of our business relationship, you must provide all personal data that is required for accepting and carrying out a business relationship and fulfilling the accompanying contractual obligations or that we are legally obliged to collect. Without this data, we are, in principle, not in a position to close or execute a contract with you. In particular, Anti-Money Laundering regulations require us to identify you on the basis of your identification documents before establishing a business relationship and to collect and put on record name, place and date of birth, nationality, address and identification details for this purpose.

In order for us to be able to comply with these statutory obligations, you must provide us with the necessary information and documents in accordance with the Anti-Money Laundering regulations, and to immediately disclose any changes over the course of the business relationship.

If you do not provide us with the necessary information and documents, we cannot enter into or continue the business relationship you desire.

We will process and store your personal data for as long as it is necessary in order to fulfil our contractual and statutory obligations.

If the data is no longer required in order to fulfil contractual or statutory obligations, it is deleted, unless its further processing is required, for a limited time, for fulfilling obligations to preserve records according to commercial and tax law.

Every data subject has the right to access (according to Article 15 of the GDPR), the right to rectification (according to Article 6 of the GDPR), the right to erasure (according to Article 17 of the GDPR), the right to restrict processing (according to Article 18 of the GDPR), the right of object (according to Article 21 of the GDPR), and if applicable – the right to data portability (according to Article 20 of the GDPR). Furthermore, if applicable, there is also a right to lodge a complaint with an appropriate data privacy regulatory authority (Article 77 of the GDPR).

You can withdraw consent granted to us for the processing of personal data at any time. This also applies to withdrawing declarations of consent that were made to us before the GDPR came into force, i.e. before May 25, 2018.

Please note that the withdrawal only applies to the future. Processing that was carried out before the withdrawal is not affected by it.

In establishing and carrying out a business relationship, we do not use any automated decision-making pursuant to Article 22 of the GDPR.

We do not process your data automatically.