Privacy notice

The following Stonehage Fleming Companies may process your data in Mauritius:

• Stonehage Fleming (Mauritius) Limited, regulated by the Financial Services Commission, and a Corporate and Trust Service provider.
• Theseus (Mauritius) Limited, regulated by the Financial Services Commission, and a Qualified/ Corporate Trustee Service provider.
• Stonehage Fleming (Mauritius) Corporate Services Limited, a regulated Company Service Provider that provides corporate directorship services.
• Stonehage Fleming (Mauritius) Management Services Limited, a regulated Company Service Provider that provides company management services.
• Stonehage Fleming Secretarial Limited, a regulated Company Service Provider that provides company secretarial services.

One or more of these Companies may process your data, as a data controller, based on the service(s) you require. Each of these Companies are subject to the Data Protection Act 2017, Data Protection Regulations and related laws. All our Companies are registered with the Data Protection Commissioner. Our Companies are located at the following address: 1 St Floor, Les Fascines Building – Block B, Vivéa Business Park, Rue des Fascines, Moka, Mauritius.

Our Data Protection Officer is Mr. Suraj Nosib. His contact details are: 

Email: DPOMauritius@stonehagefleming.com 

Telephone: +230 490 1164

Postal address: 1 St Floor, Les Fascines Building – Block B, Vivéa Business Park, Rue des Fascines, Moka, Mauritius.

Our appointed representative in the European Union is Sturdon Holdings Luxembourg SARL. The Privacy Officer in Luxembourg for the appointed representative can be contacted using: 

Email: luxprivacyofficer@stonehagefleming.com

Telephone: +352 27 44 73 00

If you are a natural person resident in South Africa or a Juristic Person resident in South Africa and are contracting with us or connected to an entity contracting with us then this privacy notice may apply to you, and the processing of your data may be subject to the requirements of the Protection of Personal Information Act No. 4 of 2013.

We may amend this Privacy Notice from time to time to reflect any changes in the way that we process your personal data. This Privacy Notice supersedes any previous version of this notice with which you may have been provided or had sight of before the stated date, as well as anything to the contrary contained in any agreement with us.

You have the following rights:

• To obtain access to, and copies of, the personal data that we hold about you.
• To require that we cease processing your personal data if the processing is causing you damage or distress.
• To require us not to send you marketing communications.
• To require us to correct the personal data we hold about you if it is incorrect.
• To require us to erase your personal data.
• To require us to restrict our data processing activities.
• To receive from us the personal data we hold about you which you have provided to us, in a reasonable format specified by you, including for the purpose of you transmitting that personal data to another data controller.

Please note that the above rights are not absolute, and we may be entitled to refuse requests where exceptions apply.

You can find out more about your rights under data protection legislation from the Mauritius Data Protection Commissioner (The Data Protection Commissioner)

If you have any questions about how we use your personal data, or have a complaint, or you wish to exercise any of the rights set out above, please contact our Data Protection Officer using the following email address: DPOMauritius@stonehagefleming.com

If you are not satisfied with how we are processing your personal data after bringing any complaint to our attention, you can make a complaint to the Mauritius Data Protection Commissioner. 

We may collect your personal data in several ways, for example:

• From the information you provide to us when you meet with one of our employees.
• When you communicate with us by telephone, email or other forms of electronic communication. In this respect, we may monitor, record and store any such communication.
• When you complete or we complete on your behalf client on-boarding, an application or other forms.
• From other companies in our Group, both within and outside of Mauritius.
• From your agents, advisers, intermediaries, insurance companies, fund managers, investment managers and custodians of your assets.

From publicly available sources or third parties where we need to conduct background checks about you

The type of information we collect will be informed by the service you require. We may collect the following categories of personal data about you:

• Your name, and contact information such as address, email address and telephone number.
• Your date of birth, tax identification number, passport number or national identity card details, country of domicile and your nationality.
• Information relating to you and your financial situation such as your industry and marketing segment, the services we offer which may be of interest, your net worth, income, expenditure, assets and liabilities, sources of wealth and your bank account details.
• Information about your knowledge and experience in the investment field.
• An understanding of your goals and objectives in connection with your wealth.
• Information about your employment, education, family or personal circumstances and interests.
• Information, some of which is collected daily, to assess whether you may represent a money laundering, terrorist financing or reputational risk to the Group. This includes whether you are a Politically Exposed Person, are involved in a high-risk business, have been arrested, charged or convicted of a crime, are on a sanctions list or expose us to tax, litigation, bribery or corruption risk.

We may process your personal data without your specific consent because it is necessary for the performance of a contract to which you are a party, or to take steps at your request prior to entering a contract.

• In this respect, we use your personal data for the following:
  • to prepare a proposal for you regarding the services we offer;
  • to provide you with the services as set out in our Client Agreement or Terms of Engagement with you or as otherwise agreed with you from time to time;
  • to deal with any complaints or feedback you may have;
  • for any other purpose for which you provide us with your personal data.
• In this respect, we may share your personal data with the following:
  • intermediaries, insurance companies, banks, fund or investment managers and custodians of your assets;
  • your advisers and agents of other third parties;
  • third party administrators who we may engage to assist in delivering the services to you;
  • our advisers where it is necessary for us to obtain their advice or assistance;
  • other third parties such as intermediaries, insurance companies, fund managers or investment managers who we introduce to you;
  • companies or Trusts within our Group;
  • payment processors where we are making payments on your behalf;
  • our data storage providers.

We may also process your personal data because it is necessary for our legitimate interests.

• In this respect, we may use your personal data for the following:
  • to run, grow and develop our business;
  • to ensure a safe environment for our employees and visitors, including website visitors;
  • to provide client services;
  • to conduct market research and carry out business development activities;
  • to train our staff or monitor their performance;
  • for the administration and management of our business including carrying out internal group administrative functions and recovering money you owe to us;
  • to seek advice and guidance on our rights and obligations, such as where we require our own legal advice;
  • to mitigate the risks we face.
• In this respect, we may share your personal data with the following:
  • our advisers, agents, settlors or protectors of trusts where it is necessary for us to obtain their advice or assistance;
  • with third parties and their advisers where those third parties are acquiring, or considering acquiring all or part of our business;
  • with regulators or authorities where we are required to do so.

If we rely on our (or another person's) legitimate interests for using your personal information, we will undertake a balancing test to ensure that our (or the other person's) legitimate interests are not outweighed by your personal interests or fundamental rights and freedoms which require protection.

We may also process your data for our compliance with a legal obligation which we are under.

• In this respect, we may use your personal data:
  • to meet our compliance and regulatory obligations, such as compliance with anti-money laundering laws, and where we are required to monitor, record or store telephone conversations.
• In this respect, we may share your personal data with the following:
  • our advisers where it is necessary for us to obtain their advice or assistance;
  • our auditors where it is necessary as part of their auditing functions;
  • with third parties who assist us in conducting background checks;
  • with relevant authorities, regulators or law enforcement agencies where we are required to do so.

As a result of contracting with our companies your personal data will be processed in Mauritius. Where we offer services into the European Union and United Kingdom, or where we process personal data of data subjects’ resident in the European Union and United Kingdom, the GDPR and UK GDPR may apply respectively with other local privacy laws. Your personal data may be processed by any of the Group’s offices, inside and outside the European Union, United Kingdom or Mauritius. We have agreements in place, where required, to protect transfers of your data between jurisdictions in accordance with the applicable privacy laws. Should you require further information about this, please contact us.

Additionally, your data may be entered into our accounting and/or billing systems, and our document management systems and your data may be processed by our sub-processors including our retail investment third party administration solution providers or outsourcing technology companies, including cloud services providers. In such cases, where data is processed in a third country, an appropriate safeguard is used. Your data may also be provided externally to banks, regulators, auditors, advisors (including, but not limited to, legal advisors), supervisory or governmental bodies. Where relevant to the service you receive, to appointed directors or shareholders of a company or to beneficiaries, settlors or protectors of a trust.

If you wish to receive details regarding the companies within the Group or other service providers which we have engaged to assist in delivering services to you or to entities in respect of which you are connected or have an interest and with whom we have shared your information, please contact us using the following email address: DPOMauritius@stonehagefleming.com

Your information will be held in accordance with our Records Retention Policy and applicable laws, after which it will be destroyed or deleted. We may keep your information longer where:

• There is pending litigation or an investigation.
• It may be required to assist with the mitigation of any future tax or regulatory query into the transactions or other affairs undertaken by an entity or trust to which we provide regulated services. This ensures that the rights and freedoms of our clients, our staff as well as the Group and its Members are safeguarded.

Version: January 2026