Privacy & Confidentiality Policy

This Privacy & Confidentiality Policy (the "Policy") is issued by Oak Point Trust (the "Trust", "we", "us", or "our"), an international trust structure established and administered under the laws of a recognised offshore financial centre. This Policy forms an integral part of the Terms of Engagement and governs the collection, processing, use, protection, disclosure, and international transfer of all Confidential Information and Personal Data relating to any Client, Settlor, Beneficiary, Protector, or other associated party (collectively the "Client", "you", or "your").

By engaging the services of the Trust, accessing this website, or providing any information to the Trust, the Client expressly acknowledges, accepts, and agrees to be legally bound by this Policy in its entirety.

1. Definitions and Interpretation

1.1 For the purposes of this Policy, the following terms shall have the meanings ascribed to them below:

• "Confidential Information" means any and all information, whether oral, written, electronic, or in any other form, disclosed by or on behalf of the Client to the Trust or generated by the Trust in connection with the Services, including (without limitation) financial data, asset schedules, beneficial ownership information, source of funds and source of wealth details, family relationships, succession plans, tax residency information, and all correspondence.
• "Personal Data" has the meaning given to it under the EU General Data Protection Regulation (GDPR), the Data Protection Act of the Trust's jurisdiction, and all equivalent international laws.
• "Processing" means any operation or set of operations performed on Personal Data, whether or not by automated means.
• "Data Subject" means any identified or identifiable natural person to whom Personal Data relates.
• "Trustee", "Administrator", "Protector", and "Beneficiary" shall have the meanings ascribed in the Trust Deed.

1.2 This Policy shall be read in conjunction with the Trust Deed, Terms of Engagement, and all applicable laws.

2. Scope of Application

2.1 This Policy applies to all Confidential Information and Personal Data received, held, or processed by the Trust, its trustees, directors, officers, employees, agents, service providers, and any sub-processors worldwide.

2.2 The Trust acts as both Data Controller and Data Processor depending on the context and applicable law.

3. Information We Collect

The Trust may collect, without limitation:

• Full name, date of birth, nationality, passport/ID details, residential address, email addresses, telephone numbers
• Financial information, banking details, investment portfolios, asset inventories
• Tax identification numbers, CRS/FATCA self-certifications, source of funds/wealth documentation
• Family structure, relationship details, and succession intentions
• Any other information required for KYC, AML, CTF, sanctions screening, or regulatory compliance

4. Purposes of Processing

Personal Data and Confidential Information shall be processed solely for the following legitimate purposes:

• Establishment, administration, and management of the Trust
• Compliance with all legal, regulatory, and fiduciary obligations (including AML, CRS, FATCA, sanctions, and anti-bribery laws)
• Risk assessment, due diligence, and ongoing monitoring
• Communication with the Client and authorised parties
• Protection of the Trust's legitimate interests and those of other beneficiaries
• Any other purpose to which the Client has expressly consented

5. Confidentiality Obligations

5.1 The Trust shall at all times maintain the strictest confidentiality of all Confidential Information.

5.2 The Trust shall not disclose Confidential Information to any third party except:

• Where required by law, regulation, court order, or competent authority
• To professional advisers, service providers, or sub-processors who are bound by equivalent confidentiality obligations
• To other beneficiaries or protectors where permitted under the Trust Deed
• With the Client's prior written consent

5.3 Confidentiality obligations survive termination of the engagement for a period of not less than ten (10) years, or indefinitely where required by law.

6. International Data Transfers

6.1 The Client acknowledges and consents to the international transfer of Personal Data and Confidential Information to jurisdictions that may have lower data protection standards than the Client's home jurisdiction.

6.2 Appropriate safeguards (including Standard Contractual Clauses, Binding Corporate Rules, or adequacy decisions where applicable) shall be implemented where required under GDPR or equivalent legislation.

6.3 The Trust reserves the right to transfer data to any jurisdiction where its trustees, administrators, or regulators are located.

7. Data Subject Rights

Subject to applicable law and the Trust's legal obligations, the Client may request:

• Access to their Personal Data
• Rectification of inaccurate data
• Erasure ("right to be forgotten") — subject to legal retention requirements
• Restriction of processing
• Objection to processing
• Data portability

All such requests must be made in writing to the Trust and may be subject to verification and administrative fees.

8. Security Measures

The Trust implements appropriate technical and organisational measures to protect Confidential Information and Personal Data, including (without limitation) encryption, access controls, secure servers, regular audits, staff training, and breach response protocols. However, the Client acknowledges that no security system is impenetrable.

9. Data Retention

The Trust shall retain Personal Data and Confidential Information for as long as necessary to fulfil the purposes outlined in this Policy or as required by applicable law, whichever is longer. Typical retention periods range from seven (7) to fifteen (15) years after termination of the Trust relationship.

10. Breach Notification

In the event of a Personal Data breach, the Trust shall notify affected Data Subjects and relevant supervisory authorities where required by law. The Trust shall not be liable for any loss arising from a breach unless caused by its wilful default or gross negligence.

11. Indemnity and Limitation of Liability

11.1 The Client agrees to indemnify and hold harmless the Trust against any loss, damage, or liability arising from the Client's breach of this Policy or provision of inaccurate information.

11.2 The Trust's total liability under this Policy shall not exceed the total fees paid by the Client in the twelve (12) months preceding the claim.

12. Governing Law and Jurisdiction

12.1 This Policy shall be governed by and construed in accordance with the laws of the jurisdiction in which the Trust is established.

12.2 The Client irrevocably submits to the exclusive jurisdiction of the courts of that jurisdiction and waives any right to claim that such courts are an inconvenient forum.

13. Miscellaneous Provisions

13.1 This Policy may be amended by the Trust at any time. Continued engagement with the Trust constitutes acceptance of any amended Policy.

13.2 If any provision is held invalid or unenforceable, the remaining provisions shall remain in full force and effect.

13.3 No waiver of any breach shall constitute a waiver of any subsequent breach.

13.4 This Policy constitutes the entire agreement between the parties with respect to privacy and confidentiality and supersedes all prior understandings.

Acceptance