Hament is committed to protecting the confidentiality, integrity, and availability of your information. This Privacy Policy explains how we collect, use, store, and safeguard personal data when you visit our websites, open an investment account, or interact with our team. We comply with applicable data protection laws and apply the highest standard that governs your jurisdiction.
We collect only the information needed to deliver investment services, meet Anti-Money Laundering (AML) obligations, and improve your experience. Data is encrypted in transit and at rest, hosted in tier-one cloud environments certified to ISO 27001 and SOC 2 Type II, and accessible only to authorized personnel using multi-factor authentication and strict role-based permissions.
Identification and compliance data, we collect your name, date of birth, national ID or passport number, proof of address, tax IDs, source-of-funds details, and any materials required for enhanced due diligence under AML and KYC rules. We also keep records of your client classification (Retail, Professional, or Institutional) and your completed risk-tolerance questionnaires.
Platform and transactional data, when you use our services, we log device identifiers, IP addresses, browser settings, and your activity on our website or app. We record each order, trade, and cash movement to meet legal reporting duties and to provide real time portfolio analytics. For optional services like marketing emails or research subscriptions, we keep your communication preferences and engagement metrics. You can update these settings or opt out at any time.
We process your data primarily to deliver the services you request, opening and administering investment accounts, executing and settling trades, producing statements, and providing client support. Your identification details help us verify identity, meet KYC and AML requirements, assess suitability, manage risk, and satisfy regulatory reporting duties. We also analyse aggregated, pseudonymised usage patterns to improve platform performance, detect fraud, and develop new features. Marketing messages (such as investment insights or event invitations) are sent only if you have opted in and may be tailored using basic engagement metrics; you can update preferences or opt out at any time. We never sell or rent personal data to third parties, and vendors acting on our behalf must contractually maintain equal or stronger privacy safeguards.
Retention periods follow statutory, regulatory, and contractual rules. Core client records—KYC documents, transaction confirms, account statements, and tax reports—are kept for at least seven years after account closure and up to ten years where AML or securities laws require longer. Operational data—such as system audit logs, access records, and disaster-recovery backups—may be retained beyond those minimums in order to:
When a retention period ends (and no legal hold applies), we securely delete or anonymize the data in line with our data-destruction policy. You may request deletion, subject to these obligations.
You have the right to access the personal data we hold about you, to correct any inaccurate or incomplete information, and—subject to legal and regulatory limits—to request deletion or restriction of processing. You may also object to certain uses of your data, withdraw consent for marketing at any time, and request a machine-readable copy of data you provided so you can transfer it to another service. To exercise these rights, contact hello@hamentadvisory.com or use your secure client portal.
To exercise these rights, email hello@hamentadvisory.com or submit a request through your secure client portal. We will acknowledge your request within five business days and aim to complete it within 30 days, unless a longer period is allowed by law. If we must decline—for example, where records must be kept for anti money laundering compliance—we will explain why and cite the legal basis for retention.
We protect your information with layered security. All data in transit uses TLS 1.3 encryption, and all data at rest uses AES 256 encryption in data centers certified to ISO 27001 and SOC 2 Type II. Access is limited by strict role based permissions with mandatory multi factor authentication. We run continuous intrusion detection and conduct annual independent penetration tests. These controls are designed to keep your data confidential, accurate, and available only to authorized personnel.
