The EU directive on data protection (implemented in the UK as part of the Data Protection Act 1998) requires that personal data stay within a country in which the regulations have been enacted into law.

Unless the terms and conditions can guarantee that the data will stay within a country in which these have been enacted, or equivalent - such as the hosting provider having signed up to the Safe Harbor scheme (which effectively means they have to treat the data in line with the requirements of the DP Act 1998 and gives Europeans the right to sue in the US if they are not followed) then there is no way that any sort of personal information, not just financial, could be held outside the EU.