Privacy Notice MainTower SICAV (the”Company”)
The purpose of this data privacy notice (“Notice”) is to provide you with information on our use of your personal data in accordance with the EU data protection regime introduced by the General Data Protection Regulation (Regulation 2016/679, the "GDPR"). The Policy applies to our use of your data provided that such processing falls within the scope of GDPR.
This Privacy Notice deals with the way we process (i.e. collect, use, store, transmit or otherwise handle or process, collectively defined hereinafter as the "Processing" or "Processing Operations") personal data. This Privacy Notice does not replace, and is subject to, our applicable contractual terms and conditions.
We may conduct our Processing Operations either directly or indirectly, through other parties which process personal data on our behalf (hereinafter the "Processors").
This notice might be subject to changes. Any updates will be posted on our website. We recommend you regularly review it to ensure that you are always aware of our privacy practices. Our privacy commitments to you:
• We will keep your data safe and private
• We will ensure that you can exercise your rights
• We will train our employees to properly manage your personal information
• We will notify you of any personal data breach which we become aware of which affects
you and is likely to result in a high risk to your rights and freedoms.
2. Who is concerned and who can you contact?
We process information and personal data relating to you as individual and/or any Related Person to you (hereinafter the "Data Subject(s)"). A "Related Person" means an individual whose information you, or a third party provides to us with, and/or which otherwise comes to our knowledge in connection with our Business Relationship. A Related Person may include, but is not limited to, (i) any director, officer or employee of a company, (ii) a trustee, settlor or protector of a trust, (iii) any nominee or beneficial owner of an account, (iv) a substantial interest owner in an account, (v) a controlling person, (vi) a payee of a designated payment, or (vii) any representative(s) or agent(s) (e.g., with a power of attorney or a right of information on an account).
In this context, we ask that you liaise with and transmit to any and all of your Related Persons this Privacy Notice, respectively the information contained therein.
In substance, the Company, as data controller may collect, store and otherwise process the data in connection with our existing and/or prospective business relationships, or your investment in the Company, including your use of our websites (together hereinafter the "Business Relationship"). For any questions you may have in relation to this Privacy Notice, your Controller, or more generally the processing of your (or your Related Persons´) personal data, you may contact our Compliance Officer, who acts as the Data Protection Responsible Officer, at any of the following addresses:
36, rue des Aubepines Bertrange
or : email@example.com
3. How do we protect your data ?
We are subject to certain confidentiality and secrecy obligations, e.g., arising under data protection, other legal obligation, contract, professional secrecy, as the case may be. The Personal data we process are also subject to said obligations. Our delegates’ employees are required to follow specific procedures with respect to maintaining the confidentiality of our investors’ personal information. We, and our duly authorised delegates apply appropriate information security measures designed to protect data in our possession and/or our delegates´ possession from unauthorised access by third parties or any form of computer corruption. We continously improve our security measures in line with the technological developments.
4. What personal data do we process?
"Personal data" include any information that enables one to identify directly (e.g., first name, surname) or indirectly (e.g., passport number or data combination) a natural person.
Personal data of Data Subjects we process may include:
• Identification data, e.g., names, addresses, telephone numbers, email addresses, business contact information, your IP address...;
• Personal characteristics, e.g., date of birth, country of birth...;
• Professional information, e.g., employment and job history, title, representation
• Identifiers issued by public bodies, e.g., passport, identification card, tax identification number, national insurance number, social security number...;
• Financial information, e.g., financial and credit history information, bank details...;
• Transaction / investment data, e.g., current and past investments, investment profile, investment preferences and invested amount, number and value of shares held, role in a transaction (seller / acquirer of shares), transaction details,..
5. For what Purposes and on what legal basis do we process personal data?
We collect and process personal data for the purposes (hereinafter the "Purposes") and based on the legal basis set forth herein.
We essentially base our Processing on (i) the performance of a contract to which the Data Subject is Party, or the Data Subject is a is Related Person of such Party), (ii) our obligation to comply with a legal or regulatory obligation, (iii) the pursuit of our legitimate interest and (iv) the performance of a task carried out in the public interest (e.g., to prevent or detect offences).
More specifically, collecting and processing of your personal data for the performance of a contract, includes the following Processing Operations:
• the opening and management of your account, or Business Relationship with us, including operations aiming at reflecting your pro rata ownership in the funds, processing subscription, redemptions, conversion and transfering requests (as applicable), the payment of subscription or distribution
• disclosure to parties such as the Management Company, the Administrator, the Depositary, the Distributors, Transfer Agents, the auditors and other service providers (and any of their affiliates), where necessary for the performance of your contract (including any steps prior to entering into such contract);
• provide offering documentation to Data Subjects about products and services;
• disclosure to any relevant party, law enforcement agency or court to the extent necessary for the establishment, exercise or defence of legal rights in accordance with applicable laws.
We also collect and process personal data in order to complywith legal and regulatory obligations to which we are subject, including :
• complying with any legal obligations and to carry out any form of cooperation with, or reporting to competent administrations, supervising authorities, law enforcement authorities and other public authorities (e.g., in the field of anti- money laundering and combating terrorism financing ("AML-CTF")),
• prevention and detection of crime under tax law (e.g., reporting of name, address, date of birth, tax identification number (TIN), account number and account balance to the tax authorities under the Common Reporting Standard ("CRS") or Foreign
Account Tax Compliance Act ("FATCA") or other tax legislation to prevent tax evasion and fraud as applicable);
• prevention of fraud, bribery, corruption, market abuse and provision of financial and other services to persons subject to economic or trade sanctions on an on- going basis in accordance with our AML-CTF procedures, as well as to retain AML- CTF and other required records for screening purposes;
• recording conversations with Data Subjects (such as telephone and electronic communications), in particular to document instructions or detect potential or actual frauds and other offences, to enforce or defend our interests or rights in compliance with any legal obligation to which we are subject to.
The aforementioned Processing Operations may also rely on the performance of a tasks carried out in the public interest.
Furthermore, we process personal data in relation to legitimate interests we pursue :
• We disclose the above data to the technology providers where necessary for ensuring our IT network and information security;
• We process personal data of our service providers like names, addresses, date of birth for the purpose of identification and mitigation of any potential reputational or other risks related to this party as our service provider.
To the extent that one or more of our Processes of personal data requires prior consent thereto, we will reach out to you and ask for your consent in due time.
The provision of personal data may be mandatory, e.g., in relation to our compliance with legal and regulatory obligations to which we are subject. Please be aware that not providing such information may preclude us from pursuing a Business Relationship with, and/or from rendering our services to you.
6. Do we rely upon profiling or automated decision making?
We do not use automated decision making in connection with our Business Relationship and/or Data Subjects.
7. What sources do we use to collect your personal data?
To achieve the Purposes, we collect or receive personal data:
• directly from the Data Subjects, e.g., when contacting us or through (pre)contractual documentation directly sent to us; and/or ;
• indirectly from other external sources, including any publicly available sources (e.g., UN or EU sanctions lists), information available through subscription services (e.g., Bloomberg) or information provided by other third parties.
8. Do we share your personal data with third parties?
We undertake not to transfer personal data to any third parties other than those listed below, except as disclosed to Data Subjects from time to time, and upon its consent when required:
• public / governmental administrations, courts, competent authorities (e.g., financial supervisory authorities) or financial market actors (e.g., third-party or central depositaries, brokers, exchanges and registers);
• members of of REA Holding Group based in Switzerland, to which the Management Company is part, to the extent and for the purpose specified above;
• Service providers used for the performance of the contracts related to our Business Relationship, auditors or legal advisors when necessary to perfom their duties.
9. Are personal data transferred outside of EEA ?
In relation to our Business Relationship, we may disclose, transfer and/or store personal data abroad (hereinafter "International Transfer") (i) in connection with the conclusion or performance of contracts directly or indirectly related to our Business Relationship, e.g., a contract with you or with third parties in your interest, (ii) when the communication is necessary to safeguard an overriding public interest, or (iii) in exceptional cases duly foreseen by applicable laws (e.g., disclosures of certain trades made on an exchange to international trade registers).
International Transfers may include the transfer to jurisdictions that (i) ensure an adequate level of data protection for the rights and freedoms of Data Subjects as regards to Processing, (ii) benefit from adequacy decisions as regards their level of data protection (e.g., adequacy decisions from the European Commission or the Swiss Federal Data Protection and Information Commissioner) or (iii) do not benefit from such adequacy decisions and do not offer an adequate level of data protection. In the latter case, we will ensure that appropriate safeguards are provided, e.g., by using standard contractual data protection clauses established by the European Commission.
Should you wish to have further information as regards International Transfers or appropriate safeguards, you may of course contact us (see contact details in Section 2 above).
10. What are your rights in connection with data processing?
You have the right, subject to GDPR and applicable local data protection legislation, to:
• request access to, and receive a copy of, the personal data we hold;
• if appropriate, request rectification or erasure of the personal data that are
• request the erasure of the personal data when the Processing is no longer necessary for the Purposes, or not or no longer lawful for other reasons, subject however to applicable retention periods (see Section 10 below);
• request a restriction of Processing of personal data where the accuracy of the personal data is contested, the Processing is unlawful, or if the Data Subjects have objected to the Processing;
• object to the Processing of personal data, in which case we will no longer process the personal data unless we have compelling legitimate grounds to do so (e.g., the establishment, exercise or defence of legal claims);
• receive the personal data in structured, commonly used and machine-readable format (data portability right);
• when your data is being processed on a basis of consent, you have the right to withdraw your consent on any time;
• obtain a copy of, or access to, the appropriate or suitable safeguards which we may have implemented for transferring the personal data outside of the European Union or Switzerland;
If you or any Related Person to you would like to excercise any of the above mentioned rights lease contact us by sending an email to: firstname.lastname@example.org , or by mail to: MainTower SICAV 36, rue des Aubepines Bertrange, Luxembourg.
In addition to the above you can also file a complain with our Data Protection Responsible Officer (see Section 2 above) in relation to the Processing of personal data or directly file a complaint in relation to the Processing of personal data with the data protection supervisory authority, which is Commission National pour la Protection des Données (CNPD) https://cnpd.public.lu/fr.html
In some cases even if a Data Subject objects to the Processing of personal data, we are nevertheless allowed to continue the same if the Processing is (i) legally mandatory, (ii) necessary for the performance of a contract to which the Data Subject is a party, (iii) necessary for the performance of a task carried out in the public interest, or (iv) necessary for the purposes of the legitimate interests we follow, including the establishment, exercise or defence of legal claims. We will not, however, use the Data Subject´s personal data for direct marketing purposes if the Data Subject asks us not to do so.
Subject to the limitations set forth herein and/or in applicable local data protection laws, you can exercise the above rights free of charge by contacting our Data Protection Responsible Officer.
11. How long are your personal data kept or stored?
We will retain your personal information covered by this Notice for as long as required to perform the purposes for which the data was collected, depending on the legal basis on which that data was obtained and/or whether additional legal/regulatory obligations mandate that we retain the personal information. In general terms, this will mean that personal information will be kept for the duration of our relationship and:
• the period required by tax, company and financial services laws and regulations, especially AML/CFT regulations; and
• as long as it is necessary for individuals to be able to bring a claim against us and for us to be able to defend ourselves against any legal claims. This will generally be the length of the relationship plus the length of any applicable statutory limitation period under applicable law.
12. Website and Cookies
When you visit our website, our server temporarily stores certain data like: your IP address, date and time of access, name and URL of the accessed file, volume of transmitted data, notification that access was successful, data identifying the browser software and operating system, website from which our site was accessed, name of your Internet service provider. Your Internet browser automatically transmits these data to our web server at the point you access our website. All these data is used for facilitating use of the website, ensuring system security, carrying out technical administration of the network infrastructure and optimizing the online services.
We do not compile users’ personal profiles. Nevertheless, the usage of user profiles is permitted subject to additional conditions like pseudonymisation and user’s consent. Should we make use of this option anywhere on our website, we will notify you about that on the respective page and about your respective rights.
The Company’s website may contain links to other providers’ websites. Please note that this privacy statement applies exclusively to our website. We have no influence on the data protection practices of other providers nor do we ensure they conform to relevant data protection laws