DATA PROTECTION REGULATION: GDPR
The General Data Protection Regulation (GDPR) is a comprehensive update to existing European Union laws that goes into effect on May 25, 2018. It is intended to harmonize data privacy laws across Europe, to protect and empower all EU residents’ data privacy and to reshape the way organizations across the region approach it.
The GDPR applies not only to organizations that process data in the EU, but also to any organization that either offers goods or services or monitors the behaviour of people inside the EU. GDPR also applies if the processing takes place outside of the EU.
The GDPR applies to information that could directly or indirectly identify an individual. This includes information such as names, addresses, phone numbers, date of birth, as well as IP addresses, cookie identifiers, device information, advertising identifiers, financial information, geo-location information, social media information, consumer preferences, etc.
PERSONAL DATA: WHAT IT IS
Personal Information refers to any information relating to an identified or identifiable natural person.
An identifiable natural person is one who can be identified, directly or indirectly, by reference to a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
We do not consider personal information to include anonymized or aggregated information, treated in such a way that it can no longer be used to identify a specific natural person, whether or not in combination with other information.
Archeide collects personal information from you only when you register, request access, or ask for information to ARCHEIDE, or when you express the intention to subscribe to one of ARCHEIDE’s funds.
Some personal information are requested in order for you to enter into a contractual relationship with us. In this case, you will be asked to fill in the personal data fields that are an integral part of our Subscription Agreement. Also, the same might apply if you are a potential investor interested to know more about us.
The communication of other personal information happens on a voluntary basis, although it may be necessary in case you express the intention to know more about our services and to get access to them.
If you submit personal information about someone else, you must do so only if you have that person’s authorization. It is your duty to inform any third party on how we collect, use, disclose, and retain their personal information.
PERSONAL DATA: HOW WE USE IT
We can use the PD we collect from you for a range of different business purposes, and according to different legal bases of processing. The following is a summary of how and according to which legal bases we use your PD:
We use your PD in order to be able to provide and improve our services, to provide you with a personalized experience, to contact you in relation with our legal obligations and to detect, prevent, mitigate and investigate fraudulent or illegal activities.
We use your PD to fill in standard subscription agreements and forms, as a prerequisite to fulfil a contract with you and provide you with our services. As far as our services are concerned, we provide account management services, we operate, measure and improve them on a regular basis, keeping them safe, secure an operational. We also customize site content in order for it to include items and services that we think you may like in response to the actions you have taken.
We use your PD to contact you regarding your account, to troubleshoot potential problems, to resolve a dispute, to collect fees or monies or as otherwise necessary to provide you with investment services.
We use your PD to comply with our legal obligation under applicable Laws.
You have the right to withdraw your consent at any time.
PERSONAL DATA: HOW WE MIGHT SHARE IT
We may disclose your PD to ARCHEIDEor to other selected third parties, namely financial institutions acting for ARCHEIDE.
This disclosure may be required for us to provide you with access to our services, to comply with our legal obligations, to enforce the agreements we have entered into with you, or to prevent, detect, mitigate, and investigate fraudulent or illegal activities related to our services. We attempt to minimize the amount of PD we disclose to what is directly relevant and necessary to accomplish the specified purpose. We do not sell, rent, or otherwise disclose your PD to third parties for their marketing and advertising purposes without your consent.
We may disclose your PD to the following parties, for the following purposes:
- Service Providers of the Financial Sector and financial institutions acting for ARCHEIDE as follows:
- Third party service providers who help us to provide our service, payment processing services, to assist us with the prevention, detection, mitigation, and investigation of potentially illegal acts, fraud and/or security breaches, affiliate and other business operations.
- Third party financial institutions with whom we work to offer financial products to you, for them to provide joint content and services (such as, registration, transactions and customer support).
- Law enforcement, legal proceedings, and as authorized by law:
- To comply with our legal requirements, to respond to claims that a listing or other content violates the rights of others, or to protect anyone’s rights, property or safety.
PERSONAL DATA: YOUR CHOICE ABOUT HOW WE USE IT
You have the right to decide on how you want us to use your PD to communicate with you and to send you marketing information.
By ticking the appropriate box in the advertising banner, you are giving your consente to receive our marketing communications, such as newsletters, business updates and other useful information.
However, if you do not wish to receive marketing communications from us, you can unsubscribe via the link contained in any email you received, or alternatively by contacting us following the instructions that follow (see Rubric n. 5).
Keep in mind, we do not sell, rent, or otherwise disclose your PD to third parties for their marketing purposes.
PERSONAL DATA: HOW TO ACCESS, CONTROL AND MODIFY IT
We respect your right to access, modify, request deletion or request restriction of our usage of your PD, as required by applicable law. We also take steps to ensure that the PD we collect is accurate and up to date.
You have the right to know what PD we maintain about you.
We will provide you with a copy of your PD in a structured, commonly used and machine-readable format on request.
If your PD is incorrect or incomplete, you have the right to ask us to update it.
You have the right to object to our processing of your PD.
You can also ask us to delete or restrict how we use your PD, but this right is determined by applicable law and may impact your access to some of our services.
We will honour any statutory right you might have to access, modify or erase your PD. Where you have a statutory right to request access or request the modification or erasure of your PD, we can still withhold that access or decline to modify or erase your PD in some cases in accordance with applicable national laws. To request access and to find out whether any fees may apply, if permitted by applicable national laws, please contact us by your preferred means at:
ARCHEIDE LUX, S.à r.l.
10, boulevard Royal
E-mail: [GDPR@archeide.lu] Tel: [+352 27627300]
PERSONAL DATA: HOW WE PROTECT IT
We protect your personal information by using technical and administrative security measures to reduce the risks of loss, misuse, unauthorized access, disclosure and alteration. Some of the safeguards we use are firewalls and data encryption, physical access controls to our data centre, and information access authorization controls. For more information or to report an issue with your account please contact us:
ARCHEIDE LUX, S.à r.l.
10, boulevard Royal
E-mail: [GDPR@archeide.lu] Tel: [+352 27627300]
PERSONAL DATA: HOW LONG WE KEEP IT
We retain your PD for as long as necessary to provide you with the services you have requested, or for other essential purposes such as complying with our legal obligations, resolving disputes, and enforcing our policies.
PD retention can vary significantly based on the context of the services we provide and on our legal obligations. The following factors typically influence retention periods:
- How long is the PD needed to provide our services? This includes such things as maintaining and improving the performance of our products, keeping our systems secure, and maintaining appropriate business and financial records. This is the general rule that establishes the baseline for most of our data retention periods.
- Is the PD sensitive? If so, a shortened retention time is generally appropriate.
- Have you provided consent for a longer retention period? If so, we will retain data in accordance with your consent.
- Are we subject to a legal, contractual, or similar obligation to retain your PD? Examples can include mandatory data retention laws in the applicable jurisdiction, government orders to preserve data relevant to an investigation, or PD retained for the purposes of litigation.
When it is no longer necessary for us to retain your PD, we will dispose of it in a secure manner according to our data retention and deletion policies.
PERSONAL DATA: OUR PRIVACY STANDARDS
We have established a set of privacy standards for ARCHEIDE. They are our commitment to protect your PD and honour our privacy obligations within ARCHEIDE.
The Company you are contracting with is your data controller, and is responsible for the collection, use, disclosure, retention and protection of your PD in accordance with our privacy standards, this privacy notice, as well as any applicable national laws.
Your data controller may transfer data to Service Providers and financial institutions acting for ARCHEIDE, as previously described, that shares the same GDPR principles as we do.
We may process and retain your PD on our servers in Luxembourg.
In terms of designation of a DPO, ARCHEIDE will monitor compliance with the GDPR by carrying out an internal analysis in order to determine whether or not a DPO is to be appointed, under the Guidelines of the WP29 on DPOs. This analysis is part of the documentation under the accountability principle.
ARCHEIDE monitors compliance with GDPR by maintaining an up-to-date Register of Personal Data, organised by category of activity and by type of person.