Privacy Notice

The purpose of this Privacy Notice (the “Notice”) is to explain the processing of personal data by Atoz Fund Services, a Luxembourg société anonyme, having its registered office at 1A, Heienhaff, L-1736 Senningerberg, registered with the Luxembourg Trade and Companies Register (Registre de Commerce et des Sociétés) under number B 154626 (hereinafter, “we”, “us”, “our”), in accordance with the provisions of the data protection law applicable in the Grand Duchy of Luxembourg (including but not limited to the law of 1st August 2018 on the organization of the National Commission for Data Protection and the general regime on data protection, as may be amended or replaced) and Regulation n°2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the “GDPR”) (collectively the “Data Protection Laws”).  

This Notice is addressed to, and applies to our client’s employee(s), representative(s), proxyholder(s), shareholder(s), ultimate beneficial owner(s), contact person(s), trustee(s), agent(s) and any other natural person related to the client and concerned by the provision of the services under the agreement with us (hereinafter, “you”, “your(s)”). If the client is a legal entity, it undertakes, where appropriate, to inform you of the content of this Notice in accordance with articles 12, 13 and 14 of the GDPR.

This Notice must be read in conjunction with our General Terms and Conditions (hereinafter referred to as the "Terms"), which are available here. Any capitalized terms used herein that are not expressly defined shall have the meanings ascribed to them in the Terms.

 

1. Purpose of Personal Data Processing

Personal data is processed by us exclusively for the following purposes and on the following legal bases:

  • The performance of the client agreements (each, an “Agreement”) for the provision of our services to you, excluding the ones provided by us in our capacity as a transfer agent within the meaning of the Luxembourg law of 5 April 1993 on the financial sector, as amended (the “Services”);
  • Ensuring compliance with our legal obligations, such as those arising from Luxembourg laws and regulations on anti-money laundering (“AML”) and counter-terrorism financing (“CFT”) such as the law of 12 November 2004 on the fight against money laundering and terrorist financing, as amended and the law of 13 January 2019 on the register of beneficial owners (the “AML Law”).

Personal data will not be processed for any other purposes, unless (i) we have obtained your prior consent, or (ii) such processing is necessary for the establishment, exercise, or defence of legal claims in specific administrative, regulatory, or judicial proceedings as well as any communication or reporting to the CSSF.

 

2. Personal Data Collected

We will process your name, surname(s), address (private and/or professional), identity card/ passport, country of residence and tax residence, date and place of birth, nationality(ies), profession, contact details, preferred language, banking and payment information, national identification number, nature and extent of the effective interests in the registered entity  and any other personal reasonably related to the provision of the Services or the AML Law (the “Personal Data”).

You may refuse to provide is with such Personal Data. However, in such cases, we may be unable to adequately provide the requested Service or respect our obligations.

 

3. Personal Data Storage Period

Unless otherwise legally required, Personal Data will be stored:

  • for the provision of Services under the Agreement, and for a period of ten (10) years from the end of the calendar year in which the business relationship was terminated, unless litigation is pending;
  • for AML and CFT purposes, for five (5) years following the termination of the business relationship with you.

 

4. Protection of Personal Data

We have implemented the necessary technical and organizational measures to ensure the security and confidentiality of Personal Data, safeguarding it from accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access, and any other unlawful forms of processing.

 

5. Cross-Border Data Transfers

Depending on the Services, we may transfer your Personal Data to countries outside the EEA which do not ensure an adequate level of protection of your Personal Data . In such cases we will make sure to enter into agreements with the recipients of your Personal Data, based on the European Commission’s standard contractual clauses or other valid transfer mechanisms. You may contact us if you would like to receive a copy of the used transfer mechanism. However, we reserve the right to delete any confidential provisions which are not in connection with the processing of your Personal Data.

 

6. Recipients of Personal Data

We may disclose Personal Data obtained under the Agreement to the following categories of recipients:

  • to any Affiliate(s) on a confidential basis where required for the purpose of providing the Services and for administrative, billing and business purposes; to our service providers, including in the scope of Outsourcing or Sub-Outsourcing, as detailed in the Terms;
  • to business partners, public authorities, supervisory bodies or experts engaged in the client’s business matters (such as notary, bank, external manager, depositary, CSSF);
  • to national or foreign law firms for the purpose of obtaining national or foreign legal advice;
  • to any other useful and reasonably necessary person or entities, including law firms, in case of litigation with you.

 

7. Your Rights

In accordance with Data Protection Laws, you have a right of access, objection, erasure, portability, rectification of your  Personal Data, unless we can demonstrate a compelling legitimate reason for retaining your Personal Data, such as to: (a) enable us, the financial intelligence unit of the office of the state prosecutor at the Luxembourg district court, a control authority or supervisory body to fulfil its tasks properly for the purposes of the AML Law; or (b) avoid obstructing official or legal inquiries, analyses, investigations or procedures for the purposes of the AML Law or Directive (EU) 2015/849, or other applicable directives and to ensure that the prevention, investigation and detection of money laundering and terrorist financing is not jeopardised.

You can exercise the above rights by sending an email to gdpr@atoz-fundservices.lu or for any other question related to this Notice. If we consider your request as unclear or vague, we may further discuss to better understand the reason of your request. To prevent fraud, we reserve the right to request a scan of your national identity card or passport for identification purposes. 

We also reserve the right to charge a reasonable administrative fee for any manifestly unfounded or excessive requests concerning access to Personal Data, and for any additional copies of the Personal Data requested.

You may also lodge a complaint with your local data protection authority about any of our activities that you deem not compliant with the GDPR. In the Grand-Duchy of Luxembourg it is the National Commission for Data Protection (“Commission Nationale pour la Protection des Données” or “CNPD”), accessible at https://cnpd.public.lu/en.html.

Last updated: December 2024