Who is providing this notice:
BLOCK ASSET MANAGEMENT SARL registered in Luxembourg: 30 Boulevard Royal, L-2449, Luxembourg. Company Number B219500
WHAT IS CONSIDERED PERSONAL DATA?
As per article 4 of the GDPR, personal data is any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
WHAT PERSONAL DATA DO WE COLLECT FROM YOU? (as part of our contractual obligation)
BAM may collect the following information about you:
- your contact details: name, email address & telephone numbers.
- your personal details; age/dob, marital status, nationality, tax residency, bank details, CV.
- your employment details: company name, position, industry, address, website, contact number & email.
- Identification documents (such as passport, driving licence, etc.) as proof of identity.
- Proof of address (such as utility bills, bank statement, etc.),
- Any other information required by any relevant legislation including but not limited to proof of investor status (qualified/accredited investor) & Anti Money Laundering and Countering Financial Terrorism (as it is industry best practice)
PERSONAL DATA WE COULD OBTAIN FROM THIRD PARTY SOURCES
- Any publicly available personal data that has been shared via a public platform such as Twitter, LinkedIn, etc. (i.e. employment details, contact details, etc.)
- Your contact details
HOW DO WE COLLECT THE ABOVE INFORMATION?
If you are a source of collection, we usually gather the data via:
– terms of business, subscription forms or distribution agreement (& necessary supporting KYC/DD).
– telephone calls & email correspondence
– face to face meetings & office visitations
– conferences & sponsorship events attended
IF WE HAVE OBTAINED YOUR PERSONAL DATA FROM THIRD PARTIES, WE USUALLY GATHER THE DATA VIA ONE OR MORE OF THE FOLLOWING:
– public sources such as any available online information including social media.
– professional bodies and publicly available databases & registers including government registrations.
-your company web page or social media pages
– any other available public source
-Financial Intermediaries who you have approached for financial/investment introductions.
HOW WE USE YOUR DATA/ PURPOSES OF PROCESSING?
- to fulfil our contractual obligations with you,
- to verify your identity
- to provide you with ongoing communication & business opportunities,
- for crime and fraud prevention, detection and related purposes,
- to enable us to manage customer/client service interactions with you; and
- where we have a legal right or duty to use or disclose your information (for example in relation to an investigation by a public authority or in a legal dispute, etc.).
- to exercise our legal rights (for example in court cases).
- To make our services available to you
SHARING DATA WITH THIRD PARTIES
Our service providers
Following your request or with your written or tacit consent, we may share your personal data with some or all of the following:
-Any service provider we enter into a business relationship with to fulfil and comply with our contractual or statutory obligations (such as transfer agent, custody agent, bank, accountancy firm, auditor, insurer, solicitor’s etc.)
-Any regulator, enforcement agency or Government agency necessary to fulfil and comply with our statutory and/or legal obligations (such as courts/tribunals, financial/prudential regulators, tax authorities, etc), or to protect our rights or the rights of any third party.
-Sponsors and exhibitors. When you attend one of our events or conferences we share your details with them as permitted by law.
-Any legal or natural person that we or our clients enter into a business relationship, if required by law or contract (i.e. if you are doing business with us through your legal representative, auditors, etc)
INTERNATIONAL SHARING OF THE PERSONAL DATA
As we do business internationally, we could share your information with any relevant country for business based on two considerations:
1) In order to meet our statutory and legal obligations.
2) In order to fulfil contractual obligations.
Under the GDPR, an international transfer of data may be made where:
– A third country, a territory or one or more specific sectors in the third country, or an international organisation ensures an adequate/equivalent level of protection, and
– The transfer is:
- made with the individual’s informed consent;
- necessary for the performance of a contract between the individual and the organisation or for pre-contractual steps taken at the individual’s request;
- necessary for the performance of a contract made in the interests of the individual between the controller and another person;
- made from a register which under UK or EU law is intended to provide information to the public
If none of the above apply, such transfers are permitted only where the transfer:
- is not repetitive (similar transfers are not made on a regular basis);
- involves data related to only a limited number of individuals;
- is necessary for the purposes of the compelling legitimate interests of the organisation (provided such interests are not overridden by the interests of the individual); and
- is made subject to suitable safeguards put in place by the organisation (in the light of an assessment of all the circumstances surrounding the transfer) to protect the personal data.
In these cases, we would be obliged to inform the relevant supervisory authority of the transfer and provide additional information to you.
LAWFUL BASIS OF PROCESSING
If you are a person entering into a contract or terms of business with us by either;
– An accredited/qualified/professional/institutional investor
– Acting in your own name as a sole trader or introducer
– Representing a registered company (as a director)
We will be holding your personal data on the basis of ‘contract’. Under this basis, processing of your data is necessary either for the performance of the contract/terms of business to which you are party or to take steps at your request prior to entering into a contract.
Within the bounds of strict necessity and proportionality, in some cases we will process your personal data under the lawful basis of ‘legitimate interest’ where the processing is necessary for any or all of the following 1) keeping a relevant and appropriate relationship, 2) commercial interests, 3) exercise or defence of legal claims, 4) fraud prevention or 5) prevent cyberattacks, and 6)) to protect our rights or 3rd party rights.
If the purpose under which we process your data change, we may still be able to continue processing under the original lawful basis if our new purpose is compatible with the initial purpose (unless your original lawful basis was consent).
HOW LONG DO WE KEEP YOUR DATA?
We do not retain any more of your personal information than we believe is necessary for any of the purposes outlined above and we do not retain your personal information for any longer than is reasonably necessary to do so for the purpose set out in this notice. We will retain your information for:
– as long as we hold a business relationship (terms of business)
– as long as you are invested
– as long as we are obliged to by any relevant law
– as long as you do not withdraw your consent, if we hold your data under this lawful basis.
– as long as necessary in order to provide the relevant service to our clients
– as long as necessary to fulfil our legitimate interest
HOW WE PROTECT YOUR DATA?
BAM is committed to put in place security measures to ensure your data security:
- Confidentiality – the data can be accessed, altered, disclosed or deleted only by those you have authorised to do so (and that those people only act within the scope of the authority you give them);
- Secure – data is stored on password protected systems
- Integrity – the data we hold is accurate and complete in relation to why are we processing it; and
- Availability – the data remains accessible and usable, i.e. if personal data is accidentally lost, altered or destroyed, we can recover it and therefore prevent any damage or distress to the individuals concerned.
You have the following rights:
- the right to be informed, hence this privacy notice
- the right to ask for a copy of personal data that we hold about you (the right of access);
- the right to ask us to update and correct any out-of-date or incorrect personal data that we hold about you (the right of rectification);
- the right to erasure, also known as the ‘right to be forgotten’. This is not applicable to data held under the lawful basis of ‘legal obligation’ or if processing is necessary for the establishment, exercise or defence of legal claims;
- The right to object the processing of your personal data. So you can object processing based on legitimate interests or direct marketing (in the last case we must stop as soon as we receive your objection).
You have the right to opt out of receiving promotional communications at any time, by:
- making use of the simple “unsubscribe” link in emails
- contacting BAM via the contact channels set out in this Policy.
- The right to restrict processing, so you can limit the use of your data, but only applies in certain circumstances.
If you wish to exercise any of the above rights, please contact us using the contact details above or email email@example.com
Our website is not intended for children nor is any communication and we do not knowingly collect data relating to children.
If you are dissatisfied with our advice, you have the right to lodge a complaint with the:
National Commission for Data Protection Grand-Duchy of Luxembourg: 1 Avenue due Rock’n’Roll, L-4361 Esch-sur-Alzette