Movestic's Data Protection Policy

Movestic is committed to keep personal data safe and we have strict policies and procedures governing how we deal with your personal data. Each of our employees is responsible for respecting and protecting the personal data to which he or she has access. In this Data Protection Policy we describe our collection, usage, storage and sharing of personal data in the light of the General Data Protection Regulation (Regulation EU 2016/679 of 27 April 2016).

For the purposes of this policy, Movestic Fund Management S.A. and Movestic SICAV are regarded as joint data controllers.

The Data Protection includes the following information:

1. Which categories of personal data do we collect

Personal data refers to any information relating to an identified or identifiable natural living person. Processing of Data means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. In our relationship with you we process the following categories of data:

  • Identification information such as name, personal identification number (e.g. passport copy).
  • Contact details such as phone number, email address and address.
  • Information relating to legal requirements such as information provided during due diligence and anti-money laundering requirements.
  • Our correspondence: if you contact us, we will typically keep a record of that correspondence.

Details of your transactions with us or holdings with us that you have made or initiated. We collect information directly from you. We can also collect data from publicly available registers, such as company registration offices and sanction lists (e.g. EU and UN). We also collect information from providers of information regarding beneficial owners and politically exposed persons.

If you provide personal data on behalf of (other) data subjects, you must ensure that you have authority to provide such personal data of the data subjects and to (i) adequately inform any such data subject about the processing of their personal data and their related rights as described in this policy and (ii) where necessary and appropriate, obtain in advance any consent that may be required for the processing of the personal data.

2. The use of your data and the lawful basis for using the data

We process data for the following purposes

  • Entering into agreements and fulfillment of agreements

We need to process personal data (e.g. name and contact details) in order to perform the agreement, we have with you.

We also process personal data in order to fulfil our obligations under law, regulations or authority decision. For example, we process personal data in relation to the following purposes:

  • Know Your Customer requirements
  • Anti-Money Laundering/Combating the Financing of Terrorism requirements
  • Book keeping requirements
  • Notifications to authorities such as the financial supervisory authority.
  • Other legal requirements related to fund management

Furthermore, we may process personal data if your information is necessary for us to investigate or defend a complaint from you or to defend, prosecute, or make a claim against you, or a third party.

3. Transfer of personal data

When we perform a contract, it is sometimes necessary to disclose personal data to companies that we cooperate with. For example, it can be necessary to disclose personal data regarding you to the depositary bank or the Registrar and Transfer Agent. We also disclose personal data to authorities if we have a statutory obligation to do so, e.g. supervisory authorities.

We have entered into agreements with selected suppliers of IT, maintenance and support.  

4. Transfers to third country

We (or our data processors) may in some cases transfer personal data to companies outside the European Economic Area (third counties). If we do, we make sure that:

  • The EU Commission has decided that there is an adequate level of protection in the current third country, or
  • Other appropriate safeguards have been taken, for example the use of standard contractual clauses (EU model clauses) or the data processor has valid binding corporate rules in place; or
  • we have your specific consent to a transfer.

5. How we protect your personal data

In order to keep your personal data safe, we use appropriate technical, organizational and administrative security measures to protect the information.

6. Your privacy rights

As a data subject you are entitled to the following rights:

The right of access

You have the right to access to your personal data and other supplementary information. This right may however be restricted by legislation, protection of other person´s privacy and du to negative impact on Movestic’s business secrets.

Right to correction

You have the right to request correction of incorrect or incomplete data.

Right to erasure

You have the right to request erasure if:

  • You withdraw your consent to the processing and there is no other legitimate reason for processing
  • You object to the processing for direct marketing
  • Processing is unlawful

The right to request erasure may however be limited due to the fact that we in many cases are obliged to retain personal data to comply with statutory obligations. We can also be entitled to continue to process personal data if the processing is carried out to manage legal claims.

Right to data limitation of processing

You have the right to obtain restriction of processing where one of the following applies:

    1. the accuracy of the personal data is contested by you, for a period enabling the controller to verify the accuracy of the personal data;
    2. the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
    3. we no longer need the personal data for the purposes of the processing, but we are required by the data subject for the establishment, exercise or defense of legal claims;
    4. you have objected to processing pursuant to Article 21(1) of GDPR pending the verification whether the legitimate grounds of Movestic override those of you.

Right to object

You have the right to object to processing of personal data concerning you, which is based on our legitimate interest, including profiling based on our legitimate interest.

Right to data portability

You have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller if the processing is carried out by automated means.

If you want to exercise any of the above rights, please contact our contact person as referred under 9. below.

7. For how long do we process data

If we are not required by law, we will not keep your personal data longer than necessary according to the purposes for which your data was collected and processed. How long we keep your personal data may vary depending on the specific situation, however typically:

Data collected for AML and anti-terror financing purposes – minimum five years after termination of the business relationship

Bookkeeping regulations – up to 10 years

Details relating to performance of an agreement – up to ten years after end of the relationship with the customer has terminated.

When personal data is no longer needed, we either irreversibly anonymise the data (we may further retain and use the anonymised information) or securely destroy the data.

8. Changes to this policy

We may change this policy from time to time. If the changes are significant, we will notify you of the changes.

9. Contact details and data protection authority

If you have any questions, please contact us at: legal@movesticfunds.lu or Movestic Fund Management S.A, att. Legal Department, 12 rue Gabriel Lippmann, L-5365 Munsbach. You can file a complaint or contact the data protection authority in any of the countries where we provide services to you.