Transtrend Fund Alliance (the “Company”) together with Transtrend B.V. (the “Manager”) may, themselves or through the use of service providers, collect, store on computer systems or otherwise and further process, by electronic or other means, personal information (i.e. any information relating to an identified or identifiable natural person) concerning (prospective) Shareholders and their representative(s), including, without limitation, legal representatives and authorised signatories, employees, directors, officers, trustees, settlors, their shareholders and/or unitholders, nominees and/or ultimate beneficial owner(s), as applicable (“Data Subjects”) (such personal information concerning Data Subjects, the “Personal Data”).
To achieve the Data Management Purposes and comply with the Data Compliance Obligations as defined below, Personal Data provided or collected in connection with the acquisition and holding of Shares in the Sub-Funds will be processed by the Company and the Manager as joint Data Controllers (the “Data Controllers”), and disclosed to and processed by the Administrator and the Company’s envisaged new administrator (including their respective information technology providers, cloud service providers and external processing centres) and any of their respective agents, delegates, affiliates, processors and/or their successors and assigns, acting as processors on behalf of the Company and the Manager (the “Data Processors”). In certain circumstances, the Data Processors may also process Personal Data of Data Subjects as controllers, in particular for compliance with their legal obligations in accordance with laws and regulations applicable to them (such as anti-money laundering identification) and/or order of any competent jurisdiction, court, governmental, supervisory or regulatory bodies, including tax authorities.
The Data Controllers and Data Processors will process Personal Data in accordance with Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the General Data Protection Regulation”), as well as any law or regulation relating to the protection of personal data applicable to them, as any of such instruments may be modified or complemented from time to time (together the “Data Protection Legislation”).
Personal Data may include, without limitation, the name, address, telephone number, personal and/or business contact information, tax identification number, employment and job title, job history, professional qualification, banking data, financial and credit history information, the sources of the funds used for acquiring Shares, current and historic investments, investment preferences and invested amount, any other know-your-customer and anti-money laundering related information of Data Subjects and any other Personal Data that is necessary for the Data Controllers and Data Processors to achieve the Data Management Purposes and comply with the Data Compliance Obligations as defined below. Personal Data is collected directly from the Data Subjects by the Data Controllers and Data Processors or may be collected by the Data Controllers and Data Processors through publicly accessible websites, social media, subscription services, worldcheck database, sanction lists, centralised investor database, public registers or other publicly accessible sources or proprietary database.
Personal Data will be processed by the Data Controllers and Data Processors for the purposes of (i) managing the offering of Shares in the Sub-Funds, managing the business relationship between the Company and the Shareholders, performing the related services as contemplated under the Subscription Form and under the Prospectus including, but not limited to, the opening of your account with the Company, the management and administration of your Shares and any related account on an on-going basis and the allocation of Shares in Sub-Funds, including processing subscription, redemption, conversion and transfer requests, the administration and payment of distribution fees (if any), payments to Shareholders, updating and maintaining records and fee calculation, maintaining the register of Shareholders, providing financial and other information to the Shareholders in relation to its acquisition and holding of Shares, (ii) developing and processing the business relationship with the Data Processors and optimizing their internal business organisation and operations, including the management of risk and ensuring a smooth transition from the Administrator to the proposed administrator, (iii) direct or indirect marketing activities (such as market research or in connection with other services provided by the Manager or Data Processors and, (iv) other related services rendered by any service provider of the Data Controllers or Data Processors in connection with the holding of Shares in the Sub-Funds (the “Data Management Purposes”).
Personal Data is also processed by the Data Controllers and Data Processors to comply with legal or regulatory obligations applicable to them and to pursue their legitimate business interests or to carry out any other form of cooperation with, or reporting to, public authorities including but not limited to legal obligations under applicable fund and company law, anti-money laundering and counter terrorist financing (“AML-CTF”) legislation, prevention and detection of crime, tax law such as reporting to the tax authorities under Foreign Account Tax Compliance Act (“FATCA”), the Common Reporting Standard (“CRS”) or any other tax identification legislation to prevent tax evasion and fraud as applicable, and to prevent fraud, bribery, corruption and the provision of financial and other services to persons subject to economic or trade sanctions on an ongoing basis in accordance with the AML-CTF procedures of the Data Controllers and Data Processors, as well as to retain AML-CTF and other records of the Data Subjects for the purpose of screening by the Data Controllers and Data Processors (the “Data Compliance Obligations”).
The Company, the Manager and, where appropriate, the Data Processors (acting as Data Controllers), may be obliged to collect and report any relevant information, including Personal Data, in relation to the Shareholders and their acquisition and holding of Shares in the Sub-Funds (including but not limited to name, address, date of birth, tax identification number, account number and balance on account to the Luxembourg tax authorities (Administration des contributions directes) which will exchange this information (including Personal Data, financial and tax information) on an automatic basis with the competent authorities in the U.S. or other permitted jurisdictions (including the U.S. Internal Revenue Service (“IRS”) or other U.S. competent authority and foreign tax authorities located outside the European Economic Area) only for the purposes provided for in FATCA and CRS at Organisation for Economic Cooperation and Development and European levels or equivalent Luxembourg legislation. The Company, the Manager and, where appropriate, the Data Processors, acting as Data Controllers, may also be obliged to disclose Personal Data of Data Subjects to the Luxembourg or Dutch Financial Intelligence Unit to achieve the Compliance Obligations.
Data Subjects have to answer questions and requests with respect to their identification and the relevant Shares acquired and held in any of the Sub-Funds and, as applicable, FATCA and/or CRS, in the course of their relationship with the Company. The Company and the Manager reserve the right to reject any subscription for Shares if the prospective Shareholder does not provide the requested information and/or documentation and/or has not itself complied with the applicable requirements. Failure to provide relevant Personal Data requested by the Controller or the Data Processors may result in incorrect or double reporting, prevent (prospective) Shareholders from acquiring or maintaining their Shares in the Sub-Funds and may be reported by the Company, the Manager and, where applicable, the Data Processors (acting as Data Controllers) to the relevant authorities.
Communications (including telephone conversations and e-mails) may be recorded by the Company and the Manager acting as joint Data Controllers and/or by the Data Processors, acting as appropriate as Data Processors on behalf of the Data Controllers or as Data Controllers where necessary for compliance with a legal obligation to which they are subject or for the performance of a task carried out in the public interest or where appropriate to pursue their legitimate interests, including (i) for record keeping as proof of a transaction or related communication in the event of a disagreement, (ii) for processing and verification of instructions, (iii) for investigation and fraud prevention purposes, (iv) to enforce or defend their interests or rights in compliance with any legal obligation to which they are subject and (v) for quality, business analysis, training and related purposes to improve their relationship with the Shareholders in general. Such recordings will be processed in accordance with Data Protection Legislation and shall not be released to third parties, except in cases where the Data Controllers and/or Data Processors (acting as controller or processor as appropriate to the circumstances) are compelled or entitled by laws or regulations applicable to them or court order to do so. Such recordings may be produced in court or other legal proceedings and permitted as evidence with the same value as a written document and will be retained for a period of five years or, upon request of a regulator, for a period of seven years starting from the date of the recording. The absence of recordings may not in any way be used against the Data Controllers and Data Processors.
Data Controllers and Data Processors will collect, use, store, retain, transfer and/or otherwise process Personal Data of Data Subjects: (i) as a result of the subscription or request for subscription of the Shareholders to acquire and hold Shares in the Sub-Fund where necessary to perform the Data Management Purposes or to take steps at the request of the prospective Shareholders prior to such subscription, including as a result of the holding of Shares in general and/or; (ii) where necessary to comply with a legal or regulatory obligation to which the Data Controllers or Data Processors are subjects and/or; (iii) where necessary for the performance of a task carried out in the public interest and/or; (iv) where necessary for the purposes of the legitimate interests pursued by Data Controllers or, where appropriate, by Data Processors acting as controller, which mainly consist of the achievement of the Data Management Purposes, or in complying with the Data Compliance Obligations and/or any order of any court, government, supervisory, regulatory or tax authority, including when providing services related to the acquisition and holding of Shares to any beneficial owner and any person holding Shares directly or indirectly in the Sub-Funds and/or; (v) where applicable under certain specific circumstances, on the basis of the (prospective) Shareholders’ consent.
In addition to what is described above, Personal Data will only be disclosed to and/or transferred to and/or otherwise accessed by the Company’s depositary, auditor, legal and financial advisers, representatives, clearing Brokers, banks, risk monitoring agents or aggregators, distributors, or their respective agents, delegates, affiliates, processors and/or their successors and assigns, as well as any court, governmental, supervisory or regulatory bodies, including tax authorities in Luxembourg or in various jurisdictions, in particular those jurisdictions where (i) the Company is or is seeking to be registered for public or limited offering of its Shares, (ii) the (prospective) Shareholders are resident, domiciled or citizens or (iii) the Company is, or is seeking to, be registered, licensed or otherwise authorised to invest (the “Authorised Recipients”) for carrying out the Data Management Purposes and to comply with the Data Compliance Obligations. The Authorised Recipients act as controller for pursuing their own purposes, in particular for performing their services or for compliance with their legal obligations in accordance with laws and regulations applicable to them and/or order of court, government, supervisory or regulatory body, including tax authorities.
Data Controllers undertake not to transfer Personal Data of Data Subjects to any third parties other than the Authorised Recipients, except as disclosed to the (prospective) Shareholders from time to time or if required by laws and regulations applicable to Data Controllers and Data Processors or, by any order from a court, governmental, supervisory or regulatory body, including tax authorities.
Transfer and disclosure of Personal Data may be made to the Data Processors and the Authorised Recipients which are located in countries outside of the European Economic Area, which are not subject to an adequacy decision of the European Commission and in which legislation does not ensure an adequate level of protection as regards the processing of personal data, including the United States. Data Controllers will only transfer Personal Data for performing the Data Management Purposes or for complying with the Data Compliance Obligations.
In particular, Personal Data of the Data Subjects may be transferred to a U.S. affiliate of the Company’s envisaged new administrator. Such transfer is based on appropriate safeguards according to Data Protection Legislation, namely standard EU clauses regarding the protection of personal data.
Insofar as Personal Data concerning Data Subjects is not provided by the Data Subjects themselves (including where Personal Data provided by the (prospective) Shareholders include Personal Data concerning other Data Subjects e.g. because the (prospective) Shareholders are not natural persons), the (prospective) Shareholders shall (i) adequately inform any such other Data Subjects about the processing of Personal Data concerning them and their related rights (as well as how to exercise them) as described in this privacy statement, in accordance with the information requirements under the Data Protection Legislation and (ii) where necessary and appropriate, obtain in advance any consent that may be required for the processing of Personal Data of other Data Subjects in accordance with the requirement of Data Protection Legislation. Any consent so obtained shall be documented in writing.
Data Subjects may request, in the manner and subject to the limitations prescribed in accordance with Data Protection Legislation, (i) access to and rectification or deletion of Personal Data concerning themselves, (ii) a restriction or objection of processing of Personal Data concerning themselves and, (iii) to receive Personal Data concerning themselves in a structured, commonly used and machine readable format or to transmit those Personal Data to another controller and, (iv) to obtain a copy of, or access to, the appropriate or suitable safeguards, such as standard contractual clauses, binding corporate rules, an approved code of conduct, or an approved certification mechanism, which have been implemented for transferring the Personal Data outside of the European Economic Area. In particular, Data Subjects may at any time object to the processing of Personal Data concerning themselves for marketing purposes or for any other processing carried out on the basis of the legitimate interests of Data Controllers or Data Processors. Each Data Subject should address such requests to the Manager at firstname.lastname@example.org.
The Data Subjects are also entitled to address any claim relating to the processing of Personal Data concerning them and carried out by Data Controllers in relation with the performance of the Data Management Purposes or compliance with the Data Compliance Obligations by lodging a complaint with the relevant data protection supervisory authority, in particular in the Member State of their habitual residence, place of work or of an alleged infringement of the General Data Protection Regulation (i.e. in Luxembourg, the Commission Nationale pour la Protection des Données – www.cnpd.lu and in the Netherlands, the Autoriteit Persoonsgegevens - www.autoriteitpersoonsgegevens.nl ).
Personal Data of Data Subjects will be retained by the Data Controllers and Data Processors until Shareholders cease to hold Shares in the Sub-Funds and thereafter for no longer than is necessary with regard to the Data Management Purposes and Data Compliance Obligations contemplated in this privacy statement, subject to applicable legal minimum retention periods, or to establish, exercise or defend actual or potential legal claims, subject to the applicable statutes of limitation. Personal Data of Data Subjects will not be retained for longer than necessary with regard to the Data Management Purposes and Data Compliance Obligations contemplated in this privacy statement, subject always to applicable legal minimum retention periods.
This privacy statement may be amended from time to time, without notifying you personally. The date of the latest amendment is 25 May 2018. Further (updated) information relating to the processing of Personal Data may also be provided or made available, on an ongoing basis, through additional documentation and/or, through any other communications channels, including electronic communication means, such as electronic mail, internet/intranet websites, portals or platform, as deemed appropriate to allow the Data Controllers and/or Data Processors to comply with their obligations of information according to Data Protection Legislation.
The Manager has adopted a separate overall privacy statement, which can be found here. This statement provides information about, among others, the use of the Manager’s website and the related processing of personal data and video recordings of visitors of the Manager’s premises. It also provides information about the Manager’s processing of personal data of its clients and other contacts of the Manager.
If you have any questions about this privacy statement, please do not hesitate to contact the Manager’s Investor Relations department at email@example.com or + 31 10 453 6510.