YOUR THIRD PARTY MANAGEMENT COMPANY

Data Protection

What is GDPR?

We, Casa4Funds SA, our affiliates, branch(es) and/or subsidiary(ies) (“we, “the Group”, “us”), attach the greatest consideration to treat personal data in strict compliance with all applicable laws and regulations that relate in any way to privacy, data protection, confidentiality or security of personal data.

Hence, data collection, processing and recording within our Group are specifically framed by the European General Data Protection Regulation (“GDPR”), which provides you, as Data Subject, with protecting and transparency measures.

As such, we commit to respect your privacy and protect all your personal data in compliance with the GDPR.

Are you concerned by GDPR?

Are you an EU citizen?

If yes, you are definitely concerned by GDPR and you can benefit from its rights and measures.

If no, you do not fall within GDPR scope, however we commit to protect your personal data with the same consideration anyway.

Which personal data?

As per GDPR personal data means ANY information relating to an identified or identifiable natural person.

In the framework of our activities/services, it may be necessary for us to process this kind of data which may notably include (i) identification details such as your name, surname, date and place of birth; (ii) contact information such as your email address, domicile address or phone number; (iii) any other relevant personal details such as your nationality and citizenship; (iv) government identification numbers such as a copy of your ID card; (v) sound recording; (vi) financial and banking information.

For what purpose?

We will only process personal data which are necessary for the performance of our services or duties and therefore shall only use the data in this strict context unless we reasonably consider that we need to use it for another reason being compatible with the original purpose.

In particular, we process personal data for the following purposes: (i) conduct legal and other regulatory compliance checks; (ii) providing products and services to you and ensuring their proper execution; (iii) managing our relationship with you; (iv) meeting our on-going regulatory and compliance obligations.

Depending on the category of data collected, your consent may be requested from time to time. Should this happen, we will contact you in due time.

Where your personal data is needed to meet our legal or regulatory obligations or enter into an agreement with you, we may be unable to shape a business relationship, should this personal data be missing.

Your rights

Thanks to GDPR your rights are strengthened and extended. As such, you have a right of access, rectification, erasure, restriction of processing of your data and a right to object to processing by writing to the following address: data-privacy@casa4funds.com.

Your request will be processed within 1 month upon receipt.

Where a data breach is likely to result in a risk for your rights and freedoms, C4F shall contact you in order to communicate the personal data breach without undue delay.

Should you be dissatisfied with the processing of your personal data or wish complaining about it, please refer to www.casa4funds.com/complaints.

You also have a right to lodge a complaint with the competent supervisory authority, being in Luxembourg the Commission Nationale pour la protection des données (CNPD). To do so, please consult its website (cnpd.public.lu/en.html).

Do external persons have access to your personal data?

Your personal data will mainly be processed within our Group. Nevertheless, as part of our activities and to provide you with quality service, it may be necessary to transfer and share your personal data with delegated third parties or otherwise involved in our activities, such as Depositaries, and Paying Agents, Administrative Agents, Distributors and their appointed sub-distributors if any, internal and/or external Auditors, legal, tax and financial Advisers and other potential service providers. In any case, we ensure they meet our data security standards.

Should our activities lead to the transfer of personal data to third parties located outside of the EU, we will ensure that the recipient be located in a country with an adequate level of protection. If this is not the case, such transfer will be only possible as long as it is governed by a written contract ensuring sufficient data protection level.

We may also disclose your personal data to public authorities or regulators when required by law or regulation.

What about the record keeping?

We secure your personal data from unauthorized access, use or disclosure. They will be stored on secure computer systems and processed by electronic or other means in a controlled, protected and secure environment.

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for. Subject to our legal obligations, we will on your request and to the extent technically possible, delete and procure the deletion of all copies of the personal data formerly processed.

Are we waiting something from you?

Should your personal data change, please inform us without delay.