LAST UPDATED: 13th July 2020
This Privacy Notice explains how Lumyna Funds and Lumyna Investments Limited (hereafter jointly “Lumyna”) which are established in the European Union, process (in particular collect, use and disclose), as joint data controllers, personal data online and offline in connection with the services we provide to our individual, corporate and institutional clients (“Services”). We refer to the individuals whose Personal Data (as defined below) we process, such as our client him/herself, and/or individuals who work for or are otherwise engaged by, or interact with, our clients, their affiliates or other third parties in connection with the Services, as “you” in this Notice.
This Privacy Notice is in addition to other privacy notices related to other services Lumyna provide to clients and individuals.
“Personal Data” is information that identifies an individual or relates to an identifiable individual, including:
In the course of providing certain Services, we may also receive from you, or third parties, information including:
We need to collect and process Personal Data in order to provide the requested Services, or because we are legally required to do so. If we do not receive the information that we request, we may not be able to provide the requested Services.
Collection of Personal Data
We and our agents, affiliates and service providers collect Personal Data in a variety of ways, including:
Keeping Personal Data secure is one of our most important responsibilities. We maintain physical, technical, electronic, procedural and organisational safeguards and security measures to protect personal data against accidental, unlawful, or unauthorised destruction, loss, alteration, disclosure, or access, whether it is processed by us in the EU or elsewhere. Appropriate employees are authorised to access personal data for legitimate and specified business purposes. Our employees are bound by a code of ethics and other internal policies that require confidential treatment of personal data and are subject to disciplinary action if they fail to follow such requirements.
Use of Personal Data
We and our service providers may process Personal Data for our legitimate business interests where necessary to perform a contract or where we have another legitimate interest to do so, including the following:
We and our service providers may also process Personal Data when this is necessary for the performance of the contract entered into with an investor to purchase shares in Lumyna Funds or to process redemption, conversion, transfer and additional subscription requests or the payment of distributions.
We and our service providers may also process Personal Data when this is necessary for compliance with a legal obligation to which we and/or our service providers are subject (in particular, to discharge our anti-money laundering and terrorist financing obligations to verify the identity of our clients (and, if applicable, their beneficial owners) or for prevention of fraud or for regulatory or tax reporting purposes or in response to legal requests or requests from regulatory authorities.
Please note that Personal Data we collect in order to meet our legal and regulatory obligations related to the prevention of money laundering and terrorist financing is processed only for those purposes, unless otherwise permitted or agreed.
Disclosure of Personal Data
Personal Data may be disclosed to third parties in connection with the Services we are providing. The recipients of any such information will depend on the Services that are being provided. Subject to any restrictions around confidentiality we have expressly agreed with our client or other transaction parties, such disclosures may include disclosures:
Disclosures of Personal Data which we make to our third party service providers, as described in this section, will be made subject to conditions of confidentiality and security as we may consider appropriate to the specific circumstances of each such disclosure.
Other Uses and Disclosures
We may also use and disclose Personal Data as we believe to be necessary or appropriate: (a) to comply with applicable law including treaties or agreements with or between foreign or domestic governments (including in relation to tax reporting laws), which may include laws outside the country you are located in, to respond to requests from public and government authorities, which may include authorities outside your country, to cooperate with law enforcement, governmental, regulatory, securities exchange or other similar agencies or authorities including tax authorities to which we or our affiliates are subject or submit, in each case of any country worldwide, or for other legal reasons, who may transfer the Personal Data to equivalent agencies or authorities in other countries; (b) to central banks, regulators, trade data repositories, or approved reporting mechanisms which may be outside your country; (c) to courts, litigation counterparties and others, pursuant to subpoena or other court order or process or otherwise as reasonably necessary, including in the context of litigation, arbitration and similar proceedings to enforce our terms and conditions, and as reasonably necessary to prepare for or conduct any litigation, arbitration and/or similar proceedings; and (d) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others.
In addition, we may use, disclose or transfer Personal Data to a third party (i) in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings) and/or (ii) to third parties, as requested by clients or their representatives
“Other Information” is any information that does not reveal a person’s specific identity or does not directly relate to an identifiable individual, such as:
If we are required to treat Other Information as Personal Data under applicable law, then we may use and disclose it for the purposes for which we use and disclose Personal Data as detailed in this Privacy Notice.
Service providers and Cross-Border transfers
Where we use service providers who process your personal data on our behalf as processors (e.g. the Registrar and Transfer Agent, information technology and other service providers), we ensure they do so in accordance with our instructions and that they put appropriate technical and organizational security measures in place to adequately protect your personal data. Where we share your personal data with our service providers, we may allow them (e.g. the Registrar and Transfer Agent, Administrative Agent and Depositary and their respective affiliates and/or banking correspondents, paying agents) to process it as controllers under their privacy notices solely for the purposes of providing their services to us, complying with their own legal and regulatory obligations or pursuing their legitimate interests as described in this Notice, but strictly in connection with the provision of their services to us and in accordance with applicable laws.
The Registrar and Transfer Agent and Depositary have indicated that your personal data may be stored and processed in any country where its affiliates who are also engaged in the provision of the services, are located. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access personal data. The geographical locations of the Registrar and Transfer Agent and Depositary and its affiliates who process personal data pursuant to the delivery of the services are set out below:
Account opening and Onboarding – Poland and United States
Client servicing – Ireland
Corporate actions – Canada, India, United Kingdom, United States
Tax reporting – India, Poland, United States
Transfer agency and investor services – Canada, Hong Kong, Ireland, Luxembourg, United States .
Depositary services – Poland
If you are located in the European Economic Area (EEA): Some non-EEA countries are recognized by the European Commission as providing an adequate level of data protection according to EEA standards (the full list of these countries is available here http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.html. For transfers from the EEA to countries not considered adequate by the European Commission, the Registrar and Transfer Agent and Depositary have put in place adequate measures, such as standard contractual clauses adopted by the European Commission to protect personal data. You may obtain a copy of these measures by following this link: http://ec.europa.eu/justice/data-protection/international-transfers/transfer/index_en.html. Transfers may also be made pursuant to contracts in your interest or at your request.
Collection of Other Information
We and our service providers may collect Other Information in a variety of ways, including:
Most browsers allow individuals to automatically decline cookies or be given the choice of declining or accepting a particular cookie (or cookies) from a particular website. Please refer to http://www.allaboutcookies.org/manage-cookies/index.html for more information. Declining cookies may cause certain parts of the Services to cease working.
Uses and Disclosures of Other Information
We may use and disclose Other Information for any purpose, except where we are required to do otherwise under applicable law. In some instances, we may combine Other Information with Personal Data. If we do, we will treat the combined information as Personal Data as long as it is combined.
THIRD PARTY SERVICES
This Privacy Notice does not address, and we are not responsible for, the privacy information or other practices of any third parties, including any third party operating any website or service to which the Services link. The inclusion of a link on the Services does not imply endorsement of the linked site or service by us or by our affiliates.
We seek to use reasonable organizational, technical and administrative measures to protect Personal Data within our organization. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us in accordance with the “Contacting Us” section below.
CHOICES AND ACCESS
Your choices regarding our use and disclosure of Personal Data
We give you choices regarding our use and disclosure of your Personal Data for marketing purposes. You may opt-out from:
How individuals can access, change or suppress their Personal Data
If you would like to request to review, correct, update, suppress, restrict or delete Personal Data that you have previously provided to us, or if you would like to request to receive an electronic copy of your Personal Data for purposes of transmitting it to another company (to the extent this right to data portability is provided to you by applicable law), you may contact us. Information about how to contact Lumyna for this purpose is set out in the section headed “Contacting Us” below. We will respond to your request consistent with applicable law.
In your request, please make clear what Personal Data you would like to have changed, whether you would like to have the Personal Data suppressed from our database or otherwise let us know what limitations you would like to put on our use of the Personal Data. For your protection, we may only implement requests with respect to the Personal Data associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable.
Please note that we may need to retain certain information for recordkeeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion. There may also be residual information that will remain within our databases and other records, which will not be removed.
We will retain Personal Data for as long as needed or permitted in light of the purpose(s) for which it was obtained. The criteria used to determine our retention periods include: (i) the length of time we have an ongoing relationship with you and provide the Services; (ii) whether there is a legal obligation to which we are subject; and (iii) whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).
use of Services by MINORS
The Services are not directed to individuals under the age of eighteen (18), and we do not knowingly collect Personal Data from individuals under 18.
Jurisdiction and CROSS-BORDER TRANSFER
Personal Data may be stored and processed in any country where we have facilities or in which we engage service providers, including the United States. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access Personal Data.
If you are located in the European Economic Area (EEA): Some non-EEA countries are recognized by the European Commission as providing an adequate level of data protection according to EEA standards (the full list of these countries is available here http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.html. For transfers from the EEA to countries not considered adequate by the European Commission, we have put in place adequate measures, such as standard contractual clauses adopted by the European Commission to protect Personal Data. You may obtain a copy of these measures by following this link: http://ec.europa.eu/justice/data-protection/international-transfers/transfer/index_en.html. Transfers may also be made pursuant to contracts in your interest or at your request.
We do not typically collect sensitive Personal Data in connection with the Services. Please do not send us any Personal Data which would be categorized as special data under GDPR (e.g., information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) (“Special Data”) through the Services or otherwise, unless we specifically request this information from you or make a due diligence enquiry of you where the response necessitates you disclosing Special Data to us. In such a case, please ensure you notify us that you are providing Special Data.
We may receive Special Data from third party service providers and others in support of due diligence activities we undertake to satisfy various legal and regulatory requirements to which we are subject.
RECORDING OF COMMUNICATIONS
When individuals communicate with Lumyna to the extent permitted or required by applicable law, telephone conversations and electronic communications, including emails, text messages and instant messages, may be recorded and/or monitored for evidentiary, compliance, quality assurance and governance purposes.
UPDATES TO THIS PRIVACY Notice
We may change this Privacy Notice from time to time. The “Last Updated” legend at the top of this Privacy Notice indicates when this Privacy Notice was last revised. Any changes will become effective when we post the revised Privacy Notice. Use of the Services following these changes (or your continued provision of Personal Data to us) signifies acceptance of the revised Privacy Notice.
Lumyna is the company responsible for the processing (in particular collection, use and disclosure) of your Personal Data under this Privacy Notice.
If you have any questions about this Privacy Notice, please contact us at [email protected].
To help us to manage your query, please include your full name and any reference number that was made available by Lumyna to you.
ADDITIONAL INFORMATION FOR THE EEA
Individuals may also:
ADDITIONAL INFORMATION REGARDING JOINT CONTROLLERSHIP
Lumyna Funds and Lumyna Investments Limited jointly determine the purposes and means of the processing of Personal Data described in this Privacy Notice, and as such, act as joint controllers of Personal Data. In this context, Lumyna have determined their respective responsibilities for compliance with the obligations under the GDPR by means of an arrangement between them (“Joint Controllers Agreement”). If you wish to obtain further details regarding the Joint Controllers Agreement, please contact us at [email protected].