Data Protection under “GDPR”
What is about?
We, BIL Manage Invest SA(“BMI”), attach the greatest consideration to treat personal data in strict compliance with all applicable laws and regulations that relate in any way to privacy, data protection, confidentiality or security of personal data.
Hence, collection, processing and recording of data within BMI are specifically framed by the European General Data Protection Regulation (“GDPR”).
As such, we commit to respect your privacy as Data Subject and protect all your personal data in compliance with the GDPR.
Which personal data?
As per GDPR personal data means ANY information relating to an identified or identifiable natural person.
In the framework of our activities/services, it may be necessary for us to process this kind of data which may notably include (i) identification details such as your name, surname, date and place of birth; (ii) contact information such as your email address, domicile address or phone number; (iii) any other relevant personal details such as your nationality and citizenship; (iv) national identification numbers; (v) sound recording; (vi) financial and banking information.
For what purpose?
BMI will only process personal data which are necessary for the performance of our services or duties and therefore shall only use the data in this strict context unless we reasonably consider that we need to use it for another reason being compatible with the original purpose.
In particular, we process personal data for the following purposes: (i) conduct legal and other regulatory compliance checks; (ii) providing products and services to you and ensuring their proper execution; (iii) managing our relationship with you; (iv) meeting our on-going regulatory and compliance obligations.
Depending on the category of data collected, your consent may be requested from time to time. Should this happen, we will contact you in due time.
Thanks to GDPR your rights are strengthened and extended. As such, you have a right of access, rectification, erasure, restriction of processing of your data and a right to object to processing by writing to the following address: BMI.firstname.lastname@example.org.
Should your personal data change, please inform us without delay.
Your request will be processed within 1 month upon receipt.
Where a data breach is likely to result in a risk for your rights and freedoms, BMI shall contact you in order to communicate the personal data breach without undue delay.
Should you be dissatisfied with the processing of your personal data or wish complaining about it, please refer to BMI Complaint Form
You also have a right to complain with the competent supervisory authority, being in Luxembourg the Commission Nationale pour la protection des données (CNPD). To do so, please consult its website (cnpd.public.lu/en.html).
Do external persons have access to your personal data?
Your personal data will mainly be processed within BMI. Nevertheless, as part of our activities and to provide you with quality service, it may be necessary to transfer and share your personal data with delegated third parties or otherwise involved in our activities, such as Depositaries, Administrative Agents, Distributors and their appointed sub-distributors if any, internal and/or external Auditors, legal, tax and financial Advisers and other potential service providers. In any case, we ensure they meet our data security standards.
Should our activities lead to the transfer of personal data to third parties located outside of the EU, we will ensure that the recipient be located in a country with an adequate level of protection. If this is not the case, such transfer will be only possible as long as it is governed by a written contract ensuring sufficient data protection level.
We may also disclose your personal data to public authorities or regulators when required by law or regulation.
What about the record keeping?
We secure your personal data from unauthorized access, use or disclosure. They will be stored on secure computer systems and processed by electronic or other means in a controlled, protected and secure environment.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, in agreement to our legal obligations.