Data Protection Privacy Notice

1.    Who we are

FundRock Distribution S.A.

Airport Center building, 5, Heienhaff, 1736 Senningerberg, Luxembourg

RCS n°B253257

2.    About this notice

This notice applies to FundRock Distribution S.A. , a subsidiary of Apex Group Ltd., ( “FRD” or “we”) and is intended for external parties, who are not candidates or employees. Candidates and employees are presented with dedicated privacy notices available on relevant platforms.

This privacy notice covers how FRD, acting as data controller, collects, uses, transfers and stores your personal data in connection with your interactions (as defined below) with us via our website, as a client, as a prospective client or as a vendor. This notice summarises the nature of the information that is stored by FRD, why and how it is used, and your rights in regard to this data, as well as the protections in place to safeguard it.

In relation to personal data processed under this privacy notice FRD is responsible for ensuring that such processing complies with applicable data protection laws, including but not limited to the European Union General Data Protection Regulation (the “GDPR”) and the California Consumer Privacy Act. Your privacy is important to us. Please be aware that FRD employees are required to comply with FRD's data privacy practices as set out in this privacy notice and other data privacy-related policies.

3.    What Personal Data FRD collects and where we get it from

‘Personal Data’ is any information that can be used to identify you or that we can link to you and which we have in our possession or control. 

4.    How do we use your data?

Categories of Data Subjects Personal Data processed
Representatives of delegates, investment funds and service providers (incl. directors)
  • Ensuring the proper management of the relationship
  • Fulfilment of contractual obligations 
  • Legal obligations to monitor our relationships and conduct initial and ongoing due diligence
  • Legal obligations relating to AML/KYC
Ultimate beneficial owners of delegates and service providers
  • Legal obligations to monitor our business relationships and conduct initial and ongoing due diligence
  • Legal obligations relating to AML/KYC
Representatives of regulators and other public authorities
  • Ensuring the proper management of the relationship
  • Legal obligations to comply with regulatory requests and requests of other public authorities
Individuals who have been nominated as emergency contacts of FRD employees
  • Protecting the vital interests of FRD employees
Office visitors
  • Ensuring the proper management of the relationship and physical security of FRD premises
Attendees of events organised by FRD
  • Ensuring proper management of the relationship


5.    Use of AI and Automated Technologies

We may use Artificial Intelligence and automated technologies to automate some of our processes, streamlining repetitive tasks, enhancing efficiency, user experience, and security while interacting with us. We continuously review our AI systems to ensure compliance with legal and ethical standards. If you have any questions about our use of AI in relation to your data, or if you wish to exercise any rights related to automated decision making, please contact us using the details set out in section 12 of this notice.

6.    Disclosure and Sharing of Data

Personal Data may be disclosed to third parties in connection with the services we are providing. The recipients of such information will depend on the services that are being agreed and provided.

Subject to any restrictions around confidentiality such disclosures may include disclosures:

  • to other entities in the Apex Group for the purposes described in this privacy notice;
  • to our third party service providers (including in relation to website hosting, data analysis, client research, payment processing, order fulfillment, information technology and related infrastructure provision, customer service, email delivery, auditing and other services) and to our professional advisers and agents;
  • to third party advisers of clients (including external legal counsel, notaries, auditors and tax advisers);
  • to third party advisers of clients (including external legal counsel, notaries, auditors and tax advisers);
  • to payment, banking and communication infrastructure providers including SWIFT, financial institutions or intermediaries with which we may have dealings (including correspondent banks), insurers/insurance brokers, central counterparties, clearing houses, clearing and settlement systems, exchanges, trading platforms, regulated markets, credit institutions and other service providers assisting on transactions;
  • to third party storage providers (including archive service providers and document repositories) and trade data repositories;
  • to third party distribution platforms and to operators of private or common carrier communications or transmission facilities, time sharing suppliers and mail or courier services;
  • to other deal/transaction participants including issuers, borrowers, advisers, translation service providers and within prospectuses and marketing materials;
  • to counterparties, vendors and beneficiaries, and other entities connected with our clients;
  • to other persons as agreed with a client or as required or expressly permitted by applicable law;
  • to central banks, regulators, trade data repositories, or approved reporting mechanisms which may be outside your country; and
  • to courts, litigation counterparties,  law enforcement, foreign authorities and others, pursuant to subpoena or other court order or process or otherwise as reasonably necessary, including in the context of litigation, arbitration and similar proceedings to enforce our terms and conditions, and as reasonably necessary to prepare for or conduct any litigation, arbitration and/or similar proceedings and to comply with legal and regulatory requirements.

Where there is a transfer within Apex Group or to a third party in a different jurisdiction, including, but not limited to transfers outside of the European Economic Area, we will take appropriate steps to ensure there is an adequate level of protection for Personal Data (which includes a legal agreement and appropriate security measures) in place in accordance with applicable legal requirements. The third parties are permitted to use the personal data only for the purposes which we have identified, and not for their own purposes, and they are not permitted to further share the data without our express permission.

7.    Retention of your data

We will only retain your Personal Data for as long as necessary to fulfil the purposes we collected it for. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. 

8.    Data security

We have put appropriate security measures in place to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a legitimate need to know. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality. 

We have put procedures in place to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

9.    Your choices and rights as a data subject

You have a number of legal rights in relation to the Personal Data that FRD holds about you, and you can exercise your rights by contacting us using the details set out in section 12 below

Depending on applicable law, these rights may include:

  • Right to access. You have the right to request information regarding the processing of your Personal Data and access to the Personal Data we hold about you.
  • Right to rectification. You have the right to request that FRD correct any information you believe is inaccurate. You also have the right to request FRD complete information you believe is incomplete.
  • Right to erasure. You are able to request we erase your Personal Data in certain circumstances. There may be circumstances where you request us to erase your Personal Data but we are legally entitled to retain it.
  • Right to restrict processing. You have the right to request that FRD restrict the processing of your personal data under certain conditions.There may be circumstances where you object to or ask us to restrict our processing of your Personal Data but we are legally entitled to refuse that request.
  • Right to withdraw consent. You have the right to withdraw consent at any time where the sole legal basis for processing your personal data is your consent.
  • Right to object to processing. You have the right to object to FRD’s processing of your personal data under certain conditions.Right to data portability. You have the right to request that we transfer the data we have collected to another organisation or directly to you under certain conditions.
  • Make a complaint. You can lodge a complaint with the relevant data protection authority if you think that any of your rights have been infringed by us.

In certain circumstances, we may refuse your request or limit our response to your request. These circumstances include where the request is excessive or unfounded, your requests prejudices the rights of others, where the information you are requesting is subject to ongoing criminal investigations, legal processes, or other regulatory restrictions, or where we no longer hold the data. If we refuse your request for whatever reason, we will provide you reasons for the refusal and inform you of your right to lodge a complaint with the relevant data protection authority.

10.    Recording of communications

When individuals communicate with FRD by way of telephone conversations and electronic communications, including emails, text messages and instant messages, these may be recorded and/or monitored for evidentiary, compliance, quality assurance and governance purposes or as required by applicable law.

11.    Email marketing and unsubscription

You can stop the delivery of marketing emails from FRD at any time by unsubscribing or opting out via the link included in every email. Alternatively you can make a direct request to unsubscribe by emailing enquiries@apex.bm. 

12.    How to contact us

If you have any concerns or questions about this privacy notice or would like to exercise your rights as a data subject, you can contact our Data Protection Officer:

Email: dpo.luxembourg@apexgroup.com 

Post: Data Protection Officer | FundRock Distribution S.A. | 5, Heienhaff, 1736 Senningerberg| Luxembourg

13.    Right to lodge a complaint with the Data Protection Authority

If you are not satisfied with our response, you can make a complaint to the Commission nationale pour la protection des données (“CNPD”).

Commission nationale pour la protection des données

Service des réclamations

15, Boulevard du Jazz

L-4370 Belvaux

Luxembourg

14.    Updates

We will update this privacy notice when necessary to reflect changes in the law, our practices and in our services, as well as to ensure it is accurate and up to date. When we make an update we will amend the date at the top of this notice, you are therefore advised to check this privacy notice periodically.  We may also notify you in other ways from time to time about the processing of your Personal Data. 

Get in touch

Ask a question

Contact Us
ABOUT FUNDROCK
SERVICES
APEX GROUP