Introduction
This data protection notice (the “Notice”) is issued by SMD-AM Funds, referred to in this Notice as the “Fund”. Please note that a separate notice is issued by the investment manager of the Fund, referred to in this Notice as the “Investment Manager”. Please view the Investment Manager’s privacy notice here.
The Fund is public limited liability company (société anonyme), has its registered office at 80, route d’Esch, L-1470 Luxembourg, and is registered at the Luxembourg Registre de Commerce et des Sociétés (the "RCS") under number B 181392. The Fund acts as a data controller with Kroll (Luxembourg) Management Company S.à.r.l. (the “Management Company”), which manages the Fund, has its registered office at 16, rue Eugène Ruppert, L-2453 Luxembourg, and is registered with RCS under number B 112519. The Fund and the Management Company both process Personal Data. The purpose of this Notice is to provide you with information as to the use and processing of your Personal Data pursuant to the Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data (the “GDPR”) and any applicable local data protection legislation, including the Luxembourg implementing legislation, as amended from time to time (collectively referred to herein as the “Data Protection Legislation”).
References to “Joint Controllers”, “we”, “our”, and “us” are to the Fund and the Management Company, and references to “you” or the “Data Subjects” are to the natural person(s) whose Personal Data are being collected and processed by the Joint Controllers. The term “Personal Data” has the meaning ascribed to it under the Data Protection Legislation.
Scope - Application of Notice
This Notice applies to natural persons who provide Personal Data to the Joint Controllers, including but not limited to, the following:
(i) Your agents, advisers, intermediaries, and custodians of your assets;
(ii) Our service providers, including our data storage providers, accountants, IT, outsourcing service providers, and background checks providers;
(iii) Other departments, subsidiaries or affiliated companies of the Fund and the Management Company which is part of the “Vistra Group”;
(iv) Our shareholders, representatives, employees, agents, delegates and directors;
(v) Our professional advisers or agents where it is necessary for us to obtain their advice or assistance, including lawyers, tax advisors or public relations advisers;
(vi) Other third parties such as third party intermediaries and distributors whom we introduce to you. We will wherever possible tell you who they are before we introduce you;
(vii) Parties involved in the context of a business reorganisation, transfer, disposal, merger or acquisition at the level of the Management Company or the group of companies to which the Management Company belongs;
(viii) Our auditors where it is necessary as part of their auditing functions;
(ix) Administrations, public services, public or judicial authorities, institutions, regulators and law enforcement authorities (e.g., the Commission de Surveillance du Secteur Financier, the Commission Nationale pour la Protection des Données, tax authorities).
This Notice also applies to any third parties whose Personal Data you provide to us in connection with the relationship of these third parties with us. Please ensure that a copy of this Notice is provided to any third parties whose Personal Data you provide to us.
Categories of Personal Data Processed
The Personal Data we may process include, but is not limited to, the following types of Personal Data:
- Your name and contact information such as your private or business address, email address and telephone number;
- Personal characteristics such as place and date of birth, nationality;
- Government issued identifiers such as tax identification number and your passport number or national identity card details;
- Information relating to your financial situation such as income, expenditure, assets and liabilities, source of wealth and funds, as well as your bank account details;
- Information about your knowledge and experience in the investment field (risk profile, investment objectives and preferences);
- Communication data such as exchange of letters or e-mails with you;
- Information about your profession, career, education, family or personal circumstances, and interests, where relevant;
- Electronic identification data (e.g., IP addresses, cookies, traffic data);
- Information to assess whether you may be considered a politically exposed person or if you present a risk in terms of money laundering, terrorism financing or tax fraud.
- Trading and settlement data.
- Any other information required to perform the requested services.
We do not intend to collect and process Personal Data from children and special categories of Personal Data.
Purpose and Lawful Basis of Processing
The processing of your Personal Data may be made for one or more of the purposes set out below:
a. Performance of a contract to which you are a party or closely related, such as appointed officer, agent, proxy holder, intermediary or advisor (article 6(1)(b) of GDPR). This includes, but is not limited to, the processing of Personal Data for the following purposes:
i. investor-related services.
ii. general holding, maintenance, management and administration of holdings and related accounts on an ongoing basis.
iii. handling of subscription, redemption, conversion and transfer orders.
iv. maintenance of the register of shareholders.
v. dealing with any complaints or remarks you may have;
vi. complying with anti-money laundering rules and any regulatory requirements applicable to us;
vii. enabling of the performance of the services of the delegates and service providers.
The provision of Personal Data is a contractual requirement or a requirement necessary to enter into a contract and its provision is necessary.
b. Legal Obligations (article 6(1)(c) of GDPR). This includes processing of Personal Data to comply with our legal and regulatory obligations including the following:
i. compliance with anti-money laundering and terrorism financing obligations.
ii. identification of the investor and its ultimate beneficial owners including maintaining of the information of the ultimate beneficial owners in the register of ultimate beneficial owners.
iii. compliance with the reporting obligations under foreign account Tax compliance act (“FATCA”) and the common reporting standards (“CRS”).
The provision of Personal Data is a statutory requirement and its provision is mandatory.
c. Legitimate Interest (article 6(1)(f) of GDPR). This includes the processing of Personal Data for the purpose of improving the service of the Fund, disclosing of Personal Data to processors and sub-processors. We do not process Personal Data where such legitimate interest is overridden by your interest, fundamental rights or freedoms. The provision of Personal Data is a contractual requirement or a requirement necessary to enter into a contract and its provision is necessary.
d. Consent (article 6(1)(a) of GDPR). This includes the processing of Personal Data for any purpose for which the Data Subject has consented. You will have the right to withdraw such consent at any time.
In case we intend to further process your Personal Data for a purpose other than the original purpose for which the Personal Data was collected and processed, we will provide you with information on that other purpose. In case the processing was based on consent as per item (d) above, we will seek fresh consent to the processing of your Personal Data.
The consequence of not providing your Personal Data for the purposes set out under (a)-(c) above as well as of the withdrawal of your consent given under item (d) above may result in the Fund being unable to accept the investment in the Fund and/or to perform the requested services, or in the termination of the contractual relationship with the investor.
Who we may share your Personal Data with
Your Personal Data may be transferred and shared with the following non-exhaustive list of recipients:
- The Fund’s delegates and service providers. This includes, but is not limited to, the Fund’s Management Company, the Investment Manager, Fund’s administrative, registrar and transfer agent, the global distributor and sub-distributors, including third party intermediaries.
- The Fund’s legal and financial advisors, regulatory and tax authorities, auditors, courts and other competent authorities who require us to disclose your Personal Data for legal and regulatory purposes.
- Any other third parties involved in corporate transactions, such as merger, acquisition, corporate reorganisation or any litigation or dispute involving the Joint Controllers.
- Each of their duly authorised agents, employees, directors, officers, beneficial owners, affiliates.
Transfers of Personal Data outside the EEA
Personal Data may be transferred to countries outside of Luxembourg and the EEA (articles 44 to 50 of GDPR). The transfer of Personal Data may be made to countries, which provide an adequate level of protection or to countries which may not provide an adequate level of protection.
The transfer to countries outside of the EEA is made using one of the following mechanisms:
i. The transfer is made based on the European Commission’s adequacy decision based on Article 45 of the GDPR.
ii. If the country to which the Personal Data is transferred is not covered by one of the European Commission’s adequacy decision, the transfer is made on the basis of Article 46 of the GDPR. We ensure that appropriate safeguards are in place, such as the use of standard contractual clauses approved by the European Commission.
iii. For certain cross-border transfers we may obtain your consent to the transfer prior to the Personal Data being transferred and after having informed you of the possible risks of such transfer for you.
Transfers from the EEA to the United Kingdom are made pursuant to the European Commission’s decision that the UK ensures an adequate level of protection, which decision is valid until 27 June 2025.
Retention of your Personal Data
The Personal Data will not be retained longer than is necessary for the purposes of the processing as set out above, subject to statutory periods of limitation and subject to applicable law(s) requiring retention for a certain period of time after the termination of the business relationship. In particular:
• where we have collected your Personal Data as required by the applicable anti-money laundering legislation, including for identification, screening and reporting purposes, we will retain that Personal Data for five years after the termination of our relationship, unless we are required to retain this information for a longer period by another law or for the purposes of court proceedings; or
• otherwise, we will in most cases retain your Personal Data for a period of ten years after the financial year to which they relate or any longer period as may be imposed or permitted by law, in consideration of the purpose for which they have been collected and the legal limitation periods (including for litigation);
• in addition, if any relevant legal claims are brought, we may continue to process the Personal Data for such additional periods as necessary in connection with such claims.
The Joint Controllers take all reasonable steps as required by Data Protection Legislation to ensure the safety, privacy and integrity of your Personal Data.
Your Rights
You have certain rights with respect of your Personal Data. You have the right to:
- to access your Personal Data.
- to ask for rectification of your Personal Data in cases where such data is inaccurate and/or incomplete.
- to obtain the erasure of your Personal Data.
- to ask for restriction of processing of your Personal Data.
- to data portability with respect to your Personal Data.
- to object to the processing of your Personal Data.
- to withdraw your consent given to the processing of your Personal Data without affecting the lawfulness of the processing based on the consent before the withdrawal.
- to complain to the competent data protection authority if you are unhappy with how your Personal Data is being handled. In Luxembourg, the data protection authority is the Commission Nationale pour la Protection des Données (“CNPD”).
The aforementioned rights may be subject to limitations as prescribed by the Data Protection Legislation.
No automatic decision-making is conducted.
You can exercise any of your rights by contacting us as set out below. We will respond to your request in writing, or orally, if requested, as soon as practicable and in any event not more than one month after receipt of your request.
Recording of Telephone Conversations
The Data Subjects are informed that that any communication (including telephone conversations) may be recorded by the Joint Controllers and the Processors and (ii) will be retained for a period of ten (10) years from the date of the recording.
How to Contact Us
If you have any queries or comments regarding this Data Protection Notice, please contact the Management Company at dp.privacy@vistra.com or call us at +352 42 22 29 1.
You may also write us at the Management Company’s registered address:
Kroll (Luxembourg) Management Company S.à.r.l.
Attn: Data Protection Officer
16, rue Eugène Ruppert
L-2453 Luxembourg
Updates to Notice
We may need to update this Notice from time to time. Any updates to this Notice will be posted on this website. Please check the “Last Updated” above for the date this Notice is last updated.
United Kingdom
Switzerland
Luxembourg
Germany
Finland
Ireland
Netherlands
Rest of EEA
Middle East
Japan
Hong Kong
Singapore
USA
Other