This policy is issued and provided by Andetta and each of the entities listed in this Appendix (together “Andetta”, “we”, “us” or “our”) and is addressed to both external individuals, professionals and legal entities (together “you”, or “your”) with whom we may interact, or may have interacted, while conducting our business including but not limited to the following: a client of Andetta or an investor in any fund managed, sponsored or advised by Andetta (the “fund”) or any member, partner, shareholder, beneficial owner, director, officer, employee, professional or other representative of any Andetta’s client or fund’s investor including any prospective Andetta’s client or fund’s investor whose personal information have been collected and held under control.
By means of this notice, we would like to inform the general public of the nature, scope, and purpose of the personal data we collect, use and process in accordance with the EU General Data Protection Regulation n. 2016/679 (“GDPR”). Any and all rights and duties recognized under this notice is therefore restricted to situations falling under the scope of the GDPR. The wording of this notice is based on the terms used by the European legislator for the adoption of the GDPR.
Any data processed by us is controlled by us and we are the data controller of such information. Andetta Private Equity N.V. may be a data processor or data controller depending on the circumstances in which personal information is collected, held or used. However, there may be also times when the fund’s administrator, the fund’s investment manager or other fund’s service providers will act as a data controller depending on the fulfilment of their respective obligations under applicable law.
Where your data are provided for the purpose of investing in a fund, we as data controller may directly (or through a third party such the fund’s investment manager or the fund’s administrator) process your personal information. If you are an entity, we may process the personal information of your beneficial owner(s), employees, directors, officers and you shall make sure that these persons are properly informed of this policy. The process of personal information may depend on: (i) “contractual” and/or “pre-contractual” purposes, i.e. the delivery of the services you are interested in; (ii) commercial purposes, in order to keep you informed about the latest news also regarding the services provided by us; and (iii) the fulfilment of any legal and compliance obligation which is related to (i) and (ii).
Sources and ways of collection
The data collection and processing may be in hard copy or through electronic instruments. We may act
directly or through the support of authorized appointees such as law and account firms, investment
management firms, administration firms and in general selected services providers within the financial
Sources of data collection:
- Subscription documents and ancillary related documents for the onboarding of investors.
- Any information provided by you for (i) receiving information related to any services provided by us; (ii) the corporate admission and administration and any related filings of your investment holding in one of the funds; (iii) any offer, contact, negotiation, business opportunity, agreement, solicitation, public/private competition, public filing made for investment purposes in your interest or on your behalf; (iv) compliance purposes including for the purpose of any applicable AML and KYC regulations. The information under the sources a) and b) may include:
- - for individual: full name, nicknames, gender, marital status, address, birth date, nationality, passport number or similar identification, income, social security number, financial and investment qualifications and targets, nationality, tax related information, employment/professional/business information, other government issued numbers (green card, driving license etc.), visual images, contact details, education history, financial details such as billing address and bank account/credit card numbers, social media profile details;
- - for legal entities, other than the information laid down above, where applicable: entity type, jurisdiction of legal/administrative seat and/or centre of main interests, registration and tax identification numbers, tax- and business-related information, income, financial and investment qualifications and targets.
We may also collect special categories of personal data (for the purpose of art. 9 GDPR) where provided by you, such as disability information or religious data for purposes required by you such as scheduling of meetings or access to information concerning particular categories of investments.
You are responsible for ensuring that any personal data that you send to us are complete, updated, correct and sent securely. From time to time we may ask you to confirm the accuracy of your personal data.
Duration of the collection and processing
The data processing will be done for the whole period of the pre-contractual or contractual relation and in general as long as required to achieve the purposes described below. Later, the data processing may be extended to fulfil legal obligations and for administrative and commercial purposes related to additional services for which you may have expressed your interest.
Purposes of the personal information use
Your personal data may be collected, stored, used and/or disclosed by us (or any of our directors, officers, affiliates, agents, employees, delegates, appointees or service providers) for the following:
- Onboarding, management, administration, exit and/or liquidation of your investment in any fund on an ongoing basis which is necessary for the fulfilment of any legal and/or contractual obligations.
- Compliance procedures in accordance with our internal policies and applicable laws in order to prevent and/or detect fraud, money laundering, terrorist financing, corruption, tax evasion and in general statutory rights abuse.
- Compliance with any legal obligation that we may have including reporting to tax authorities or within litigation proceedings; general liaising with public authorities.
- Management and administration of any negotiation, contacts with private parties and/or public authorities and contractual, related filings and contractual relations related to investments made on your behalf and/or in your interest.
- Liaising with any service providers (such as accountants, auditors, lawfirms) that need to know such data in order to pursue the legitimate interest of Andetta and/or the fund or comply with any statutory obligations.
- To otherwise pursue the legitimate interest of Andetta and/or the fund in relation to (i) any investment by you in the fund, (ii) any contact with third parties, negotiation, proposal and/or agreement related to any investment made by Andetta on your behalf and/or in your interest.
- Maintaining and updating your data.
- Marketing and promotional activities.
- Notification regarding changes to our service offers or business.
- Monitoring and improving the quality of our services.
- Quality assurance and training purposes.
Disclosure and transfer of personal data
Other than to the above aforementioned persons, personal data may be disclosed to: (i) any Andetta’s entities and funds including their respective directors, officers, employees, appointees, and service providers; (ii) any public or accredited authorities; any third parties processor and in general any relevant parties to the extent necessary for the establishment, exercise or defence of legal rights or contractual obligations; (iii) any relevant parties for the purpose of prevention and detection of crimes; (iv) any relevant parties in the event that we sell or transfer all or any relevant portion of our business or assets.
The servers where your personal data are stored are located in Geneva.
We also have service providers located in other jurisdictions whose personnel will have access to your personal information. Transfers to these service providers are necessary for the above listed purposes and in general for the provision of our services. When we engage a third-party processor to process your personal data, such processor will be subject to binding contractual obligations to use measures to protect the confidentiality and security of the personal data in accordance with any additional requirements under applicable law.
Subject to the GDPR, you have the right to:
- Request access to any personal data we have collected together with information regarding the nature, processing and disclosure of such data;
- Have your personal data corrected, in case of inaccuracy or incompleteness;
- Request deletion of any of your personal data;
- Block us collecting further personal data other than the data already collected;
- Obtain, reuse and transfer to another places any of your personal data;
- Restrict the personal data we control;
- where we process your personal data on the basis of your consent, the right to withdraw that consent;
- be informed without undue delay, should we become aware of the occurrence of any data breach
- the right to lodge complaints with a public authority regarding the processing of your personal data.
To make any requests as listed above including for the purpose of blocking the collection, use and storage of your personal data, please contact us at firstname.lastname@example.org. We will respond to any request relating to your right within one month of receipt of your request.
Please note that:
- - notwithstanding any withdrawal of consent, we may be legally required to retain some or all of your personal data.
- - Failure to provide personal information required for KYC/AML or other compliance requirements may determine rejection of subscription requests or redemption of existing investments.
Right to complain
If you would like to make a complaint about the way your personal data has been collected or used, please contact us at email@example.com.
You may have the right to lodge a complaint with a supervisory authority in the EU Member State of your habitual residence or place of work or in the place of the alleged infringement in case of any violation of the GDPR.
We reserve the right to change this policy at any time. The examples contained within this policy are illustrations and are not intended to be exclusive. You may have additional rights under other foreign or domestic privacy laws in addition to those that are described above.
Name and address of the Data Protection Officer:
Ms. Abdiëla Juana
Art. 6 (a), (b), (c) and (f) GDPR serve as the legal basis for any collection and processing operations to which the above information refers.
This notice is provided for informational purposes only and should not be relied upon as legal advice. Please consult with a qualified professional to discuss on the applicability of the GDPR.
Andetta Group Services (Mauritius) Limited
Andetta Private Equity Services (Switzerland) Gmbh