Data Protection Statement to LRI Invest S.A.
Last updated: 21 September 2018
Part I General Information
By way of this notice we provide an overview of how we treat personal data and what rights customers have under the data protection law. The way in which certain data is processed and used depends on the types of services provided by LRI Invest S.A., its subsidiary LRI Depositary S.A. and LRI Invest Securitisation S.A. (hereinafter referred to as “LRI Group”).
1. Legal Provisions
We take the protection of your personal data very seriously. We process personal data in accordance with the provisions of the data protection law of the Grand Duchy of Luxembourg, which is where LRI Group’s registered office is located.
In order to ensure that your personal data is comprehensively protected, we comply with the applicable provisions of the Luxembourg Act of 1 August 2018 in relation to the organisation of the CNPD and the implementation of the GDPR and any legal authorisations or bases concerning data protection which may be applicable.
As the provider of this online presence, we, LRI Invest S.A., 9A, rue Gabriel Lippmann, 5365 Munsbach, Luxembourg, represented by the members of the Management Board Utz Schüller and Frank Alexander de Boer, (+352 261 500 -1 / central telephone number, +352 261 500-2299 / fax), are the controller within the meaning of Art. 4 (7) of the GDPR.
3. Data Protection Officer’s Contact Information:
LRI Group’s data protection officer, Mr René Thiel, may be contacted as follows:
LRI Invest S.A.
9A, rue Gabriel Lippmann
c/o the data protection officer
4. Collection of Personal Data
a) We use personal data that we receive from you in the course of our business relationship with you. This data comes for example from contracts, forms, documents in the context of a due diligence, which are necessary for the execution of the business activities with you or also from correspondence by telephone, e-mail or in other form with you. Further information or data that we receive from you may also be processed.
b) In addition, to the extent necessary for the provision of our services, we process personal data that we have legitimately received from other companies (e.g. rating agencies or financial crime databases) (e.g. for the execution of orders, for the fulfilment of regulatory requirements).
On the other hand, we process personal data that we have obtained and may use from publicly accessible sources (e.g. debtor registers, land registers, registers of commerce and associations, press, media).
5. Use of Personal Data and Limitation to Specified Purpose
a) All personal data disclosed or collected in the course of LRI Group’s services shall, in accordance with the applicable laws and regulations on the protection of personal data, be collected, processed and used solely for the purpose of performing the contract and to protect our own legitimate business interests relating to advising and supporting our customers and prospective customers and to tailor products.
Furthermore, LRI Group promises to customers that it will act in compliance with the professional obligations of confidentiality. Personal data such as your email address or your name is only stored if you provide us with this on your own initiative, e.g. to perform a contract, when filling out a contact form, registration for an event or an employment application principle of direct collection). If you wish to access information on our website concerning certain products via the “Funds” tab, we collect the following data from you: your capacity as a private/institutional investor, your country of origin and information on which of our pages you visited.
b) In addition, we use the data you have directly provided to us principally for the following:
- We use your personal data for correspondence, including approaching you for shared projects.
- We use your personal data to occasionally inform you about our products and services as well as new developments.
- We use your personal data to invite you to customer events and/or webinars.
6. Transmission to Third Parties
a) In order to facilitate the purposes described above, under certain circumstances there may be an exchange of your data with third parties, which are involved for the purposes of processing orders and processing enquiries. In doing so, we may make your information available to third parties who support us in making our services available to you. Examples of this would be third parties deployed to manage our web server and analyse data and who may thereby become aware of your data.
b) If you provide us with personal data for the purpose of a potential collaboration in the future, a potential investment and/or for the purpose of contacting you, we shall be entitled to transmit this data to our related undertakings.
c) Otherwise we will only transmit your personal data to a third party where we are obliged to do so pursuant to the provisions of mandatory law, you yourself have so specified, have consented to the transmission or the data has been anonymised or pseudonymised beforehand.
d) Any transmission of personal data to third parties that have their registered office in a third country will take place only with your consent or to perform our contractual obligations pursuant to Art. 44 et seq. of the GDPR.
7. Contract Processing
We may commission third party providers with the systematic processing of personal data. In this case, the data processing operation will be carried out only upon our instruction and solely for the purposes specified in compliance with the requirements of data protection law.
8. Legal Bases
We process personal data in compliance with the provisions of the European General Data Protection Regulation (GDPR) and the Luxembourg Data Protection Act:
a) to perform contractual obligations (Art 6 (1) (b) of the GDPR)
Data is processed in order to provide financial services in the course of performing our contracts with our customers or in order to take steps prior to entering into a contract where a request has been made. The purposes of data processing depend primarily on the specific product (e.g. the brokerage of investment fund units) and may inter alia encompass needs analyses and advice. Please consult the relevant contract documents and terms and conditions of business for further details concerning the purposes of data processing.
b) as a part of the balancing of legitimate interests (Art. 6 (1) (f) of the GDPR)
Where necessary we process your data beyond the actual performance of the contract in order to protect our legitimate interests or the legitimate interests of third parties. Examples:
- Advertising or market research and opinion surveys provided you have not objected to the use of your data,
- Assertion of legal claims and legal defence in the case of legal disputes,
- To ensure IT security and IT operations,
- Prevention and investigation of crimes,
- Video surveillance to enforce the rights of owners or occupiers of premises,
- Measures for building security (access controls),
- Measures for business management and further development of services and products,
- Risk management within LRI Group.
c) on the basis of consent (Art. 6 (1) (a) of the GDPR)
If you have given us your consent to process personal data for certain purposes (e.g. transmission of data within the corporate group, use of data for advertising purposes), the lawfulness of this data processing operation is justified on the basis of your consent. Any consent that has been given can be withdrawn at any time. This shall also apply to the withdrawal of any declarations of consent that had been given to us prior to the GDPR coming into effect, i.e. before 25 May 2018. The withdrawal of consent shall not affect the lawfulness of data already processed based on consent before its withdrawal.
d) pursuant to legal obligations (Art. 6 (1) (c) of the GDPR) or on the basis of the public interest (Art. 6 (1) (e) of the GDPR)
Furthermore, as a financial services provider we are subject to diverse legal obligations, which means statutory requirements (e.g. the various Investment Fund Acts, the Anti-Money Laundering Act, the Securitisation Act and the applicable tax laws) and regulatory requirements. The purposes of data processing operations also include the verification of identity, prevention of fraud and money laundering and the assessment and management of risks, among other things.
If you have given us your consent to process personal data for certain purposes (e.g. invitations to events, sending of newsletters or further use of application data), the lawfulness of this data processing operation is justified on the basis of your consent. Any consent that has been given can be withdrawn at any time.
If you provide us with personal data of third parties it is your responsibility to ensure that the person concerned has declared his or her consent to the transmission and processing of the personal data.
You may withdraw the consent you gave to us to use or transmit your personal data at any time and for the future, e.g. by sending an email to data-protection-_-at-_-lri-group-_-dot-_-lu.
11. Length of Time of Data Storage
The length of time that your personal data is stored depends on the degree of the collaboration or the contractual relationship in place.
If you only visit our website, the data stored shall be restricted to the information mentioned under point 16.
If you send us application documents for employment with LRI Group (LRI Invest S.A. and affiliated companies), your personal data will be stored for processing and deleted after 6 months at the latest provided there is no other legal basis for storing your personal data.
If you are interested in an investment and provide us with personal data for this reason, we will only store your data until your consent is withdrawn or until the legally authorised period expires.
In case of a contractual relationship the data is also stored after the end of the contractual relationship for the purpose of fulfilling legal obligations, such as legal obligations of record retention and legal obligations to furnish information. Furthermore, data may be stored so that we can continue to inform you about our products. If you do not wish to be contacted for informational purposes, please send us an email to the following email address: communications-_-at-_-lri-group-_-dot-_-lu.
12. Newsletter and Events
a) If you register for our free newsletter we will regularly inform you about LRI Group products and services (the legal basis is Art. 6 (1) (a) of the GDPR).
b) We use the double opt-in procedure for the registration for our newsletter. This means that we will send you a confirmation email after you have entered your email address asking you to confirm that you want to receive our newsletter. Your registration will be completed when you click on the confirmation link. You will then receive our newsletter at the email address you provided until you cancel the newsletter. If you no longer wish to receive our newsletter, you can unsubscribe at any time by clicking the corresponding link or by sending an email to the following email address: communications-_-at-_-lri-group-_-dot-_-lu.
c) In order to receive the newsletter, the only information required is your email address, your company and your first name and surname.
13. Data Security
a) LRI Invest S.A. and its affiliated companies diligently take precautions to protect your data we manage against manipulation, loss, destruction and access by unauthorised persons. Our security measures are continuously improved in line with technological developments.
b) Our employees are obliged to comply with the data secrecy requirements pursuant to the Luxembourg Data Protection Act.
14. Your Rights
You have the following rights against us in respect of the personal data concerning you:
- The right to obtain information,
- The right to rectification or erasure,
- The right to restriction of processing,
- The right to object to the processing,
- The right to data portability.
For further details please send us an email to the following address: data-protection-_-at-_-lri-group-_-dot-_-lu.
You also have the right to lodge a complaint about our processing of your personal data with the competent data protection supervisory authority:
Commission nationale pour la protection des données (CNPD)
1, avenue du Rock’n’Roll
Tel.: (+352) 26 10 60-1
If you live abroad, you can also lodge a complaint with the data protection authority in charge in your home country.
Part II Additional Information for the use of our Website
We use different technologies on our website which improve user-friendliness, effectiveness and security. Data might be collected by us or by third parties whom we have authorised and commissioned (technical service providers) in this context.
15. Restrictions on the scope of this data protection declaration for visiting our website
Our data protection declaration applies only to own content that we store on our servers. Any links to websites of third parties in our offers are expressly not included.
16. Collection of Personal Data when Using our Website’s Functions
A connection with our server is made when our website is accessed. When this is done, the access paths to the pages, the time at which the connection is made and your current IP address are collected and stored in order to protect against disruptions and problems. During your visit to the pages of our website, data (“cookies”) may be placed on your computer, which facilitate your use of our content. We do not use this data to identify you or to contact you.
When using our website merely for informational purposes we do not collect personal data, with the exception of the data that your browser transmits in order to enable you to visit our website.
This data is:
- the date and time of the access,
- the name or address of the computer from which the access is being made,
- the name and size of the file which is being queried,
- the name of the web browser being used and its version,
- the URL of the website previously visited (referrer address).
We store data related to the terminal device, inter alia in order to create usage statistics or also in order to identify and track prohibited attempts to access our web servers. We develop user profiles of the use of our website only on an anonymised basis and solely for the purpose of improving user navigation and optimising our content and services. No personalised behaviour profiling is developed or processed from the aforementioned information.
17. Technologies Used
b) If you wish you can prevent the installation of cookies via the appropriate setting of your browser software or you can decide to allow cookies only after you have been asked whether you want to place the cookie or not. However, the failure to accept cookies may result in some pages no longer being able to be displayed correctly.
- Transient cookies (temporary use)
Transient cookies are automatically deleted when you close your browser. This includes in particular session cookies. Session cookies store a session ID, which allows diverse enquiries from your browser to be assigned to the common session. This allows your computer to be recognised again when you return to the website. Session cookies are deleted when you log out or close the browser.
- Persistent cookies (use for a limited period of time)
Persistent cookies are automatically deleted after a pre-determined period of time, which may vary according to the cookie. You can delete the cookies at any time by configuring your browser’s security settings.
You can configure your browser settings to suit your preferences and, for example, reject the acceptance of individual or all cookies.
You can learn more about how cookies function at the website http://www.allaboutcookies.org.
The cookies’ data is not linked with your other data.
19. Google Analytics
By enabling the add-on that can be downloaded via this link you effectively object to the collection, use and processing of your data by Google Analytics.
This website uses Google Analytics’ anonymisation option. Your IP address is collected only in shortened form and therefore cannot be traced back to you.
20. Social Media PluginsLinks to Twitter, Xing and LinkedIn
Our website has links to Twitter, LinkedIn and XING (“third-party providers”). However, we do not use the social plugins of these third-party providers, meaning that no personal data is transmitted to these third-party providers merely because you visited our website. You only go to the website of a third-party provider by clicking on its icon. Data is then collected, processed and used on the webpages of this third-party provider. We have no influence over the scope of the data that these third-party providers collect, process and use. For further details on the scope and purpose of the data collection and the further processing and use of this data, please consult the privacy policies of the respective third-party provider on the following webpages: