Personal data refers to any information relating to an identified or identifiable natural living person. Processing of Data means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. In our relationship with you we process the following categories of data:

• Identification information such as name, personal identification number (e.g. passport copy).
• Contact details such as phone number, email address and address.
• Information relating to legal requirements such as information provided during due diligence and anti-money laundering requirements.
• Our correspondence: if you contact us, we will typically keep a record of that correspondence.

Details of your transactions with us or holdings with us that you have made or initiated. We collect information directly from you. We can also collect data from publicly available registers, such as company registration offices and sanction lists (e.g. EU and UN). We also collect information from providers of information regarding beneficial owners and politically exposed persons.

If you provide personal data on behalf of (other) data subjects, you must ensure that you have authority to provide such personal data of the data subjects and to (i) adequately inform any such data subject about the processing of their personal data and their related rights as described in this policy and (ii) where necessary and appropriate, obtain in advance any consent that may be required for the processing of the personal data.

We process data for the following purposes

• Entering into agreements and fulfillment of agreements

We need to process personal data (e.g. name and contact details) in order to perform the agreement, we have with you.

We also process personal data in order to fulfil our obligations under law, regulations or authority decision. For example, we process personal data in relation to the following purposes:

• Know Your Customer requirements
• Anti-Money Laundering/Combating the Financing of Terrorism requirements
• Book keeping requirements
• Notifications to authorities such as the financial supervisory authority.
• Other legal requirements related to fund management

Furthermore, we may process personal data if your information is necessary for us to investigate or defend a complaint from you or to defend, prosecute, or make a claim against you, or a third party.

When we perform a contract, it is sometimes necessary to disclose personal data to companies that we cooperate with. For example, it can be necessary to disclose personal data regarding you to companies within the Movestic group. We also disclose personal data to authorities if we have a statutory obligation to do so, e.g. supervisory authorities.

We have entered into agreements with selected suppliers of IT, maintenance and support.  

We (or our data processors) may in some cases transfer personal data to companies outside the European Economic Area (third countries). If we do, we make sure that:

• The EU Commission has decided that there is an adequate level of protection in the current third country, or
• Other appropriate safeguards have been taken, for example the use of standard contractual clauses (EU model clauses) or the data processor has valid binding corporate rules in place; or
• we have your specific consent to a transfer.

As a data subject you are entitled to the following rights:

The right of access

You have the right to access to your personal data and other supplementary information. This right may however be restricted by legislation, protection of other person´s privacy and du to negative impact on Movestic’s business secrets.

Right to correction

You have the right to request correction of incorrect or incomplete data.

Right to erasure

You have the right to request erasure if:

• You withdraw your consent to the processing and there is no other legitimate reason for processing
• You object to the processing for direct marketing
• Processing is unlawful

The right to request erasure may however be limited due to the fact that we in many cases are obliged to retain personal data to comply with statutory obligations. We can also be entitled to continue to process personal data if the processing is carried out to manage legal claims.

Right to data limitation of processing

You have the right to obtain restriction of processing where one of the following applies:

1. the accuracy of the personal data is contested by you, for a period enabling the controller to verify the accuracy of the personal data;
2. the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
3. we no longer need the personal data for the purposes of the processing, but we are required by the data subject for the establishment, exercise or defense of legal claims;
4. you have objected to processing pursuant to Article 21(1) of GDPR pending the verification whether the legitimate grounds of Movestic override those of you.

Right to object

You have the right to object to processing of personal data concerning you, which is based on our legitimate interest, including profiling based on our legitimate interest.

Right to data portability

You have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller if the processing is carried out by automated means.

If you want to exercise any of the above rights, please contact our contact person as referred under 9. below.

If we are not required by law, we will not keep your personal data longer than necessary according to the purposes for which your data was collected and processed. How long we keep your personal data may vary depending on the specific situation, however typically:

Data collected for AML and anti-terror financing purposes – minimum five years after termination of the business relationship

Bookkeeping regulations – up to 10 years

Details relating to performance of an agreement – up to ten years after end of the relationship with the customer has terminated.

When personal data is no longer needed, we either irreversibly anonymise the data (we may further retain and use the anonymised information) or securely destroy the data.

If you have any questions, please contact us at: gdprspecialist@movestic.se or Movestic Kapitalförvaltning AB, att. Juridik, Box 7853, 103 99 Stockholm.

You can file a complaint or contact the data protection authority in any of the countries where we provide services to you.