PRIVACY NOTICE GDPR
“The Company 1” (as defined extensively in the first footnote) and the “AIFM”, Idi Emerging Markets Partners Sarl, (acting as General Partner) may, themselves or through the use of service providers, collect, store on computer systems or otherwise and further process, by electronic or other means, personal data (i.e. any information relating to an identified or identifiable natural person) concerning (prospective) Investors and their representative(s), including, without limitation, legal representatives and authorised signatories, employees, directors, officers, trustees, settlors, their shareholders and/or unitholders, nominees and/or ultimate beneficial owner(s), as applicable (“Data Subjects”) (the “Personal Data”).
Failure to provide certain requested Personal Data may result in the impossibility to acquire or maintain Shares of The Company (as applicable).
Controller. To achieve the Purposes and comply with the Regulatory Obligations as defined below, Personal Data provided or collected in connection with the acquisition and holding of Shares will be processed by The Company (as applicable) and the AIFM as independent controllers or, where appropriate, as joint controllers (the “Controller(s)”).
Compliance with laws. The Controller(s) will process Personal Data in accordance with Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the General Data Protection Regulation”), as well as any law or regulation relating to the protection of personal data applicable to them, as any of such instruments may be modified or complemented from time to time (together the “²Data Protection Legislation”).
Authorised Recipients of Personal Data. Personal Data may be disclosed to, and processed by, the AIFM, the Depositary, the Registrar and Transfer Agent, the Paying Agent, legal and financial advisers, accountants, auditors, target funds and any target entities, and/or their related entities (including without limitation their respective general partner and/or management company and/or central administration/investment manager/service providers) in or through which The Company (as applicable) intends to invest, and other potential service providers of the Controller(s) (including their information technology providers, cloud service providers and external processing centres) and any of the foregoing respective agents, delegates, processors, affiliates, companies of the group to which they belong, and/or their successors and assigns, as well as any court, governmental, supervisory or regulatory bodies, including tax authorities in Luxembourg or in various jurisdictions, in particular those jurisdictions where (i) The Company (as applicable) is or is seeking to be registered for public or limited offering of its Shares, (ii) the (prospective) Investors are resident, domiciled or citizens or (iii) The Company (as applicable) is, or is seeking to, be registered, licensed or otherwise authorised to invest for carrying out the Purposes and to comply with the Regulatory Obligations (the Authorised Recipients”).
The Controller(s) will pay attention to not transfer Personal Data to any third parties other than the Authorised Recipients, except as disclosed to the (prospective) Investors from time to time or if required by laws and regulations applicable to the Controller(s) or, by any order from a court, governmental, supervisory or regulatory body, including tax authorities.
According to the circumstances, the Authorised Recipients may process Personal Data as processors on behalf of the Controller(s) or as controllers to the extent they individually determine the purposes and means of a specific Personal Data processing, in particular for compliance with their legal obligations in accordance with laws and regulations applicable to them (such as anti-money laundering identification) and/or order of any competent jurisdiction, court, governmental, supervisory or regulatory bodies, including tax authorities.
Categories of Personal Data processed. Personal Data may include, without limitation, the name, address, telephone number, business contact information, employment and job title, job history, professional qualification, banking data, financial and credit history information, the sources of the funds used for acquiring Shares, current and historic investments, investment preferences and invested amount, “know your customer” and anti-money laundering related information and any other Personal Data that is necessary to the Controller(s) and the Authorised Recipients to achieve the Purposes and comply with the Regulatory Obligations as both expressions are defined below. Personal Data is collected directly from Data Subjects or may be collected through publicly accessible websites, social media, subscription services, world-check database, sanction lists, centralised investor database, public registers or other publicly accessible sources or proprietary database.
Purposes of the Personal Data processing. Personal Data will be processed by the Controller(s) and Authorised Recipients for the purposes of (i) offering investments in Shares, managing the business relationship between the Controller(s) and the (prospective) Investors, performing the related services as contemplated in the Prospectus and under the Subscription Form including, but not limited to, the opening of the Investors account with The Company (as applicable), the management and administration of Shares and any related account on an on-going basis and the allocation of Shares in target fund(s) or entities, including processing subscriptions and redemptions, conversion, transfer and additional subscription requests, the administration and payment of distribution fees (if any), payments to Investors, updating and maintaining records and fee calculation, maintaining the register of shareholders, providing financial and other information to the Investors in relation to its acquisition and holding of Shares, (ii) developing and processing the business relationship with the Authorised Recipients and optimizing their internal business organisation and operations, including the management of risk, and (iii) other related services rendered by any service provider of the Controller(s) and Authorised Recipients in connection with the acquisition and holding of Shares (the “Purposes”).
Regulatory Obligations. Personal Data will also be processed by the Controller(s) and Authorised Recipients to comply with legal or regulatory obligations applicable to them and to pursue their legitimate business interests or to carry out any other form of cooperation with, or reporting to, public authorities including but not limited to legal obligations under applicable fund and company law, anti-money laundering and counter terrorist financing (AML-CTF) legislation, prevention and detection of crime, tax law such as reporting to the tax authorities under Foreign Account Tax Compliance Act (FATCA), the Common Reporting Standard (CRS) or any other tax identification legislation to prevent tax evasion and fraud as applicable, and to prevent fraud, bribery, corruption and the provision of financial and other services to persons subject to economic or trade sanctions on an on-going basis in accordance with the AML-CTF procedures of the Controller(s) and Authorised Recipients, as well as to retain AML-CTF and other records of the Data Subjects for the purpose of screening by the Controller(s) and Authorised Recipients (the Regulatory Obligations”).
The Investors acknowledge that the Controller(s) and, where appropriate, the Authorised Recipients (acting as controllers or as processors on behalf of the Controller(s)), may be obliged to collect and report any relevant information, including Personal Data, in relation to the Investors and their acquisition and holding of Shares (including but not limited to name and address, date of birth and U.S. tax identification number (TIN), account number, balance on account, the “Tax Data”) to the Luxembourg tax authorities (Administration des contributions directes) which will exchange this information (including Personal Data, financial and tax information) on an automatic basis with the competent authorities in the United States of America or other permitted jurisdictions (including the U.S. Internal Revenue Service (IRS) or other US competent authority and foreign tax authorities located outside the European Union) only for the purposes provided for in FATCA and CRS at OECD and European levels or equivalent Luxembourg legislation.
It is mandatory to answer questions and requests with respect to the Data Subjects’ identification and Shares acquired and held in The Company (as applicable) and, as applicable, FATCA and/or CRS. The Company (as applicable) and AIFM reserve the right to reject any application for Shares if the prospective Investors do not provide the requested information and/or documentation and/or has not itself complied with the applicable requirements. The (prospective) Investors acknowledge that failure to provide relevant Personal Data requested by the Controller(s) and/or Authorised Recipients in the course of their relationship with The Company (as applicable) and the AIFM may result in incorrect or double reporting, prevent them from acquiring or maintaining their Shares and may be reported by the Controller(s) and, where applicable, the Authorised Recipients to the relevant Luxembourg authorities.
Electronic communications recordings. Communications (including telephone conversations and e-mails) may be recorded by the Controller(s) and/or by the Authorised Recipients, (acting as controllers or, where appropriate, as processors on behalf of the Controller(s)) where necessary for compliance with a legal obligation to which they are subject or for the performance of a task carried out in the public interest or where appropriate to pursue their legitimate interests, including (i) for record keeping as proof of a transaction or related communication in the event of a disagreement, (ii) for processing and verification of instructions, (iii) for investigation and fraud prevention purposes and, (iv) to enforce or defend their interests or rights in compliance with any legal obligation to which they are subject. Such recordings will be processed in accordance with Data Protection Legislation and shall not be released to third parties, except in cases where the Controller(s), and/or the Authorised Recipients, are compelled or entitled by laws or regulations applicable to them or court order to do so. Such recordings may be produced in court or other legal proceedings and permitted as evidence with the same value as a written document and will be retained for a period of 10 years starting from the date of the recording. The absence of recordings may not in any way be used against the Controller(s) and Authorised Recipients.
Legal basis for Personal Data processing. The Controller(s) and Authorised Recipients will collect, use, store, retain, transfer and/or otherwise process Personal Data: (i) as a result of the subscription or request for subscription of the (prospective) Investors to acquire and hold Shares where necessary to perform the Purposes or to take steps at the request of the (prospective) Investors prior to such subscription, including as a result of the holding of Shares in general and/or; (ii) where necessary to comply with a legal or regulatory obligation to which the Controller(s) or Authorised Recipients are subjects and/or; (iii) where necessary for the performance of a task carried out in the public interest and/or; (iv) where necessary for the purposes of the legitimate interests pursued by Controller(s) or, where appropriate, by Authorised Recipients acting as controllers, which mainly consist in the achievement of the Purposes, including where the Subscription Form is not filed or entered into directly by the (prospective) Investors, or in direct or indirect marketing activities as contemplated in the Purposes or, in complying with the Regulatory Obligations and/or any order of any court, government, supervisory, regulatory or tax authority, including when providing services related to the acquisition and holding of Shares to any beneficial owner and any person holding Shares directly or indirectly in The Company (as applicable) and/or; (v) where applicable under certain specific circumstances, on the basis of the (prospective) Investors’consent.
Transfers outside the European Union. By acquiring and holding Shares, the Investors acknowledge that Personal Data may be processed for achieving the Purposes and Regulatory Obligations described above and in particular, that the transfer and disclosure of such Personal Data may be made to the Authorised Recipients, some of which are located in France and some of which are also located outside the European Union, in countries which are not subject to an adequacy decision of the European Commission, including but not limited to Switzerland and Hong-Kong. The legislation in such countries does not ensure an adequate level of protection as regards the processing of personal data, meaning that such legislation might not provide for a data protection supervisory authority and/or data processing principles and/or data subjects rights. Such situation might lead to potential increased risks for the rights and freedoms of the Data Subjects. The Controller(s) will only transfer Personal Data for performing the Purposes or for complying with the Regulatory Obligations.
The Controller(s) will transfer Personal Data to the Authorised Recipients located outside the European Union either (i) on the basis of an adequacy decision of the European Commission with respect to the protection of personal data or, (ii) on the basis of appropriate safeguards according to Data Protection Legislation, such as standard data protection clauses, binding corporate rules, an approved code of conduct, or an approved certification mechanism or, (iii) in the event it is required by any judgment of a court or tribunal or any decision of an administrative authority, Personal Data will be transferred on the basis of an international agreement entered into between the European Union or a concerned member state and other jurisdictions worldwide or, (iv) where applicable under certain specific circumstances, on the basis of the (prospective) Investors’ explicit consent or, (v) where necessary for the performance of the services as contemplated under the Prospectus and under the Subscription Form or for the implementation of pre-contractual measures taken at the (prospective) Investors request or, (vi) where necessary for the Controller(s) and Authorised Recipients to perform their services rendered in connection with the Purposes which are in the interest of the Data Subjects or, (vii) where necessary for important reasons of public interest or, (viii) where necessary for the establishment, exercise or defence of legal claims or, (ix) where the transfer is made from a register, which is legally intended to provide information to the public or, (x) where necessary for the purposes of compelling legitimate interests pursued by the Controller(s), to the extent permitted by Data Protection Legislation.
In the event the processing of Personal Data or transfers of Personal Data of Data Subjects outside the European Union take place on the basis of their consent, the Data Subjects are entitled to withdraw their consent at any time without prejudice to the lawfulness of the processing and/or data transfers carried out before the withdrawal of such consent. In case of withdrawal of consent, the Controller(s) will accordingly cease such processing or data transfers. Any change to, or withdrawal of, Data Subjects’ consent can be communicated in writing to The Company (as applicable) and/or AIFM to the attention of M. Robin Marc via post mail at Robin Marc, Idi Emerging Markets Partners sàrl, 47 Grand Rue, L-1661 Luxembourg, or via e-mail at email@example.com.
Information duty. Insofar as Personal Data is not provided by the concerned individuals themselves (including where Personal Data provided by the (prospective) Investors include Personal Data concerning other Data Subjects), the (prospective) Investors represent that they have authority to provide such Personal Data of other Data Subjects. If the (prospective) Investors are not natural persons, they undertake and warrant to (i) adequately inform any such other Data Subjects about the processing of Personal Data concerning them and their related rights (as well as how to exercise them) as described under the Prospectus and the Subscription Form (or any other information notice as provided by the Controller(s) or Authorised Recipients from time to time), in accordance with the information requirements under the Data Protection Legislation and (ii) where necessary and appropriate, obtain in advance any consent that may be required for the processing of Personal Data of other Data Subjects as described under the Prospectus and the Subscription Form (or any other information notice as provided by the Controller(s) or Authorised Recipients from time to time) in accordance with the requirement of Data Protection Legislation. Any consent so obtained must be documented in writing by the Investors. The (prospective) Investors agree to indemnify and hold the Controller(s) and Authorised Recipients harmless for and against all financial consequences or other expenses arising from any breach of the above warranties.
Data Subject’s rights. Data Subjects may request, in the manner and subject to the limitations prescribed in accordance with Data Protection Legislation, (i) access to and rectification or deletion of Personal Data concerning themselves, (ii) a restriction or objection of processing of Personal Data concerning themselves and, (iii) to receive Personal Data concerning themselves in a structured, commonly used and machine readable format or to transmit those Personal Data to another controller and, (iv) to obtain a copy of, or access to, the appropriate or suitable safeguards, such as standard contractual clauses, binding corporate rules, an approved code of conduct, or an approved certification mechanism, which have been implemented for transferring the Personal Data outside the European Economic Area. In particular, Data Subjects may at any time object, on request, to the processing of Personal Data concerning themselves for any processing carried out on the basis of the legitimate interests of the Controller(s) or Authorised Recipients and obtain all relevant information on the related balancing test that has been carried out by the Controller(s) or Authorised Recipients. Each Data Subject should address such requests to The Company (as applicable) and/or AIFM to the attention of M. Robin Marc via post mail at Robin Marc, Idi Emerging Markets Partners sàrl, 47 Grand Rue, L-1661 Luxembourg, or via e-mail at firstname.lastname@example.org.
Data Subjects are also entitled to address any claim relating to the processing of Personal Data concerning them and carried out by Controller(s) or Authorised Recipients in relation with the performance of the Purposes or compliance with the Regulatory Obligations by lodging a complaint with the relevant data protection supervisory authority, in particular in the Member State of their habitual residence, place of work or of an alleged infringement of the General Data Protection Regulation (i.e. in Luxembourg, the Commission Nationale pour la Protection des Données – www.cnpd.lu).
Personal Data Retention. Personal Data will be retained by the Controller(s) and Authorised Recipients until Investors cease to hold Shares of The Company (as applicable) and a subsequent period of 10 years thereafter to the extent necessary to comply with laws and regulations applicable to them or to establish, exercise or defend actual or potential legal claims, subject to the applicable statutes of limitation, unless a longer period is required by laws and regulations applicable to them. In any case, Personal Data will not be retained for longer than necessary with regard to the Purposes and Regulatory Obligations contemplated in the Prospectus and in the Subscription Form (or any other information notice provided by the Controller(s) or Authorised Recipients from time to time), subject always to applicable legal minimum retention periods.
Liability limitation. The Controller(s) and, the Authorised Recipients (acting as processors on behalf of the Controller(s)) will accept no liability with respect to any unauthorised third party receiving knowledge and/or having access to the Personal Data, except in the event of proved gross negligence or wilful misconduct of the Controller(s) or such Authorised Recipients (acting as processors on behalf of the Controller(s).
Modifications and updates. Further (updated) information relating to the processing of Personal Data may be provided or made available, on an ongoing basis, through additional documentation and/or, through any other communications channels, including electronic communication means, such as electronic mail, internet/intranet websites, portals or platform, as deemed appropriate to allow the Controller(s) and/or Authorised Recipients to comply with their obligations of information according to Data Protection Legislation.
1 - Designate as of November 2018 a company or an investment fund interacting with Idi Emerging Markets Partners Sarl, alternatively Idi Emerging Markets S.A, Idi Emerging Markets Partners - Fund III, Idi EM Partners Co-Invest GP Sarl, Idi EM Sapphire S.C.A and Idi EM Yellow S.C.A.