“GDPR” stands for the Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, also known as the General Data Protection Regulation.
The full text of the GDPR in all EU languages is accessible by clicking HERE
We first invite you to familiarise yourselves with the few following key players as we will extensively refer to them in this Privacy Notice:
The Fund is in most cases acting as controller for the processing of personal data in the context of the Fund’s activities (“we”, “us” or “our”). In the context of the Fund’s activities, we process or outsource the processing of personal data of various categories of data subjects. Insofar as we determine the purposes and means of this processing, we qualify and act as controller.
The majority of data subjects in relation to whom we process personal data fall into one or more of the three main categories of data subjects described in the table below (“you”, “your” and more generally together the “data subjects”). This Privacy Notice, however, focuses on the processing of personal data related to Investing Persons. Privacy information in relation to the processing of personal data related to Fund Persons and Other Persons may be obtained via any contact point and by any means mentioned in Q&A 19 below.
|Investing Persons||The Investing Persons category groups the investors who are natural persons, the natural persons (such as beneficial owners or family members) who are associated with investors, as well as the natural persons involved in entities (in particular intermediary companies, trusts or other vehicles) associated with investors. Fund Persons The Fund Persons category groups the natural persons who belong or may belong to the staff, team, governing body, committees or similar body of the Fund; and/or who are (to be) remunerated by the Fund in relation to their activities for the Fund.|
|Other Persons||The Other Persons category groups the natural persons (other than the Investing or Fund Persons) who, directly or within third-party entities, are involved in the Fund’s activities. These third-party entities include among other authorities or service providers (such as regulators, depositaries, administration agents, auditors or professional advisers) supervising, assisting and/or contributing otherwise to the Fund’s activities.|
The above table uses terms such as “associated”, “involved”, “belong”, “supervising”, “assisting” and “contributing”. As a natural person, you may be so associated, involved, belonging to, assisting and/or contributing in an unlimited number of private, public and/or professional capacities, including – without limitation – as employee or self-employed, client, proxy-holder, authorised signatory, representative, nominee, intermediary, board or committee member, trustee, settlor, agent, officer, delegate, consultant and/or adviser.
As a general rule we reserve the right to process any past, present or future personal data needed to attain the purposes described or referred to in this Privacy Notice. However, in the table below we have listed the main categories of personal data we process together with a few illustrations. Please note that these illustrations are not exhaustive and that certain illustrations may belong to one or more categories of personal data, whether or not we have a contractual relationship with any of them or the entity they represent or work for.
|Identification data||This category groups the personal data used to identify you||Names, gender, place/date of birth, identification documentation (passport, ID cards), nationality, civil status, photos, tax identification numbers, login information, physical, vocal and digital signature and identifiers, etc.|
|Private data||This category groups the personal data related to your private environment||Private/residential physical and digital addresses (e.g. email, IP) and other contact data (e.g. telephone and fax numbers), websites, blogs and social networks, family-related information, centres of interest, contact history, etc.|
|Professional data||This category groups personal data related to your professional environment||Professional physical and digital addresses (e.g. email, IP) and other contact data (e.g. telephone and fax numbers), website, blogs and social networks, professional activities, occupation and organisation, status, position, grade and title, curriculum vitae, professional relationship (e.g. colleagues, assistants, staff, reporting lines,), contact history, etc.|
|Economic data||This category groups your personal data of a financial and economic nature||Amount, nature and source of salary, income and remuneration, properties, wealth and estate, current and historic placements and cash flows, transaction history, investment preferences and objectives, financial account details (including credit or debit cards), current and historic credit information, etc.|
The personal data that we process may consist of or result from any use of or activity on computer systems, network and website, and may take any form possible. Personal data that we process may then include all types of electronic support, pictures, images, videos, sounds and voice recordings (such as telephone or online conversation recordings).
Please note that the above categories of personal data are without prejudice to all specific or general personal data you have provided or will provide us with from time to time.
The so-called “sensitive” personal data referred to in Q&A 3 below may also come in addition to or be part of the above categories of personal data.
Preamble – “Sensitive” personal data refer to personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, and data concerning health or a natural person’s sex life or sexual orientation, as well as personal data relating to criminal convictions and offences or related security measures. Sensitive personal data are sometimes referred to as “special category data” and “criminal offence data” targeted by Articles 9 and 10 of the GDPR, respectively.
We do happen to process such sensitive personal data. However, we do so in only a limited number of instances. We may notably process sensitive personal data (a) which you have manifestly made public; (b) necessary for reasons of substantial public interest; (c) under the control of an official authority; and/or (d) when authorised by applicable law providing appropriate safeguards for your rights and freedoms.
As a matter of illustration, we may process personal data revealing political opinions (which you have not necessarily manifestly made public) or relating to criminal convictions and offences when implementing our “know your customer” obligations.
We may also fortuitously process sensitive personal data when wilfully processing non-sensitive personal data. As a matter of illustration, although we neither require nor need personal data revealing racial or ethnic origin or religious beliefs, nor genetic or biometric data, this information is sometimes disclosed in the official identification documents (such as passport photo pages) we receive for the purpose of implementing our “know your customer” obligations. If you do not want us to process this information and also for the reasons described in Q&A 4 below, we therefore strongly suggest that you carefully black this type of data out in any document sent or drawn to our attention.
Preamble – “Unsolicited” personal data basically refer to personal data which we have no intention, nor interest in processing, mainly because these data are not needed to attain any of the purposes described or referred to in this Privacy Notice. These are personal data which we did not solicit, and which we technically process (e.g. store and/or transfer), sometimes quite fortuitously (as illustrated in Q&A 3 above), but for no specific purpose.
What is important for you to be aware of is that, in the absence of proven negligence on our part or unless otherwise so compelled by mandatory rules of law, we assume no obligation nor any liability for any damage suffered directly or indirectly by you or any third party as a result of such a technical processing, including in case of personal data breach.
In view of the foregoing, we strongly recommend that you exclusively provide personal data that are expressly required from you, and that you refrain from providing any unsolicited personal data or making it available.
We collect or obtain your personal data from various sources (and a combination thereof), and we reserve the right to opt at any time for any legally acceptable source. In practice, these sources may vary depending on the categories of natural persons described in Q&A 1 above.
Our first source of information is you. We collect your personal data each time we communicate with you. We collect your personal data either directly from you or via third parties representing us or you. In relation to Investing Persons in particular, third parties representing us may typically be our register and transfer agent, certain of our distributors, and other appointed intermediaries. Third parties representing you may include discretionary managers, lawyers and specific proxyholders.
We may also obtain your personal data from a variety of third parties who represent neither us nor you. In relation to Investing Persons in particular, these third parties may include certain of our service providers (such as the depositary), certain distributors, your banker, social medias, subscription services and centralised investor database (whether or not they belong to the Fund’s group), as well as your or our advisers.
Third parties from whom we may obtain your personal data may also be public authorities, bodies or services, including Luxembourg and foreign supervisory and tax authorities.
We may also obtain your personal data via any publicly accessible (free or paying) sources such as the internet, public registers (such as the Luxembourg Trade and Companies Register), and/or the press in general. In relation to Investing Persons in particular, we may obtain your personal data via special “know your customer” databases (such as World-Check™).
We collect or obtain your personal data from various means (and combinations thereof), and we reserve the right to opt at any time for any legally acceptable means. In the following paragraphs, we would like to draw your attention to a few of them.
In relation to Investing Persons in particular, the most obvious means of collection of your personal data is the subscription documentation, including that required to fulfil our “know your customer” or tax transparency obligations (e.g. via self-certification forms). But, we also collect information via your transactional activity or your visits to our website.
For all categories of natural persons, we may also obtain personal information via exchanges of correspondence (whether or not in digital form), via telephone conversations (whether or not they are recorded), via contractual or operational documentation, via participation at board or shareholding meetings, and/or in the course of a complaint or litigious procedure.
We perform and reserve the right to perform at any time any processing which the GDPR authorises us to perform on your personal data. The processing that we perform or may perform therefore includes any operations (or set of operations) on your personal data (or on sets of your personal data), whether by electronic or other means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, transfer, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
In particular, we or our service providers acting as processors or controllers in their own right may be obliged or wish to record communications (including telephone or online conversations and e-mails). Recordings may be produced in court or other legal proceedings and permitted as evidence with the same value as written documents. The absence of recordings may not in any way be used against us.
Please, also note that processing that we perform or may perform on your personal data may also consist in profiling and solely automated individual decision-making. We have specifically addressed this type of processing in Q&A 10 below.
We reserve the right to process your personal data for any specified, explicit and legitimate purposes we deem appropriate, provided such processing is based on one or more of the 6 possible lawful (or legal) bases authorised by the GDPR. These lawful bases are related to contract, compliance, vital interests, public interest, legitimate interests, and consent. These lawful bases are more fully described in Appendix A of this Privacy Notice.
We process your personal data for several purposes and on several lawful bases. Details are available in the Privacy Notice document available for download on this page.
You should be aware that any of the (initial) purposes referred to in the Privacy Notice may change over time and lead to a new purpose. If the new purpose is compatible with the initial purpose, we may continue the processing under the original lawful basis (unless this original lawful basis is your consent).
Finally, you should also be aware of the following regarding the lawful bases of our processing. When we process sensitive personal data or transfer personal data to third countries, we may do so on specific lawful bases which are more fully described in Q&A 3 and Q&A 9, respectively, and which come in addition to those otherwise described in this Q&A 7. Also, when we exceptionally base the processing of your personal data on your consent, you are entitled to withdraw your consent as more fully described in Q&A 15 below.
Preamble – In the context of this Privacy Notice we understand “transmission” (or derived terms thereof) of personal data to a party as including the disclosure, the accessibility or otherwise availability of these personal data to this party.
Yes, we also transmit your personal data to a series of recipients or categories of recipients, in particular, but not only, in relation to the processing of personal data belonging to Investing Persons. These include:
Preamble – In the context of this Privacy Notice we understand “transfer” (or derived terms thereof) of personal data to third countries or international organisations as including the disclosure, the accessibility or the otherwise availability of these personal data to or from third countries or international organisations.
Yes, we do and will transfer personal data to third countries. And by third countries, we mean countries which do not belong to the European Economic Area and which legislation does not necessarily ensure an adequate level of protection as regards the processing of personal data.
In the Privacy Notice, you will find a brief description of the available lawful bases for performing transfers of personal data to third countries, as well as a table listing the recipient countries or third-country recipients to which we transfer or may transfer personal data (left-hand side column) together with the corresponding specific lawful bases and, where applicable, additional information (right-hand side column). Please refer to the Privacy Notice document available for download on this page for more details.
Preamble – “Profiling” is an automated processing of your personal data to evaluate personal aspects about you in order to produce your corresponding profile. A “solely automated decision” is an individual decision based solely on automated processing (including profiling), hence without human involvement.
You may be subject to profiling and/or to a solely automated decision. In some instances, you may even be subject to a so-called “significant effect solely automated decision” which is a solely automated decision (including profiling) producing legal effects concerning you or similarly significantly affecting you.
There are a few important rights that you specifically have in relation to profiling and significant effect solely automated decisions. These rights are listed below. You may exercise these rights upon notice to the contact point mentioned in Q&A 19 below.
Without prejudice to what follows, as a matter of general principle, we take care that your personal data is not held for longer than necessary with regard to the purposes for which they are or have been processed.
We hold personal data of Investing Persons at least until the concerned investor ceases to be an investor. We then hold these personal data for a subsequent period of 10 years where necessary to comply with applicable laws and regulations, and/or to establish, exercise or defend actual or potential legal claims.
Longer or shorter retention periods may apply where required by applicable laws and regulations, or as a result of applicable statutes of limitation. Some of these laws and regulations are listed in the Privacy Notice document available for download on this page.
In addition to your right of information as well as to rights otherwise described in this Privacy Notice or provided for in the GDPR, the available rights in relation to our processing of your personal data are as listed and briefly described below.
The relevant legal provisions of the GDPR describing these rights may in our opinion be read and understood by persons who are not personal data protection professionals. For each of the rights listed below, we have therefore mentioned the applicable key provisions which we invite you to consult for further information.
Under certain circumstances and within the limits set out by the GDPR:
You may exercise any of the above rights (other than the right to complain to a supervisory authority) via any contact point and by any means mentioned in Q&A 19 below.
There is a last general and important point we wish to draw your attention to. Your rights under the GDPR (including those listed above) are not “absolute” or unconditional. Your rights may then be limited to certain cases or circumstances, conditioned and/or affected by various elements such as the lawful basis of our processing (including the necessity to comply with a legal obligation or our or third-party legitimate interest).
Yes, Article 21 of the GDPR gives you a right to object, but this right is limited and depends on the purpose or lawful basis of our processing.
You may exercise your right to object via any contact point and by any means mentioned in Q&A 19 below.
There are certain cases where the provision of your personal data results from a legal or contractual obligation applicable to you and/or to us, or where the provision of your personal data is necessary for us to enter into, continue and/or implement a professional relationship and/or contract, and/or otherwise deal with you.
As a general rule, failure to provide certain requested personal data may result in the impossibility to communicate (or to communicate safely) with you and/or to fulfil certain of our duties, obligations and services.
As an Investing Person in particular, failure to provide certain requested personal data may result in the impossibility for you or the investor to invest or maintain an investment in the Fund. It may also result in incorrect or double reporting.
As a Fund Person, failure to provide certain requested personal data may result in the impossibility for us to give you or maintain a position within our organisation.
Please note that we may from time to time and as the case may be on a case-by-case basis indicate whether or not requesting and/or providing this information is mandatory for us and/or for you, respectively, and/or the reasons for which this is mandatory. Where necessary, we may also indicate on such occasions the consequences for your refusal to provide the requested information.
Yes, when we base the processing of your personal data on your consent, you have the right to withdraw your consent at any time, yet without affecting the lawfulness of all processing based on your consent before its withdrawal.
Your decision to withdraw your consent may be notified to any contact point and by any means mentioned in Q&A 19 below.
Although we have no intention to do that at the date of issuance of this Privacy Notice, we reserve the right to further process your personal data for a purpose other than that for which they were collected or obtained. If such were the case and prior to that further processing, we would provide you with information on that other purpose and with any relevant further information required by law which is not already contained in this Privacy Notice.
Yes, we believe that the following additional information might be of interest to you.
(A) Data protection officer
The data protection officer is governed by specific provisions of the GDPR (Articles 37 to 39) but is not defined in the GDPR. It may be described as the person appointed by an organisation to serve as its personal data protection guardian.
For your information, we have not appointed, and have no current plan to appoint, a data protection officer.
(B) Professional secrecy and confidentiality waiver
Any consent that you may give or may from time to time be requested to give in order to waive the professional secrecy or confidentiality duty to which we are subject pursuant to laws and regulations applicable to us is distinct from, and may not be construed as, any consent that you might give in the context of the GDPR.
(C) FATCA, CRS and other tax identification legislation to prevent tax evasion and fraud
To comply with “know your customer” and tax related laws and regulations such as FATCA and CRS at OECD and European levels or equivalent Luxembourg legislation, we are and our service providers may be obliged to collect and, where appropriate, report certain information in relation to you and your investments in the Fund (including but not limited to name and address, date of birth, U.S. tax identification number (TIN), account number, balance on account, the “Tax Data”) to the Luxembourg tax authorities (Administration des contributions directes) which will exchange this information (including personal data, financial data and Tax Data) on an automatic basis with the competent authorities in the United States or other permitted jurisdictions (including the U.S. Internal Revenue Service (IRS) or other US competent authority and foreign tax authorities located outside the European Economic Area) for the purposes provided for in FATCA and CRS at OECD and European levels or equivalent Luxembourg legislation.
In this context, it is mandatory to answer questions and requests with respect to the data subjects’ identification and investment held in the Fund. We reserve the right to reject any application for investment if the required information and/or documentation are not provided or the applicable requirements not complied with. Investors acknowledge that failure to provide the relevant information in the course of their relationship with the Fund may result in incorrect or double reporting, prevent them from acquiring or maintaining their investment in the Fund and may be reported to the relevant Luxembourg authorities.
(D) Update of this Privacy Notice and additional information
Any further update of this Privacy Notice as well as any additional information relating to our processing of personal data are accessible via the internet on https://www.lmdf.lu/en/privacy/ or upon request to the contact point mentioned in Q&A 19, below. If there are any significant changes, we make these clear either through the website or through another means of contact such as email.
Additional information relating to our processing of your personal data and further update of this Privacy Notice may also be found in the constitutive and offering documentation of the Fund, our contractual arrangements, or provided or made available, on an ongoing basis, through additional documentation (such as contract notes or specific notice and reports, whether periodic or not) and/or through any other communications channels, including electronic communication means, such as electronic mail, internet/intranet websites, portals or platform, as deemed appropriate to allow us to comply with our obligations of information according to the GDPR.
All the foregoing additional information and updates are deemed to be inserted by reference in and, where applicable, amend or replace, this Privacy Notice.
(E) What we expect from you – keeping your personal data up-to-date
It is important that the personal data we hold about you is kept accurate. We request that you inform us in writing and without undue delay about changes in the information you provide us about you so that we can keep it up-to-date while you continue to be in relation with us
(F) Other privacy information
Certain entities we are dealing with and who are acting as controllers in their own right in relation to your personal data have requested us to provide you with certain privacy information pertaining to their processing of personal data which may be relevant to you and/or natural persons with whom you are dealing. The privacy information so received is set out in the Schedules to this Privacy Notice. In the absence of proven negligence on our part or unless otherwise so compelled by mandatory rules of law, we bear no responsibility for this privacy information nor for any processing performed by these other controllers.
You may contact Mrs. Jennifer Urbain for any request, notice or other reasons via:
When you contact us, please, kindly provide your complete identification information, and state as clearly and completely as possible why you are contacting us and what you expect from us. Please kindly note that before we are able to revert to you or implement your request, you may be required to provide further identification details, information or clarification. You may also be required to fill out specific forms. All this may be needed for adequately addressing your solicitation, as well as protecting both your and our interests.