In the context of our service offering, Lemanik mainly acts as data processor for the personal data we process on behalf of our clients (e.g. investment funds).
In accordance with the GDPR definitions, when we refer to "personal data" we mean any data that could identify an individual, directly or indirectly, in particular, by reference to an identifier such as a name, ID number, location data, signature or online identifier.
Lemanik collects personal data and will act as the data controller of this data if you:
- are a client or represent one of our clients ( e.g. client being the sponsor of an investment fund, a client entering into discretionary mandate agreement with us)
- have a business relationship with us ( e.g. adviser or service provider)
- are candidate for a position at Lemanik
- use one of our websites
- visit us in our offices or register to attend an event organized or sponsored by Lemanik
1. Collection of personal data
We collect your personal data during the course of your business relationship with us. For example, when you engage with us in respect of a new relationship/prospective relationship, you will communicate with your contacts within Lemanik.
We may also receive data about you from other sources, such as directly from your organization or via other publicly available sources.
We combine data about you from various sources, including the data that you have provided to us directly.
Lemanik only collects data that is necessary to fulfil the purpose behind our relationship with you. We won't collect data we don't need. Personal data we collect fall within one or more of the below categories:
- Identification and professional data (e.g. first name, last name, e-mail address, date of birth, postal address, family members)
- Online identifiers (e.g. including IP addresses, cookie identifiers, online website tracking)
- Government issued identification numbers (e.g. national ID card, passport number, driver's license number)
- Financial data (e.g. bank account numbers, background checks)
- Communications (e.g. telephone conversations, voice recording when applicable, emails and meetings)
- Publicly available data: (e.g. data about you that is openly available on the internet/public statements)
- Sensitive data (e.g. in specific situation such as Politically Exposed Persons we may collect political data on you as data subject and on your relatives).
2. How we use your personal data
We will only process your personal data on the basis allowed in the GDPR, for the purposes below, and we will limit the use of sensitive data which have special legal protection.
3. Legal basis for processing your data
We will only collect, use and share your personal data where we are satisfied that we have an appropriate legal basis to do so.
Such legal basis may be one of the following:
- to fulfil a contract we have with you or to take steps to enter into a contract with you
- Customer relationship management
- to respond to complaints and seek to resolve them
- to provide certain services ( e.g. domiciliary agent)
- to comply with a legal or regulatory obligation
- Report to tax authorities
- to detect, investigate, report, and seek to prevent fraud, financial crime and anti-money laundering, for example through know-your-customer checks, AML screening and other identity checks
- to comply with other laws and regulations that apply to us, for example other financial services or country-specific legislation
- to fulfill our legitimate interest
- to develop new ways to meet our clients' needs and to grow our business, for example by seeking feedback or sharing our market research
- to log and monitor use and abuse of our technical services
- to understand how our clients use products and service from us
- to protect our IT systems, network and infrastructure
- to run our business in an efficient and proper way, for example managing our financial position, building our business capability, or for planning, communications, corporate governance or audit
- to provide direct marketing and/or provision of important regulatory updates
- or based on a consent that you have given us
- when you have provided data for use for certain marketing purposes.
DATA SHARING AND TRANSFERRING PERSONAL DATA GLOBALLY
Lemanik may share your data to manage our business and deliver services and/or to comply with applicable laws, regulations and rules.
Lemanik may transfer your personal data with:
- competent authorities (e.g. working to prevent fraud)
- our regulators (e.g. CSSF, CNPD, CONSOB ...)
- third parties which are bound by a contractual agreement and have agreed to confidentiality restrictions being located in the EU or in a country providing an adequate level of data protection
Should your personal data be processed in countries outside the EU or in countries not providing an adequate level of data protection, Lemanik will take appropriate steps to ensure that such processing will be executed in accordance with the below:
- transfers within Lemanik will be covered by an agreement to ensure that personal data receives an adequate and consistent level of protection wherever it is transferred within Lemanik
- where we transfer your personal data outside Lemanik, or to third parties who help provide our products and services, we obtain contractual commitments from them to protect your personal data by including standard contractual clauses as defined by the European Commission.
We may use personal data to let you know about Lemanik products and/or services that we believe will be of interest to you. We may contact you by email, post, or telephone or through other communication channels that we think you may find helpful. In all cases, we will respect your preferences for how you would like us to manage marketing communications with you.
YOUR RIGHTS AS A DATA SUBJECT
You have a number of legal rights in relation to the personal data that we hold about you and you can exercise your rights by contacting us using the details at the back of this document. These rights include:
- the right to obtain data regarding the processing of your personal data and access to the personal data which we hold about you
- the right to withdraw your consent to our processing of your personal data at any time in circumstances where you have explicitly given your consent
- the right to data portability via the receipt of some of your personal data in a structured, commonly used and machine-readable format and/or request that we transmit those data to a third party where this is technically feasible
- the right to request that we correct your personal data when your personal data is inaccurate or incomplete
- the right to request that we erase your personal data in certain circumstances
- the right to object to the processing of your personal data or the right to request that we restrict our processing of your personal data in certain circumstances.
Please note that these rights are subject to certain conditions like legal obligations, retention period requirements especially where you ask us to restrict the use of your personal data or the erasure of such data.
Any complaint can be logged with the applicable data protection regulator.
Should you have any question on the aforementioned or should you want to exercise one of the above rights, please contact [email protected] and visit GDPR Request section.