General Data Protection Regulation (GDPR)
This Privacy Notice is intended to ensure that you are aware of the categories of your personal data we may collect, how we collect it, what we use it for and with whom we share it in accordance with the GDPR.
“Personal data” means any information relating to you but does not include data where you can no longer be identified from it such as anonymized aggregated data.
We will be a data controller in respect of your relationship with us. A data controller is responsible for deciding how to hold and use personal data about you. We may process your personal data ourselves or through others acting as data processors on our behalf.
Personal data held by us or on our behalf may include, but is not necessarily limited to, your name, residential address, place of business, email address, other contact details, corporate contact information, signature, nationality, country of residence, place of birth, date of birth, tax identification, tax jurisdiction, employment and job history, education details, regulatory status, credit history, correspondence records, passport number, bank account details, certain financial information contained within KYC documents, source of funds and details relating to your investment activity or preferences. We typically collect personal data about you when you provide information to us or others acting on our behalf. In addition, we may receive personal information about you from third parties.
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason which is compatible with the original purpose, in which case, we will notify you and explain the legal basis which allows us to do so.
We may also process your information where we are required by law to do so or if we reasonably believe that it is necessary to protect our rights and/or to comply with judicial or regulatory proceedings, a court order or other legal process.
There are more limited bases for processing special category personal data. This is personal data which reveals or contains racial or ethnic origin, political opinions, religious and philosophical beliefs, trade union membership, genetic data, biometric data, health data, sex life and sexual orientation. We do not intend to actively collect special category data about you. Whilst we will use reasonable efforts to limit our holding of such data, please be aware that we may hold such data incidentally.
Unless and until you make a decision to invest or otherwise engage in a business transaction with us, you are not required to provide us with any information. If you are invested with us, in some circumstances, if you do not provide us with certain information when requested, we may be limited in our ability to deal with you.
We may share your personal data with a third party where this is required by law, where it is necessary to perform our contract with you, or where we have another legitimate interest in doing so.
We may transfer the personal data we collect about you to non-EEA countries (including in particular United States). Those countries may not have the same standard of data protection laws as the EEA. Where this is the case, unless an exemption applies, we will seek to put in place appropriate safeguards where possible, such as the EEA-approved standard contractual clauses to ensure that your personal data is treated in a manner that is consistent with and respects the EEA laws on data protection.
We will retain your personal data for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, regulatory, accounting or reporting requirements and our legitimate interests in maintaining such personal information in our records. Generally, we will keep information relevant to our dealings with you for ten years following the last date of activity. In some circumstances your personal data may be anonymised so that it can no longer be associated with you, in which case it is no longer personal data. Once we no longer require your personal data for the purposes for which it was collected, we will securely destroy your personal data in accordance with applicable laws and regulations.
You have rights as an individual which you can exercise in relation to the information we hold about by contacting dpo@soteriou.law.
These rights are to:
request access to your personal data (commonly known as a “data subject access request”) and request certain information in relation to its processing;
request rectification of your personal data;
request the erasure of your personal data;
request the restriction of processing of your personal data;
object to the processing of your personal data;
request the transfer of your personal data to another party.
You will not usually have to pay a fee to access your personal data. However, we may charge a reasonable fee if your request for access is manifestly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
You also have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal data for a specific purpose, you may withdraw your consent for that specific processing by contacting dpo@soteriou.law
Please let us know if your personal data which we hold changes during your relationship with us.
We reserve the right to update this Privacy Notice at any time.
If you require any further information, please do not hesitate to contact