Privacy Notice

Effective Date: 01.10.2024

1. Introduction

HF Arode Asset Management S.A. ("we", "us", "our") is committed to protecting your privacy and ensuring the confidentiality and security of your personal data. This privacy notice complies with the EU General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) and Luxembourg’s Law of 1 August 2018, which complements the GDPR. It outlines how we collect, process, and protect your data when you use our website or engage with us in any other capacity.

2. Data Controller and Contact Information

As the data controller, HF Arode Asset Management S.A. determines the purposes and means of processing personal data in accordance with the GDPR. For any queries or to exercise your rights, please contact our Data Protection Officer (“DPO”) at:

Data Protection Officer
HF Arode Asset Management S.A.
Email: riskcompliance@hfarode.com
Phone: 00352 2010 20 70

3. Data We Collect and Process
We collect the following categories of personal data in accordance with GDPR Articles 5 and 6:

Contact Information: Name, email address, phone number, company name, etc.
Financial Information: Account and transaction data in compliance with UCITS regulations.
Technical Data: IP addresses, cookies, and browser information collected from your interaction with our website.
Compliance and AML Data: Personal data collected for anti-money laundering (AML) and know-your-customer (KYC) purposes under the Law of 17 December 2010 on Undertakings for Collective Investment (UCITS).

4. Legal Basis for Processing

Our processing activities are grounded in several legal bases as outlined in GDPR Article 6, including:

Contractual necessity: For the performance of contracts relating to our fund management services.
Legal obligations: To comply with regulatory requirements under the UCITS and CSSF (Commission de Surveillance du Secteur Financier) guidelines.
Legitimate interests: To improve our services, maintain security, and protect our business.

5. Data Sharing and Transfers

In accordance with GDPR Article 28, we may share your personal data with third parties such as service providers (e.g., IT services, fund administrators) who act as data processors under binding agreements ensuring data protection compliance.

If data is transferred outside the EEA, we ensure such transfers are compliant with GDPR Articles 44-50 by implementing appropriate safeguards, such as EU Standard Contractual Clauses (SCCs) or adequacy decisions by the European Commission.

6. Data Retention

We retain your personal data for the period necessary to fulfill the purposes for which it was collected, or as required by law. Specific retention periods comply with the CSSF Circular 18/698 and Luxembourg’s financial sector regulations.

7. Your Rights as a Data Subject

Under GDPR, you have the right to:

Access your personal data (Article 15 GDPR).
Rectify any inaccurate data (Article 16 GDPR).
Erase your data, subject to legal retention requirements (Article 17 GDPR).
Restrict or object to processing (Articles 18 and 21 GDPR).
Data portability (Article 20 GDPR).
Withdraw consent at any time, without affecting the lawfulness of processing based on prior consent (Article 7 GDPR).

To exercise these rights, please contact our DPO.

8. Data Security Measures

We implement appropriate technical and organizational measures, as required under GDPR Article 32, to protect your data from unauthorized access, loss, or misuse. These include encryption, pseudonymization, access controls, and regular audits.

9. Regulatory Compliance

As a UCITS fund manager regulated by the CSSF, we adhere to Luxembourg's Law of 17 December 2010 and the Law of 1 August 2018, alongside GDPR, in ensuring robust data protection standards. Any disputes concerning data protection may be directed to Luxembourg’s National Commission for Data Protection (CNPD).

10. Updates to this Privacy Notice

We may update this privacy notice in compliance with evolving data protection laws. Any updates will be posted on our website.