This Privacy Notice is issued by FundRock LIS S.A. (formerly Sanne LIS S.A. (“FundRock LIS”, “we”, “us” or “our”).

1. Who are FundRock LIS?

FundRock LIS is a third-party UCITS management company and AIFM headquartered in Luxembourg. It is an Apex Group company, for more information on Apex Group please visit www.apexgroup.com.

2. About this notice?

At FundRock LIS we collect personal information about you and are committed to protecting this information and your privacy. Set out below is an explanation of how we use, collect and safeguard your personal information. This Privacy Notice covers your interactions with FundRock LIS via our website, as prospective client or as vendor and where we receive personal data in connection with any services that we are engaged to provide to you or any company of which you are a member of or any company which engages us and provides us with your personal data (“Services”).

3. What personal information do we collect and why do we collect your information?

‘Personal information’ is any information that can be used to identify you or that we can link to you and which we have in our possession or control.

We will collect and process the following personal information about you:

  • Personal details such as your full name, title, occupation, nationality, country of residence, contact details, home/work address, email addresses and telephone numbers;
  • We may collect information about you where this is required in connection with our Services, including your contact information.
  • We are required by law to obtain “know your client” information as detailed in our terms of engagement for our Services, and this includes certain personal information including information contained in a formal identification document or social security or other unique reference relating to you.
  • We may receive information about you from a third-party source in connection with our Services. For example, we may carry out electronic verification checks or screening and/or may receive information about you from a public source or a third party in order to verify your identity or check whether you are a politically exposed person, or subject to any financial sanction or as may otherwise be required by law or regulation.
  • We may use your information to communicate, meet or correspond with you. We may keep a record of any correspondence you have with us, including certain telephone calls which we may be legally required to record (but we will inform you at the beginning of the telephone conversation if recording will be necessary).

If you do not provide us with personal information we request, we may not be able to provide you with some or all of our Services.

We collect this information in a variety of ways but mainly directly from you when you contact us or request information from us where we are providing Services to you or we receive Services from you including:

- When you register for our events, subscribe to our newsletters or mailing lists;

- Information set out in any agreements entered into with us;

- As part of the client due diligence process and through onboarding documentation;

- From subscription, redemption and transfer documentation, questionnaires and other forms and agreements in relation to ongoing services; and

- Personal data provided by you by way of correspondence with us by telephone, email or otherwise.

4. How do we use your personal information?

We will use the information we hold about you for the following purposes: 

In connection with a contract for services with you 

We will use and process your personal information where we require this in connection with our Services (or where you are in discussions with us about any new service). We will use this information in connection with our contract with you for the supply of those Services, (or when it is needed to enter into the contract); and so that we can communicate with you in relation to those Services (including notifying you of any changes to our Services).

Where it is necessary to comply with a legal obligation 

We may use, store and share your information where we are under a legal obligation to do so. This may include use of your information:

  • to verify your identity (including electronic checks or screening);
  • in connection with any legal obligation on us to report any fraud or other criminal activity (including money laundering or tax avoidance schemes).

In connection with this we may collect information in the public domain relating to any criminal activity or allegation of criminal activity. We may use this information in the substantial public interest in the detection or prevention of unlawful acts or in protecting the public against dishonesty, or for on suspicion of terrorist financing and money laundering. Any information of this type will be subject to appropriate safeguards with regards to security and to ensure your rights as a data subject are protected.

Where we have a legitimate interest

We may use and process your personal information where it is necessary for us to pursue our legitimate interests as a business for the following purposes.

  • for the detection and prevention of fraud and other criminal activities;
  • to verify the accuracy of data that we hold about you;
  • network and information security in order for us to take steps to protect your information against loss or damage, theft or unauthorised access;
  • to comply with a request from you in connection with the exercise of your rights;
  • assess and improve our service to customers through recordings of any calls;
  • management of queries, complaints, or claims; and
  • for marketing and promotion of complementary services; and
  • for client research and management, and to improve the quality of Services.

5. Who we share personal information with? 

We will only disclose your personal information in accordance with applicable laws and regulations. We will disclose your information to the following third parties:

  • any person with legal or regulatory power over us that may require disclosure on legal grounds (including central banks, regulators and law enforcement);
  • service providers engaged by us to help us run our business and perform the Services. Such service providers may include, for example, cloud or archive storage providers (engaged by us to provide electronic or physical storage facilities for our business data and your information), or providers of software or other IT resources;
  • any member of the Apex Group which means our affiliates, our ultimate holding company and its subsidiaries (from time to time) for the purposes described in this Privacy Notice;
  • to third party advisers of clients (including external legal counsel, notaries, auditors and tax advisers);
  • to counterparties, vendors and beneficiaries, and other entities connected with our clients;
  • to payment, banking and communication infrastructure providers including SWIFT, financial institutions or intermediaries with which we may have dealings (including correspondent banks), insurers/insurance brokers, central counterparties, clearing houses, clearing and settlement systems, exchanges, trading platforms, regulated markets, credit institutions and other service providers assisting on transactions.

Some of these third parties (including the Apex Group and service providers) may be outside of country where the information was collected, or you reside. We will ensure that prior to any such transfer outside of your country that adequate safeguards are contractually in place to ensure that your information is held securely and in accordance with data protection obligations and this Privacy Notice. Such steps may include entering into a data processing agreement requiring the recipient to protect the personal data with adequate safeguards, such as the European Commission’s Standard Contractual Clauses wherever the receiving party is located outside the EEA. Transfers within the Apex Group will be covered by an agreement entered into by members of the Apex Group (an intra-group agreement) which contractually obliges each member to ensure that your personal data receives an adequate and consistent level of protection wherever it is transferred within the Group.

6. How we keep your information secure? 

We store the information you provide about yourself in a secure database an

information you provide about yourself in a secure database and take appropriate security measures to protect such information from unauthorised access.

We take protection of your personal information and our system security very seriously. Any personal information which is collected, recorded or used in any way will have appropriate safeguards applied in line with our data protection obligations.

We implement internal and external audits and regular, independent assurance exercises across our business to ascertain the effectiveness of our security control environment and our security strategy.

Your information is protected by controls designed to minimise loss or damage through accident, negligence or deliberate actions. Our employees also protect your personal and confidential information whenever they are processing it and must undertake annual training on this.

Our security controls are aligned to industry standards and good practice; providing a control environment that effectively manages risks to the confidentiality, integrity and availability of your information.

All exchanges of information between you and our website go through encrypted channels in order to prevent interception of your information. Public access to your information via and our website / the portal / any web-hosted platform is protected by a login using your user ID and password. You should ensure that these are kept secret and not divulged to other people.

7. How long we will store your information for? 

We generally hold your personal data on our systems for as long as is necessary to provide our Services and for regulatory compliance. This can vary depending on the jurisdiction in which the FundRock LIS entity is operating in. The retention period will begin to run from the date you cease to use the Services or the termination of our Agreement in connection with legal or regulatory proceedings.

We must keep “Know your Client” information for 5 years after completion of our Services. We may be required to keep certain information about your appointment as a director of any company to whom we provide Services and will keep such records for as long as we are required to do so by law.

If we anonymise your personal information so that it can no longer be associated with you, it will no longer be considered personal information, and we can use it without further notice to you.

8. Your rights 

Depending on the data protection laws that apply to our processing of your personal information you may have the following rights in relation to how we use your information. If you’d like to exercise these rights please contact our DPO using the contact details listed at section 10 “Who can you speak to at FundRock about this Privacy Notice?”

Right to lodge a complaint - You have a right to complain to your local data protection supervisory authority at any time if you object to the way in which we use your personal information.

Right of access - You have the right to know if we are using your information and, if so, the right to access it and information about how we are using it. There will not usually be a charge for dealing with these requests. Your personal information will usually be provided to you in writing, unless otherwise requested. Where you have made the request by electronic means the information will be provided to you by electronic means where possible.

Right of rectification - We take reasonable steps to ensure that the personal information we hold about you is accurate and complete. However, if you do not believe this is the case you have the right to require us to rectify any errors in the information we hold about you.

Right to erasure - You have the right to require us to delete your information if our continued use is not justified. However, this will need to be balanced against other factors, depending upon the type of personal information we hold about you and why we have collected it, there may be some legal and regulatory obligations which mean we cannot comply with your request.

Right to restrict processing - In some circumstances, although you may not be entitled to require us to erase your information, but may be entitled to limit the purposes for which we can use your information.

Right of data portability - You have the right to require us to provide you with a copy of the personal information that you have supplied to us in a commonly used machine-readable format or to transfer your information directly to another controller (e.g. a third party offering services competing with ours). Once transferred, the other party will be responsible for looking after your personal information.

Right to object to direct marketing - You can ask us to stop sending you marketing messages at any time. Please see below.

Right not to be subject to automated-decision making - FundRock do not make decisions about you using automated decision making or profiling of your personal data.

Right to withdraw consent - For certain limited uses of your personal information, we may ask for your consent. Where we do this, you have the right to withdraw your consent to further use of your personal information. If you withdraw your consent, we may not be able to provide certain products and services to you. If this is the case, we’ll tell you at the time you ask to withdraw your consent.

In some circumstances exercising some of these rights will mean we are unable to continue providing you with your investment or maintaining a business relationship with you.

You can make any of the requests set out above using the contact details in this Privacy Notice. Please note that in some cases we may not be able to comply with your request for reasons such as our own obligations to comply with other legal or regulatory requirements. We will always respond to any request you make and if we can't comply with your request, we will tell you why.

9. Changes to this Privacy Notice 

We will update this Privacy Notice when necessary to reflect changes in the law, our used practices and in our services, as well as to ensure it is accurate and up to date. When we make an update we will amend the date at the top of this notice, you are therefore advised to check this Privacy Notice periodically. We may also notify you in other ways from time to time about the processing of your personal information.

10. How to contact us 

If you have any concerns or questions about this Privacy Notice or would like to exercise your rights as a data subject, you can contact us:

Email: dpo-lis@fundrock.com

Post: Data Protection Officer | FundRock LIS S.A.| 5 Heienhaff | L-1736 Senningerberg | Grand Duchy of Luxembourg

If you are not satisfied with our response or believe we are processing your personal information not in accordance with data protection laws, you can make a complaint to the supervisory authority in your jurisdiction or to FundRock LIS’s supervisory authority the Commission Nationale pour la Protection des Données at www.cnpd.public.lu/fr.html.

Get in touch with our team

Contact Us