Privacy notice

This Privacy Notice explains how SF Business Services (Luxembourg) S à R L (“the Company”) collects, uses, and discloses your personal data, and your rights in relation to the personal data it holds.

In this Privacy Notice, “us”, “we” and “our” refers to the Company.

The Company is the data controller of your personal data, and is subject to the Law of 1 August 2018 on the organisation of the National Data Protection Commission and the General Data Protection Regulation 2016/679 (the “GDPR”). Our Data Privacy Officer (“DPO”) is Mr Peter Egan. His contact details are:

Email: luxprivacyofficer@stonehagefleming.com

Telephone: +352 2744 7303

We may amend the Privacy Notice portion of this form from time to time, to reflect any changes in the way that we process your personal data. The Privacy Notice portion of this form supersedes any previous Privacy Notice version with which you may have been provided with, or had sight of, before the date stated below, as well as anything to the contrary contained in any agreement with us.

You have the following rights:

  • To obtain access to, and copies of, the personal data that we hold about you;
  • To require that we cease processing your personal data if the processing is causing you damage or distress;
  • To require us not to send you marketing communications;
  • To require us to erase your personal data;
  • To require us to restrict our data processing activities;
  • To receive from us the personal data we hold about you which you have provided to us, in a reasonable format specified by you, including for the purpose of you transmitting that personal data to another data controller;
  • To require us to correct the personal data we hold about you if it is incorrect.

Please note that the above rights are not absolute, and we may be entitled to refuse requests where exceptions apply.

You can find out more about your rights under data protection legislation at https://cnpd.public.lu

If you have any questions about how we use your personal data, or you wish to exercise any of the rights set out above, please contact our DPO using the following:

Post: 58 rue Charles Martel, L-2134 Luxembourg

Email: luxprivacyofficer@stonehagefleming.com

Telephone: +352 2744 7303

If you are not satisfied with how we are processing your personal data, you can make a complaint to the Commission Nationale pour la Protection des Données (CNPD) (https://cnpd.public.lu/en)

Depending on the nature of the relationship we have with you, we may collect your personal data in a number of ways, for example:

  • From the information you provide to us when you meet with one of our employees;
  • When you communicate with us by telephone, fax, email or other forms of electronic communication. In this respect, we may monitor, record and store any such communication;
  • When you or your agent complete forms that we have provided to you;
  • From other companies in the Stonehage Fleming Group;
  • From those who have contracted with third parties to provide information to us;
  • From your agents and advisers, insurance companies, fund managers, investment managers and custodians of your assets;
  • From publicly available sources, or from third parties, where we need to conduct background checks about you.

We may collect the following categories of personal data about you:

  • Your name and contact information such as address, email address and telephone number, as well as your date of birth, your passport number or national identity card details, country of domicile and your nationality;
  • Information about your knowledge and experience in the corporate field, and the investment field (where relevant for direct investments);
  • Information relating to your financial situation such as assets and liabilities, sources of wealth;
  • Information about your employment, education, family or personal circumstances, and interests;
  • Information relating to your tax affairs including your tax status and tax identification number;
  • Information, some of which is collected daily, to assess whether you may represent a money laundering, terrorist financing or reputational risk to the Group. This includes whether you are a Politically Exposed Person, are involved in a high risk business, have been arrested, charged or convicted of a crime, are on a sanctions list or expose us to tax, litigation, bribery or corruption risk.
  • Information relating to you and your financial situation such as your industry and marketing segment, the services we offer which may be of interest, your net worth, income, expenditure, assets and liabilities, sources of wealth and your bank account details, including counterparties’ bank details and information relating to those involved in the payment.

Where we process your data other than with your consent

We may process your personal data without your specific consent because it is necessary for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into a contract.

In this respect, we use your personal data for the following:

  • Where you seek services from us, to prepare a proposal for you or for an entity with which you are associated regarding the services we offer;
  • To provide you with services as otherwise agreed with you from time to time;
  • To permit you or a company or entity associated with you acquire or make an investment or loan
  • To deal with any complaints or feedback you may have;
  • For any other purpose for which you provide us with your personal data.

In this respect, we may share your personal data with the following:

  • Your advisers, agents and intermediaries;
  • Our advisers where it is necessary for us to obtain their advice or assistance;
  • Potential counterparties and their advisers in relation to our financing or direct investment opportunity services;
  • Banking and other payment institutions, where it is necessary to make or receive payments by or on your behalf;
  • Companies or Trusts within our Group;
  • Our data storage providers.

We may also process your personal data because it is necessary for our legitimate interests.

In this respect, we may use your personal data for the following:

  • For the administration, management and growth of our business;
  • To meet our compliance and regulatory obligations;
  • Seeking advice on our rights and obligations, such as where we require our own legal advice;
  • To mitigate the risks we face.

In this respect we may share your personal data with the following:

  • Our advisers or agents where it is necessary for us to obtain their advice or assistance;
  • With relevant regulators or law enforcement agencies, where we are required to do so;
  • With third parties and their advisers where those third parties are acquiring, or considering acquiring, all or part of our business.

We may also process your data for our compliance with a legal obligation which we are under.

In this respect, we may use your personal data for the following:

  • To meet our compliance and regulatory obligations, such as compliance with anti-money laundering laws and countering terrorist financing regulations and tax reporting requirements.

In this respect, we may share your personal data with the following:

  • Our advisers where it is necessary for us to obtain their advice or assistance;
  • Our auditors where it is necessary as part of their auditing functions;
  • With third parties who assist us in conducting background checks;
  • With banking and other payment institutions;
  • With relevant regulators or law enforcement agencies, where we are required to do so.

We may transfer your information to other Group companies, outside of Luxembourg, located in Switzerland, the United Kingdom, Israel, Jersey, Liechtenstein, Malta, Isle of Man, Canada or Guernsey which are countries which provide the same or a similarly adequate level of protection for your personal data as provided within Luxembourg.

We may also share your personal data with Group companies located in the United States of America, South Africa, Monaco and Mauritius, which do not have laws which provide the same level of protection to your personal data as provided within Luxembourg. We will use Standard Contractual Clauses, as a safeguard, when making transfers to these countries.

We may also share your personal data with other companies or service providers that we have engaged to assist us in providing services to you. These companies may be located in jurisdictions which currently do not have laws which provide the same level of protection to your personal data as provided within Luxembourg. Where we share your personal data with a company or service provider in a non-adequate jurisdiction we will do this using either a contractual data sharing arrangement, another available safeguard or with your explicit consent.

If you wish to receive details regarding all of the companies within the Group which we have engaged to assist in delivering services to you or to entities in respect of which you are connected or have an interest and with whom we have shared your information please contact us at luxprivacyofficer@stonehagefleming.com

We retain your personal data for a period of ten years after the termination of our relationship with you in case any claims arise out of the provision of our services to you. We may keep your information for longer where:

  • We are required to do so by law;
  • There is litigation or an investigation;
  • It may be required to assist with a future tax or regulatory query.

Version: 11 October 2023