1. Introduction
AFA Management Sàrl ("we", "our", "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Investor Portal.
2. Data Controller
AFA Management Sàrl
Registered Office: [Address], Luxembourg
RCS Luxembourg: [Registration Number]
Contact: [email protected]
3. Information We Collect
Personal Information:
- Name, title, date of birth
- Contact information (email, phone, address)
- Nationality and tax residence
- Identification documents (passport, national ID)
- Tax identification numbers
- Professional information and source of wealth
Investment Information:
- Investment amounts and portfolio details
- Transaction history
- Banking information for transfers
- Investment preferences and risk profile
Technical Information:
- IP address and browser information
- Login times and access logs
- Device information
4. How We Use Your Information
We process your personal data for the following purposes:
- Contract Performance: To process your investment subscriptions and manage your investor relationship
- Legal Compliance: To comply with KYC/AML regulations, tax reporting (FATCA, CRS), and CSSF requirements
- Legitimate Interests: To provide customer service, improve our platform, and ensure security
- Consent: Where you have provided explicit consent for specific processing activities
5. Data Sharing and Disclosure
We may share your information with:
- Service Providers: Third-party service providers who assist in platform operations (email services, hosting)
- Regulatory Authorities: Luxembourg CSSF, tax authorities, and other regulatory bodies as required by law
- Referrers: Your designated referrer (with your consent)
- Legal Requirements: When required by court order or legal process
We do not sell your personal data to third parties.
6. Data Security
We implement industry-standard security measures including:
- SSL/TLS encryption for data transmission
- Secure authentication mechanisms (magic link passwordless authentication)
- Regular security audits and updates
- Access controls and activity logging
- Encrypted data storage
7. Your GDPR Rights
Under GDPR, you have the following rights:
- Right of Access: Request a copy of your personal data
- Right to Rectification: Correct inaccurate or incomplete data
- Right to Erasure: Request deletion of your data (subject to legal retention requirements)
- Right to Restriction: Limit how we process your data
- Right to Data Portability: Receive your data in a structured format
- Right to Object: Object to processing based on legitimate interests
- Right to Withdraw Consent: Withdraw consent at any time (where consent is the legal basis)
To exercise these rights, contact: [email protected]
8. Data Retention
We retain your personal data for as long as necessary to fulfill the purposes outlined in this policy, comply with legal obligations (typically 10 years for financial records under Luxembourg law), and resolve disputes.
9. International Data Transfers
Your data is primarily processed within the European Economic Area (EEA). Any transfers outside the EEA are protected by appropriate safeguards such as Standard Contractual Clauses approved by the European Commission.
10. Cookies and Tracking
Our Portal uses essential cookies for authentication and session management. We do not use marketing or advertising cookies. For more information, see our Cookie Policy.
11. Complaints
If you have concerns about how we handle your personal data, you have the right to lodge a complaint with the Luxembourg National Commission for Data Protection (CNPD):
CNPD
15, Boulevard du Jazz
L-4370 Belvaux, Luxembourg
Website: cnpd.lu
12. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of material changes by email or through the Portal.