Privacy Policy

DATE OF LAST UPDATE: 08 JUNE 2023

Disclaimer

1. Who is responsible for your data

This Privacy Notice explains how Apheon (hereafter “we”, “us” or ”our”) collects, uses, shares and otherwise processes your Personal Data in connection with your relationship with us as our client, acting for a client or being generally interested in our services and our publications in accordance with applicable data privacy laws and the General Data Protection Regulation 2016/679 (“GDPR”) which is applicable as of 25 May 2018.

As “Data Controller”, for the purposes of the GDPR, we control (i) the way your Personal Data are collected and (ii) the purposes for which they are used.

2. Personal data we collect about you

As “Data Controller”, for the purposes of the GDPR, we control (i) the way your Personal Data are collected and (ii) the purposes for which they are used.

a) if you have consented to us doing so, or
b) if we need it to perform the contract we have entered into with you, or
c) if we need it to comply with a legal obligation, or
d) if we (or a third party) have a legitimate interest which is not overridden by your interests or fundamental rights and freedoms. Such legitimate interests will be the provision of services by us, administrative or operational processes and direct marketing

Categories of data we collect

We may collect personal information from you in the course of our business, when you contact or request information from us, when you engage our services or as a result of your relationship with one or more of our staff and clients.

DATA CATEGORY

TYPE

Personal

identification data

Name and surname
Title, Salutation (Mr / Mrs / Ms)
Postal and/or e-mail address
Phone numbers
Identification number
Date of birth
KYC documents (including a copy of your passport or national identity card)
Content you provide (such as CV, education history, comments, responses to questions)

Professional information

Job title
Department and name of organization

Financial Data

Subscription details
Payment related information
Information relating to your assets

Tax Information

Tax domicile and other tax related documents and information

Categories of data we collect

In the course of providing services to you, we may collect information that could reveal your racial or ethnic origin or conviction of criminal offences. Such information is considered “sensitive personal data” under the GDPR. We only collect this information in the case you have given your explicit consent, it is necessary according to legal obligations, or you have deliberately made it public.

For example, we may collect this information during the onboarding phase at the beginning of our business relationship when you provide us with an extract of your criminal record. Also, when you provide us with your personal documentation such as CV, copy of passport or ID card, your nationality and/or photo may imply your racial or ethnic origin.

By providing any sensitive personal data you explicitly agree that we may collect and use it in order to provide our services and in accordance with this Privacy Notice.

3. How and why we use your Personal Data

We use your Personal Data for the following purposes:

To provide our services to you
To communicate with you and manage our relationship with you
To improve our services, fulfil our administrative purposes and protect our business interests
To comply with our legal obligations (e.g. laws of the financial sector, anti-money-laundering and tax laws), including disclosures to tax authorities, financial service regulators and other regulatory and governmental bodies, and investigating or preventing crime
Any other purposes we notify to you from time to time

We will only use your Personal Data for the purposes for which we collected it and which we informed you about, unless we reasonably consider that we need to use it for another reason which is compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

4. Your rights in relation to your Personal Data

Under the GDPR you have rights as an individual which you can exercise under certain circumstances in relation to your Personal Data that we hold. These rights are to:

request access to your Personal Data (commonly known as a “data subject access request”) and request certain information in relation to its processing
request rectification of your Personal Data
request the erasure of your Personal Data
request the restriction of processing of your Personal Data
object to the processing of your Personal Data

If you want to exercise one of these rights please contact us at gdpr@apheon.com.
You also have the right to lodge a complaint at any time with the National Commission for Data Protection (“CNPD”), the Luxembourg supervisory authority for data protection issues, or, as the case may be, any other competent supervisory authority of an EU member state.

5. Security of your Personal Data

We are committed to taking appropriate technical and organisational measures to protect your Personal Data against unauthorised or unlawful processing and against accidental loss, destruction or damage.

Your Personal Data is stored in Luxembourg and/or Belgium in electronic and/or physical form. Any physical documentation is kept in a secure location at our premises. Electronic files that contain Personal Data are stored within a secured IT infrastructure.

6. Retention period

We will only retain your Personal Data for as long as we need it in order to fulfil the purposes for which it was collected and processed, including for the purposes of satisfying any legal, regulatory, accounting or reporting requirements.

Upon expiry of the applicable retention period we will securely destroy your Personal Data in accordance with applicable laws and regulations.

7. Sharing your Personal Data

Please note that we may use or disclose Personal Data if we are required by law to do so or if we reasonably believe that use or disclosure is necessary to protect our rights and/or to comply with judicial or regulatory proceedings, a court order or other legal process. Where a transfer of your Personal Data is necessary to a location outside the European Economic Area (“EEA”) we will take appropriate measures, in line with Chapter 5 of the GDPR (transfers of personal data to third countries or international organisations), to ensure that your personal data is processed in a secure manner, and in accordance with applicable data protection laws.

8. Fees

You will in general not have to pay a fee to exercise any of your individual rights mentioned in this Privacy Notice, to the extent your request to exercise those rights are not manifestly unfounded or excessive.

9. Changes to your Personal Data

We are committed to keeping your Personal Data accurate and up to date. Therefore, if your Personal Data changes, please inform us of the change as soon as possible using the contact information provided below.

10. Updates to our privacy notice

We reserve the right to update this privacy notice at any time, and we will make an updated copy of such privacy notice publicly available.

11. Website notice

This Privacy Notice concerns only the Apheon website and does not concern any website to which the Apheon website may link. Should you choose to visit these third-party sites, you should review their privacy policies to ensure that you understand and are comfortable with their practices concerning your personally identifiable information.

12. Contact information

If you have any concerns or require any further information, please do not hesitate to contact us at gdpr@apheon.com or send your request to the following address:

Apheon

Ref. Data Protection
19-21, route d’Arlon
L-8009 Strassen
Luxembourg