Data Protection Policy

March 2024

This is the data protection policy adopted by Fidux Trust Company Limited (UK & Gibraltar) (“FT”), Fidux Management Services GmbH (“Fidux Vienna”), Fidux Fund Services Limited (“FS”), Fidux Group Limited (“FG”), Fidux Management Limited (“FM”) and all other licensed service companies, collectively known as “Fidux” or the “Firm”. Fidux complies with the requirements of the European Union (“EU”) General Data Protection Regulation (“GDPR”) and all other relevant data protection legislation which applies to the Firm.

Fidux wishes to provide its clients and other individuals (together the “Data Subjects”) with total confidence at all times that it operates to the highest levels of confidentiality when holding, managing and processing data and documentation. In providing its services (the “Services”) Fidux may collect, use, consult, record, store, adapt, transfer or otherwise process a Data Subjects’ Personal Data. Fidux is considered as a ‘data controller` and will at all times act accordingly under the provisions of the data protection legislation in force.

The term “Personal Data” refers to the information a Data Subject provides to the Firm in the form of, but not limited to, identity documents or copies thereof, proof of address, source of wealth or income and source of funds to be used in the relationship, contact details or other documents or information containing personal information relating to a Data Subject. Such Personal Data will at all times be kept secure whether in paper form or computerised. Fidux operates sophisticated antivirus, antimalware, antispam and advanced threat protection technologies that strongly mitigate the risk of its IT systems being compromised and all systems are regularly updated and actively monitored. Should Fidux need to exchange data between offices of Fidux to provide any services such exchange is exclusively through VPN encrypted connections.

Personal Data will be processed by Fidux to discharge its legal obligations under any applicable law related to the performance of the services provided (e.g. anti-money laundering and terrorist financing legislation), to carry out activities necessary to perform the agreed services or in order to contact a Data Subject. Personal Data is only requested by Fidux in order to perform one or more of these functions.

Any Personal Data provided by a Data Subject will only be transferred to a third party to the extent the transfer is necessary to perform the services or to comply with a legal obligation to which Fidux, [as data controller,] is subject. Further, Fidux may transfer copies of Personal Data to third countries outside the EU which may not have an adequacy decision by the European Commission if necessary for the performance of the agreed services.

In relation to Personal Data which is held by Fidux, in accordance with data protection laws a Data Subject has rights as follows: (a) to access a copy of the Personal Data held by a data controller; (b) to request the rectification of the Personal Data in the event of error; (c) to have its Personal Data erased (‘right to be forgotten’) provided that the Group is not under an obligation, howsoever arising, to keep the Personal Data; (d) to ask for the restriction of the processing of Personal Data with the aim of limiting processing in the future; (e) to object at any time to the processing activity; and (f) to have its Personal Data transmitted directly from Fidux to another data controller, where technically feasible (‘right to data portability’). These rights are enforceable by a data subject to the extent they are compatible with legal and contractual obligations to which Fidux complies.

In accordance with legal and regulatory requirements, Fidux will retain Personal Data of a client for a period of five (5) years (for Fidux Vienna this period is seven (7) years in order to comply with Austrian accounting rules) following the termination of the relationship between Fidux and the client. This period may be extended by force of law, regulatory requirement or agreement between the parties.

Where a Data Subject for which Fidux holds Personal Data wishes to make a complaint related to the processing activities of its Personal Data, it shall first address the complaint to the relevant office of Fidux(please see Contact details on the website). If the complaint remains unresolved, the individual may lodge a complaint with the relevant data protection authority or supervisory authority located in the country of their habitual residence, place of work, or where the alleged infringement happened.

Should any party wish to know more about our data protection policy or should a Data Subject wish to know what Personal Data is held by Fidux please email on dataprotection@fidux.com stating your full name and the Company in the Group with whom you have the business relationship.