The following definitions apply:
 

• “Personal Data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
   

• “Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether by automated means, such as collection, recording,
  organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
   

WHAT TYPES OF DATA WE COLLECT
 

• Identity data, such as first name, surname, username or similar identifier and in some cases, date of birth and gender;
   

• Contact data, such as address, email address and telephone numbers;
   

• Financial data, such as bank account and payment card details;
   

• Transaction data, such as details about payments;
   

• Technical data, such as internet protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website;
   

• Profile data, such as your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses;
   

• Marketing and communications data, such as includes your communication preferences in receiving marketing information from us and our third parties.
   

By providing your information, you expressly agree that your data will be processed by Governance.com for the purposes indicated below (see How we use your personal data).
 

We do not collect any special categories of personal data about you, such as details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data.

Where appropriate and permitted by law, we may seek information about you from other sources, generally in relation to due diligence and client on-boarding process.

If any information you provide to us relates to someone else, by providing us with such information you confirm that you have obtained permission to do so.

HOW WE USE YOUR PERSONAL DATA

Governance.com processes your personal data for the following purposes:
 

• Providing you with the information or services you have requested (including sending a commercial offer or responding to a contact request);
   

• Contacting you about various events, including product updates and customer support, or sending you a newsletter;
   

• Collecting information enabling us to improve/secure our website and services.
   

OUR LEGAL BASIS FOR PROCESSING YOUR DATA
 

Depending on the purpose of the processing activity, the legal basis for processing your personal
data will be either:
 

• Pre-contractual obligation (including sending a commercial offer or a response to a contact request);
   

• Consent: if you have requested us to send you information about our services or if you have subscribed to receive our newsletter;
   

• Legitimate interest, whereby your interests and fundamental rights do not outweigh those interests.
   

HOW WE USE YOUR PERSONAL DATA
 

Typically, we will use your personal data in the following circumstances:
 

• Where we need it to perform the contract which we are about to enter into or have entered into
  with you;
   

• Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not outweigh those interests;
   

• Where we need to comply with a legal or regulatory obligation;
   

• Engaging in marketing and business development activity in relation to our existing and future investment opportunities. This may include sending you newsletters, presentations, performance reports and other marketing material.​
   

DATA RETENTION PERIOD
 

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

We may consider the following when determining the appropriate data retention period:
 

• The period required to fulfil our purpose for processing; and
   

• Any legal obligations we have in relation to your personal data such as law or regulation requiring us to hold the data for a set period.
   

Whenever we process your personal data on the basis of your consent, you have the right to withdraw your consent at any time by contacting us as indicated below or by clicking the unsubscribe link in the email communication we send you. Please note that the withdrawal of your consent does not affect the lawfulness of the personal data processing based on consent prior to its withdrawal.
 

DATA SECURITY
 

We implement appropriate technical and organisation security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties on a need-to-know basis.
 

Security requirements are continually evolving, and effective security requires frequent assessment and regular improvement of outdated security measures. We are committed to continuously evaluate, strengthen, and improve the measures we implement.
 

TRANSFER OUTSIDE THE EUROPEAN ECONOMIC AREA

Governance.com does not transfer personal data outside the European Economic Area (the “EEA”).

YOUR RIGHTS

 

You have the right to obtain access to the personal data held by Governance.com about you and to request its rectification or erasure, or restriction of processing or, where applicable, the right to object to processing or the right to data portability. Where the processing is based on your consent or explicit consent, you also have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

You can exercise these rights by contacting the Data Protection Officer (DPO) at our company address or by email at dpo@governance.com.

Requests will be dealt with by the DPO and will be responded to within 1 month at the latest, starting from the moment of your identity confirmation. We may request additional information to help us confirm your identity and to ensure that you have the right to access the personal data (or to exercise any other of your rights). This is a security measure to ensure the non-disclosure of your personal information to an unauthorized person.

If you are not satisfied with our response, you also have the right to lodge a complaint at any time with the National Commission for Data Protection (“CNPD”), the Luxembourg supervisory authority for data protection issues.

UPDATES TO THE PRIVACY STATEMENT

We regularly review this Privacy Statement, and we may change, modify, add, or remove information at any time. We will post any modifications or changes to this Privacy Statement on our website prior to such changes taking effect.
 

Last update: 21 June 2023