Policy


vezextra Inc. and its subsidiaries (collectively “vezextra”) are committed to safeguarding Personal Information (“PI”) and processing PI in line with applicable privacy and data protection laws. Our privacy notices set out the PI collected by vezextra, the purposes for which PI is collected and processed, who it may be disclosed to as well as Individuals’ Rights. For further information please click on the notice that is relevant to your relationship with vezextra. In addition, our Cookie Notice applies to any person visiting any of vezextra websites. vezextra Privacy Notice Last revised: 1 June 2024 Introduction vezextra is committed to safeguarding and processing personal information (“PI”), including sensitive personal information (“SPI”)1, in line with all applicable privacy and data protection laws. Many of our offices are located in countries with laws governing the processing of PI. “vezextra”, “we”, “us” or “our” means vezextra, Inc., each of the direct or indirect subsidiaries of vezextra, Inc. (the “vezextra Group”) and vezextra managed products. vezextra, Inc., vezextra Group functions and the entity you contract with are the controllers of your PI. References to “you” or “your” refers to individuals whose PI is processed by vezextra, including individual investors, and client employees, officers or agents (together “Representatives”) with direct or indirect relationships (such as those who invest through an intermediary); and beneficial owners of an organization or entity in connection with: the provision of services to potential and actual clients; transactions to which we are party (including those which we effect on behalf of clients); or services provided to us by a third-party vendor. If your contract is with the vezextra Group, the vezextra entity you contract with will be the controller of your PI. If you are an investor in a vezextra managed product, the associated vezextra management company and the managed product, if a separate legal entity, will be separate controllers. This privacy notice applies to your relationship with vezextra. This Privacy Notice sets out the purposes for which we collect, use, and disclose (collectively “Processing”) PI and how it is protected. It also sets outs individuals’ rights in relation to the processing of their PI. There may be additional terms, conditions and commitments that also govern how we collect, use and disclose your PI, which should be read in conjunction with this Privacy Notice. PI we collect about you PI is information relating to an individual, which can be used either alone or with other sources of information to identify that individual. PI does not include information where the identity of the individual or the specific detail of the information has been removed and is therefore non-attributable. SPI is a sub-category of PI that includes PI relating to race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about health and genetic and biometric data. The nature of the information that we collect will depend on the services provided, applicable laws and our relationship with you. We categorize the PI we may process as follows (the PI listed for each category are non-exhaustive examples): Identification data Full name, title, gender, marital status, date of birth, passport number, driving license number, national identification number, signature. Contact data Personal address, telephone number, email address. Electronic Monitoring data To the extent permitted by law, we may record and monitor your electronic communications with us, including telephone conversations, email, instant messaging and any other electronic communications. Financial data Account number, client reference number; account statements, investment history. Marketing, Behavioral and Communications data Marketing and communication preferences; information about your use of our websites, our portals and platforms as explained in our Cookie Notice. Professional Information data Position/job title, business address, business telephone number business email address. Profile data Username and password for our online services that you have access to, investments made by you, services requested, marketing communications responded to survey responses. Services data Payment details to and from you, details of services you have provided to us, or we have provided to you. vezextra Building and Assets Security data Records of visits to our premises, CCTV recordings. Technical data Your use of and interaction with our online services, your IP address browser type and version, browser plug in types and versions operating system. SPI In limited circumstances we may collect information about criminal convictions and offences, when legally required; dietary requirements, if we are arranging catering; disability, to make reasonable accommodations for you in our buildings; political affiliations, for us to determine whether you are a politically exposed person. We collect PI in relation to you in several ways, including: Directly from you when provided to us in connection with a vezextra product or service; such as a completed investment application form. If you are Representative of an organization or entity that is a client or vendor of vezextra, and that organization or entity provides us with your PI. Throughout the course of our relationship with you, including where you change your details, provide additional PI, or where the services we are providing to you change. From public sources where you have been interacting with us via social media or where you have been notified that your PI is considered for talent acquisition purposes, including via public profiles on social media. From third parties such as credit reference agencies. From visits to our websites or through logging into any of our online services. We may also create or derive PI such as creating records of your interactions with us, subject to applicable law. Unless we otherwise indicate that the provision of specific PI is optional, any PI we request is necessary for us to provide you or your organization or entity with the products and services requested. If you do not provide the PI requested, we may not be able to provide those products and services. Purpose and legal basis for processing your PI The below table sets out the purposes and basis for which we process PI. Processing Purpose Category of PI Basis of Processing To consider opening an account, or entering into a relationship at your request, including performing anti-money laundering, anti-terrorism, sanction screening, fraud and other due diligence checks · Identification data
· Contact data
· Electronic Monitoring data
· Financial data
· Professional Information data
· Services data
· SPI
· Performance of a contract
· Legal or regulatory obligation
· Legitimate interests: ensuring we do not accept the proceeds of criminal activities or assist in fraudulent or any unlawful activities, such as terrorism
To deliver the services you have requested, including liaising with third parties (e.g., brokers for the purposes of executing transactions) and to provide access to our technology solutions services (e.g., Aladdin)
· Identification data
· Contact data
· Electronic Monitoring data
· Financial data
· Profile data
· Services data
· Technical data
· Marketing and Communications data
· Professional Information data
· Performance of a contract
· Legal or regulatory obligation
· Legitimate interests: ensuring that you are provided with the best client services and visitor services we can offer, and securing a prompt payment of any fees, costs and debts in respect of our services
To manage payments, fees, and charges and to collect and recover money owed to us
· Identification data
· Contact data
· Financial data
· Professional Information data
· Services data
· Performance of a contract
· Legitimate interests: ensuring we can manage payments, fees and charges and to collect and recover money owed to us To manage our relationship with you which will include notifying you about changes to our terms of business or this privacy notice
· Identification data
· Contact data
· Electronic Monitoring data
· Profile data
· Marketing and Communications data
· Professional Information data
· Performance of a contract
· Legal or regulatory obligation
· Legitimate interests: ensuring we can notify you about changes to our terms of business or this notice
To interact with governmental or regulatory bodies or other competent national authorities · Identification data
· Contact data
· Electronic Monitoring data
· Financial data
· Services data
· Professional Information data
· Legal or regulatory obligation
· Public interest
To detect or prevent fraud and/or other criminal activity and to protect our employees and assets · Identification data
· vezextra Building and Assets Security data
· Contact data
· Electronic Monitoring data
· Financial data
· Professional Information data
· Profile data
· Services data
· Technical data
· Legal or regulatory obligation
· Public interest
· Legitimate interests: protecting vezextra and client assets, detecting, and protecting against breaches of our policies and applicable laws protecting vezextra employees To manage and protect our business, including improving data security, troubleshooting data and systems, system maintenance and testing, data hosting, managing our offices and other facilities
· Identification data
· Contact data
· Electronic Monitoring data
· Profile data
· Technical data
· Marketing and Communications data
· Professional Information data
· Legal or regulatory obligation
· Legitimate interests: ensuring the efficient and secure running of our business, including through office and facilities administration, maintaining information technology services, network and data security and fraud prevention To invite you to take part in market insight or other events, or client seminars or similar, and to manage your participation in them
· Identification data
· Contact data
· Profile data
· Technical data
· Marketing and Communications data
· Professional Information data
· Consent
· Legitimate interests: ensuring our client records are up to date, promoting our client services, receiving feedback, improving our services, identifying ways to expand our business To send you marketing communications and service updates (including by paper and electronic channels and personalization in authenticated instances) and to better understand how our websites and platforms are used and to improve user experience.
· Identification data
· Contact data
· Profile data
· Technical data
· Marketing and Communications data
· Professional Information data
· Consent
· Legitimate interests: reviewing how clients use, and what they think of, our services, identifying ways to improve and expand our business
In relation to vendor services: Purpose and/or activity Type of data Legal basis for processing To engage you or the organization or entity you work for as a new supplier, including performing anti-money laundering, anti-terrorism, sanctions, fraud, and other background checks · Identification data
· Contact data
· Electronic Communications data
· Financial data
· Services data
· Professional Information data
· Performance of a contract
· Legal or regulatory obligation
· Legitimate interests: ensuring we do not deal with proceeds of criminal activities or assist in any other unlawful or fraudulent activities for example terrorism
· Public interest To manage payments, fees, and charges and to collect and recover money owed to us
· Identification data
· Contact data
· Financial data
· Professional Information data
· Services data
· Performance of a contract
· Legitimate interests: ensuring we can manage payments, fees, and charges; to collect and recover money owed to us
Where we provide you access to our systems we need to manage and protect our business, including improving data security, troubleshooting data and systems, system maintenance and testing, and data hosting
· Identification data
· Contact data
· Profile data
· Technical data
· Legal or regulatory obligation
· Legitimate interests: ensuring the efficient and secure running of our business, including maintaining information technology services, network, and data security To whom we disclose your PI In connection with one or more of the purposes outlined in the section ‘Purpose and Legal basis for processing your PI’ above, we may disclose PI in any jurisdiction to: other members of the vezextra Group; professional advisors, third parties, agents or independent contractors that provide services to any member of the vezextra Group (such as IT systems providers, platform providers, financial advisors, brokers, consultants (including lawyers and accountants)); goods and services providers (such as providers of marketing services where we are permitted to disclose your personal information to them), intermediaries, brokers, and other individuals and entities that partner with us; competent authorities (including any national and/or international regulatory or enforcement body, agency, court or other form of tribunal or tax authority) or their agents where vezextra is required or allowed to do so under applicable law or regulation; a potential buyer, transferee, merger partner or seller and their advisers in connection with an actual or potential transfer or merger of part or all of vezextra’s business or assets, or any associated rights or interests, or to acquire a business or enter into a merger with it; credit reference agencies or other organizations that help us to conduct anti-money laundering and anti-terrorist financing checks and to detect fraud and other potential criminal activity; and any person to whom disclosure is allowed or required by local or foreign law, regulation, or any other applicable instrument. International transfers and transfers to service providers
To provide global services and in the course of running our business, we may transfer PI to a location outside of the country where you reside or where services are provided to you or the organization or entity you work for, including vezextra processing centers in the USA, Hungary, India, and Singapore. Although the country to which PI may be transferred may not have the same level of privacy and data protection laws, we apply the same level of security and organizational controls to the processing of PI wherever it is processed. We require by contract that our third-party service providers processing PI on our behalf to comply with vezextra’s criteria for PI processing. If we transfer PI out of the EEA, we ensure a similar level of protection for your PI by ensuring the country to which the PI is transferred is considered by the EU Commission to provide an adequate level of protection, putting in place contractual clauses the EU Commission consider provide the same level of protection. Marketing and exercising your right to opt-out of marketing emails and personalization In certain jurisdictions, you will need to expressly consent to receive marketing emails. If you are an authenticated user on our websites and platform, we may provide you with a personalized experience based on your user behaviour. In all jurisdictions, you can choose not to receive such communications at any time by clicking on marketing opt-out links in any electronic marketing materials we send you, by making a request to your usual vezextra contact, by using the contact details set out in the “Contacting Us” section of this Privacy Notice, or, in relation to certain third party advertisements, by exercising your rights related to cookies as explained in our Cookie Notice. Third-party marketing/sale of PI We do not share or sell your PI to third parties for the third party to use for their own marketing or other purposes. PI retention We will process your PI for as long as is necessary to fulfil the purpose for which it was collected or to comply with legal, regulatory, accounting, reporting, internal policy requirements or for the establishment or defense of legal claims. PI security We use a range of physical, electronic, and managerial measures to ensure a level of security appropriate to the risk of PI processing. These measures include: education and training of relevant staff to ensure they are aware of our privacy obligations when processing PI as well as training around social engineering, phishing, spear phishing, and password risks; the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; the ability to restore the availability and access to PI in a timely manner in the event of a physical or technical incident; administrative and technical controls to restrict access to PI; technological security measures, including fire walls, encryption (industry standard SSL encryption with 128-bit key lengths), and anti-virus software; physical security measures, such building access controls; external technical assessments, security audits and vendor due diligence; perimeter security; segregation of networks; application security; endpoint security; real-time monitoring of data leakage controls; layered and comprehensive cybersecurity defences; and security incident reporting and management.