Privacy Notice

Why are you seeing this notice?

This privacy notice informs you about the processing of personal data within our website on behalf of Tropea Asset Management Ltd (“TAM“) and its affiliates.

You have provided or may need to provide personal data to us by virtue of requesting information about TAM , becoming a TAM client, using the TAM platform (the “Platform”), including by simply viewing content on the Platform, or otherwise interacting with TAM. The Platform is part of your agreement with TAM ,as well as any fund vehicle (each, a “Fund”) you may choose to invest in via the Platform. The privacy notice applies regardless of the domains, platforms and devices used (e.g. desktop, mobile, etc.). We inform you about the processing of your personal data and the rights to which you are entitled under the European General Data Protection Regulation (GDPR) and any other applicable legal data protection laws and regulations. Personal data as defined by the GDPR is any information relating to an identified or identifiable natural person (“data subject“), e.g., name, address, e-mail, order data, vehicle data. In our privacy notice, we use various other terms as defined by the GDPR. These include terms such as processing, profiling, pseudonymisation, controller, processor, recipient, third party, consent, supervisory authority and international organisation. You can find the corresponding definitions for these terms in Article 4 of the GDPR.

Who is responsible for data processing and whom can I contact?

The entity responsible for the collection and processing of personal data in and outside the EU is Tropea Asset Management Limited,

Email: backoffice@tropeaam.com

What sources and data do we use?

We process personal data that we receive from you while using our website and, if applicable, in the course of our business relationship. 

In the case of purely informational use of our website, i.e. if you do not register or otherwise submit information to us, we only collect the personal data that your browser transmits to our server. When you access our website, we collect the following access data, which is technically necessary for us to present our website to you and to ensure stability and security. The access data includes the IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (i.e. name of the specific website accessed), access status/HTTP status code, amount of data transferred in each case, referrer URL (previously visited page), operating system and its interface, language and version as well as type of browser software and notification of successful retrieval. 

If you undergo certain verification checks and submit identity information such as your identity card or passport, we process your personal data contained in these documents. 

Furthermore, we receive your personal data if you contact us via a contact form, chat or email, and through any associated documentation that you complete when subscribing for an interest in TAM. The personal data that we collect in these circumstances are, for example, name, address, e-mail address, telephone number, date of birth, passport details or other national identifier, driving license, your national insurance or social security number and income, employment information and details about your investment or retirement portfolio(s), and, if applicable, any data contained in the message that you send us.

Who can access my data?

Within the organization, departments that need to know your data to fulfill our contractual and regulatory obligations can access your data.

In addition, processors (Art. 28 GDPR) engaged by us may also obtain access to data for the above-mentioned purposes. These may be, for example, our IT service providers, hosting provider, background and/or credit reference check providers or third parties that provide printing services, telecommunications, sales and marketing services. If we use processors to provide our services, we will take appropriate legal precautions as well as the relevant contractual, technical and organizational measures to protect personal data in accordance with applicable law.

Any transfer of data to third parties will be made only within the scope of legal requirements. We will disclose your data to third parties only if this is required, for example, under Art. 6 para. 1 (b) GDPR for contractual purposes or based on legitimate interests pursuant to Art. 6 para 1 (f) GDPR in the economic and effective operation of our business or if you have consented to the transfer of data. In the case of purely informational use of the website, we do not pass on any data to third parties.

Recipients of the data may also be with other partners, introducers or other subsidiaries of TAM who have referred you to TAM, TAM funds or other professional partners such as private banks, family offices, fund managers, law firms and other service providers; and public authorities.

How long will my data be retained?

For security reasons (e.g. to clarify acts of abuse or fraud), log file information is stored for a maximum of 30 days and then deleted (see point 2 above). Data whose further storage is necessary for evidentiary purposes is exempt from deletion until the final clarification of the respective incident.

As far as necessary, we process and store your personal data for the duration of our business relationship, which also includes, for example, the initiation of a contract via contact form or by e-mail.

Unsuccessful job applicant data will be deleted after 6 months in the event of a rejection. If you have agreed to further storage of your personal data, we will transfer your data to our applicant pool. There, the data will be deleted if you revoke your consent or after 5 years at the latest. If your application is successful, your data will be retained as part of your employee file, stored in our personnel management system and held in accordance with our employee privacy policy.

Please note that local data retention obligations may apply to our subsidiaries, which may differ from the time periods mentioned above. For further information please contact us at the contact details given above.

Are data transferred to a third country or to an international organization?

Data collected in the United Kingdom / European Union / European Economic Area (UK/EU/EEA) is primarily processed in the UK/EU/EEA. Data collected by our subsidiaries is generally processed at the subsidiary’s registered office (e.g., in the UK, USA, Hong Kong and Singapore) and in the EU/EEA. In some cases, especially when using our website, data is processed in the USA.

Depending on the services used, we might transfer your personal data to our group members, and to third party service providers in countries or territories outside of the UK/EU/EEA or outside the country in which our subsidiaries are based, which may not be subject to an adequacy decision by the UK Secretary of State or the EU Commission under Article 45 of the GDPR or the UK GDPR, in each case as applicable, and therefore may not have similarly strict data protection and privacy laws. Where we transfer personal data to other members of our group or our service providers, we have put in place data transfer agreements and safeguards such as the European Commission approved standard contractual clauses (and UK equivalent) to ensure that the recipients are bound by legally enforceable obligations to provide the transferred personal data a standard of protection that is at least comparable to the protection required under the laws applicable to the personal data.

Note: Please note – especially if you give us consent – that the protection of personal data in the USA, Hong Kong and Singapore does not correspond to the level of data protection required by the UK/EU/EEA. In particular, there are no enforceable rights to protect your data against access by government authorities. Therefore, there is a risk that these government agencies can access the personal data without the data transmitter or the recipient being able to effectively prevent this.

What are my data subject rights?

In accordance with Art. 15 GDPR, you have the right to obtain confirmation from us as to whether or not personal data concerning you are being processed, and, where they are being processed, to access the personal data. In this case, we will provide you with the stored personal data. You also have the right to the information specified in detail in Art. 15 para 1 GDPR. However, the aforementioned right is not unlimited; the right to obtain a copy of your personal data shall not adversely affect the rights and freedoms of others under Art. 15 para 4 GDPR.

You have the right to obtain without undue delay the rectification of inaccurate personal data concerning you and to completion of incomplete personal data in accordance with Art. 16 GDPR.

You have the right to obtain the erasure of personal data concerning you without undue delay in accordance with Art. 17 GDPR. The right to erasure (“right to be forgotten”) is not unrestricted. In particular, erasure cannot be demanded, if we need to process your personal data further in order to perform our contract, to fulfil a legal obligation or to assert, exercise or defend legal claims. The requirements and restrictions of the right to deletion are set out in detail in Art. 17 GDPR.

You have the right, in accordance with Art. 18 GDPR, to request that the processing of your personal data be restricted if one of the conditions of Art. 18 para 1 GDPR is met. In this case, we may continue to store this data, but may process it only under strict conditions. The conditions and restrictions of the right to restrict processing are set out in detail in Art. 18 GDPR.

Pursuant to Art. 20 GDPR, you have a right to data portability. You may request to receive the personal data provided by you, which we process in an automated process on the basis of the contract existing between us or your consent, in a structured, common and machine-readable format. In addition, you may request us to transmit this data directly to another responsible party, insofar as this is technically feasible. The requirements and restrictions of the aforementioned rights can be found in detail in Art. 20 para 3 and 4 GDPR.

You can withdraw your consent to the processing of your personal data at any time. Please note that the withdrawal only takes effect for the future and does not affect the legality of the processing carried out based on the consent up to the withdrawal.

Information about your right to object according to Art. 21 GDPR 

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6 para 1 (e)GDPR (data processing in the public interest) and Art. 6 para 1 (f) GDPR (data processing based on balancing of interests); this also includes profiling under these provisions within the meaning of Art. 4 (4) GDPR.

If you object, we will no longer process your personal data, unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing serves the purposes of asserting, exercising or defending legal claims.

In individual cases and where we have obtained your consent to do so (unless any applicable legal exemption to obtaining such consent applies), we may process your personal data for direct marketing purposes. You have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing; this also applies to profiling insofar as it is associated with such direct marketing. If you object to the processing for direct marketing purposes, we will no longer process your personal data for such purposes. 

Objections do not require a particular form and no costs are incurred, other than the transmission costs according to the basic tariffs. If possible, any objection should be addressed to the above-mentioned address or email.

The above notifications and measures requested by you will be made available to you free of charge in accordance with Art. 12 para 5 GDPR.

You have a right to complain to a data protection supervisory authority if you are of the opinion that the processing of your personal data violates the GDPR or any other applicable data protection laws, without prejudice to any other administrative or judicial remedy. We would, however, appreciate the chance to deal with your concerns before you approach the relevant data protection or other supervisory authority so please contact us in the first instance.

To what extent do you apply automated individual decision-making, including profiling?

In the context of accessing our website or in the context of contacting us by form or e-mail, we do not use any fully automated decision-making pursuant to Article 22 GDPR. Should we use these procedures in individual cases, we will inform you about this separately if this is required by law. We do not process your data automatically with the aim of evaluating certain personal aspects (profiling).

Is there an obligation for me to provide data?

You must provide the personal data that is required for the use of our website for technical or IT security reasons in order to use our website. If you do not provide this data, you will not be able to use our website.

When contacting us by form or e-mail, you only need to provide the personal data that is required to process your request. Otherwise we will not be able to process your request.

When you enter into a business relationship with us, you must provide the personal data that is required for the establishment, performance and termination of a business relationship or that we are required to collect by law. Without this data, we usually have to refuse to conclude a contract or can no longer fulfill an existing contract and may have to terminate it.

Video call recording

We use “Zoom” (Zoom Video Communications Inc., a company with its registered office at San Jose, 55 Almaden Boulevard, 6th Floor, CA 95113, USA) to record order-related video calls and electronic communications with potential customers and existing customers. 

We are required by regulatory obligations to record video calls and electronic communications (so-called taping) that directly relate to the conclusion of a transaction with you or that are intended to result in such a transaction. The legal basis for this is Art. 6 para 1 sentence 1 lit. c GDPR; Sec. 83 para 3 Securities Trading Act (WpHG); Art. 16 para 7 Markets in Financial Instruments Directive (MiFID II).

The legal basis for the data transfer to the USA is Art. 6 para 1 sentence 1 lit. a GDPR. We will ask for your consent right in front of the recording. 

In this context, we store the correspondence associated with the order (e-mail and recorded video call). This includes the processing of the following data: First and last name, telephone number, e-mail address, transaction-related information, e.g. investment preference, bank information, etc. We also process usage, login, and device information about users and prospective users (connection data, technical and aggregate usage data, such as user agent, IP addresses and approximate location information based on those IP addresses, device data (such as type, operating system, device ID, browser version, locale used, and language settings), activity logs, and session records. 

We have entered into a data processing agreement with Zoom in accordance with Art. 28 GDPR. In this contract, Zoom contractually undertakes to ensure the security of the information, systems and services with the help of appropriate technical and organizational measures.

For further details, we refer you to the “Zoom Global Data Processing Addendum”, which you can access at https://zoom.us/docs/doc/Zoom_GLOBAL_DPA.pdf

Cookies

We use cookies on our website. Cookies are small text files, usually consisting of letters and numbers, which are stored on the user’s computer when visiting certain Internet pages. 

Some of these cookies are essential for our website to function, while other cookies help us improve our website by giving us insight into how you use the website. 

By default, we only use necessary cookies. Necessary cookies enable the core functionalities of our website. The website cannot be displayed correctly without these cookies or individual areas may not function properly. Necessary cookies can only be prevented by appropriate settings in your browser.

We only use cookies that are not necessary for the website to function (“non-essential cookies”) if you have given your consent via our cookie banner. You can return to our privacy information at any time and withdraw your consent or make changes. 

Alternatively, you can prohibit the storage of cookies individually via the settings of your browser (the help page of the browser will tell you how to set the cookie handling). You can find help on cookie management in the most common browsers at the following addresses:

en_GBEnglish
Scroll to Top