GDPR Privacy Notice

Last update 06.04.2021



Introduction

Tesoro Management Limited, with registered office at 5-9 Main Street, Gibraltar, a private company limited by shares incorporated in Gibraltar.

The Company ('we' or 'us' or 'our') gathers and processes personal information in accordance with this privacy notice and in compliance with the applicable data protection laws and regulations, including the General Data Protection Regulation (2016/679) as amended or replaced or incorporated into domestic legislation, such as the Gibraltar law providing for the protection of natural persons with regard to processing of personal data and for the free movement of such Data Protection Law 125(1)/2018, hereinafter the “Data Protection Law”).

This notice applies to you if (i) you are an applicant for shares in the Fund or the Company; (ii) you are a client/investor or prospective client/investor of ours; (iii) your personal data has been provided to us in connection with an application for shares in the Fund or the Company or to become a client of ours, in each case by another person (such as where you are a director, partner, trustee, employee, agent or direct or indirect owner of an applicant); (iv) we otherwise use your personal data; (v) you are an applicant for a job within the Fund or the Company; or (vi) you are a data subject. GDPR defines “data subjects” as “identified or identifiable natural person[s].” In other words, data subjects(data subject refers to any individual person who can be identified, directly or indirectly, via an identifier such as a name, ID number, location data, or by factors specific to the person's physical, physiological, genetic, mental, economic, cultural or social identity) are just people from whom or about whom the Fund collects information in connection with our business and its operations.

This notice provides you with the necessary information regarding your rights and our obligations, and explains how, why and when we process your personal data.

Information We Collect / Information You Provide to Us

We process your personal information for the purpose of meeting our legal, statutory and contractual obligations and of providing you with our products and services. We will never collect any unnecessary personal data from you and do not process your information in any way other than as specified in this notice.

The personal data that we collect from you is:

  • Personal Data such as name, surname, date of birth, photograph, passport details, CV, contact details, banking details, signature, investment history etc.
  • Residential Address Confirmation such as a utility bill, a bank statement or a tax bill.
  • Forms that contain Employment Details as well as the net worth and annual income of the client and any information and supporting evidence within the local regulatory requirements for the purposes of construing the Economic Profile and Suitability Assessment of potential investors.
  • Tax identification Number and Country of taxation for CRS/FATCA purposes.

We might also process the following personal data about you:

  • Information that we collect or generate, which might include information relating to your (or an applicant's) investment in the Fund or the Company, emails (and related data), call recordings and website usage data and messages submitted via our website.
  • Information that we obtain from other sources, which might include information obtained for the purposes of our Know Your Client procedures (which include anti-money laundering procedures, counter-terrorist financing procedures, counter-proliferation financing procedures, politically-exposed-person checks, sanctions checks, among other things), information from public websites and other public sources, and information received from your advisers or from intermediaries.

According to the General Data Protection Regulation (2016/679), personal data is defined as any information relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. The Data Protection Law defines personal data in much the same way.

Any personal data that will be collected by us through provision of the Services shall be processed according to the General Data Protection Regulation (EU) 2016/679 (hereinafter the "GDPR") (as well as the relevant regulatory framework incorporating GDPR domestically) and, where applicable, the Data Protection Law.

We collect information in the following ways:

  • Through the documents and forms provided by the potential investors in the Fund or the Company;
  • Face to face meetings with potential investors, if applicable;
  • Electronic and hard copies, in simple written form or certified/notarized/apostilled;
  • From third parties with whom we have a contractual relationship.

We only ask for personal information that we are obliged to collect from you under our legal obligations and are relevant to your specific requests for the provision of our services.

More details are included in our full Personal Data Protection Policy.

You are committed to supplying true, complete and accurate information and to keeping it up to date. If you are in any doubt about any personal data, please feel free to email us at info@itesoro.com with details of the problem. We shall take every reasonable step to ensure that inaccurate data, with regard to the purposes for which they are processed, are deleted or rectified without delay.

Tesoro Management Limited may store information and data regarding your bank account, credit/debit card details or other payment account information under the requirements of the Law.

How We Use Your Personal Data

We take your privacy very seriously and will never disclose, share or sell your data without your consent, unless required to do so by law. We only retain your data for as long as necessary and for the purpose(s) specified in this notice. If you have given your consent to us providing you with promotional offers and marketing, you are free to withdraw this consent at any time.

The purposes and reasons for processing your personal data:

  • We collect, store and process your personal data for the purposes of assessing and processing applications for investment in the Fund and/or the Company and other share dealings, including performing Know Your Client procedures, issuing and redeeming shares, receiving payments from and making payments to the applicant, calculating net asset value, and overseeing these processes.
  • We collect, store and process your personal data for the performance of a contract with us or to provide a service to you as our client.
  • We collect, store and process your personal data as part of our legal obligations in the sphere of business accounting, tax purposes, audit purposes and any legal or regulatory obligation or industry standards stemming from our licenses or registrations as regulated entities.
  • We may occasionally send you marketing information which we have assessed to be beneficial to you as a customer and in our interests. Such information will be non-intrusive and is processed on the grounds of legitimate interests for the purpose of proper monitoring and updating of client information in accordance with local legislation and provision of better-quality services.

Your Rights

You have the right to access any personal information that we process about you and to request information about:

  • What personal data we hold about you;
  • The purposes of the processing;
  • The categories of personal data concerned;
  • The recipients to whom the personal data has/will be disclosed;
  • How long we intend to store your personal data for;
  • If we did not collect the data directly from you, information about the source.

If you believe that we hold any incomplete or inaccurate data about you, you have the right to ask us to correct and/or complete the information and we will strive to do so as quickly as possible, unless there is a valid reason for not doing so, in which case you will be notified.

You also have the right to request the deletion of your personal data or to restrict processing (where applicable) in accordance with data protection laws; as well as to object to any direct marketing from us. Where applicable, you have the right to data portability of your information and the right to be informed about any automated decision-making we may use.

If we receive a request from you to exercise any of the above rights, we may ask you to verify your identity before acting on the request; this is to ensure that your data is protected and kept secure.

Sharing and Disclosing Your Personal Information

We do not share or disclose any of your personal information without your consent, other than for the purposes specified in this notice or where there is a legal requirement. Where necessary, we may disclose your personal information to third parties for the performance of our business operations or if so required by law. When we share personal information, we do so in accordance with data privacy requirements.

Sharing your personal information with third parties may entail the transfer of your personal information outside the European Union.

We use third parties to provide the services and business functions specified below; however, all processors acting on our behalf only process your data in accordance with our instructions and comply fully with this privacy notice, data protection laws and any other relevant confidentiality and security measures. Both parties (data subjects and/or data- controller and/or data-processor) do not disclose information unless it is absolutely necessary in accordance with the law or business operations.

Personal information may be shared with:

  • Affiliated companies (such as brokers, auditors, legal advisors, consultants, tax advisors etc.) for the purpose of providing services, fulfilling regulatory and legal requirements, and increasing the quality of the services provided.
  • Regulated banking institutions with which we cooperate in order to provide services to our investors.
  • Regulatory authorities and bodies, including but not limited to the GIBRALTAR FINANCIAL SERVICES COMMISSION, tax authorities etc. for the purposes of complying with the applicable laws and regulations.
  • Our Fund Administrator for the purposes of complying with the applicable laws and regulations.

Safeguarding Measures

We take your privacy seriously and take every reasonable measure and precaution to protect and secure your personal data. We work hard to protect you and your information from unauthorized access, alteration, disclosure or destruction and have several layers of security measures in place, including:

  • Restricted access to hard files and electronic files;
  • Firewalls;
  • Anti-virus/malware.

Transfers Outside the EU

We utilize some products or services (or parts of them) that may be hosted/stored in the EU and/or non-EU countries, the transfer of personal data to non-EU countries might be necessary for the performance of a contractual agreement between you and us or for the implementation of pre-contractual measures taken at your request. It means that we may transfer any information which is submitted by you outside the European Economic Area ("EEA"), including to a jurisdiction which is not recognized by the European Commission as providing for an adequate level of personal data protection, for the following purposes:

  • Electronic storage of your personal information;
  • Brokerage services;
  • Operational services;
  • Legal services;
  • Marketing services.

Therefore, when you provide us with your personal information and/or you use our website and/or send us an email and/or sign up to our newsletter etc., the personal information you submit may be stored on servers which are hosted in the EU and/or non-EU countries. Where this is the case, we will take steps to ensure that those providers use the necessary level of protection for your information and abide by the strict agreements and measures set out by us to protect your data and comply with the relevant data protection laws.

Consequences of Not Providing Your Data

You are not obligated to provide your personal information to us, however, as this information is required for us to provide you with our services, we will not be able to offer some/all our services without it.

Legitimate Interests

As noted in the 'How We Use Your Personal Data' section of this notice, we may process your personal information under the legal basis of legitimate interests. Where this is the case, we have carried out a thorough Legitimate Interests Assessment (LIA) to ensure that we have weighed your interests and any risk posed to you against our own interests, ensuring that they are proportionate and appropriate.

Processing of Personal data is performed in accordance with all applicable laws and regulations of Gibraltar, the European Union. We are obliged to process personal data fairly and lawfully, for specified, explicit and legitimate purposes, and to the extent that is relevant, appropriate and not excessive with regard to the processing purposes.

We use legitimate interests as a legal basis for processing your personal data for the purposes of sending you marketing information that we have assessed as beneficial to you as a customer and in our interests, and have identified that our interests are the proper monitoring and updating of client information in accordance with local legislation and provision of better-quality services.

How Long We Keep Your Data

We only ever retain personal information for as long as necessary under the applicable laws and regulations (e.g. for 5 years from the end of the relationship with the investor for personal data collected in compliance with our obligations in accordance with the AML Law) and we have strict review and retention policies in place to meet these obligations. Your information is retained in electronic or paper format, or both. When it is no longer required, it will be deleted or destroyed, subject to applicable laws and regulations.

Where you have given consent to us using your details for direct marketing, we will keep such data until you notify us otherwise and/or withdraw your consent.

Marketing Consent

We may occasionally send you information about our products and services by email and/or post that have been identified as being beneficial to our customers and in our interests. Such information will be relevant to you as a customer and is non-intrusive. You will always have the option to opt-out/unsubscribe at any time.

Changes to this Privacy Notice

This Privacy Policy v.1.0 is effective as of April 2021 and will remain in effect except with respect to any changes in its provisions in the future.

Lodging a Complaint

We only process your personal information in compliance with this privacy notice and in accordance with the relevant data protection laws. If, however, you wish to raise a complaint regarding the processing of your personal data or are unsatisfied with how we have handled your information, you have the right to lodge a complaint with the Gibraltar regulatory authority.

You can find details about how to do this on the following websites:

www.gra.gi/data-protection

Applicable law

This Privacy Notice is subject to the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 and Laws of Gibraltar, as amended or replaced or incorporated into domestic legislation, such as the Gibraltar law providing for the protection of natural persons with regard to the processing of personal data and for the free movement of such data.

Tesoro Management Limited welcomes your comments regarding this Privacy Notice. If you believe that Tesoro Management Limited has not adhered to this Privacy Notice, please contact Tesoro Management Limited at info@itesoro.com. We will use commercially reasonable efforts to promptly identify and remedy the problem.