Data controller and contact details
MVI acts as the controller in accordance with this Policy. If you have any questions regarding our processing of personal data, do not hesitate to contact us at firstname.lastname@example.org.
Collection of personal data via our website/e-mail
When visiting our website or communicating with us via e-mail or other channels, participating in our events or similar you provide us with personal data, such as name, title, position, email address, phone number and any other information that you may provide, that we collect and process. The data may be used for marketing and recruitment purposes, to respond to your enquiry, to invite you to our events and for internal business purposes. When processing your personal data for these purposes, we rely on either your consent or our legitimate interests in maintaining business relationships, and communicating with you about our operations and our events.
We may obtain information about your use of our website through “cookies” which enables us to give visitors access to various basic features that facilitate use and enhance the website experience. When you enter our website, we may also collect information about your computer, IP address, operating system and browser type, for example, for statistical purposes or for the purposes of system administration. This information generally comprises data which does not allow individual identification of information related to a specific user and is subject to your approval.
Collection of personal data in relation to investors
If you are an investor, or a prospective investor in a MVI fund, we collect personal data when provided by you, when you engage in business with us, when it is available in publicly accessible sources, and when we receive information about you from third parties. We may also create personal data by combining or organizing our records, or combining information you have provided with information received from other sources. The personal data collected may be of any of the following categories of personal data: (i) name, date of birth and birth place, (ii) contact details and addresses (including physical address, email address and telephone number), (iii) account data, payment instructions, and other information contained in any document you provide to us; (iv) risk tolerance, transaction history, investment experience and investment activity, or if the decision to invest is made by individuals within your organisation, information about their experience, knowledge and expertise in investing in alternative funds; (v) information regarding your status under various laws and regulations, including social security number, tax status, income and assets; (vi) accounts and transactions with other institutions; (vii) information regarding your interest and holding in MVI funds, including ownership percentage, capital investment, income and losses; (viii) information regarding your citizenship and location of residence; (ix) source of funds used to make the investment in the our fund, and (x) anti-money laundering, identification (including passport and drivers’ license), and verification documentation and, if applicable, additional information for any individual regarded as a politically exposed person.
Depending on the nature of the data and your relationship with us, our lawful basis for processing your personal data may vary. We collect data based on our legitimate interest when providing services, your consent or the performance of our contract with you as an investor. We also collect data based on legal obligations for example in relation to anti-money laundering and know your client (KYC) procedures.
You are not obligated to provide personal data to us but if you do not, we cannot provide you with any requested services as we would not be able to perform our statutory duties in relation to anti-money laundering and KYC. We will only process sensitive personal data, to the extent required by law, and then only with your express consent.
How data is processed
We will only process personal data for the purpose it was collected for and as set out in this Policy. Personal data will only be available to authorised employees holding a position that requires them to process personal data to perform their work.
Retention and security measures
Personal data is processed in accordance with our internal retention policy and our statutory retention obligations. Personal data will not be kept any longer than necessary for the stated purpose of the processing unless we have a legal obligation to retain the personal data for a longer period of time.
We have internal policies in place to ensure secure processing of personal data and have taken appropriate technical and organizational measures to keep your personal data secure to ensure that only authorized persons are given access to the personal data.
Transfer of data to third parties
We will not disclose personal data to any third parties unless (i) you have given your prior consent, (ii) it is required to do so under applicable laws, (iii) to defend a claim, or (iv) to perform services for our investors.
However, your personal data may be transferred to and processed by third-party providers that perform services for us (data processors), such as professional advisers, lenders or other persons engaged to fulfill the purposes described in this Policy. We will only provide personal data necessary to fulfil the purposes stated in this Policy to such data processors and we enter into data processor agreements with all data processors. According to the data processing agreements the data processors must follow our instructions and any other agreements that are in place between us and such data processors. Before entering into a data processing agreement, we ensure that the data processor has appropriate technical and organizational measures for the protection of the personal data.
Where is data processed
We primarily process personal data on servers within the EU/EEA. However, we may process personal data in countries outside of the EU/EEA. We will implement appropriate measures under the GDPR to ensure that your personal information remains protected and secure if data is processed outside of the EU/EEA. To ensure that appropriate safeguard measures in accordance with the provisions of GDPR are implemented by a processor outside of the EU/EEA such processing will always be based on the EU Commission’s standard contractual clauses.
Rights of the data subject
You have the right to receive confirmation from us as to whether or not personal data concerning you is being processed, or whether personal data has been processed. You are entitled to receive a copy of the processed personal data and the personal data undergoing processing. You also have the right to obtain rectification or erasure of personal data concerning you and the right to prohibit the processing of personal data for direct marketing purposes. If the processing is based on your consent, you may withdraw your consent at any given time and we will then no longer process your data. The withdrawal will however not affect the lawfulness of processing before the withdrawal. In certain cases, you have the right to request a restriction of processing of personal data or otherwise object to processing. Furthermore, you may require the transmission of the personal data, which you have provided to us, in a machine-readable format. All requests mentioned above shall be sent to email@example.com. If you find the processing of your personal data unlawful, you may lodge a complaint with a supervisory authority. The relevant supervisory authority in Sweden is Datainspektionen, which you can contact at firstname.lastname@example.org or by calling +468-657 61 00.
MVI Advisors AB
Address Mäster Samuelsgatan 3, 111 44 Stockholm