Privacy statement

Who We Are

The Personal Data will be processed by the SICAV, a  société d'Investissement à capital variable having its registered office at 2a, Rue Albert Borschette, L-1246 Luxembourg and/or its management company FIL Investment Management (Luxembourg) S.A., a société anonyme, having its registered office at 2a, Rue Albert Borschette, L-1246 Luxembourg (hereinafter referred to as “FIMLUX” or “We” or “Us”), as (joint) data controller(s).

You can find out more about us on www.fidelity-international.com.

Data controllers may be contacted at the following address:

Data Protection Office
FIL Investment Management (Luxembourg) S.A.
2a, rue Albert Borschette/B.P. 2174
L-1021 Luxembourg

Alternatively, you may also contact your local Fidelity contact which will cooperate with our Data Protection Office to handle your request.

The SICAV and FIMLUX have agreed that FIMLUX shall be responsible for handling all requests from you regarding the processing of your personal data. Notwithstanding the foregoing, you have the right to contact the SICAV directly.

In addition, other entities involved in the management of your investment may process personal data in their capacity as data controllers (for instance the depositary bank, distributors your local Fidelity contact etc.). These processing activities are done under the sole responsibility of these independent data controllers and are governed by separate privacy notices.
 

Your Personal Data

We collect and use your personal data to enable us to conduct our business with you, to comply with the law as well as where appropriate for the controller[s]’ legitimate interests, including for record keeping as proof of a transaction or related communication in the event of a disagreement, for processing and verification of instructions, for investigation and fraud prevention purposes to enforce or defend the controller[s]’ [and processor[s]’] interests or rights in compliance with any legal obligation to which [it is/they are] subject and for quality, business analysis, training and related purposes.

Why we collect it

The law requires us to tell you why we collect and use your personal data – this is known as the lawful basis for processing. The basis we rely upon will depend on the purposes for which we are processing your personal data. These are detailed below:

1. Performing our Contract with You
   
   If you are an individual being an investor, for the purposes of entering into or performing a contract with you: When we do business with you, we do so under a contract. In order for us to meet our obligations to you under that contract we must process your personal data. We will only process your personal data in line with the terms of that contract.
   
   When you provide personal data to us, we will use that personal data so we can provide our services to you (including account administration and maintenance, subscription and redemption processing, execution of corporate actions, distribution of dividends and other cash flows) or send you information about our products and services where appropriate.
2. Our Legitimate Interests
   
   We process your information for the following reasons, which we define as our legitimate interests:
   
   1. To help us to run our business; this includes financial management, risk management, fraud prevention, planning, corporate governance, audit and research
   2. To market to you if you are a business
   3. To establish, exercise and defend our rights
   4. In case of a business reorganization, transfer, disposal, merger or acquisition
   5. If your data was provided to us by the investor (especially where the investor is a legal entity), we also process personal data relating to you in our and the investor’s legitimate interest for the purpose of performing the contract with the investor
3. Our Legal Obligations
   
   In some circumstances, we have a legal obligation to process and share your personal data, such as accounting laws, the applicable legislation on markets in financial instruments (MiFID), Know-Your-Customer (KYC) and Anti-Money Laundering and Combating the Financing of Terrorism (AML/CFT) legal framework, legislation relating to sanctions or the prevention and detection of crime, complying with requests from, and requirements of, local or foreign regulatory or law enforcement authorities, tax identification and, as the case may be, reporting, notably under the “Common Reporting Standard” (“CRS”) or the "Foreign Account Tax and Compliance Act" (“FATCA”) and any other automatic exchange of information (AEI) regimes to which we may be subject from time to time. Where required, such data will be shared with Luxembourg tax authorities and may be forwarded by the latter to foreign tax authorities. With respect to FATCA and/or CRS purposes, (i) your Personal Data may be processed and transferred to the Luxembourg Direct Tax Authority who may transfer such data to the competent foreign tax authorities, including the US Internal Revenue Service or any other US competent authority, only for the purposes provided for in the FATCA and the CRS rules as well as to service providers for the purpose of effecting the reporting on our behalf and (ii) for each information request sent to the investors, addressing such information requests is mandatory and failure to respond may result in incorrect or double reporting.
4. Our Legal Obligations
   
   In some circumstances, we have a legal obligation to process and share your personal data, such as accounting laws, the applicable legislation on markets in financial instruments (MiFID), Know-Your-Customer (KYC) and Anti-Money Laundering and Combating the Financing of Terrorism (AML/CFT) legal framework, legislation relating to sanctions or the prevention and detection of crime, complying with requests from, and requirements of, local or foreign regulatory or law enforcement authorities, tax identification and, as the case may be, reporting, notably under the “Common Reporting Standard” (“CRS”) or the "Foreign Account Tax and Compliance Act" (“FATCA”) and any other automatic exchange of information (AEI) regimes to which we may be subject from time to time. Where required, such data will be shared with Luxembourg tax authorities and may be forwarded by the latter to foreign tax authorities. With respect to FATCA and/or CRS purposes, (i) your Personal Data may be processed and transferred to the Luxembourg Direct Tax Authority who may transfer such data to the competent foreign tax authorities, including the US Internal Revenue Service or any other US competent authority, only for the purposes provided for in the FATCA and the CRS rules as well as to service providers for the purpose of effecting the reporting on our behalf and (ii) for each information request sent to the investors, addressing such information requests is mandatory and failure to respond may result in incorrect or double reporting.

What we collect

The personal data you provide to us will include combinations of any of the following: your name, email address, telephone number, address, identification numbers where applicable, banking account details, date and place of birth, nationality, tax domicile and other tax-related documents and information, voice recordings, location information, employment information, gender, IP address, language, marital status, origin of funds, financial situation and knowledge and experience in investment matters.

Who we share your personal data with

Like most businesses, we use third parties to help us deliver our services. This will often involve a third party processing your personal data but that will only be in line with the purposes set out above.

We may notably disclose your Personal Data to the following recipients:

1. any third parties as may be required or authorized by law (including but not limited to public administrative bodies and local or foreign public and judicial authorities, including any competent regulators);
2. any third parties acting on the FIMLUX’s or the SICAV’s behalf (such as service providers), including their respective advisers, auditors, delegates, agents and service providers;
3. any subsidiary or affiliated company of the FIMLUX, the SICAV and/or the Fidelity group;
4. any of the SICAV’s or the FIMLUX’s , representatives, employees, advisers, agents, delegates, auditors and service providers;
5. persons acting on behalf of investors, such as payment recipients, beneficiaries, account nominees, intermediaries, correspondent and agent banks, market counterparties, companies in which the investor has an interest etc.; and
6. parties involved in connection with any business reorganization, transfer, disposal, merger or acquisition on the level of the SICAV, FIMLUX and/or the Fidelity group.

The third parties with whom we share your personal data will only be permitted to use that data in line with the instructions we provide them and, within this framework, we operate a regular and strict regime of third party checks on how your personal data is protected.

We will never share your personal data with third parties for a purpose not described in our Privacy Statement; but remember, in some cases, we are obligated to share your personal data with a third party in relation to matters such as countering identity theft and fraud.

Transferring your personal data to other countries

In today’s global market, it is necessary for us to transfer your personal data across national borders. On the most part, these transfers will involve at least one of our group entities operating in the EEA and as such the European Union standard of protections will be applicable to the personal data we process. In practice, this means that all the entities in our group agree to process your personal data in line with our high global standards. Where we transfer your personal data within our group but outside of the EEA, that data subsequently receives the same degree of protection as it would receive in the EEA.

Where it is necessary to transfer personal data to a third party, we operate stringent reviews of those with whom we share the data and we will only transfer that data in line with the purpose for which it was collected. The third parties who help us process your data are located in the following countries: India, P.R. China and any non-EEA country where your (sub-)distributor is located.
 

Security of Your Personal Data

Ensuring the confidentiality, integrity and availability of your personal data defines our approach to information security. We manage the security risks relating to your personal data in a way that makes sure we meet our legal and regulatory obligations. In order to protect the continuity of the business we do with you, we produce, maintain and regularly test our business continuity plans. We utilise the internationally recognised information security best practices, i.e. ISO27001 and PCI-DSS. Our Information Security Policy & Standards are regularly reviewed, adhered to and tested for compliance. Information Security training is mandatory for all staff and breaches of information security, actual or suspected, are reported and investigated.
 

Obligation to provide the Personal data

The personal data that is required for the performance of the contract with the investor and that is required by us to comply with our legal obligations is mandatory information. Without the provision of this personal data, entering into or continuance of the execution of the contract with the investor may not be possible.

European law places robust obligations on businesses when it comes to the protection of personal data. Globally, the way we protect your personal data reflects our obligations pursuant to respective EU legislation. A number of rights in relation to the use of your personal information empowers you to make certain requests of us, detailed as follows:

1. Requesting a copy of your personal data
   
   You can access the personal data we process about you by emailing or writing to us using the contact details at the end of this Statement.
2. Letting us know if your personal data is incorrect
   
   If you think any of the personal data we process about you is wrong please let us know by contacting your local client services team. We will check the accuracy of the personal data and take steps to correct it if necessary.
3. Asking us to stop using or to erase your personal data
   
   You have the right to object to the use of your personal data. You can ask us to delete it, to restrict its use, or to object to the use of your personal data for certain purposes such as marketing. If you would like us to stop using your personal data in any way, please get in touch. Of course, if we are still providing services to you we will need to continue using your personal data to deliver those services. As detailed above, in some circumstances we are obligated to keep processing your personal data for a set period of time.
4. Data portability
   
   Where the processing of your personal data is based on consent or the execution of a contract with you, you also have the right to data portability for information you provided to us – this means that you can obtain a copy of your data in a commonly used electronic format so that you can manage and transmit it to another data controller.
5. Joint controllership agreement
   
   You have the right to receive information on the essential parts of the joint controllership agreement between the SICAV and FIMLUX.

How long do we keep your personal data?

We will keep your personal data for as long as you are a client of FIMLUX. We will not retain your personal data for longer than is necessary for us to meet our legal obligations or to ensure our security and business continuity procedures are effective.

More precisely, we will retain your personal data for 10 years after the closing of the end of the financial year to which they relate or any longer period as may be imposed or permitted by law, in consideration of the purposes for which they have been collected and the legal limitation periods (including for litigation purposes). If any relevant legal claims are brought, the SICAV and FIMLUX may continue to process the personal data for such additional periods as necessary in connection with such claims.

Personal Data processed for AML and KYC purposes will be retained for 10 years after the end of the contract with the investor.

How to complain

Your Rights

If you are unhappy with how we have used your personal data you may complain to us by contacting us at:

Data Protection Office
FIL Investment Management (Luxembourg) S.A.
2a, rue Albert Borschette/B.P. 2174
L-1021 Luxembourg

Alternatively, you may also contact your local Fidelity contact which will cooperate with our Data Protection Office to handle your request.

Finally, you also have the right to complain to the Luxembourg data protection authority (see contact details below), or another European data protection authority (e.g. in your country of residence):

Commission nationale pour la protection des données

1, avenue du Rock’n’Roll
L - 4361 Esch-sur-Alzette
Tel.: (+352) 26 10 60-1
https://cnpd.public.lu
 

Amendment of this privacy statement

We may amend this Privacy Statement from time to time to ensure that you are fully informed about all processing activities and our compliance with applicable data protection legislation. You will be informed about changes to this Privacy Statement by appropriate means.
 

II. Privacy Statement FIL (Luxembourg) S.A.

Who We Are

The Personal Data will be processed by the FIL (Luxembourg) S.A., a société anonyme having its registered office at 2a, Rue Albert Borschette, L-1246 Luxembourg, acting as a data controller in the meaning of the EU General Data Protection Regulation and other applicable data protection laws (hereinafter referred to as “FILUX” or “We” or “Us”).

You can find out more about us on www.fidelity-international.com.

You may contact us at the following address:

Data Protection Office
FIL (Luxembourg) S.A.
2a, rue Albert Borschette/B.P. 2174
L-1021 Luxembourg

In addition, other entities involved in the management of your investment may process personal data in their capacity as data controllers (for instance the fund, the management company, the depositary bank etc.). These processing activities are done under the sole responsibility of these independent data controllers and are governed by separate privacy notices.

Your Personal Data

We collect and use your personal data to enable us to conduct our business with you to comply with the law as well as where appropriate for our legitimate interests, including for record keeping as proof of an instruction or related communication in the event of a disagreement, for investigation and fraud prevention purposes to enforce or defend the our or third parties’ interests or rights in compliance with any legal obligation to which we or they are subject and for quality, business analysis, training and related purposes.

Why we collect it

The law requires us to tell you why we collect and use your personal data – this is known as the lawful basis for processing. The basis we rely upon will depend on the purposes for which we are processing your personal data. These are detailed below:
 

1. Performing our Contract with You
   
   If you are an individual being an investor, we process your data for the purposes of entering into or performing a contract with you. When we do business with you, we do so under a contract. In order for us to meet our obligations to you under that contract we must process your personal data. We will only process your personal data in line with the terms of that contract.
   
   When you provide personal data to us, we will use that personal data so we can provide our services to you or send you information about our products and services where appropriate.
2. Our Legitimate Interests
   
   We process your information for the following reasons, which we define as our legitimate interests:
   
   1. To help us to run our business; this includes financial management, risk management, fraud prevention, planning, corporate governance, audit and research
   2. To market to you
   3. To establish, exercise and defend our rights
   4. In case of a business reorganization, transfer, disposal, merger or acquisition
   5. If your data was provided to us by the investor (especially where the investor is a legal entity), we also process personal data relating to you in our and the investor’s legitimate interest for the purpose of performing the contract with the investor
3. Our Legal Obligations
   
   In some circumstances, we have a legal obligation to process and share your personal data, such as  accounting laws, the applicable legislation on markets in financial instruments (MiFID), Know-Your-Customer (KYC) and Anti-Money Laundering and Combating the Financing of Terrorism (AML/CFT) legal framework, legislation relating to sanctions or the prevention and detection of crime, complying with requests from, and requirements of, local or foreign regulatory or law enforcement authorities, tax identification and, as the case may be, reporting.  We may also collect and share information on you to enable the fund you are investing in and its service providers to enter into a contract with you or to perform their own legal obligations. In those cases the processing is done under the responsibility of the fund (and potentially its management company) and information on such processing can be found in the fund’s privacy notice.
4. Your Consent
   
   This includes the use and further processing of your personal data with your consent thereto (which consent may be withdrawn at any time, without affecting the lawfulness of processing based on consent before its withdrawal). We will for instance ask you for your preferences in terms of how you would like us to communicate with you and what information you would like to receive from us. You can always adjust your communications preferences, and can opt not to receive information from us unless we are obliged to provide it.

What we collect

The personal data you provide to us will include combinations of any of the following: your name, email address, telephone number, address, identification numbers where applicable, banking account details, date and place of birth, nationality, tax domicile and other tax-related documents and information, voice recordings, location information, employment information, gender, IP address, language, marital status, origin of funds, financial situation and knowledge and experience in investment matters.

Who we share your personal data with

 Like most businesses, we use third parties to help us deliver our services. This will often involve a third party processing your personal data but that will only be in line with the purposes set out above.

 We may notably disclose your Personal Data to the following recipients:

1. any third parties as may be required or authorized by law (including but not limited to public administrative bodies and local or foreign public and judicial authorities, including any competent regulators);
2. any third parties acting on FILUX behalf (such as service providers), including their respective advisers, auditors, delegates, agents and service providers;
3. any subsidiary or affiliated company of FILUX and/or the Fidelity group;
4. any of FILUX’s, representatives, employees, advisers, agents, delegates, auditors and service providers;
5. persons acting on behalf of investors, such as payment recipients, beneficiaries, account nominees, intermediaries, correspondent and agent banks, market counterparties, companies in which the investor has an interest etc.; and
6. parties involved in connection with any business reorganization, transfer, disposal, merger or acquisition on the level of FILUX and/or the Fidelity group.

 The third parties with whom we share your personal data will only be permitted to use that data in line with the instructions we provide them and, within this framework, we operate a regular and strict regime of third party checks on how your personal data is protected.

 We will never share your personal data with third parties for a purpose not described in our Privacy Statement; but remember, in some cases, we are obligated to share your personal data with a third party in relation to matters such as countering identity theft and fraud.

Transferring your personal data to other countries

In today’s global market, it is necessary for us to transfer your personal data across national borders. On the most part, these transfers will involve at least one of our group entities operating in the EEA and as such the European Union standard of protections will be applicable to the personal data we process. In practice, this means that all the entities in our group agree to process your personal data in line with our high global standards. Where we transfer your personal data within our group but outside of the EEA, that data subsequently receives the same degree of protection as it would receive in the EEA.

Where it is necessary to transfer personal data to a third party, we operate stringent reviews of those with whom we share the data and we will only transfer that data in line with the purpose for which it was collected.
 

Security of Your Personal Data

Ensuring the confidentiality, integrity and availability of your personal data defines our approach to information security. We manage the security risks relating to your personal data in a way that makes sure we meet our legal and regulatory obligations. In order to protect the continuity of the business we do with you, we produce, maintain and regularly test our business continuity plans. We utilise the internationally recognised information security best practices, i.e. ISO27001 and PCI-DSS. Our Information Security Policy & Standards are regularly reviewed, adhered to and tested for compliance. Information Security training is mandatory for all staff and breaches of information security, actual or suspected, are reported and investigated.

Obligation to provide the Personal data

The personal data that is required for the performance of the contract with the investor and that is required by us to comply with our legal obligations is mandatory information. Without the provision of this personal data, entering into or continuance of the execution of the contract with the investor may not be possible.

Your Rights

European law places robust obligations on businesses when it comes to the protection of personal data. Globally, the way we protect your personal data reflects our obligations pursuant to respective EU legislation. A number of rights in relation to the use of your personal information empowers you to make certain requests of us, detailed as follows:
 

1. Requesting a copy of your personal data
   
   You can access the personal data we process about you by emailing or writing to us using the contact details at the end of this Statement.
2. Letting us know if your personal data is incorrect
   
   If you think any of the personal data we process about you is wrong please let us know by contacting your local client services team. We will check the accuracy of the personal data and take steps to correct it if necessary.
3. Asking us to stop using or to erase your personal data
   
   You have the right to object to the use of your personal data. You can ask us to delete it, to restrict its use, or to object to the use of your personal data for certain purposes such as marketing. If you would like us to stop using your personal data in any way, please get in touch. Of course, if we are still providing services to you we will need to continue using your personal data to deliver those services. As detailed above, in some circumstances we are obligated to keep processing your personal data for a set period of time.
4. Withdraw consent
   
   You have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. The withdrawal only affects future processing.
5. Data portability
   
   Where the processing of your personal data is based on consent or the execution of a contract with you, you also have the right to data portability for information you provided to us – this means that you can obtain a copy of your data in a commonly used electronic format so that you can manage and transmit it to another data controller.

How long do we keep your personal data?

We will keep your personal data for as long as you are a client of FILUX. We will not retain your personal data for longer than is necessary for us to meet our legal obligations or to ensure our security and business continuity procedures are effective.

More precisely, we will retain your personal data for 10 years after the closing of the end of the financial year to which they relate or any longer period as may be imposed or permitted by law, in consideration of the purposes for which they have been collected and the legal limitation periods (including for litigation purposes). If any relevant legal claims are brought, we may continue to process the personal data for such additional periods as necessary in connection with such claims.

Personal Data processed for AML and KYC purposes will be retained for 10 years after the end of the contract with the investor.

How to complain

If you are unhappy with how we have used your personal data you may complain to us by contacting us at:

Data Protection Office
FIL (Luxembourg) S.A.
2a, rue Albert Borschette/B.P. 2174
L-1021 Luxembourg

Alternatively, you may also contact your local Fidelity contact which will cooperate with our Data Protection Office to handle your request.

Finally, you also have the right to complain to the Luxembourg data protection authority (see contact details below), or another European data protection authority (e.g. in your country of residence):

Commission nationale pour la protection des données

1, avenue du Rock’n’Roll
L - 4361 Esch-sur-Alzette
Tel.: (+352) 26 10 60-1
https://cnpd.public.lu

Amendment of this privacy statement  

We may amend this Privacy Statement from time to time to ensure that you are fully informed about all processing activities and our compliance with applicable data protection legislation. You will be informed about changes to this Privacy Statement by appropriate means.