Who is responsible for your personal information and how can you contact them?
NOVA Group Entities (“NOVA”, “us” or “we”) process information and personal data (“Personal Data”) relating to you and/or any Related Person of yours (collectively, the “Data Subject(s)”). We do so in connection with our existing and/or prospective business relationships, including your use of our websites and applications (collectively, the “Business Relationship”). We may act either as a controller or as a joint controller (the “Controller”) with respect to such processing.
(i) a director, officer, or employee of a company;(ii) a trustee, settlor, or protector of a trust;(iii) a nominee or beneficial owner of an account;(iv) a person holding a substantial interest in an account;(v) a controlling person;(vi) a payee of a designated payment;(vii) a representative or agent (e.g., someone holding power of attorney, entitled to account information, or an e-banking user);(viii) an employer or contractor. A “Related Person” means any individual or entity whose information you or a third party provides to us and/or any information that comes to our attention in connection with our Business Relationship. A Related Person may include, but is not limited to:We kindly request that you liaise with all of your Related Persons and share this Privacy Notice, along with its contents, with them.If you have any questions about this Privacy Notice, about your Controller, or about the processing of your (or your Related Persons') Personal Data, please contact your relationship manager or our Data Protection Officer at the contact details provided below.
Europe
Data Protection Officer
Quad Central Q3 Level1
Birkirkara
Malta
Email: support@novacapital.info
Middle East
Data Protection Officer
Road3801
Alquadaybiyah338
Kingdom of Bahrain
Email: support@novacapital.info
How do we handle your personal information?
We are subject to certain confidentiality and/or secrecy obligations, such as those arising under data protection laws, contracts and professional or banking secrecy, as applicable.
This Privacy Notice covers how we process personal data. That is, how we collect, use, store, transfer or otherwise handle or process personal data, all of which are
collectively referred to in this document as "processing".Processing Operations". This Privacy Notice does not replace, and remains subject to, our applicable contractual terms and conditions.
We may carry out our Processing Operations either directly or indirectly through other parties who process personal data on our behalf (the "Processors").
What personal information do we process?
Personal data includes any information relating to an identified or identifiable natural person or as defined by applicable law.
The personal data of data subjects that we process may be based on the following main legal bases, bearing in mind that they may also be based cumulatively on other legal bases mentioned.
On the legal basis of the performance of the contract, including pre-contractual steps:
Identifying information, such as names, addresses, telephone numbers, email addresses, business contact information;
- Personal characteristics, such as date of birth, country of birth;
- Work-related information, such as employment and employment history, title, professional skills, powers of attorney;
On the legal basis of legal and regulatory obligations:
- Identifiers issued by public authorities, e.g. passport, identity card, tax identification number, national
insurance number, social security number, work permit;
- Reputation and background checks;
- Voice recordings, e.g. recordings of telephone calls made by or to the Controller's representatives.
On the legal basis of our legitimate interest:
- Administrative and security data, e.g. records of presence on our premises;
- visual and video surveillance media, e.g. video surveillance of our premises for security purposes.
On the legal basis of your prior consent:
- certain cookie information, e.g. cookies and similar technologies on websites and in emails (see our cookies policy).
For what purposes and on what legal basis do we process personal data?
The purposes for which we process personal data (the "Purposes") may be based on the following principal legal bases, provided that they may also be based cumulatively on other legal bases mentioned.
We collect and process Personal Data as necessary for the pre-contractual steps and performance of a contract to which you and/or a Related Person is a party, which includes the following processing operations
- the opening and management of your and/or a Related Person's account or business relationship with us, including all related operations for your identification
- any other related services provided by any service provider of the Controller(s) and Processor(s) in connection with our relationship;
- the management, administration and distribution of investment funds, including any ancillary services related to these activities, or the processing of subscription, conversion and redemption requests in respect of investment funds and the maintenance of the ongoing relationship in respect of holdings in such investment funds;
- managing requests for proposals and/or due diligence, providing services (including invoicing and payment of fees) and managing the relationship and related communications with you.
We also collect and process personal data to comply with legal and regulatory obligations to which we are subject, including to
- Provide offer documentation to data subjects about products and services;
- complying with legal obligations relating to accounting, compliance with legislation on markets in financial instruments, outsourcing, overseas activities and qualified participations;
- conducting audits and/or periodic reviews of you or your Related Person;
- any other form of cooperation with or reporting to competent administrations, supervisory authorities, law enforcement authorities and other public authorities [e.g. in the field of anti-money laundering and combating the financing of terrorism (AML-CTF)], for the prevention and detection of tax offences [e. g. reporting name, address, telephone number, e-mail address, etc.]. e.g. reporting name, address, date of birth, tax identification number (TIN), account number and account balance to tax authorities under the Common Reporting Standard (CRS) or the Foreign Account Tax Compliance Act (FATCA) or other tax laws to prevent tax evasion and fraud, as applicable];
Prevent fraud, bribery, corruption and the provision of financial and other services to persons subject to economic or trade sanctions on an ongoing basis in accordance with our AML-CTF procedures and maintain AML-CTF and other required records for review purposes;
- Engage in active risk management within the Group to identify, limit and monitor market, credit, default, process, liquidity and reputational risks, as well as operational and legal risks;
- record conversations with data subjects on a cloud-based solution (such as telephone and electronic communications), in particular to document and verify instructions, detect potential or actual fraud and other offences.
In addition, we may process personal data in connection with legitimate interests (including those of other group entities) that we pursue so that we can:
- assess certain characteristics of data subjects on the basis of automatically processed personal data (profiling) (see also section 5 below);
- Develop our business relationship with you;
- improve the quality of our services and our internal business organisation and operations, including for risk assessment and risk management-related business decisions;
- use this information within NOVA Group entities for market research or promotional purposes, unless the data subject has opted out of the use of his or her personal data for marketing purposes;
- communicate personal data to other NOVA Group entities, in particular to ensure an efficient and harmonised service and to inform Data Subjects about services offered by NOVA Group entities;
- to establish, exercise and/or defend actual or potential legal claims, investigations or similar proceedings;
- recording images (e.g. video surveillance) to ensure the security of persons, assets, property, buildings and the NOVA Group's critical infrastructure and IT systems.
Where our personal data processing requires your prior consent, we will ask for your consent in a timely manner and you have the right to withdraw your consent at any time by contacting your relationship manager or our Data Protection Officer (see section 1 above).
The provision of personal information may be mandatory, for example, in order to comply with legal and regulatory obligations to which we are subject. Please note that failure to provide such information may prevent us from continuing to do business with you and/or providing our services to you.v
Do we rely on profiling or automated decision making?
We may use automatically processed personal data to assess certain characteristics of data subjects (profiling), in particular to provide data subjects with personalised offers and advice or information about our products and services or those of our affiliates and business partners.We may also use We generally do not use automated decision making in connection with our business relationship and/or data subjects. However, if we do, we will comply with applicable legal and regulatory requirements.
What sources do we use to collect your personal information?
In order to achieve these purposes, we collect or receive personal data
- directly from the data subjects, for example when they contact us or through (pre)contractual documentation sent directly to us; and/or
- indirectly from other external sources, including any publicly available sources [e.g. UN or EU sanctions lists, OFAC - Specially Designated Nationals (SND) lists], information available through subscription services (e.g. Bloomberg, World Compliance PEP list) or information provided by other third parties.
Do we share your personal information with third parties?
We reserve the right to disclose or make available the Personal Information to the following recipients, to the extent permitted or required by law or otherwise
- public/governmental administrations, courts, competent authorities (e.g. financial supervisory authorities) or financial market participants (e.g. third-party or central depositaries, brokers, exchanges and registers);
- NOVA Group entities or third parties that may process personal data. In such cases, limited
- auditors or legal advisers.
We undertake not to disclose Personal Data to third parties other than those listed above, except as may be disclosed from time to time to the data subject or as may be required by applicable laws and regulations or by order of a court, governmental, regulatory or supervisory authority, including tax authorities.
Is personal information transferred outside of our country of incorporation?
In the course of our business relationship, we may disclose, transfer and/or store personal data abroad ("International Transfer"):
(i) in connection with the conclusion or performance of contracts directly or indirectly related to our business relationship, e.g. a contract with you or with third parties on your behalf; or (ii) in exceptional cases duly provided for by applicable law (e.g. disclosure of certain transactions on a stock exchange to international trade registers).International transfers may include transfers to jurisdictions that: (i) ensure an adequate level of data protection Information specific to Europe: NOVA entities located in Europe process your personal data in connection with the conclusion or performance of contracts directly or indirectly related to our business relationship in data centres located in Malta or the European Union. NOVA entities may transfer your personal data to other countries in certain circumstances, for example if you choose to receive services from other NOVA entities (a full list of which is available on our website
Is personal information transferred outside of our country of incorporation?
Subject to the limitations set out in this Privacy Notice and/or applicable local data protection laws, you may exercise the following rights free of charge by contacting the Data Protection Officer (see Section 1 above):
- Request access to and a copy of the personal data we hold about you;
- Request rectification or erasure of personal data that is inaccurate;
- request that Personal Data be deleted if the processing is no longer necessary for the purposes or is not or is no longer lawful for other reasons, but subject to any applicable retention periods (see Section 10 below);
- request that the processing of personal data be restricted where the accuracy of the personal data is disputed, the processing is unlawful or the data subjects have objected to the processing;
- withdraw your consent at any time if the processing of the personal data is based on your consent;
- object to the processing of personal data, in which case we will no longer process the personal data unless an exception applies;
- obtain the personal data in a structured, commonly used and machine-readable format (data portability right);
- obtain a copy of, or access to, the adequate or appropriate safeguards we may have in place for the transfer of the Personal Data overseas;
- complain to our Data Protection Officer (see section 1 above) about the processing of Personal Data and, if the matter is not satisfactorily resolved, lodge a complaint about the processing of Personal Data with the relevant data protection supervisory authority.
If a data subject objects to the processing of personal data, we may nevertheless continue the processing if: (i) the processing is required by law; (ii) the processing is necessary for the performance of a contract to which the data subject is a party; or (iii) the processing is necessary for the purposes of our legitimate interests, including the establishment, exercise or defence of legal claims. However, we will not use the data subject's personal data for direct marketing purposes if the data subject has asked us not to do so.
How long is your personal information retained or stored?
In principle, we will retain Personal Data for as long as necessary to achieve the Purposes. We will delete or make anonymous (or equivalent) Personal Data when it is no longer necessary to achieve the Purposes, subject to: (i) any applicable legal or regulatory requirements to retain Personal Data for a longer period; (ii) any applicable legal or regulatory requirements to retain Personal Data for a longer period; or (iii) any applicable legal or regulatory requirements to retain Personal Data for a longer period.