Introduction

1.1 SMERemediumCap Ltd (hereinafter, “the Company”) is an Alternative Investment Fund Manager (“AIFM”) regulated by the Cyprus Securities and Exchange Commission (hereinafter, “CySEC”) with License number AIFM40/56/2013.

1.2 The legal framework that governs AIFMs is the The Law on Alternative Investment Fund Managers (consolidated up to L.133(I)/2019) as subsequently amended from time to time (hereinafter the “Law”),

1.3 SMERemediumCap Ltd needs to collect and use certain types of information about the Individuals or Service Users whom the Company come into contact to the extent that is necessary to perform its services to its Users in connection with its Products and Services. This personal information must be collected and dealt appropriately, whether is collected on paper, stored in computer database, or recorded on other material and there are safeguards to ensure this are under the Protection of Natural Persons Against the Processing of Personal Data and the Free Circulation of such Data Law L.125(I)/2018 and under the General Data Protection Regulation 2016/679 (2018).

1.4 The Company has established a Privacy Policy (the “Policy”) appropriate to the size and organization of the Company and the nature, scale and complexity of the Company’s business.

Scope of the Privacy Policy

2.1 With the implementation of the Privacy Policy the Company aims to outline the Company’s responsibility to manage and ensure the protection of privacy and the Investors’ personal and financial information and to behave in a fair and moral manner concerning the gathering, storing and handling of data. This process will be carried out with transparency and respect towards the rights of individuals who entrust it with their information. For the purpose of this Privacy Policy, Data Protection Legislation means: (i) the General Data Protection Regulation 2016/679 (the “GDPR”) applicable in the European Union, including the UK until any UK data protection legislation replaces or adopts the GDPR in the UK and (ii) then such UK data protection legislation replacing the GDPR once in force and applicable.

The Investors’ privacy is considered and treated by Company with utmost importance and highest priority and this Policy applies to former, existing and potential Investors as well as to any visitors of the Company’s website.

2.2 For the purpose of this Privacy Policy, Data Protection Legislation means: (i) the General Data Protection Regulation 2016/679 (the “GDPR”) applicable in the European Union, including Cyprus until any Cyprus data protection legislation replaces or adopts the GDPR in Cyprus and (ii) then such Cyprus data protection legislation replacing the GDPR once in force and applicable. For the purpose of the Data Protection Legislation, the data controller is SMERemediumCap Ltd.

2.3 Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

Consent

3.1 Consent refers to your right as a data subject to freely and unambiguously agree to a specific condition related to our primary or supporting services by making a positive action. Such action might be a tick box in your Investor area, signature on a document, electronic signature or name placement in online questionnaires or other similar action. Most of the services provided by our company do not require a separate or explicit consent by data subjects to process their information in connection to the core services of the company when requesting to become an investor of a regulated AIFM based on the definitions for legal grounds of processing found in Article 6 of the GDPR.

3.2 By using (collectively, “Using” or “Use”) our Websites, registering with us or submitting information to us you consent and agree with the terms of this Policy and you hereby consent to the collect, process, storage, use and disclosure of your personal data by the Company whether such use is by the Company or by another third party which may be required by them in order to effectively perform Services in connection with the Company’s Terms and Conditions or effectively execute any related operational function performed by the Company to its Investors (e.g. refunding Investors with their funds)in accordance with this Policy and as explained below herein. If you do not agree with this Privacy Policy, you must not use our Website, access our services or submit information to us.

Personal Information / Data We May Collect (or Receive) About You

4.1 The Company will only use Investors’ personal data in accordance with international data protection practices. In particular, the Company is registered as a Data Controller with the Office of the Commissioner for Personal Data Protection and will collect, process, maintain, store, use and handle Investors’ personal information in accordance with the Processing of Personal Data (Protection of the Individual) Law of 138(1) 2001 and General Data Protection Regulation (2018) as amended from time to time (the “Law”) this Privacy Policy and the Company’s Terms and Conditions.

4.2 During the registration procedure as well as following the completion of the registration procedure Investors are required to provide personal information and to attach a series of required documents. In the event the Investor intends to invest money to the Company’s accounts using his payment card, in accordance with the recommendations of Payment Card Industry Security Standard Council, customer card details are protected using Transport Layer encryption – TLS 1.2 and application layer with algorithm AES and key length 256 bit.

4.3 We may collect such Personal Information from other persons including, for example, fraud prevention agencies, banks, other financial institutions, third authentication service providers and the providers of public registers and such other services that may from time to time be required for Company’s legitimate purposes.

4.4 “Personally identifiable information” (or “Personal Information”) means any information that may be used, either alone or in combination with other information, to personally identify, contact or locate any Customer of the Company (referred to as “User”).

4.5 Personal Information includes, but is not limited to:

  1. First and Last name
  2. ID/Passport numbers
  3. Physical address
  4. Date of Birth
  5. Contact information such as telephone number and email address
  6. Identity and Address verification documents such as passport and ID, utility bills and/or bank statements
  7. Company information, company incorporation documents/certificates/details in case of a corporate account
  8. Financial data such as estimated annual income and net worth, trading experience and investment knowledge including but not limited to investment data.
  9. Payment details and bank account details

4.6 We are required by law to identify you if you are opening a new account or adding a new signatory to an existing account. Anti-money laundering laws require us to sight and record details of certain documents (i.e. photographic and non-photographic documents) in order to meet the standards, set under those laws. Identification documentation, as required under anti-money laundering legislation or other legislation relevant to the services we provide to you, includes, but not limited to (see Account Handling Procedure):

  1. passport;
  2. driver’s license;
  3. national identity card (if applicable);
  4. utility bills;
  5. trust deed;
  6. other information we consider necessary to our functions and activities.

4.7 Where it is necessary to do so, we also collect data regarding the following individuals:

  1. trustees;
  2. partners;
  3. company directors and officers;
  4. officers of co-operatives and associations;
  5. Investor agents; or
  6. individuals dealing with us on a “one-off” basis.

4.8 You have the option of not identifying yourself, or of using a pseudonym, when dealing with us in relation to a particular matter. However, we can only provide you with this option when it is not impracticable for us to do so and when no law requires identification.

4.9 In addition to the above, if you are an existing Investor of SMERemediumCap Limited. and you wish to have online access to view statements and other information relating to your account, we will ask you to provide some information about yourself for security, identification and verification purposes.

How We Collect Your Personal Data

5.1 We may collect (or receive) and process your personal data when:

  1. You contact us, whether through our Website or otherwise (for example, via our online form, by e-mail, post, fax or phone), as we may keep a record of that correspondence. For example, if you submit a complaint, report a problem with our services or our Websites or otherwise liaise with our customer service, technical support or any other department in our company. This includes information provided by you when you update a customer account such as your name, e-mail, country, password, etc.;
  2. We ask you to complete surveys that we use for research purposes, although you do not have to respond to them;
  3. You use and interact with our Website including your device’s manufacturer and model, IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system, web browser, platform, mobile carrier, and your Internet Service Provider. We may collect details of your visits to our Website (including, but not limited to, traffic data, location data, weblogs and other communication data). We do this via email and website cookies, and similar tracking technology built into our Websites. We make cookie policies available on each of our Websites to give you more detailed information on how we use them;
  4. You use your customer account to login to and use our technology and other features and functionalities. Under no circumstances are these details disclosed to any third parties other than those who need to know this information in the context of the services we provide; or
  5. You use social media, including “like” buttons and similar functions made available by social media platforms.

Duties and Responsibilities of the Data Protection Officer

6.1 Main duties, responsibilities and powers of the DPO:

  • Provide advice and guidance to the organisation and its employees on the requirements of the GDPR
  • Monitor the organization’s compliance with the GDPR provisions;
  • Be consulted and provide advice during Data Protection Impact Assessments.
  • Decide if the DPIA is necessary based on the specific conditions.
  • Be the point of contact for data subjects and for cooperating and consulting with national supervisory authorities, such as the Office of the Commissioner for Data Protection.
  • Provide training to employees and awareness of how their duties are connected to the protection of rights of data subjects.
  • to hold a register of all categories of processing activities carried out on behalf of the Company.
  • To create and hold a register of all complaints, responses and results.
  • To create, update and improve regularly the procedures and policies relating to the compliance with GDPR and other local data protection principles and laws.
  • To create a procedure of reporting directly to the Commissioner of Data Protection.
  • To deal and respond to all data subjects’ complaints and be the main contact point for GDPR.
  • DPOs should also take responsibility for carrying out data audits and oversee the implementation of compliance tools.
  • The DPO must be able to act independently, be adequately resourced and be able to report directly to senior management to raise concerns.

6.2 Responsible for all changes, deletion and protection of rights. In the event that Investors’ personal information changes at any given time, Investors are responsible to inform the Company by emailing the Company’s Customer Support at dpo@smerc.cy or the Compliance Officer at compliance@smerc.cy.

Use of Personal Information/Data

7.1 The collection personal Information (not in the public domain or already possessed by us without a duty of confidentiality) which we hold is to be treated by us as confidential and will not be used for any purpose other than in connection with the provision, administration and improvement of our Services to you or the furthering of our Agreement between us, establishing and managing your Investor Account or a relationship between us, reviewing your ongoing needs, enhancing customer service and products, giving you ongoing information or opportunities that we believe may be relevant to you, improving our relationship, anti-money laundering and due diligence checks, for research and statistical purposes and for marketing purposes (according to the Agreement between us and as described in this Privacy Policy), as applicable.

7.2 We will use your personal information for the purposes of providing the services you have requested, for administration and customer services, for credit scoring, for marketing, for research/statistical analysis purposes and to ensure that the content, services and advertising that we offer are tailored to your needs and interests. We may keep your information for a reasonable period for these purposes. We may need to share your information with our service providers and agents for these purposes.

7.3 In assessing your application to open an account, to prevent fraud, to check your identity and to prevent money laundering, we may search the files of credit reference agencies that will record any credit searches on your file.

7.4 In order for the Company to provide, monitor and improve the quality service and security to its Investors, the Company may use the Investors’ personal information/data for one or more of the following purposes:

  1. Verify the identity of Investors;
  2. To maintain Investors’ personal profile;
  3. Assess and improve the products and services provided to Investors;
  4. To such an extent as reasonably required so as to execute Orders and for purposes ancillary to the provision of the Services;
  5. Company’s transmission/execution and post transaction/order services;
  6. Assess and improve Investors’ browsing experience;
  7. Analysis of statistical data which will aid the Company to provide Investors with better suited products and services in the future;
  8. To pass Investors’ personal information/data to third parties for marketing purposes without prior written consent;
  9. To the Company’s professional advisors provided that in each case the relevant professional shall be informed about the confidential nature of such information and commit to the confidentiality herein obligations as well;
  10. To other service providers who create, maintain or process databases (whether electronic or not), offer record keeping services, email transmission services, messaging services or similar services which aim to assist the Company collect, storage, process and use Investor information or get in touch with the Investor or improve the provision of the Services under this Agreement;
  11. To other service providers for statistical purposes in order to improve the Company’s marketing, in such a case the data will be provided in an aggregate form;
  12. To an Affiliate of the Company or any other company in the same group of the Company;
  13. To market research call centers that provide telephone or email surveys with the purpose to improve the services of the Company, in such a case only the contact details the data will be provided;
  14. Inform Investors of additional products, services or promotions relevant to its Investors.

7.5  In regards to point (n) above and should for any reason Investors do not consent to receive information of this nature, the Investor can inform us accordingly by contacting the Company on the contact details provided by the Company on its Terms and Conditions or at the following address: dpo@smerc.cy.

7.6 We may disclose personal data in order to comply with a legal or regulatory obligation.

7.7 We may contact you by mail, telephone, fax, e-mail or other electronic messaging service with offers of services or information that may be of interest to you. By providing us with your fax number, telephone numbers or email address you consent to being contacted by these methods for these purposes.  If you do not wish to receive marketing information from us, you may not subscribe to our marketing services. For marketing emails, you can choose Unsubscribe button to stop receiving emails.

7.8 Any information, which we send to you by email, will not be encrypted. We cannot guarantee confidentiality of emails that you send to us.

7.9 You may ask us to provide you with information about our services or about services offered jointly with or on behalf of other organisations by sending us an email to dpo@smerc.cy.

You have the following Rights:

  1. The right to be informed
  2. The right of access
  3. The right to rectification
  4. The right to erasure
  5. The right to restrict processing
  6. The right to data portability
  7. The right to object
  8. Rights in relation to automated decision making and profiling

Those whose Personal Data we keep, have the right at any time to obtain confirmation of the existence of the same from the Data Controller, to know the content and origin, to check its accuracy or request its integration, deleting, updating, rectification, erasure, anonymisation or blocking of Personal Data processed in violation of law, and to oppose in any case, for legitimate reasons, to their treatment.

To make a request, please contact us, verifying your identity and specifying what information you require. The Company may provide you a form to fill in, in order to process your request. We may charge an administrative fee.

Data controller and Data processor: SMERemediumCap Limited*

We may authorize another natural person, legal person, public administration or any other body, association or organization authorized to process the Personal Data in compliance with this Privacy Policy, on its behalf.

SMERemediumCap Limited does not provide any services to children, nor processes any personal data in relation to children, where ‘children’ are individuals who are under the age of eighteen (18).

Statistical Data

8.1 The Company may, from time to time, combine Investors’ personal information/data with information from other users of the Company’s website in order to create impersonalized statistical data. The Company may provide this statistical data to Third Parties solely for statistical purposes and in an effort to better improve the Company’s marketing campaign and to the extent allowed by the Company’s Terms and Conditions already accepted by the Investors.

8.2 The Company will take all reasonable measures in order to ensure that in no circumstances will Investors be identifiable from this statistical data and consequently for Investors to remain anonymous.

Retention of Personal Data

9.1   In accordance with the Company’s regulatory requirements and as required by Law all Investors’ personal information/data will be required to be kept and retained on record for a minimum period of five (5) years, which will commence on the transmission/execution of a Investor transaction or the date of which the business relationship between both parties is terminated in accordance to the Company’s Terms and Conditions.

Protection and Security of Personal Data

10.1 The Company takes reasonable precautions to protect personal information/data from loss, theft, misuse, unauthorized access or disclosure, alteration, or destruction. The Company employs physical, electronic, and procedural safeguards to protect personal information/data and it does not store personal information/data for longer than necessary for the provision of services or as permitted by law.

10.2 The Company’s datacenter(s) contain both internal and external servers. Access to the Company’s internal server is restricted to authorised personnel (i.e. employees and authorised service providers), servers and locations; our external servers can be accessed via the Internet. Any personal information/data provided by Investors to the Company will be strictly protected under enhanced measures of security, protected against loss, misuse, unauthorized access or disclosure, alteration, or destruction with use various security measures such as encryption during data transmission, strong authentication mechanisms and separation of machines and data to provide secure areas in order to protect Investors’ personal information from unauthorised users and such personal information will be treated as confidential and shared only with the Company and its affiliates and/or authorised service providers and shall not be disclosed to any third parties except, and without notice, in accordance with the provisions of this Policy as well as under any regulatory or legal proceedings.

10.3 The Company also informs all Investors to serve and protect their personal data and advises all Investors to maintain confidentiality and not share with others its usernames and passwords provided by the Company. The Company bears no responsibility for any unlawful or unauthorised use of Investors’ personal information due to the misuse or misplacement of Investors’ access codes (i.e. passwords/credentials), irrespective of the way such use was conducted including without limitation negligent or malicious use.

10.4 We will use reasonable endeavours to implement appropriate policies, rules and technical measures to protect the personal data that we have under our control (having regard to the type and amount of that data) from unauthorised access, improper use or disclosure, unauthorised modification, unlawful destruction or accidental loss. For instance, our security measures include, but are not limited to:

  1. educating our employees as to their obligations with regard to your personal data;
  2. requiring our employees to use passwords and two-factor authentication when accessing our systems;
  3. encrypting data sent from your computer to our systems during internet transactions and Investor access codes transmitted across networks;
  4. employing firewalls, intrusion detection systems and virus scanning tools to protect against unauthorised persons and viruses entering our systems;
  5. using dedicated secure networks or encryption when we transmit electronic data for purposes of outsourcing;
  6. practicing a clean desk policy in all premises occupied by us and our related bodies corporate and providing secure storage for physical records; and
  7. employing physical and electronic means such as alarms, cameras and guards (as required) to protect against unauthorised access to buildings.

10.5 We will ensure that your information will not be disclosed to government institutions or authorities except if required by law (e.g. when requested by regulatory bodies or law enforcement organisations in accordance with applicable legislation).

10.6 Certain services may include social networking, chat room or forum features. When using these features please ensure that you do not submit any personal data that you do not want to be seen, collected or used by other users.

IT Department

11.1 The company requires that all computer equipment is connected to a Firewall, anti-malware software, and automatic updating facilities that are all up to date and meet the corporate minimum business standards acceptable in the financial industry. The company also requires:

  1. deployment of the corporate policy on usernames and passwords, to have a password protected screensaver, and to password protect and encrypt all folders containing confidential corporate information, sensitive personal information, personably identifiable information, and to disable folder and printer sharing.
  2. All notebook computers that carry personal data or are able to connect to systems that store or process personal data, use full-disk encryption.
  3. that notebook computers are physically protected against theft and damage while in transit, in storage or in use and that, in cases of loss or theft.
  4. That the IT departments ensures that all the recent operating system and application security-related patches, fixes and updates have been installed.
  5. Employees to comply with the corporate requirements on the means of connecting to public access points and accessing corporate information.
  6. That all computers and notebooks are protected by an anti-virus and antimalware software.

Changes in Personal Information/Data

12.1 Under the Agreement between us, we have the right to disclose Your Information (including recordings and documents of a confidential nature, card details) in certain circumstances. According to the Agreement between us, Your Information may be disclosed:

  1. Protect the Company’s rights and/or to comply with judicial proceedings and/or court order;
  2. Protect and defend the rights or property of the Company’s website;
  3. Protect the safety of Company’s Investors, all users of the Company’s website and/or the public.
  4. Where required by law or a court order by a competent Court;
  5. Where requested by the Cyprus Securities and Exchange Commission or any other regulatory authority having control or jurisdiction over the Company or the Investor or their associates or in whose territory the Company has Investors;
  6. To relevant authorities to investigate or prevent fraud, money laundering or other illegal activity;
  7. To credit reference and fraud prevention agencies, third authentication service providers, banks and other financial institutions for credit checking, fraud prevention, anti-money laundering purposes, identification or due diligence checks of the Investor. To do so they may check the details the Investor supplied against any particulars on any database (public or otherwise) to which they have access. They may also use Investor details in the future to assist other companies for verification purposes. A record of the search will be retained by the Company;
  8. Where necessary in order for the Company to defend or exercise its legal rights to any court or tribunal or arbitrator or Ombudsman or governmental authority;
  9. At the Investor’s request or with the Investor’s consent;
  10. To successors or assignees or transferees or buyers, with ten Business Days prior Written Notice to the Investor;

Your Rights in Relation to Your Personal Data

13.1 The Company may, from time to time, combine Investors’ personal information/data with information from other users of the Company’s website in order to create impersonalized statistical data. The Company may provide this statistical data to Third Parties solely for statistical purposes and in an effort to better improve the Company’s marketing campaign and to the extent allowed by the Company’s Terms and Conditions already accepted by the Investors.

The Company will take all reasonable measures in order to ensure that in no circumstances will Investors be identifiable from this statistical data and consequently for Investors to remain anonymous.

13.2 Under the General Data Protection Regulation (679/2016), you have the right, in certain circumstances, to obtain personal information you have provided us with (in a structured, commonly used and machine readable format) and to re-use it elsewhere or ask us to transfer this to a third party of your choice.

13.3 Please note that these rights do not apply in all circumstances. You are entitled to:

  1. request access to your personal data (commonly known as a “data subject access request”);
  2. request correction of the personal data that we hold about you;
  3. request erasure of your personal data. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons, which will be notified to you, if applicable, at the time of your request;
  4. object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information, which override your rights and freedoms;
  5. request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
    1. if you want us to establish the data’s accuracy;
    2. where our use of the data is unlawful, but you do not want us to erase it;
    3. where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
    4. you have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it;
  6. request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information (i.e. not to hard copies) which you initially provided consent for us to use or where we used the information to perform a contract with you; and
  7. withdraw consent at any time where we are relying on consent to process your personal data. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent. Please email us at dpo@smerc.cy.

13.4 Please quote your name and address. We should be grateful if you would also provide brief details of the data that you would like a copy of or which you would like to be corrected (this helps us to more readily locate your data).

13.5 We will require proof of your identity before providing you with details of any personal data we may hold about you.

13.6 We try to respond to all legitimate requests within 1 (one) month. Occasionally, it may take us longer than 1 (one) month if your request is particularly complex or you have made a number of requests. In this case, we will notify you within 1 (one) month of the receipt of your request and keep you updated.

13.7 We may charge you a reasonable fee to you when a request is manifestly unfounded, excessive or repetitive, or we receive a request to provide further copies of the same data. Alternatively, we may refuse to comply with your request in these circumstances.

13.8 Not all types of data can be deleted or amended per request of the data subject. SMERemediumCap Limited’s may retain your data, information and documentation based for the period of 5 to 7 years after the termination of employment on the requirements:

  • The Law, as herein prescribed.
  • The Anti-money laundering Directive DΙ144-2007-08 of 2012 or any subsequent amendment or change of this legislation.
  • Inland Revenue Department legislation.
  • Any legislation issued by the Unit for Combating Money Laundering (MOKAS), The Cyprus Securities and Exchange Commission, the Office of the Commission of Data protection in Cyprus or any other legislative or supervisory authority, which may be empowered by Law to supervise us.

Affiliates and Partners

14.1 Investors acknowledge and consent that the Company and its partners, affiliates and/or associates may share information in a manner that is useful and relevant only to do so and in relation to one of the following purposes:

  1. Reasonably required by such affiliate, partner and/or associate of the Company to provide products and services to its Investors,
  2. To offer additional similar products and services that meet Investors’ needs

14.2 Investors may be introduced to the Company by a Business Introducer, in such cases the Business Introducer may have access to Investors’ information and Investors hereby consent to the sharing of information with such Business Introducer.

14.3 The Company may disclose Investors’ personal information to any organisation at the Investors’ request or to any persons acting on behalf of Investors, including Investors’ financial adviser, broker, solicitor or accountant.

14.4 The Company may disclose Investors’ personal information to companies hired by the Company to provide limited services on behalf of the Company, including but not limited to packaging, mailing and delivering purchases, postal mail. The Company will take all reasonable measures to ensure that the said companies will be subject to such personal information/data necessary to deliver the service and are prohibited from using personal information for any other purpose.

Non-Affiliate Third Parties

15.1 The Company may disclose information to non-affiliated third parties where necessary in order to carry out the following internal functions of the Company:

  1. Service providers such as third parties providing internal audit, risk management, accounting or any other services that we may require from time to time;
  2. Use of specialized agencies to help carry out certain internal functions such as account processing, fulfilment, Investor service or other data collection activities relevant to our business.

Warranties

16.1 For any purpose mentioned above (i.e. paragraphs 10, 11 and 12), the use of the shared information is strictly limited to the performance of the services expected and assigned to be undertaken by all third parties, affiliated or non-affiliated with which the Company.

16.2 All third parties, affiliated or non-affiliated are required and shall ensure that:

  1. Their employees are informed of the confidential nature of the personal information/data and that usage of the shared information is strictly limited to the performance of the relevant services expected and assigned to be undertaken on behalf of the Company
  2. Processing of personal information/data is in accordance and in compliance with all relevant legislation, applicable laws and regulation
  3. All third parties, affiliated or non-affiliated agree and consent to indemnify and keep indemnified at their own cost and expense the Company against all costs, claims, damages or expenses incurred by the Company or for which the Company may become liable due to any failure by any third party, affiliated or non-affiliated or their employees to comply with any of their obligations under this Policy as well as with all relevant legislation, applicable laws and regulation.
  4. The Company will not share personal information with third parties which it considers will not provide its Investors with the required level of protection similar to that of its own and in compliance with all relevant legislation, applicable laws and regulation.

Links to Other Websites

17.1 The Company’s website will not be normally linked to other websites. However, in the event they are ensure that at all times you are on the right domain address. This Policy is not applicable to those other sites. The Company recommends and encourages Investors to read, understand and familiarize themselves with the privacy policies (if any) available on these other sites.

17.2 The Company cannot be held responsible or liable for the privacy policies or content of such sites and therefore, has no control over the protection and use of information provided by the Investors on such sites.

17.3 This site may contain hyperlinks to websites owned and operated by third parties. Where this is the case, we urge you to review the equivalent data protection, privacy and cookie policies available on such websites. We do not accept any responsibility or liability for the data protection of privacy practices of third parties in relation to such websites and your use of third-party websites is entirely at your own risk.

Use of Cookies

18.1 The Company may use cookies to assess and improve the performance of the website and its products and services offered to its Investors. Cookies are used by most internet browsers and are small pieces of information which use a unique identification tag and are stored on Investors’ device as a result of Investors using the Company’s website or other services the Company provides to its Investors.

18.2 Investors may be able to refuse to have cookies stored on their device they may be able to change the setting of their browser to refuse all cookies, and/or have their device to notify them each time a cookie is sent to their device. By controlling their cookies in this way may impair the quality of service provided by the Company to its Investors and therefore, it is recommended for Investors to allow cookies on their device to ensure the best possible experience and quality services provided by the Company.

18.3 For more information about cookies, Investors may refer to the Company’s “Cookie Policy” available on the Company’s website.

18.4 SMERemediumCap Limited’s (“SMERemediumCap LIMITED”, “we”, “our”, “us”) website uses cookies.

18.5 What is a cookie?

Cookies are text files containing small amounts of information which are downloaded to your device when you visit a website. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognises that cookie. Cookies are useful because they allow a website to recognise a user’s device.

Cookies do lots of different jobs, like letting you navigate between pages efficiently, remembering your preferences, and generally improve the user experience. They can also help to ensure that adverts you see online are more relevant to you and your interests.

The cookies used on this website have been categorised based on the categories found in the International Chamber of Commerce (“ICC”) REPUBLIC OF CYPRUS Cookie guide. A list of all the cookies used on this website by category is set out below.

18.6 The categories of cookies we use are:

  1. Essential cookies are required for the operation of the Company’s website. These cookies allow Investors to access various secured areas of the Company’s website. Investors by opt to disable these cookies, this may have a negative impact on their browsing experience and in particular, they will not be able to fully access secure areas of the Company’s website.
  2. Analytical/performance cookies are used to recognize, monitor and track the number of visitors, how Investors use the Company’s website and for how long. This helps the Company to improve the way its website works and consequently to improve how the Company provides the Company’s website content to Investors. These cookies are not used to determine the personal identity of Investors.
  3. Functionality cookies are used to allow the Company to remember Investors’ preferences and to recognize when a Investor returns to the Company’s website. This helps the Company to personalize its website content for Investors. For example, these cookies remember Investors’ username and the customization preference previously selected by Investors such as language of region.
  4. Targeting cookies are cookies that record Investors’ visits on Company’s websites, pages visited, and links followed. This information is shared with third parties such as advertising and social media websites for the provision of services such as:
  • Use information about Investors’ visits to target advertising to Investors on other websites
  • Use information about Investors’ visits in order to present Investors with advertisements that might be in Investors’ interest
  • Use information about Investors’ visits for the purposes of matching, audience research and creation of audience segments.

18.7       List of cookies in use on this website:

Cookie Name Purpose
Tracking Customers behaviour on the site
Tracking Customers behaviour on the site
Tracking Customers behaviour on the site
Tracking Customers behaviour on the site

Setting your Cookie Preferences

19.1 You can control how cookies are placed on your device from within your own browser. You can also delete existing cookies from your browser. However, refusing and/or deleting cookies may mean some sections of our site will not work properly.

Contact Investors/Recordings

20.1 The Company may contact Investors by telephone, email or other means of medium for the purpose of offering them further information about the Company’s product and services and/or informing Investors of unique promotional offerings. By registering and providing agreement to the Terms and Conditions of the Company, Investors consent to be contacted in such manner and for such purposes by the Company’s Employees, Affiliates and Partners.

For regulatory and quality assurance purposes any type of communication between the Investors and the Company whether in writing, email or by telephone or other means of medium shall be monitored and recorded by the Company without any prior warning (unless required to do so by the applicable rules and regulations). Investors acknowledge and accept that such recordings are the sole property of the Company. Investors further accept that such recordings constitute conclusive evidence of the Orders/Instructions/Requests or conversations so recorded.

20.2 Any person who wishes not to be contacted further by telephone, email or other means of medium, can inform the Company accordingly by contacting the Company on the contact details provided by the Company on its Terms and Conditions or at the following address: dpo@smerc.cy.

Investors Rights

21.1 Investors have no obligation to provide any of the personal information/data requested by the Company. In this case, the Company reserves the right to reject the opening of an account or to provide Investors with any other services, information or assistance.

21.2 Under the Law, Investors have the right to request any personal information/data the Company holds about the Investors and to inform the Company of any perceived inaccuracy. Investors acknowledge and accept that the Company may a charge fee to cover the associated administrative costs.

21.3 In case any of the Investors’ personal information have changed at any given time or they wish from the Company to delete any personal data, they may do so by informing the Company via email at dpo@smerc.cy. The Company to the extent permitted by law including those cases where the Company is required to hold Investors’ personal data for regulatory and legal purposes for the provision of services and/or maintenance of adequate business records, will proceed with changing or deleting Investors’ personal data in accordance with the instructions received.

Data Protection Impact Assessment (“DPIA”)

22.1 The Company must perform a Data Protection Impact Assessment (‘DPIA’) for any and all new projects and/or new uses of personal data which involve the use of new technologies and the processing involved is likely to result in a high risk to the rights and freedoms of data subjects under the GDPR.

22.2 The Company is responsible for ensuring that the DPIA is carried out. The DPO is responsible for performing necessary checks on personal data to establish the need for conducting a DPIA.

22.3 The Company must also seek the advice of the DPO, where designated and this advice, and the decisions taken by the Company, should be documented within the DPIA. The DPO should also monitor the performance of the DPIA. The Company’s DPO will be responsible for checking appropriate controls are implemented to mitigate any risks identified as part of the DPIA process and subsequent decision to proceed with the processing.

22.4 The Company should document its actions and decisions regarding DPIAs in order to be in a position to prove its compliance with the GDPR.

  1. Identify the need for a DPIA
  2. Describe the information flow
  3. Identify data processing and related risks
  4. Identify solutions to reduce or eliminate these risks
  5. Sign off the outcomes of the DPIA
  6. Integrate data protection solutions into the project

22.5 Why should organisations conduct a DPIA?
The GDPR mandates a DPIA to be conducted where data processing “is likely to result in a high risk to the rights and freedoms of natural persons”. The three primary conditions identified in the GDPR are:

  1. A systematic and extensive evaluation of personal aspects relating to natural persons, which is based on automated processing, including profiling, and on which decisions are based that produce legal effects concerning the natural person or similarly significantly affect the natural person.
  2. Processing of special categories of data or personal data relating to criminal convictions and offences on a large scale.
  3. Systematic monitoring of a publicly accessible area on a large scale.

Examples of personal data processing where a DPIA is likely to be required:

  • A hospital processing its patients’ genetic and health data on its information system.
  • The archiving of pseudonymised sensitive data from research projects or clinical trials.
  • An organisation using an intelligent video analysis system to single out cars and automatically recognise registration plates.
  • An organisation systematically monitoring its employees’ activities, including their workstations and Internet activity.
  • The gathering of public social media data for generating profiles.
  • An institution creating a national-level credit rating or fraud database.

* The WP29 recommends that the following factors, in particular, be considered when determining whether the processing is carried out on a large scale:

  1. the number of data subjects concerned, either as a specific number or as a proportion of the relevant population;
  2. the volume of data and/or the range of different data items being processed;
  3. the duration, or permanence, of the data processing activity;
  4. the geographical extent of the processing activity

Amendment/Review of the Policy

23.1 The Company reserves the right to review and/or amend this Policy at any given time it deems suitable and appropriate without notice to the Investor. The Policy is available for review by Investors upon request and it is uploaded on the Company’s website.

General Information

24.1 For further details with regards to the Company’s Privacy Policy and procedures, Investors may contact the Company’s Support Department at dpo@smerc.cy.

How to Make a GDPR Complaint?

25.1 If you have a complaint about the way in which your personal data is being processed, please email dpo@smerc.cy. In the event that you are not satisfied with our handling of your complaint, you have the right to report your concern to the Data Protection Commissioner at 1, Iasonos Street, 1082 Nicosia, O.Box 23378, 1682 Nicosia Tel: (+357) 22818456, Fax: (+357) 22304565 email: commissioner@dataprotection.gov.cy

Governing Law

26.1 Use of this site shall be governed by the Laws of the Republic Cyprus.

26.2 By accessing the SMERemediumCap Limited (“We” or “us” or “the Company”) website and any pages linked thereto, you the User agree to be bound by the terms and conditions as described above. By continuing to use of this website you are also consenting for the use of cookies.

 

Definitions

  1. ‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
  2.  ‘GDPR’ – General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.
  3. ‘Personally identifiable information’ (or “Personal Information”) means any information that may be used, either alone or in combination with other information, to personally identify, contact or locate any Customer of the Company.
  4.  ‘User’, ‘data subject’, ‘Investor’, ‘customer’ refers to you as the party agreeing to becoming subscribed to the investment services of the company.
  5. ‘We’, ‘NBH’, ‘the company’, ‘controller’ refers to 1.1 SMERemediumCap Limited.
  6.  ‘EMIR’ refers to the European Market Infrastructure Regulation (EU) No 648/2012
  7. ‘MiFIR’ refers to the Markets in Financial Instruments Regulation EU) No 600/2014
  8. “DPIA”          Data Protection Impact Assessment
  9. “DPO” Data Protection Officer
  10. “IT” Information Technology
  11. “WP 29” The Article 29 Working Party