Last updated: 21 February 2023
This Privacy Notice is issued by Apex Corporate Services S.A. (“Apex ACS”).
1. Who are Apex?
Apex ACS principally offers management, domiciliation and/or corporate services. Apex ACS are wholly owned subsidiaries of Apex Group Limited (Apex ACS and other subsidiaries of Apex Group Limited together “Apex Group”).
2. Apex in Luxembourg
Apex ACS offers a range of primarily regulated services in Luxembourg; such companies being licensed for the provision of “management and domiciliation” and/or “corporate services business” by the Luxembourg Financial Sector Supervisory Commission (“CSSF”). (collectively, the “Services”).
3. What is this Privacy Notice?
During the normal course of business and to deliver the Services, Apex ACS collects from various individuals (“Data Subjects”), personal information from which the relevant Data Subject(s) can be indirectly or directly identified (“Personal Data”).
Apex ACS is wholeheartedly committed to safeguarding the Personal Data, the privacy of Data Subjects and in satisfying certain obligations Apex ACS has under the relevant Data Protection legislation. This notice is intended to provide notice to relevant Data Subjects of how Apex ACS use, collect and safeguard Personal Data and other information in connection with the Services.
4 What personal information do we collect?
Depending on the Services being provided, Apex ACS may collect, hold and otherwise process the following personal information or Personal Data in electronic and/or hard copy written form:
- Contact details (including names, relevant correspondence and other postal addresses, email addresses and telephone numbers);
- Information to meet legal and regulatory requirements including in particular “know your client” due diligence information on individuals to meet ant-money laundering legislation, sources of wealth and source of funds;
- Copies of any individual’s legal and/or tax advice and/or personal tax classification details and unique identifiers as may be provided to us, to enable us to provide our Services;
- Bank account details or other payment or financial information provided to us;
- Information regarding an individual’s personal circumstances, including employment status and history, salary details, business interests, property or other assets, or other information about you which we require to provide you with particular aspects of our Services;
- In certain, limited circumstances (primarily where Apex ACS acts as trustee of a trust and has a legitimate interest in knowing such information) we may collect personal information concerning the health of individuals; and/or certain personal data relating to children (for example where, for example, such children may have a vested or beneficial interest in any company or trust arrangement within the Services); and
- Records of any correspondence received by us, or file notes of any telephone call you may have with us.
In addition, specifically with regards to the Apex Group website, Apex Group may automatically collect technical information (including anonymous data collected by the hosting server for statistical purposes, the Internet protocol (IP) address used to connect your computer or device to the internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform) for any individual accessing such service.
Further information regarding the data collected in this regard is available in the Apex Privacy Notice on Apex website (https://apexgroup.com/privacy-policy/).
5. How do we collect your personal information/personal data?
Personal information collected may be received directly from the individual in question or be received from a third party. For example, Apex ACS may receive personal information from a client or their advisers regarding such client’s directors / beneficial owners. Certain information may from time to time also be received from other parts of Apex Group, to the extent services are also being provided from Apex outside of Jersey.
6. Why do we collect your information?
Principally, Apex ACS collects and otherwise processes personal information for Data Subjects in the fulfilment of and provision of the Services or to carry out marketing activities. Certain personal information and/or Personal Data is required to be collected because Apex ACS is required to do so by law and regulations (for example to meet anti-money laundering requirements, tax exchange information requirements and other statutory/ regulatory obligations).
Separately from the above, Apex ACS may also collect personal information as a result of general or specific instructions from clients (to whom we directly provide company, trustee, partnership, funds, custody and/ or other services), for example where the collection and holding of such personal data is necessary or otherwise consequential to the ongoing administration of its client entities or as a result of some transaction which requires it.
7. How we use your personal information?
We will use the information we hold about you for the following purposes:
In connection with an Apex ACS contract for Services
Where necessary for Apex ACS to comply with a legal obligation
Where Apex ACS has a legitimate interest in using such information
Where you have consented to holding such information
8. Who we share personal information/personal data with?
We will only disclose your personal information in accordance with applicable laws and regulations. We will disclose your information to the following third parties:
- To a client entity in which you have a direct or indirect interest and/or such client’s subsidiaries, holding company and or other associated counterparties of such client entity where such disclosure is necessary for us to perform our Services or we are otherwise required to share such information with such persons;
- Any person with legal or regulatory power over us (such as the CNPD, the office of the data protection commissioner, the CSSF, the CRF, the financial intelligence unit in Luxembourg, or any relevant Tax Authority) who may require disclosure on legal grounds;
- Service providers engaged by us to help us run our business and perform the Services. Such service providers may for include, for example, cloud storage providers (engaged by us to provide electronic board packs, or other storage facilities for our business data and your information);
- Any member of Apex ACS and where applicable any other member of Apex Group who is involved in (or expected to be involved in) the provision of Services to our clients.
Some of these third parties (including certain Apex Group subsidiaries and service providers) may be outside of the European Economic Area (EEA), the Channel Islands or other territories determined by the EU to have adequate protection for the protection of personal data. If we transfer your information in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this privacy notice. Such steps include imposing contractual obligations on the recipient of your personal information or ensuring that the recipients are subscribed to ‘international frameworks’ that aim to ensure adequate protection. Transfers within the Apex Group will be covered by an agreement entered into by members of the Apex Group (an intra-group agreement) which contractually obliges each member to ensure that your Personal Data receives an appropriate level of protection wherever it is transferred within the Apex Group.
9. How do we keep your personal information/personal data secure?
Apex ACS takes information security very seriously and therefore takes appropriate measures to protect such information from unauthorised theft, damage or access. Apex Group has an information and cyber security policy which outlines the measures which will be taken to safeguard the availability, integrity and security of data which is aligned to ISO27001.
10. How long will we store your information for?
We generally expect to hold personal data on our systems for as long is necessary to provide the Services and ordinarily for 10 years after the termination thereof, in order to allow us to refer to your information in correspondence with you, or in connection with any ongoing or subsequent relevant matters (e.g. legal or regulatory proceedings).
11. Your rights
You have the following rights in relation to how we use your information. If you’d like to exercise these rights, please contact us using the contact details listed at section 13 “Who can you speak to at Apex ACS about this notice/protecting my information?”
Right to lodge a complaint - You have a right to complain to the CNPD at any time if you object to the way in which we use your personal information. More information can be found on the CNPD’s website: https://cnpd.public.lu/en.html
Right of access - You have the right to know if we are using your information and, if so, the right to access it and information about how we are using it. There will not usually be a charge for dealing with these requests. Your personal information will usually be provided to you in writing, unless otherwise requested. Where you have made the request by electronic means the information will be provided to you by electronic means where possible.
Right of rectification - We take reasonable steps to ensure that the personal information we hold about you is accurate and complete. However, if you do not believe this is the case you have the right to require us to rectify any errors in the information we hold about you.
Right to erasure - you have the right to require us to delete your information if our continued use is not justified. However, this will need to be balanced against other factors, depending upon the type of personal information we hold about you and why we have collected it, there may be some legal and regulatory obligations which mean we cannot comply with your request.
Right to restrict processing - in some circumstances, although you may not be entitled to require us to erase your information but may be entitled to limit the purposes for which we can use your information.
Right of data portability - you have the right to require us to provide you with a copy of the personal information that you have supplied to us in a commonly used machine-readable format or to transfer your information directly to another controller (e.g. a third party offering services competing with ours). Once transferred, the other party will be responsible for looking after your personal information.
Right to object to direct marketing - You can ask us to stop sending you marketing messages at any time. Please see below.
Right not to be subject to automated-decision making - Apex do not make decisions about you using automated decision making or profiling of your personal data.
Right to withdraw consent - For certain limited uses of your personal information, we may ask for your consent. Where we do this, you have the right to withdraw your consent to further use of your personal information. If you withdraw your consent, we may not be able to provide certain products and services to you. If this is the case, we’ll tell you at the time you ask to withdraw your consent.
In some circumstances exercising some of these rights will mean we are unable to continue providing you with your investment or maintaining a business relationship with you.
You can make any of the requests set out above using the contact details in this Privacy Notice. Please note that in some cases we may not be able to comply with your request for reasons such as our own obligations to comply with other legal or regulatory requirements. We will always respond to any request you make and if we can't comply with your request, we will tell you why.
Marketing - We respect your privacy and to the extent we carry out any direct marketing activities we will carry these out in accordance with applicable laws and guidance.
We may contact you with marketing information by post or by telephone or with targeted advertising delivered online through social media and platforms operated by other companies, unless and until you object.
If you are a corporate entity and have engaged us for Services, we may also contact you with marketing information by email or other electronic means unless and until you object. If you are an individual or a member of an unincorporated entity (and except where the following paragraph applies) we will only contact you by email or electronic means with marketing information where you have given us your consent.
Where we have obtained your email address in connection with our contract with you for any Services, or where you have made a positive enquiry about any of our services, we may also contact you with marketing information about similar services by email or other electronic means unless and until you object.
From time to time, we may ask you to refresh your marketing preferences by asking you to confirm that you consent to continue receiving marketing information from us.
You have the right to opt-out of our use of your personal information to provide marketing to you by informing us (if we call you by telephone), or by clicking the “unsubscribe link” on any marketing email that we send to you, or by contacting us as set out in Section 13 below. Alternatively, you can make a direct request to unsubscribe by emailing the following address: email@example.com.
12. Changes to this privacy notice
We will update this privacy notice when necessary to reflect changes in the law, our used practices and in our services, as well as to ensure it is accurate and up to date. When we make an update we will amend the date at the top of this notice, you are therefore advised to check this privacy notice periodically. We may also notify you in other ways from time to time about the processing of your personal information.
13 Who can you speak to at Apex ACS about this privacy notice and/or protecting my personal information/personal data?
In order to satisfy its obligations to you and to fulfil the relevant legal and regulatory obligations with respect to the processing of Personal Data, Apex ACShas appointed a Data Protection Officer.
Questions, comments and the exercise of your rights regarding this privacy notice and your information are welcomed and can be addressed to the Data Protection Officer by email at firstname.lastname@example.org or by post to 68-70, Boulevard de la Pétrusse, L-2320 Luxembourg.
If you wish to make a complaint on how we have handled your personal information, you can contact the Apex ACS Data Protection Officer directly using the above details. If you are not satisfied with our response, or believe we are processing your personal information not in accordance with the law, you can complain to the supervisory authority in Luxembourg responsible for the implementation and enforcement data protection law (the Commission Nationale pour la Protection des Données (the “CNPD”) whose website address is https://cnpd.public.lu/en.html. You have the right to complain to the CNPD about our collection and use of your information.