Version 2: Last updated on 30 June, 2020
APS Funds SICAV p.l.c (the “Controller”) having company registration number SV 78 and its registered office at APS Centre, Tower Street, Birkirkara, BKR 4012 is organised as a multi-fund investment company with variable share capital and consists of multiple funds and sub funds (the “Fund”).
Our main contact details are, telephone number: 21226644 and email address: email@example.com
APS Funds SICAV plc has appointed ReAPS Asset Management Limited to act as its Investment Manager. ReAPS Asset Management Limited has appointed APS Bank plc as the Sub-Investment Manager for the Fund. APS Bank plc has also been appointed to act as the Main Distributor of the Fund; other third party investment institutions act as the Distributors.
APS Funds SICAV plc is committed to respecting the privacy of your personal information.
This policy describes the how we process information in support of the provision of our investment products and services as well as other the lawful purposes in accordance with applicable data protection legislation including the General Data Protection Regulation (Regulation 2016/679) (the “GDPR” or “Data Protection Laws”).
I. Definition of personal data
Personal data means any information that identifies you as an individual or that relates to an identifiable individual.
Whenever it is not possible or feasible for us to make use of aggregated and/or anonymised data (in a manner that does not identify you), we are nevertheless committed to protecting your privacy and the security of your personal data. We collect personal data in various ways depending on how you engage with us: (i) digitally via our website www.apsfunds.com.mt and the websites owned by our main distributor APS Bank p.l.c. These include: https://www.apsbank.com.mt/en/apsfunds (when you access this website you will be redirected to www.apsfunds.com.mt) and https://www.apsbank.com.mt/contact-us (collectively “Website/s”) and any other future websites, or (ii) when you choose to provide us with certain data or (iii) in some cases, automatically or from third parties (with permission to share it with us) as well as (iv) non-digitally, for example when you fill in a physical form to benefit from one or more of our product or services.
II. Information we collect
The information we collect depends on the products/services that you are interested in.
Such information may include current and historical information about you including:
• Identification related data e.g. name, contact information, gender, date and place of birth,
country identification documents (photo ID, passport, national ID card);
• Data about your education, profession or work;
• Details of your family members and other relationships, including your marital status;
• Financial Information e.g. history and information collected for investment purposes such as APS Bank account, profile and balance provided for banking and investment purposes such as summary of assets, protection and retirement planning & loans & other credit facilities;
• Due Diligence information (including country of origin, residence, citizenship, source of funds and wealth);
• Other regulatory requirements e.g. country of taxation or foreign tax payer reference and anti-money laundering requirements;
• Market research e.g. information obtained from surveys and focus groups;
• Online identifiers (including IP addresses, cookie and information data generated via your browser) including user login and registration data e.g. login credentials for internet and mobile banking applications, where applicable;
• CCTV and our systems capturing image, video and audio footage (for more information see our CCTV and Telephone Recordings notifications);
• Any other information provided during our interaction whether face-to-face, online, by phone, email or otherwise.
The collection of your personal information such as your Identification and Due Diligence related data can occur during our customer suitability and due diligence process, at the opening of administration of your investment/potential investments stage or in response to additional information on a particular product/service in line with relevant laws and regulations. If you do not provide us with the personal information required we may not be able to process or assess your application to provide you with our products and services.
Personal information is in most instances collected directly from you. You are responsible for making sure the information you give us is accurate and up to date and inform us of any changes as soon as possible.
We may also collect information about you from publicly available sources such as, but not
limited to information from credit rating agencies such as Credit Info, the Electoral Register, other public data sources and other databases provided by third party providers.
We may use this information to keep your data up to date on our databases and to verify information we collect. We may also use this information for profiling and marketing purposes, please see our ‘Direct Marketing, Profiling and Market Research’ section. Moreover, this information may be used to comply with our internal policies and legal obligation including amongst others the prevention and detection of financial crime, money laundering and funding of terrorism.
III. The purpose of handling your personal information
We will only process the personal information collected from you or from external
sources when we have a lawful basis to process your personal information, in line with the GDPR.
We will process your personal information for the following purposes and lawful reasons:
• When we need to process your personal information to enter into or administer a contractual agreement we have with you, for example, to provide you with the appropriate products and services, to administer and manage your investments, maintain an up-to-date shareholder register, communicate with you by providing you with necessary notices, and process your transactions and instructions and communicate our policies and terms;
• When we need to process your personal information to comply with our legal obligations, such as, to monitor the use of your investment holding, carry out customer due diligence and screening in line with our internal policies, legal responsibilities including the prevention or detection of financial crime and for audit purposes;
• When processing of your personal information is necessary for the performance of a task carried out in the public interest such as the prevention and detection of financial crime.
• When we have your consent to process your personal information for a specific purpose, for example, we will ask for your consent to send you direct marketing material if you are not an existing customer of APS Funds SICAV.
When we need to pursue our legitimate interest, such as:
• in the defence and protection of our legal rights and interests;
• to manage our relationship with you and for product and business development to improve our product range and customer offerings;
• to provide you with information on our products and services we think may be relevant for you (unless you tell us otherwise, to request to opt-out of direct marketing kindly see‘Request to Opt-Out/Object’ and ‘Contact Us’ subsections below);
• to undertake risk management;
• to undertake due diligence to determine your eligibility and suitability to our products and services;
• for customer profiling and data analytical purposes (unless you tell us otherwise, to request to object to personal data profiling (where applicable), please see ‘Request to Opt-Out/Object’ and ‘Contact Us’ subsections below);
We use various measures to keep your information safe and secure and require our designated third parties to protect information and apply appropriate safeguards for the use and transfer of information.
Direct Marketing, Profiling and Market Research
Personal information is processed in the context of marketing, product and customer profiling, data analysis and market research. This processing forms the basis for marketing, product and business development to improve our product range and customer offerings. For this purpose we and/or our Main Distributor, APS Bank plc may contact you for example via email or telephone to participate in online surveys and focus groups. We and/or APS Bank may also use your personal data to send you personal material and notifications by post, email, telephone, text messages and via the internet and mobile banking facilities.
Research, Product and Business Development
We will be using your personal information (based on the information you provide to us and through your interactions through the bank’s services/products) for research purposes, such as evaluating customer experience and quality checks and identifying how we can improve our services and products, prioritising our product features and improving product designs through analysis in terms of preferences and customers’ need, including price sensitivity amongst other parameters.
For this purpose we and APS Bank may contact you physically or digitally for example via email, telephone or in person to participate in online surveys and focus groups.
We and our Main Distributor, APS Bank plc may also use your personal data to send you direct marketing material and notifications by post, email, telephone, text messages, and via the bank’s internet and mobile banking facilities as well as online channels.
Marketing communications includes communications and materials on savings, current, term deposits and other bank accounts, loans and overdrafts, investment opportunities, debit cards, mortgages, insurance intermediation, pensions as well as any future offerings.
Our Research, Product and Business Development also helps us evaluate creative campaigns to ensure that communication is relevant, customised and tailored to what may be of interest to you and customers.
We may also send you communications including newsletters and emails about general financial matters and other non-financial services.
Third Party Marketing
APS Bank as explained, typically acts as our Main Distributor and Sub-Investment Manager however in some situations it may be deemed to be a separate third party entity.
In such circumstances, where we have the necessary permission to do so we and APS Bank may also send Direct Marketing material relating to APS Bank’s products and services.
Customer Profiling and Data Analysis
Main Distributor, APS Bank plc uses data to analyse product performances, trends and to carry out customer segmentation and targeted marketing based on data that is generated by the customer through the us and APS Bank’s services/products and typical profiles, for example we typically utilise anonymised personal data, and use analytics to indicate parameters such as age, gender, marital status, residency, loan amount, income by salary bracket and investments in particular securities, however where profiling is on a personal basis we will get your permission to do so.
We may analyse this information to send you tailored marketing communications.
Investment Customer’s Personal Data Profiling
Main Distributor, APS Bank plc (for APS Funds SICAV) may review your Financial Information and assets from time to time to determine interest to investment products for Direct Marketing purposes, where profiling is on a personal basis we will get your permission to do so.
Online & Social Media Advertising
We and Main Distributor, APS Bank plc make use of social media platforms, such as Facebook, Instagram and Google Search, so as to promote our products by for example, through paid for advertising, banners, displays, posts. We do not send your personal data to social media, please also see our ‘Cookies and other tracking technologies’ section.
Request to Opt-Out/Object
If you wish to object to personal data profiling (where applicable), do not want to receive any marketing communication or participate in market research, as well as indicating your preferences within SICAV’s application forms, you can opt out by contacting us via post (APS Funds SICAV plc, APS Centre, Tower Street, Birkirkara, BKR 4012 Malta) or send an email to: firstname.lastname@example.org.
Appropriateness Test and Suitability Testing
Our Main Distributor, APS Bank plc and Distributors may need to conduct an Appropriateness Test or a Suitability Test in order to be able to assess the relative appropriateness or suitability of the product with your needs. As a result these Distributors will input a set of data relating to your financial background, investment knowledge and experience and score the result based on data inputted. This is not an automated decision making process.
IV. Disclosing your personal information to Third Parties
We may share your personal information with others where lawful to do so in the following instances:
• During the provision of products and services and to fulfil our contractual obligations we may share your personal information with other companies to provide you with the products or services you require, such as to transfer funds to/from your beneficiaries/originators, joint account holders, attorneys appointed through a power of attorney, fund managers, custodians and administrators, curators or executors, trustees, intermediaries, correspondent/agent banks, payment service providers, clearing houses, clearing or settlement systems;
• With our associated companies, such as Investment Manager and Sub-Investment Manager, Custodian, Global Custodian including but not limited to, Main Distributor and Distributors and Administrators, service providers and specific subcontractors who assist us in the provision of your products and services, for example, our Main Distributor facilitates investment meetings, administering application forms, liaison between the entities, and we and APS Bank may from time to time send marketing material (when there is permission to do so). APS Bank as explained, typically acts as our Main Distributor and Sub-Investment Manager however in some situations it may be deemed to be a separate third party entity.
• To correspond with lawyers, and other third parties as required during the administration of accounts;
• With regulators, auditors, law courts, Central Bank of Malta, credit rating and fraud prevention agencies and other authorities as required for us to comply with our legal obligations and for reporting, compliance, auditing purposes;
• With third party marketing and printing companies for the purpose of carrying out surveys or publishing promotional material on our behalf;
• Other parties in connection with litigation or asserting or defending legal rights and interests;
• With IT service providers, vendors including cloud, website and security service providers who are contracted by us to provide digital products and solutions and carry out technical, support and maintenance on the data on our systems. When sharing your personal information we will ensure that we adhere to applicable law and regulations.
V. Transferring your personal information outside the European Economic Area (‘EEA’)
For the purpose of providing you with our products or services, to fulfil our legal obligations, to protect the public interest or for our legitimate interest we may be required to transfer your personal information to so called third countries i.e. countries outside the EEA. Such transfers can be made if any of the following conditions apply:
(i) the EU Commission has determined that there is an adequate level of protection in the country in question; or
(ii) other appropriate safeguards have been taken such as the use of standard contractual clauses approved by the EU Commission or the data processor has valid binding corporate rules in place, or
(iii) in exceptional circumstances such as to fulfil a contract with you or subject to your consent to a specific transfer
VI. Retaining your personal data
We will retain your personal information for as long as required for the purposes for which your data was collected and processed or required by laws and regulations. This means that we will keep your data in line with our retention policies which take into account our business, administrative, legal and other regulatory retention requirements.
VII. Your privacy rights
You as a data subject have rights in respect of personal data we hold on you. These rights include (as applicable):
• Accessing personal information APS Funds SICAV holds about you and the information related to its processing;
• Requesting the rectification of data if it is incomplete or inaccurate;
• Requesting the erasure of data unless we are required to retain such data;
• Requesting the withdrawal of your consent for a specific processing activity;
• Receiving in a structured, widely-used format, the personal information related to you which you have provided to APS Bank and transfer them to another controller where technically possible (data portability);
• Objecting or restricting the processing of personal data in instances such as direct marketing and profiling;
All of the above requests may be forwarded, if applicable to third party processors involved in the processing of your personal data as previously listed.
You can exercise the above rights through a written communication as per details provided in ‘Request to Opt-Out/Object’ as well as in ‘Contact Us’ subsections.
You may also file a claim with the Data Protection Authority, the Information and Data Protection Commissioner’s Office (https://idpc.org.mt) or to the respective data protection regulator in your country particularly when you consider that the exercise of your rights has not been achieved satisfactorily.
VIII. Security Measures
We take a number of security initiatives to online security as described as follows:
The personal information which we may process (and/or transfer to any authorised third party, external/third party service providers, subcontractors as the case may be) will be held securely in accordance with our internal security policy, procedures and the law.
To meet appropriate security standards we use all our reasonable efforts to safeguard the confidentiality, integrity, as well as the availability of our IT systems as well as personal data that we may process relating to you and regularly review and enhance our technical, physical and managerial procedures so as to ensure that your personal data is protected from:
-improper use or disclosure
-unlawful destruction or accidental loss.
To this end we have implemented security policies, rules and technical and organisational measures to protect the personal data that we may have under our control. This protection shall follow a defence in depth strategy through continuous investment in technology, processes and other resources in line with industry practices. The Bank shall enshrine a risk culture in its operations and across personnel and foster a continuous training programme for all its employees complemented by customer awareness on topical matters.
All our employees and data processors are further obliged (under contract or equivalent) to respect the confidentiality of your personal data as well as other obligations as imposed by the Data Protection Laws.
Despite all the above measures, we cannot guarantee that a data transmission or a storage system can ever be entirely secure and we are not responsible for matters outside our control.
Our authorised third party legal processors and other Third Parties (kindly see ‘Disclosing your personal information to Third Parties’ section) with permitted access to your information are required to apply appropriate technical and organisational security measures that may be necessary to safeguard the personal data being processed from unauthorised or accidental disclosure, loss or destruction and from any unlawful forms of processing.
As stated above, where the said service providers are our data processors, they are also bound by a number of other obligations in line with the Data Protection Laws (particularly, Article 28 of the GDPR).
We require our customers to always be vigilant and observe standard information security precautions such as attackers or fraudsters may try to obtain Banking information by impersonating individuals from the Bank, the Police or other companies that you may trust, so:
- Never disclose your Online Banking Pin or password, CVV, security questions and answers, account numbers, personal information and other confidential account data to anyone over any channel such as phone, email, social media, even if a caller claims to be from your bank or the police
- Never disclose your hardware and software token codes, Mobile App Secure passcode, online one time password or activation codes to anyone
- Never transfer money from your account, either online or in a branch after being instructed to do so without checking via trusted source
- Never allow someone to take control of your computer or other devices if you receive a call or message that you aren’t expecting
- Never assume that a mobile, phone call, email, social media messaging or sms is genuine. Prior to carrying out any operation, transfer etc. always check via a trusted source.
The following are a few security tips to protect yourself online and the security of your account information, in tandem to other security measures that you might wish to further take:
Enhance the security of your account
- Use secure email Message Hub either using the myAPS Mobile Banking, Internet Banking or Secure eMail to send email containing account information or questions
- Change your password periodically. Choose a password that is difficult to guess
- Be Aware of Phishing and Scams
- Keep Your Operating System Up-to-Date
- Keep Your Software Up-to-Date
- Keep Your Web Browser Up-to-Date
- Use Anti-Malware Software
- Secure Your Wireless Connection
- Prevent Spyware
- Use a Firewall
- Set different Login credentials for Banking and other sites such as social media, e-commerce
- Take the time to regularly monitor your bank account statement
- Do not allow anyone else to use your card, online banking logins, account data or personal information
- If you are shopping online, be sure the website you are visiting is secure (indicated by https:// or A padlock icon,) and has a valid digital certificate before you enter your card number and login details
It is important that you take all necessary precautions to protect your personal data, alongside this, for updated information on Security and Tips, FAQs and Security Guidelines kindly refer to https://www.apsbank.com.mt/security-tips
Please note that we will never send you an email or message or sms or call you to ask you for or to verify your banking login details, passwords, account numbers and information, PINs or to click on a link to activate or unblock your account. If you receive an email or text message with this request, please take responsibility to delete the message and DO NOT enter the information or click on the link. If you believe there has been an unauthorised transaction in your account or you believe the security of your password has been compromised or if you have responded to any suspicious communication such as giving our your account or online log-in details, please contact us on 21226644 or email: email@example.com immediately.
IX. Cookies and other tracking technologies
We and APS Bank plc, collect information about your usage and activity on our sites using certain technologies such as cookies and other technologies to operate our websites, provide a secure online environment, provide an enhanced online experience, track our website performance and make our website content more relevant to you. Some cookies also provide us and social media with insights into any online marketing campaign that we might be running.
XI. Contacting Us or the Data Protection Authority
Data Protection Authority
You can also lodge a complaint or contact the Data Protection Authority in any of the countries where we provide services or products to you.