You have provided or may need to provide Personal Data to us by virtue of requesting information about Moonfare, becoming a Moonfare client, using the Moonfare platform available at https://www.moonfare.com or any of its subdomains (the “Platform”), including by simply viewing content on it, or otherwise interacting with Moonfare. The Platform is part of your agreement with Moonfare GmbH and, as applicable, Moonfare affiliates such as Moonfare Asia Ltd., Moonfare UK Ltd., Moonfare Singapore Pte. Ltd., Moonfare USA Securities LLC (collectively, “Moonfare”) as well as any fund vehicle (each, a “Fund”) you may choose to invest in via the Platform.
We want you to understand how and why we use, store and otherwise process your Personal Data when you interact with us or our relevant affiliates. This policy also applies to explain any privacy rights you may have with respect to your Personal Data, which may vary depending on where you are located.
For example, certain privacy rights may apply to the extent that EU, UK, Hong Kong, Singapore, U.S. or other privacy or data protection legislation applies to our processing of your Personal Data or to the extent you are located in those jurisdictions.
“Personal Data” has the meaning given in the relevant applicable privacy or data protection legislation, as the context may require, and includes any data or information relating to an identifiable individual (such as name, address, date of birth or economic information) or which may identify an individual from other information which an organisation is likely to have access.
When you provide (or have provided) us with your Personal Data, Moonfare acts as:
In simple terms, this means that:
The types of Personal Data we process, hold and share depends on the product or service you have with us and the nature of your investment, including to comply with anti-money laundering and know your customer laws. This can include or be related to:
The Personal Data collected about you will help us provide you with a better service and facilitate our business relationship.
We collect, and have collected, Personal Data about you from a number of sources, including from you directly:
Personal Data that you give us:
Personal Data we obtain from others:
We may collect, process, use or disclose your Personal Data for the following reasons or purposes:
It is necessary to take steps at your request prior to entering into a contract and to perform our contractual obligations with you to:
2. Compliance with law
It is necessary for compliance with an applicable legal or regulatory obligation to which we are subject to:
3. Our legitimate interest
For our legitimate interests or those of a third party to:
In any case, our legitimate interest remains proportionate and we verify according to a balancing test that your interests or fundamental rights are preserved. Should you wish to obtain more information about such balancing test, please contact us using the contact details provided below.
4. Your consent
We rely on explicit consent to enhance your user experience on the Platform to:
Monitoring as described at (3) above
We monitor communications where the law requires us to do so. We will also monitor where we are required to do so to comply with our regulatory rules and practices and, where we are permitted to do so, to protect our business and the security of our systems.
Your Personal Data will be shared with:
1. Moonfare fund operations, legal & compliance, finance, and account services teams
We share your Personal Data as described above with certain Moonfare team members and related parties. This is for:
2. Administrator, Fund Manager, Investment Advisor, Professional partners such as private banks or family offices of whom you may be a client
3. Tax authorities and local regulators
4. Service providers, including IT providers, security services providers and financial services administrators
5. Our lawyers, auditors and other professional advisors
6. In certain circumstances, we will share some or all of your Personal Data with:
Opting out of sharing creditworthiness information with affiliates
Moonfare may share your information about your creditworthiness with our affiliates. You may opt out of such disclosures by contacting us at [email protected]. We will process your request within a reasonable time after receipt.
Where we collect Personal Data from you, we will indicate if:
Some of the Personal Data we request, or have requested, is necessary for us to perform our contract with you and/or to comply with our legal obligations, and if you do not wish to provide us with this Personal Data, it will affect our ability to provide our services to you and manage your investment.
We intend to use your Personal Data in direct marketing, however we may not do so unless we have received your consent (which includes an indication of no objection) for such purposes. In this respect, please note that:
(i) your name, contact details, product information, financial background, and demographic data held by us may be used by us in direct marketing from time to time;
(ii) the following classes of services, products and subjects may be marketed: financial, investment, and related services and products;
(iii) the above services, products, and subjects may be provided by or solicited by Moonfare and/or third party financial institutions with whom Moonfare contracts, including financial service providers, such as banks, securities contractors, and investment contractors;
(iv) in addition to marketing the above services, products and subjects itself, we also intend to provide the data described in (i) above to all or any of the persons described in paragraph (iii) above for use by them in marketing those services, products and subjects, and we require your written consent (which includes an indication of no objection) for such purpose;
(v) in connection with (iv) above, we may receive money or other property in return for providing the data to the persons described in (iii) above for use by them in direct marketing (including revenue / benefit sharing arrangements between us and such persons).
If you do not wish Moonfare to use or provide to other persons your Personal Data for use in direct marketing as described above, you may exercise your right to opt-out, without charge, by notifying us through the contact information provided below.
We will transfer your Personal Data to our group members, members of Moonfare’s partnership and related parties, and to third party service providers in countries or territories outside of the EEA or outside of Hong Kong or outside of Singapore, which may not have similarly strict data protection and privacy laws, and you agree to such transfer outside of the EEA, Hong Kong or Singapore.
Where we transfer Personal Data to other members of our group, or our service providers, we have put in place data transfer agreements and safeguards using European Commission approved terms.
Where we transfer Personal Data collected in Singapore to other members of the group, members of Moonfare’s partnership and related parties and third party service providers in countries or territories outside of Singapore, we will take steps to ensure that the recipients are bound by legally enforceable obligations to provide the transferred Personal Data a standard of protection that is at least comparable to the protection required under Singapore laws.
Please contact us if you would like to know more about these agreements or receive a copy of them. Please see below for our contact details.
With the exception of the limited instances described above, we do not generally rely
on obtaining your consent to process your Personal Data.
If we do, you have the right to withdraw this consent at any time.Please contact us or send us an email at [email protected] at any time if you wish to do so.
We keep your Personal Data for as long as it is required by us for our legitimate business purposes, to perform our contractual obligations, or where such longer period as is required by law or regulatory obligations which apply to us.
As a general principle, we do not retain your Personal Data for longer than we need it.
We will usually delete your Personal Data (at the latest) after you cease to be an investor in any Fund and if there is no longer any legal or regulatory requirement or business purpose for retaining your Personal Data.
We will not take decisions producing legal effects concerning you, or otherwise significantly affecting you, based solely on automated processing of Personal Data, unless we have considered the proposed processing in a particular case and concluded in writing that it meets the requirements of EU data protection legislation and other applicable laws.
You have certain data protection rights, including:
If you have a relationship with Moonfare GmbH, you also have the right in some circumstances to request for us to “port” your Personal Data in respect of such relationship in a portable, re-usable format to other organisations (where this is possible).
You furthermore have the right to lodge a complaint with a supervisory authority.
If you are located in the EU we would also like to explicitly note your right to object to processing of your Personal Data, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6 para 1f GDPR (data processing based on balancing of interests) according to Art 21 GDPR.
Please contact us through the methods outlined at “Contact us” below in relation to the requests above.
By using the website, you’re agreeing to our data collection policy as described below. If you want to update your preferences, you can do so by clicking “Website Data Collection Preferences” at the bottom of this page.
How do we collect data on our website?
Cookies are small text files that store Internet settings from the websites you visit. They are widely used to make website features work, operate more efficiently, or improve your experience on the Platform.
Cookies are also used to remember your preferences or personalize the content so that it is more relevant to you.
The table below outlines how we use this data by category.
Personal Data is collected for the following purposes and using the following services:
Analytics services enable the owner to monitor and analyze web traffic and can be used to keep track of user behavior. These services include:
Heat Mapping and Session Recording:
Heat mapping services are used to display the areas of a page where users most frequently move the mouse or click. This shows where the points of interest are. These services make it possible to monitor and analyze web traffic and keep track of user behavior. These services may record sessions and make them available for later visual playback. These services include:
Interaction with Online Survey Platforms:
This type of service allows users to interact with third-party online survey platforms directly from the pages of moonfare.com. If one of these services is installed, it may collect browsing and usage data in the pages where it is installed, even if the users do not actively use the service. These services include:
Platform Services and Hosting:
These services have the purpose of hosting and running key components of moonfare.com, therefore allowing the provision of moonfare.com from within a unified platform. Such platforms provide a wide range of tools to the owner – e.g. analytics, user registration, commenting, database management, e-commerce, payment processing – that imply the collection and handling of Personal Data. Some of these services work through geographically distributed servers, making it difficult to determine the actual location where the Personal Data are stored. These services include:
This type of service helps the owner to manage the tags or scripts needed
on moonfare.com in a centralized fashion. This results in the users’ data flowing through these services, potentially resulting in the retention of this data. These services include:
Displaying Content from External Platforms:
This type of service allows you to view content hosted on external platforms directly from the pages of moonfare.com and interact with them. This type of service might still collect web traffic data for the pages where the service is installed, even when users do not use it. These services include:
Interaction with Data Collection Platforms and Other Third Parties:
This type of service allows users to interact with data collection platforms or other services directly from the pages of moonfare.com for the purpose of saving and reusing data. If one of these services is installed, it may collect browsing and usage data in the pages where it is installed, even if the users do not actively use the service. These services include:
Managing Data Collection and Online Surveys:
This type of service allows moonfare.com to manage the creation, deployment, administration, distribution and analysis of online forms and surveys in order to collect, save and reuse data from any responding users. The Personal Data collected depend on the information asked and provided by the users in the corresponding online form. These services may be integrated with a wide range of third-party services to enable
the owner to take subsequent steps with the data processed – e.g. managing contacts, sending messages, analytics, advertising and payment processing. These services include:
Registration and Authentication:
By registering or authenticating, users allow moonfare.com to identify them and give them access to dedicated services. Depending on what is described below, third parties may provide registration and authentication services. In this case, moonfare.com will be able to access some data, stored by these third-party services, for registration or identification purposes. Some of the services listed below may also collect Personal Data for targeting and profiling purposes; to find out more, please refer to the description of each service. These services include:
User Database Management:
This type of service allows the owner to build user profiles by starting from an email address, a personal name, or other information that the user provides to moonfare.com, as well as to track user activities through analytics features. This Personal Data may also be matched with publicly available information about the user (such as social networks’ profiles) and used to build private profiles that the owner can display and use for improving moonfare.com. Some of these services may also enable the sending of timed messages to the user, such as emails based on specific actions performed on moonfare.com. These services include:
Communication with Users:
These types of services allow the owner to schedule online meetings with users and conduct audio/video conferences for customer interviews, which may be recorded. These services include:
Prevention of Spam:
We use Google reCAPTCHA from Google Inc. (1600 Amphitheater Parkway Mountain View, CA 94043, USA) to prevent spam. The legal basis for use is Article 6 (1) f (lawfulness of processing) of the GDPR, as there is a legitimate interest in protecting this website from bots and spam. reCAPTCHA is a free service that protects websites against spam and abuse. It uses advanced risk analysis techniques to keep people and bots apart. By using reCAPTCHA, data will be transmitted to Google using Google to determine whether the visitor is human or spam. To see what data Google collects and what this data is used for, visit https://policies.google.com/privacy?hl=en.
Google’s Terms of Service and Products can be found at https://policies.google.com/?hl=en.
Okta Multi-factor Authentication:
We are committed to ensuring that our communications are accessible to people with disabilities. To make accessibility-related requests or report barriers, please contact us using the contact Information below.
We take your concerns very seriously. We encourage you to bring it to our attention if you have any concerns about our processing your Personal Data.
If you want to make a complaint, you can also contact the body regulating data protection in your country, where you live or work, or the location where the data protection issue arose. A list of the EU data protection authorities is available by clicking this link: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.
Contact us by email at [email protected]
Contact us in writing using this address:
℅ Asmus Eggert, Data Protection Officer
We are pleased that you are interested in us and that you wish to apply or have already applied for a position with Moonfare. We would like to provide you with information below on the processing of your personal data regarding your application.
Who is responsible for data processing?
The entity responsible for the processing of personal data is:
Phone: +49 30 220 560 771
You can contact our data protection officer at:
mip Consult GmbH
Attorney-at-law Asmus Eggert
What personal data do we collect?
When you apply for a job at Moonfare, we will ask you to provide us with personal information about yourself so we can evaluate your application. If this information is not provided, our ability to consider you as a candidate may be limited. You may also provide us with your personal information that we have not specifically requested (for example your CV or cover letter may contain information about your hobbies and social preferences). All information is provided on a voluntarily basis and you determine the extent of information that you provide to Moonfare.
The kind of personal information we collect about you may include:
• Name, identity and contact details – such as your name, address, email address, telephone, location (optional), other contact information and personal preferences
• Employment details - such as details of your employment background, including position, work experience, employment references, salary and other compensation requests
• Background information– such as your educational background including qualifications, school, degrees, certificates and skills
• Information about your current and desired levels of remuneration
• Video and audio recordings of the interview if you agree
• Any other information in your application or obtained from the interview that you choose to share with us - such as personal preferences, hobbies, social preferences, etc.
Why do we process personal data and on what legal basis?
To process your application, we may process your identifiers, professional, employment and/or education information. The legal basis for this processing is Art. 6(1)(b) GDPR in conjunction with Section 26(1) of the German Federal Data Protection Act (“BDSG”).
To communicate with you about your application, the current status and respond to questions you may have about the application process, we process your identifiers, professional, employment and/or education information related to you and the specific communications with you. The legal basis for this processing is Art. 6(1)(b) GDPR in conjunction with Section 26(1) BDSG.
To conduct reference checks, we process your identifiers, professional or employment information, and education information. The legal basis for this processing is Art. 6(1)(b) GDPR in conjunction with Section 26(1) BDSG.
To assess your suitability for the position for which you have applied, we may process your identifiers, location, professional or employment information and/or education information. The legal basis for this processing is Art. 6(1)(b) GDPR in conjunction with Section 26(1) BDSG.
For carrying out the obligations and exercising specific rights of the data controller or of the data subject in the field of employment and social security and social protection law. The legal basis for this processing is Art. 6(1)(b) GDPR in conjunction with Section 26(1) BDSG. To the extent we process special category data, we rely on the additional legal basis of Art. 9(2)(b) GDPR in conjunction with Section 26(3) BDSG.
For carrying out satisfaction surveys and interview trainings (for example, to manage and improve the recruitment process), we process video and audio recordings of the interview as well as its transcription. The legal basis for this processing is Art. 6(1)(a) GDPR, if consent has been given.
To respond to legal processes such as subpoenas, to pursue legal rights, defend litigation, or comply with requests of government or public authorities, we may process your identifiers, protected classifications/special category data, professional or employment information to the extent it is relevant to such legal purposes. The legal basis for this processing is Art. 6(1)(c) and Art. 6(1)(f) GDPR. In such cases, our legitimate interest is in asserting or defending claims.
How long will my data be retained?
If your application for employment is unsuccessful, we will hold your data on file for 6 (six) months after the end of the relevant recruitment process. At the end of that period, or once you withdraw your consent, your data is deleted or destroyed.
If your application for employment is successful, personal data gathered during the recruitment process will be transferred to your Human Resources file (electronic based) and retained during your employment.
If we obtain consent from you to record the interview, we will store the video and audio files for 2 years from the time of collection.
Who can access my data?
Your application data will be screened by the HR department after receipt of your application. Suitable applications will then be forwarded internally to the department responsible for the respective open position. There a decision will be made on the further procedure. In principle, only those persons in the company have access to your data who require this for the proper conduct of our application procedure.
In addition, processors (Art. 28 GDPR) engaged by us may also obtain access to data for the above-mentioned purposes. These are companies in the categories IT service and hosting provider, recording and transcription services. If we use processors to provide our services, we will take appropriate legal precautions as well as the relevant technical and organizational measures to protect personal data in accordance with applicable law.
Are data transferred to a third country or to an international organization?
Data collected in the European Union / European Economic Area (EU/EEA) is primarily processed in the EU/EEA. Data collected by our subsidiaries is generally processed at the subsidiary's registered office (e.g., in the United Kingdom, USA, Hong Kong and Singapore) and in the EU/EEA. In some cases, especially when using our website, data is processed in the USA.
For data collected in the European Union and transferred to countries without an adequacy decision by the EU Commission according to Article 45 GDPR, as is the case with the USA, we generally agree on EU standard contractual clauses with the recipients of the data and/or obtain your consent for the data transfer.
Depending on the services used, we might transfer your Personal Data to our group members, members of Moonfare’s partnership and related parties, and to third party service providers in countries or territories outside of the EU/EEA or outside the country in which our subsidiaries are based, which may not have similarly strict data protection and privacy laws. Where we transfer Personal Data to other members of our group or our service providers, we have put in place data transfer agreements and safeguards such as the European Commission approved standard contractual clauses to ensure that the recipients are bound by legally enforceable obligations to provide the transferred Personal Data a standard of protection that is at least comparable to the protection required under the laws applicable to the personal data.
Note: If you give us your consent to process your data outside of the EU/EEA please note that the protection of personal data in the USA, Hong Kong and Singapore does not correspond to the level of data protection required by the EU/EEA. In particular, there are no enforceable rights to protect your data against access by government authorities. Therefore, there is a risk that these government agencies can access the personal data without the data transmitter or the recipient being able to effectively prevent this.
What are my data subject rights?
In accordance with Art. 15 GDPR, you have the right of access as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data. In this case, we will provide you with the stored personal data. You also have the right to the information specified in detail in Art. 15 para 1 GDPR. However, the aforementioned right is not unlimited; the limitations of the right can be found in particular in Art. 15 para 4 GDPR.
You have the right to obtain without undue delay the rectification of inaccurate personal data concerning you and to completion of incomplete personal data in accordance with Art. 16 GDPR.
You have the right to obtain the erasure of personal data concerning you without undue delay acc. Art. 17 GDPR. The right to erasure (“right to be forgotten”) is not unrestricted. In particular, erasure cannot be demanded, if we need to process your personal data further in order to perform our contract, to fulfil a legal obligation or to assert, exercise or defend legal claims. The requirements and restrictions of the right to deletion are set out in detail in Art. 17 GDPR.
You have the right, in accordance with Art. 18 GDPR, to request that the processing of your personal data be restricted if one of the conditions of Art. 18 para 1 GDPR is met. In this case, we may continue to store this data, but may process it only under strict conditions. The conditions and restrictions of the right to restrict processing are set out in detail in Art. 18 GDPR.
Pursuant to Art. 20 GDPR, you have a right to data portability. You may request to receive the personal data provided by you, which we process in an automated process on the basis of the contract existing between us or your consent, in a structured, common and machine-readable format. In addition, you may request us to transmit this data directly to another responsible party, insofar as this is technically feasible. The requirements and restrictions of the aforementioned rights in detail can be found in Art. 20 para 3 and 4 GDPR.
You can withdraw your consent to the processing of your personal data at any time. Please note that the withdrawal only takes effect for the future and does not affect the legality of the processing carried out based on the consent up to the withdrawal.
Information about your right to object according to Art. 21 GDPR
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6 para 1 lit e GDPR (data processing in the public interest) and Art. 6 para 1 lit f GDPR (data processing based on balancing of interests); this also includes profiling under these provisions within the meaning of Art. 4 No. 4 GDPR.
If you object, we will no longer process your personal data, unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing serves the purposes of asserting, exercising or defending legal claims.
In individual cases, we process your personal data for direct marketing purposes. You have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing; this also applies to profiling insofar as it is associated with such direct marketing. If you object to the processing for direct marketing purposes, we will no longer process your personal data for such purposes.
Objections do not require a particular form and no costs are incurred, other than the transmission costs according to the basic tariffs. If possible, any objection should be addressed to the above-mentioned address or email.
The above notifications and measures requested by you will be made available to you free of charge in accordance with Art. 12 para 5 GDPR.
You have a right to complain to a data protection supervisory authority if you are of the opinion that the processing of your personal data violates the GDPR, without prejudice to any other administrative or judicial remedy.
To what extent do you apply automated individual decision-making, including profiling?
In the context of accessing our website or in the context of contacting us by form or e-mail, we do not use any fully automated decision-making pursuant to Article 22 GDPR. Should we use these procedures in individual cases, we will inform you about this separately if this is required by law. We do not process your data automatically with the aim of evaluating certain personal aspects (profiling).