You have provided or may need to provide Personal Data to us by virtue of requesting information about Moonfare, becoming a Moonfare client, using the Moonfare platform available at https://www.moonfare.com or any of its subdomains (the “Platform”), including by simply viewing content on it, or otherwise interacting with Moonfare. The Platform is part of your agreement with Moonfare GmbH and, as applicable, Moonfare affiliates such as Moonfare Asia Ltd., Moonfare UK Ltd., Moonfare Singapore Pte. Ltd., Moonfare USA Securities LLC (collectively, “Moonfare”) as well as any fund vehicle (each, a “Fund”) you may choose to invest in via the Platform.
We want you to understand how and why we use, store and otherwise process your Personal Data when you interact with us or our relevant affiliates. This policy also applies to explain any privacy rights you may have with respect to your Personal Data, which may vary depending on where you are located.
For example, certain privacy rights may apply to the extent that EU, UK, Hong Kong, Singapore, U.S. or other privacy or data protection legislation applies to our processing of your Personal Data or to the extent you are located in those jurisdictions.
“Personal Data” has the meaning given in the relevant applicable privacy or data protection legislation, as the context may require, and includes any data or information relating to an identifiable individual (such as name, address, date of birth or economic information) or which may identify an individual from other information which an organisation is likely to have access.
This privacy policy is made on behalf of Moonfare and its affiliates identified above. The Moonfare legal entity with which you do business is the controller for purposes of this policy and is committed to protecting and respecting your privacy.
Where we use the terms “we”, “us” and “our” in this Data Privacy Policy, we are referring to Moonfare.
When you provide (or have provided) us with your Personal Data, Moonfare acts as:
In simple terms, this means that:
The types of Personal Data we process, hold and share depends on the product or service you have with us and the nature of your investment, including to comply with anti-money laundering and know your customer laws. This can include or be related to:
The Personal Data collected about you will help us provide you with a better service and facilitate our business relationship.
We collect, and have collected, Personal Data about you from a number of sources, including from you directly:
Personal Data that you give us:
Personal Data we obtain from others:
We may collect, process, use or disclose your Personal Data for the following reasons or purposes:
1. Contract
It is necessary to take steps at your request prior to entering into a contract and to perform our contractual obligations with you to:
2. Compliance with law
It is necessary for compliance with an applicable legal or regulatory obligation to which we are subject to:
3. Our legitimate interest
For our legitimate interests or those of a third party to:
In any case, our legitimate interest remains proportionate and we verify according to a balancing test that your interests or fundamental rights are preserved. Should you wish to obtain more information about such balancing test, please contact us using the contact details provided below.
4. Your consent
We rely on explicit consent to enhance your user experience on the Platform to:
Monitoring as described at (3) above
We monitor communications where the law requires us to do so. We will also monitor where we are required to do so to comply with our regulatory rules and practices and, where we are permitted to do so, to protect our business and the security of our systems.
Your Personal Data will be shared with:
1. Moonfare fund operations, legal & compliance, finance, and account services teams
We share your Personal Data as described above with certain Moonfare team members and related parties. This is for:
2. Administrator, Fund Manager, Investment Advisor, Professional partners such as private banks or family offices of whom you may be a client
3. Tax authorities and local regulators
4. Service providers, including IT providers, security services providers and financial services administrators
5. Our lawyers, auditors and other professional advisors
6. In certain circumstances, we will share some or all of your Personal Data with:
Opting out of sharing creditworthiness information with affiliates
Moonfare may share your information about your creditworthiness with our affiliates. You may opt out of such disclosures by contacting us at [email protected]. We will process your request within a reasonable time after receipt.
Where we collect Personal Data from you, we will indicate if:
Unless otherwise indicated, you should assume that we require the Personal Data for business and/or compliance purposes and the purposes as set out in this Privacy Policy.
Some of the Personal Data we request, or have requested, is necessary for us to perform our contract with you and/or to comply with our legal obligations, and if you do not wish to provide us with this Personal Data, it will affect our ability to provide our services to you and manage your investment.
We intend to use your Personal Data in direct marketing, however we may not do so unless we have received your consent (which includes an indication of no objection) for such purposes. In this respect, please note that:
(i) your name, contact details, product information, financial background, and demographic data held by us may be used by us in direct marketing from time to time;
(ii) the following classes of services, products and subjects may be marketed: financial, investment, and related services and products;
(iii) the above services, products, and subjects may be provided by or solicited by Moonfare and/or third party financial institutions with whom Moonfare contracts, including financial service providers, such as banks, securities contractors, and investment contractors;
(iv) in addition to marketing the above services, products and subjects itself, we also intend to provide the data described in (i) above to all or any of the persons described in paragraph (iii) above for use by them in marketing those services, products and subjects, and we require your written consent (which includes an indication of no objection) for such purpose;
(v) in connection with (iv) above, we may receive money or other property in return for providing the data to the persons described in (iii) above for use by them in direct marketing (including revenue / benefit sharing arrangements between us and such persons).
If you do not wish Moonfare to use or provide to other persons your Personal Data for use in direct marketing as described above, you may exercise your right to opt-out, without charge, by notifying us through the contact information provided below.
By providing your information to us, you agree to the transfer, storage and processing of your Personal Data by our group members, members of Moonfare’s partnership and related parties and third party service providers in countries and territories outside of the EEA, Hong Kong or Singapore in connection with the purposes specified in this Privacy Policy. This may include transfers to the United States.
We will transfer your Personal Data to our group members, members of Moonfare’s partnership and related parties, and to third party service providers in countries or territories outside of the EEA or outside of Hong Kong or outside of Singapore, which may not have similarly strict data protection and privacy laws, and you agree to such transfer outside of the EEA, Hong Kong or Singapore.
Where we transfer Personal Data to other members of our group, or our service providers, we have put in place data transfer agreements and safeguards using European Commission approved terms.
Where we transfer Personal Data collected in Singapore to other members of the group, members of Moonfare’s partnership and related parties and third party service providers in countries or territories outside of Singapore, we will take steps to ensure that the recipients are bound by legally enforceable obligations to provide the transferred Personal Data a standard of protection that is at least comparable to the protection required under Singapore laws.
Please contact us if you would like to know more about these agreements or receive a copy of them. Please see below for our contact details.
With the exception of the limited instances described above, we do not generally rely
on obtaining your consent to process your Personal Data.
If we do, you have the right to withdraw this consent at any time.Please contact us or send us an email at [email protected] at any time if you wish to do so.
We keep your Personal Data for as long as it is required by us for our legitimate business purposes, to perform our contractual obligations, or where such longer period as is required by law or regulatory obligations which apply to us.
As a general principle, we do not retain your Personal Data for longer than we need it.
We will usually delete your Personal Data (at the latest) after you cease to be an investor in any Fund and if there is no longer any legal or regulatory requirement or business purpose for retaining your Personal Data.
We will not take decisions producing legal effects concerning you, or otherwise significantly affecting you, based solely on automated processing of Personal Data, unless we have considered the proposed processing in a particular case and concluded in writing that it meets the requirements of EU data protection legislation and other applicable laws.
You have certain data protection rights, including:
If you have a relationship with Moonfare GmbH, you also have the right in some circumstances to request for us to “port” your Personal Data in respect of such relationship in a portable, re-usable format to other organisations (where this is possible).
You furthermore have the right to lodge a complaint with a supervisory authority.
If you are located in the EU we would also like to explicitly note your right to object to processing of your Personal Data, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6 para 1f GDPR (data processing based on balancing of interests) according to Art 21 GDPR.
Please contact us through the methods outlined at “Contact us” below in relation to the requests above.
Moonfare uses data collected by cookies and javascript libraries to improve your browsing experience, analyse Platform traffic, deliver personalised advertisements, and increase the overall performance of our Platform.
By using the website, you’re agreeing to our data collection policy as described below. If you want to update your preferences, you can do so by clicking “Website Data Collection Preferences” at the bottom of this page.
How do we collect data on our website?
We use a variety of tools on our website that collect data using both cookies and javascript libraries.
Cookies are small text files that store Internet settings from the websites you visit. They are widely used to make website features work, operate more efficiently, or improve your experience on the Platform.
Cookies are also used to remember your preferences or personalize the content so that it is more relevant to you.
Javascript libraries are snippets of codes we run on the page that are executed when certain actions take place.
The table below outlines how we use this data by category.
Categories
Personal Data is collected for the following purposes and using the following services:
Analytics:
Analytics services enable the owner to monitor and analyze web traffic and can be used to keep track of user behavior. These services include:
Heat Mapping and Session Recording:
Heat mapping services are used to display the areas of a page where users most frequently move the mouse or click. This shows where the points of interest are. These services make it possible to monitor and analyze web traffic and keep track of user behavior. These services may record sessions and make them available for later visual playback. These services include:
Interaction with Online Survey Platforms:
This type of service allows users to interact with third-party online survey platforms directly from the pages of moonfare.com. If one of these services is installed, it may collect browsing and usage data in the pages where it is installed, even if the users do not actively use the service. These services include:
Platform Services and Hosting:
These services have the purpose of hosting and running key components of moonfare.com, therefore allowing the provision of moonfare.com from within a unified platform. Such platforms provide a wide range of tools to the owner – e.g. analytics, user registration, commenting, database management, e-commerce, payment processing – that imply the collection and handling of Personal Data. Some of these services work through geographically distributed servers, making it difficult to determine the actual location where the Personal Data are stored. These services include:
Tag Management:
This type of service helps the owner to manage the tags or scripts needed
on moonfare.com in a centralized fashion. This results in the users’ data flowing through these services, potentially resulting in the retention of this data. These services include:
Displaying Content from External Platforms:
This type of service allows you to view content hosted on external platforms directly from the pages of moonfare.com and interact with them. This type of service might still collect web traffic data for the pages where the service is installed, even when users do not use it. These services include:
Interaction with Data Collection Platforms and Other Third Parties:
This type of service allows users to interact with data collection platforms or other services directly from the pages of moonfare.com for the purpose of saving and reusing data. If one of these services is installed, it may collect browsing and usage data in the pages where it is installed, even if the users do not actively use the service. These services include:
Managing Data Collection and Online Surveys:
This type of service allows moonfare.com to manage the creation, deployment, administration, distribution and analysis of online forms and surveys in order to collect, save and reuse data from any responding users. The Personal Data collected depend on the information asked and provided by the users in the corresponding online form. These services may be integrated with a wide range of third-party services to enable
the owner to take subsequent steps with the data processed – e.g. managing contacts, sending messages, analytics, advertising and payment processing. These services include:
Registration and Authentication:
By registering or authenticating, users allow moonfare.com to identify them and give them access to dedicated services. Depending on what is described below, third parties may provide registration and authentication services. In this case, moonfare.com will be able to access some data, stored by these third-party services, for registration or identification purposes. Some of the services listed below may also collect Personal Data for targeting and profiling purposes; to find out more, please refer to the description of each service. These services include:
User Database Management:
This type of service allows the owner to build user profiles by starting from an email address, a personal name, or other information that the user provides to moonfare.com, as well as to track user activities through analytics features. This Personal Data may also be matched with publicly available information about the user (such as social networks’ profiles) and used to build private profiles that the owner can display and use for improving moonfare.com. Some of these services may also enable the sending of timed messages to the user, such as emails based on specific actions performed on moonfare.com. These services include:
Communication with Users:
These types of services allow the owner to schedule online meetings with users and conduct audio/video conferences for customer interviews, which may be recorded. These services include:
Prevention of Spam:
We use Google reCAPTCHA from Google Inc. (1600 Amphitheater Parkway Mountain View, CA 94043, USA) to prevent spam. The legal basis for use is Article 6 (1) f (lawfulness of processing) of the GDPR, as there is a legitimate interest in protecting this website from bots and spam. reCAPTCHA is a free service that protects websites against spam and abuse. It uses advanced risk analysis techniques to keep people and bots apart. By using reCAPTCHA, data will be transmitted to Google using Google to determine whether the visitor is human or spam. To see what data Google collects and what this data is used for, visit https://policies.google.com/privacy?hl=en.
Google’s Terms of Service and Products can be found at https://policies.google.com/?hl=en.
Okta Multi-factor Authentication:
Moonfare uses okta multi-factor authentication, a very secure and sophisticated authentication process. Multi-Factor-Authentication verifies the user’s identity in multiple steps using different methods and provides another layer of security on top of the login credentials. For Multi-Factor Authentication, okta accesses the username and password of the person logging in and creates a cookie with a security token. The legal basis for the use of this cookie is Sec. 6 para. 1 lit. b GDPR. With the help of this security token, okta checks whether the respective person has access rights for the respective app. Within this process the collected data is also transferred by okta to the USA. Please note that the protection of personal data in the USA does not correspond to the level of data protection required by the EU. In particular, there is a lack of enforceable rights that safeguard the protection of your data against access by government agencies. Thus, there is a risk that these government agencies can access the personal data without the data transmitter or the recipient being able to effectively prevent this. You can find out more about okta’s privacy policy here: https://www.okta.com/privacy-policy/.
Information Security
Moonfare has reasonable technical, organizational and administrative measures to safeguard your personal information commensurate with the sensitivity of the data we process, and limits access to your personal information as described in this privacy policy. However, no information security program can prevent all cybersecurity attacks or fraud, and we urge you to remain vigilant in monitoring your accounts and to let us know immediately of any suspicious activity in connection with your Moonfare accounts.
Accessibility
We are committed to ensuring that our communications are accessible to people with disabilities. To make accessibility-related requests or report barriers, please contact us using the contact Information below.
We take your concerns very seriously. We encourage you to bring it to our attention if you have any concerns about our processing your Personal Data.
This Privacy Policy was drafted with simplicity and clarity in mind. We are, of course, happy to provide any further information or explanation needed. Our contact details are below.
If you want to make a complaint, you can also contact the body regulating data protection in your country, where you live or work, or the location where the data protection issue arose. A list of the EU data protection authorities is available by clicking this link: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.
Please contact us if you have any questions about this Privacy Policy or the Personal Data we hold about you.
Contact us by email at [email protected]
Contact us in writing using this address:
Moonfare
℅ Asmus Eggert, Data Protection Officer
Karl-Liebknecht-Str. 34
10178 Berlin
Germany
We keep this Privacy Policy under regular review.
THIS PRIVACY POLICY WAS LAST UPDATED ON 18 January 2022.