1. Why are you seeing this notice?
You have provided or may need to provide Personal Data to us by virtue of using the Moonfare platform available at https://www.moonfare.com or any of its subdomains (the “Site”), including by simply viewing content on it. The Site is part of your agreement with Moonfare GmbH and, as applicable, Moonfare Asia Ltd. (collectively, “Moonfare”) as well as any fund vehicle (each, a “Fund”) you may choose to invest in via the Site.
We want you to understand how and why we use, store and otherwise process your Personal Data when you interact with us or our relevant affiliates.
This Data Privacy Notice applies to you to the extent that EU and/or Hong Kong data protection legislation applies to our processing of your Personal Data or to the extent you are a resident of the EEA. If this Data Privacy Notice applies to you, you have certain rights with respect to your Personal Data which are contained in this Data Privacy Notice.
“Personal Data” has the meaning given in the EU and/or Hong Kong data protection legislation, as the context may require, and includes any information relating to an identifiable individual (such as name, address, date of birth or economic information).
2. Who is providing this notice?
This privacy statement is made on behalf of Moonfare. Moonfare is committed to protecting and respecting your privacy.
Where we use the terms “we“, “us” and “our” in this Data Privacy Notice, we are referring to Moonfare.
When you provide (or have provided) us with your Personal Data, Moonfare acts as:
(a) for the purpose of EU data protection legislation, a “data controller”; and/or
(b) for the purpose of Hong Kong data protection legislation pursuant to the Personal Data (Privacy) Ordinance (Cap. 486 of the Laws of Hong Kong), a “data user”.
In simple terms, this means that:
- we “control” or “use” the Personal Data that you provide – including making sure that it is kept secure
- we make certain decisions on how to use and protect your Personal Data – but only to the extent that we have informed you about the use or are otherwise permitted by law to do so
3. What Personal Data do we collect about you?
The types of Personal Data we process, hold and share depends on the product or service you have with us and the nature of your investment. This can include or be related to:
- contact information (private or professional): full name, postal address, e-mail address, phone number
- identification information: e.g. identity (identity card, social security number, passport information, etc.), place and date of birth, nationality, gender, photo
- economic, financial and tax information: e.g. tax ID and tax status, income and other revenues, value of your assets
- education and employment information: e.g. employer’s name, employment, education level, remuneration
- banking and financial information: e.g. bank account details, product and services used, credit card details, money transfers, assets, declared investor profile, credit history
- banking and financial information: e.g. bank account details, product and services used, credit card number, money transfers, assets, declared investor profile incl. investment experience, investment activity, risk tolerance and transaction history
- transaction data including full beneficiary names, address and details including communications on bank transfers of the underlying transaction
- data about your preferences (data which relate to your use of our products and services)
- activity and interaction on the Site, our other apps and our social media pages, (connection and tracking data such as cookies, connection to online services, IP address, geolocation data), call, chat, email, interview, phone conversation and information about your device (IP address, technical specifications and uniquely identifying data)
- login credentials used to connect to our Site and apps
- accounts at other institutions such as private banks or family offices of whom you may be a client
- only upon obtaining your explicit prior consent: biometric data such as fingerprint, voice pattern or face pattern which can be used for identification and security purposes and health data for insurance contracts; all such data is processed on a strict need-to-know basis
The Personal Data collected about you will help us provide you with a better service and facilitate our business relationship.
- We may combine Personal Data that you provide to us with Personal Data that we collect from, or about you, in some circumstances
- This will include Personal Data collected in an online or offline context
4. Where do we obtain your Personal Data?
We collect, and have collected, Personal Data about you from a number of sources, including from you directly:
Personal Data that you give us:
- from the forms and any associated documentation that you complete when subscribing for an interest in Moonfare. This can include information about your name, address, date of birth, passport details or other national identifier, driving licence, your national insurance or social security number and income, employment information and details about your investment or retirement portfolio(s)
- when you undergo certain verification checks and submit identity information such as identity card, passport, to us
- when you provide it to us in correspondence and conversations
- when you make transactions with respect to Moonfare
- when you purchase securities from us and/or tell us where to send money
Personal Data we obtain from others:
- publicly available and accessible directories and sources
- professional partners such as private banks or family offices of whom you may be a client
- bankruptcy registers
- tax authorities, including those that are based outside the EEA if you are subject to tax in another jurisdiction
- governmental and competent regulatory authorities to whom we have regulatory obligations
- credit agencies
- fraud prevention and detection and anti-money laundering agencies, organisations and service providers
5. Why do we process your Personal Data?
We may process or use your Personal Data for the following reasons or purposes:
It is necessary to take steps at your request prior to entering into a contract and to perform our contractual obligations with you to:
- evaluate (e.g. based on your investment experience) if we can offer you our Funds
- administer, manage and set up your investor account(s) to allow you to purchase your holding (of interest) in our Funds and assist you in particular by answering your requests
- meet the resulting contractual obligations we have to you
- facilitate the continuation or termination of the contractual relationship between you and Moonfare
- facilitate the transfer of funds, and administering and facilitating any other transaction, between you and Moonfare
2. Compliance with law
It is necessary for compliance with an applicable legal or regulatory obligation to which we are subject to:
- undertake our client and investor due diligence, and on-boarding checks, carry out an assessment of appropriateness to provide investment brokerage services to each client
- prevent and detect money laundering and financing of terrorism and comply with regulation relating to sanctions and embargoes through our Know Your Customer (KYC) process (to identify you, verify your identity, screen your details against sanctions lists and determine your profile which might be carried out by third party service providers)
- verify the identity and addresses of our investors (and, if applicable their beneficial owners)
- record transactions for accounting purposes
- record conversations for regulatory purposes
- comply with requests from duly authorised local or foreign financial, tax, administrative, criminal or judicial authorities, law enforcement, state agencies or public bodies
- surveillance and investigation
- carry out audit checks
- maintain statutory registers
- manage, prevent and detect fraud
3. Our legitimate interest
For our legitimate interests or those of a third party to:
- manage and administer your holding in any Funds in which you are invested, and any related accounts on an ongoing basis
- assess and process any applications or requests made by you
- open, maintain or close accounts in connection with your investment in, or withdrawal from, Moonfare
- send updates, information and notices or otherwise correspond with you in connection with your investment in Moonfare
- address or investigate any complaints, claims, proceedings or disputes
- provide you with, and inform you about, our investment products and services and to improve them, perform client satisfaction and opinion surveys
- monitor and improve our relationships with investors
- comply with applicable regulatory obligations
- manage our risk and operations
- comply with our accounting and tax reporting requirements;
- comply with our audit requirements
- assist with internal compliance with our policies and process
- ensure appropriate group management and governance
- keep our internal records
- prepare reports on incidents / accidents
- protect our business against fraud, breach of confidence, theft of proprietary materials, and other financial or business crimes (to the extent that this is not required of us by law)
- analyse and manage commercial risks
- seek professional advice, including legal advice
- enable any actual or proposed assignee or transferee, participant or sub-participant of the partnership’s or Funds’ rights or obligations to evaluate proposed transactions
- facilitate business asset transactions involving Moonfare partnership or Fund-related vehicles
- monitor communications to/from us using our systems
- protect the security and integrity of our IT systems
In any case, our legitimate interest remains proportionate and we verify according to a balancing test that your interests or fundamental rights are preserved. Should you wish to obtain more information about such balancing test, please contact us using the contact details provided in paragraph 17 below.
4. Your consent
We rely on explicit consent to enhance your user experience on the Site to:
- track & analyse Site activity and engagement with Moonfare media and publications
- send you marketing and promotional messages related to the alternative investments industry and related Moonfare products
Monitoring as described at (3) above
We monitor communications where the law requires us to do so. We will also monitor where we are required to do so to comply with our regulatory rules and practices and, where we are permitted to do so, to protect our business and the security of our systems.
6. Who we share your Personal Data with
Your Personal Data will be shared with:
1. Moonfare fund operations, legal & compliance, finance, and account services teams
We share your Personal Data with certain Moonfare team members and related parties. This is for:
- managing our relationship with you
- the purposes set out in this Data Privacy Notice
2. Administrator, Fund Manager, Investment Advisor, Professional partners such as private banks or family offices of whom you may be a client
- delivering the services you require
- managing your investment
- supporting and administering investment-related activities
- complying with applicable investment laws and regulations (e.g. know your customer)
3. Tax authorities and local regulators
- to comply with applicable laws and regulations
- where required by EEA tax authorities (who, in turn, may share your Personal Data with foreign tax authorities)
- where required by foreign tax authorities, including outside of the EEA
4. Service providers
- delivering and facilitating the services needed to support our business relationship with you
- supporting and administering investment-related activities
5. Our lawyers, auditors and other professional advisors
- providing you with investment-related services
- to comply with applicable legal and regulatory requirements
In exceptional circumstances, we will share some or all of your Personal Data with:
- competent regulatory, prosecuting and other governmental agencies or litigation counterparties, in any country or territory
- organisations and agencies – where we are required to do so by law
- Moonfare Ambassadors – where a user has been referred to the Site by another user in their role as Ambassador (this includes binary information about whether or not an investment on the Site has happened)
- third parties – where we have obtained your specific consent to do so in relation to certain promotional offers or other limited time programs that may be available on the Site from time to time
7. Do you have to provide us with this Personal Data?
Where we collect Personal Data from you, we will indicate if:
- provision of the Personal Data is necessary for our compliance with a legal obligation; or
- it is purely voluntary and there are no implications for you if you do not wish to provide us with it.
Unless otherwise indicated, you should assume that we require the Personal Data for business and/or compliance purposes.
Some of the Personal Data we request, or have requested, is necessary for us to perform our contract with you and if you do not wish to provide us with this Personal Data, it will affect our ability to provide our services to you and manage your investment.
8. Use of Personal Data in Direct Marketing
We intend to use your Personal Data in direct marketing, however we may not do so unless we have received your consent (which includes an indication of no objection) for such purposes. In this respect, please note that:
(i) your name, contact details, product information, financial background, and demographic data held by us may be used by us in direct marketing from time to time;
(ii) the following classes of services, products and subjects may be marketed: financial, investment, and related services and products;
(iii) the above services, products, and subjects may be provided by or solicited by Moonfare and/or third party financial institutions with whom Moonfare contracts such as banks, securities contractors, and investment contractors;
(iv) in addition to marketing the above services, products and subjects itself, we also intend to provide the data described in (i) above to all or any of the persons described in paragraph (iii) above for use by them in marketing those services, products and subjects, and we require your written consent (which includes an indication of no objection) for that purpose;
(v) in connection with (iv) above, we may receive money or other property in return for providing the data to the persons described in (iii) above for use by them in direct marketing (including revenue / benefit sharing arrangements between us and such persons).
If you do not wish Moonfare to use or provide to other persons your Personal Data for use in direct marketing as described above, you may exercise your right to opt-out, without charge, by notifying us through the contact information provided in paragraph 17 below.
9. Sending your Personal Data internationally
We will transfer your Personal Data to our group members, members of Moonfare’s partnership and related parties, and to third party service providers outside of the EEA or outside of Hong Kong, which may not have similarly strict data protection and privacy laws.
Where we transfer Personal Data to other members of our group, or our service providers, we have put in place data transfer agreements and safeguards using European Commission approved terms.
Please contact us if you would like to know more about these agreements or receive a copy of them. Please see below for our contact details.
10. Consent – and your right to withdraw it
With the exception of the limited instances described above, we do not generally rely on obtaining your consent to process your Personal Data.
If we do, you have the right to withdraw this consent at any time.
Please contact us or send us an email at email@example.com at any time if you wish to do so.
11. Retention and deletion of your Personal Data
We keep your Personal Data for as long as it is required by us for our legitimate business purposes, to perform our contractual obligations, or where such longer period as is required by law or regulatory obligations which apply to us.
- We will generally retain Personal Data about you throughout the life cycle of any investment you are involved in
- Some Personal Data will be retained after your relationship with us ends
As a general principle, we do not retain your Personal Data for longer than we need it.
We will usually delete your Personal Data (at the latest) after you cease to be an investor in any Fund and there is no longer any legal or regulatory requirement or business purpose for retaining your Personal Data.
12. Automated decision-making
We will not take decisions producing legal effects concerning you, or otherwise significantly affecting you, based solely on automated processing of Personal Data, unless we have considered the proposed processing in a particular case and concluded in writing that it meets the requirements of EU data protection legislation and other applicable laws.
13. Your rights
You have certain data protection rights, including:
- the right to access your Personal Data (right of access)
- the right to restrict the use of your Personal Data (right to restriction of processing)
- the right to have incomplete or inaccurate Personal Data corrected (right to rectification)
- the right to ask us to stop processing your Personal Data (right to object, please see below)
- the right to require us to delete your Personal Data in some limited circumstances (right to erasure)
If you have a relationship with Moonfare GmbH, from 25 May 2018, you also have the right in some circumstances to request for us to “port” your Personal Data in respect of such relationship in a portable, re-usable format to other organisations (where this is possible).
You furthermore have the right to lodge a complaint with a supervisory authority.
If you are located in the EU we would also like to explicitly note your right to object to processing of your Personal Data, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6 para 1e GDPR (data processing in the public interest) and Art. 6 para 1f GDPR (data processing based on balancing of interests) according to Art 21 GDPR.
Please contact us through the methods outlined in “16. Contact us” below in relation to the requests above.
15. Data Processing Details
Personal Data is collected for the following purposes and using the following services:
Analytics services enable the Owner to monitor and analyze web traffic and can be used to keep track of User behavior. These services include:
- Google Analytics (Google Ireland Limited)
- Google Optimize
- Hotjar Form Analysis & Conversion Funnels (Hotjar Ltd.)
- HubSpot Analytics (HubSpot, Inc.)
- Heap Analytics (Heap Inc.)
- WordPress Stats (Automattic Inc.)
- Zoho PageSense
Heat Mapping and Session Recording:
Heat mapping services are used to display the areas of a page where Users most frequently move the mouse or click. This shows where the points of interest are. These services make it possible to monitor and analyze web traffic and keep track of User behavior. These services may record sessions and make them available for later visual playback. These services include:
- Hotjar Heat Maps & Recordings (Hotjar Ltd.)
Interaction with Online Survey Platforms:
This type of service allows Users to interact with third-party online survey platforms directly from the pages of moonfare.com. If one of these services is installed, it may collect browsing and Usage Data in the pages where it is installed, even if the Users do not actively use the service. These services include:
- Hotjar Poll & Survey widgets (Hotjar Ltd.)
Platform Services and Hosting:
These services have the purpose of hosting and running key components of moonfare.com, therefore allowing the provision of moonfare.com from within a unified platform. Such platforms provide a wide range of tools to the Owner – e.g. analytics, user registration, commenting, database management, e-commerce, payment processing – that imply the collection and handling of Personal Data. Some of these services work through geographically distributed servers, making it difficult to determine the actual location where the Personal Data are stored. These services include:
- WordPress.com (Automattic Inc.)
This type of service helps the Owner to manage the tags or scripts needed on moonfare.com in a centralized fashion. This results in the Users’ Data flowing through these services, potentially resulting in the retention of this Data. These services include:
- Google Tag Manager
Displaying Content from External Platforms:
This type of service allows you to view content hosted on external platforms directly from the pages of moonfare.com and interact with them. This type of service might still collect web traffic data for the pages where the service is installed, even when Users do not use it. These services include:
Interaction with Data Collection Platforms and Other Third Parties:
This type of service allows Users to interact with data collection platforms or other services directly from the pages of moonfare.com for the purpose of saving and reusing data. If one of these services is installed, it may collect browsing and Usage Data in the pages where it is installed, even if the Users do not actively use the service. These services include:
- Hotjar Recruit User Testers (Hotjar Ltd.)
Managing Data Collection and Online Surveys:
This type of service allows moonfare.com to manage the creation, deployment, administration, distribution and analysis of online forms and surveys in order to collect, save and reuse Data from any responding Users. The Personal Data collected depend on the information asked and provided by the Users in the corresponding online form. These services may be integrated with a wide range of third-party services to enable the Owner to take subsequent steps with the Data processed – e.g. managing contacts, sending messages, analytics, advertising and payment processing. These services include:
- Hotjar surveys (Hotjar Ltd.)
Registration and Authentication:
By registering or authenticating, Users allow moonfare.com to identify them and give them access to dedicated services. Depending on what is described below, third parties may provide registration and authentication services. In this case, moonfare.com will be able to access some Data, stored by these third-party services, for registration or identification purposes. Some of the services listed below may also collect Personal Data for targeting and profiling purposes; to find out more, please refer to the description of each service. These services include:
- WordPress.com Single Sign On (Automattic Inc.)
User Database Management:
This type of service allows the Owner to build user profiles by starting from an email address, a personal name, or other information that the User provides to moonfare.com, as well as to track User activities through analytics features. This Personal Data may also be matched with publicly available information about the User (such as social networks’ profiles) and used to build private profiles that the Owner can display and use for improving moonfare.com. Some of these services may also enable the sending of timed messages to the User, such as emails based on specific actions performed on moonfare.com. These services include:
- HubSpot CRM (HubSpot, Inc.)
Communication with Users:
These types of services allow the Owner to schedule online meetings with Users and conduct audio/video conferences for customer interviews, which may be recorded. These services include:
Prevention of Spam:
We use Google reCAPTCHA from Google Inc. (1600 Amphitheater Parkway Mountain View, CA 94043, USA) to prevent spam. The legal basis for use is Article 6 (1) f (lawfulness of processing), as there is a legitimate interest in protecting this website from bots and spam. reCAPTCHA is a free service that protects websites against spam and abuse. It uses advanced risk analysis techniques to keep people and bots apart. By using reCAPTCHA, data will be transmitted to Google using Google to determine whether the visitor is human or spam. To see what data Google collects and what this data is used for, visit https://policies.google.com/privacy?hl=en.
Google’s Terms of Service and Products can be found at https://policies.google.com/?hl=en.
16. Concerns or queries
We take your concerns very seriously. We encourage you to bring it to our attention if you have any concerns about our processing your Personal Data.
This Data Privacy Notice was drafted with simplicity and clarity in mind. We are, of course, happy to provide any further information or explanation needed. Our contact details are below.
If you want to make a complaint, you can also contact the body regulating data protection in your country, where you live or work, or the location where the data protection issue arose. A list of the EU data protection authorities is available by clicking this link: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.
17. Contact us
Please contact us if you have any questions about this Data Privacy Notice or the Personal Data we hold about you.
Contact us by email at firstname.lastname@example.org
Contact us in writing using this address:
℅ Asmus Eggert, Data Protection Officer
18. Changes to this Data Privacy Notice
We keep this Data Privacy Notice under regular review.
THIS DATA PRIVACY NOTICE WAS LAST UPDATED ON 11 AUGUST 2020.