Ubiquites Trustee SA, société anonyme, incorporated under Luxembourg law, with registered office at 33, Boulevard Prince Henri, L-1724 Luxembourg, enrolled in the Registre de Commerce et des Sociétés under no. B301264 (the "Company" or "Controller"), is committed to protecting the privacy and Personal Data of its clients, counterparties, suppliers and any other Data Subjects whose Personal Data are processed in the context of its activities.
Key Terms
- A"Special Categories of Personal Data" — Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as Genetic Data, Biometric Data, health data, or data concerning sex life or sexual orientation.
- B"Consent" — Any freely given, specific, informed and unambiguous indication of the Data Subject's agreement to the processing of their Personal Data.
- C"Biometric Data" — Personal Data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person allowing unique identification.
- D"Data Subject" — An identified or identifiable natural person whose Personal Data are processed.
- E"Genetic Data" — Personal Data relating to the inherited or acquired genetic characteristics of a natural person giving unique information about their physiology or health.
- F"Personal Data" — Any information relating to an identified or identifiable natural person, including name, identification number, location data, or online identifier.
- G"Profiling" — Any form of automated processing of Personal Data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning economic situation, health, preferences, reliability or behaviour.
- H"Processor" — A natural or legal person, public authority or other body which processes Personal Data on behalf of the Controller.
- I"Controller" — The natural or legal person which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.
- J"Processing" — Any operation performed on Personal Data, whether or not by automated means, such as collection, recording, organisation, storage, adaptation, retrieval, use, disclosure, alignment, erasure or destruction.
Controller & Processor
The Company acts as Controller in relation to the Personal Data processed in the context of its activities.
For certain processing activities, the Company may engage third-party service providers acting as Processors, including providers of IT infrastructure, cloud services, communication services and administrative support.
The Company currently engages, inter alia: Post Telecom S.A., with registered office at 1, rue Emile Bian, L-2996 Luxembourg, as IT and infrastructure service provider.
The Company may also rely on intra-group entities for certain operational, administrative or compliance-related functions. In such cases, appropriate intra-group arrangements and data processing agreements shall be in place to govern respective roles and responsibilities.
Principles & Guarantees
Personal Data are collected and processed to the extent necessary for the purposes described in this Privacy Notice and in compliance with applicable legal and regulatory obligations, including AML, CTF, and financial services regulations applicable in Luxembourg and the European Union.
The Company hereby represents and warrants that Personal Data are:
- Processed lawfully, fairly and in a transparent way
- Collected for determined, explicit and legitimate purposes
- Adequate, relevant and limited to what is necessary ("data minimisation")
- Accurate and, if needed, updated
- Kept in a form enabling identification of Data Subjects for no longer than necessary
- Processed with appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage
Purposes of Processing
Pursuant to Article 6 of the GDPR, Personal Data are processed for the following purposes:
Onboarding of clients and suppliers; performance and administration of contractual relationships; management of services and transactions; administrative, accounting and operational activities related to contractual performance.
AML/CTF obligations; KYC and due diligence requirements; tax reporting and automatic exchange of information; compliance with requests from competent authorities; internal compliance monitoring and controls.
Risk management and internal reporting; fraud prevention and detection; IT security and business continuity; establishment, exercise or defence of legal claims; internal governance and oversight.
Management of disputes, claims and complaints; enforcement of rights and recovery of due amounts; judicial and out-of-court proceedings.
Profiling activities; advertising of Company's products and services; market research; analysis and statistics; quality verifications; sending business communications.
Categories of Personal Data
- aContact details — Email address and other contact information, including connections with other persons.
- bDemographic data — Age, gender, country of residence, degree of education, data relating to economic activities, commercial information or information about the relationship with the Company.
- cPayment data — Personal Data on the financial and family status of clients and suppliers, as well as Personal Data needed to process payments.
- dInterests and preferences — Personal Data on clients' and users' interests, preferences and habits.
The Company does not carry out automated decision-making producing legal effects or similarly significant effects without appropriate safeguards in accordance with Article 22 GDPR.
Recipients of Personal Data
In connection with the purposes described above, the Company may disclose Personal Data to the following categories of recipients, on a strict need-to-know basis:
- Authorities and public bodies — Competent authorities, regulatory bodies, courts, law enforcement agencies, where required by applicable law.
- Professional advisers and service providers — Legal, tax and financial advisers; auditors; IT and cybersecurity providers; payment service providers; compliance and AML/KYC service providers.
- Intra-group entities — Entities within the Company's group, subject to appropriate safeguards.
- Business counterparties — Counterparties, investors, arrangers, servicers, trustees and other parties involved in transactions in which the Company is engaged.
- Third-party product or service providers — Third parties whose products or services are offered or distributed by the Company.
- Successors and transaction parties — Any entity resulting from, or involved in, a merger, acquisition, restructuring or similar corporate transaction.
Where Personal Data are transferred outside the EEA to jurisdictions not benefiting from an adequacy decision, such transfers shall be carried out in compliance with Chapter V GDPR, including through binding corporate rules or other legally recognised transfer mechanisms.
Your Rights
You have the following rights under the GDPR:
- Right of access — To obtain confirmation of whether Personal Data concerning you are being processed and to receive a copy.
- Right to rectification — To obtain correction of inaccurate Personal Data or completion of incomplete data.
- Right to erasure — To obtain erasure of Personal Data where particular grounds apply.
- Right to restriction — To obtain restriction of processing in certain circumstances.
- Right to data portability — To receive Personal Data in a structured, commonly used and machine-readable format where processing is carried out by automated means.
- Right to object — To object to processing for direct marketing purposes or on grounds relating to your particular situation.
Where processing is based on your consent, you may withdraw it at any time without prejudice to the lawfulness of any processing carried out prior to withdrawal.
You also have the right to lodge a complaint with the Luxembourg Data Protection Authority (Commission nationale pour la protection des données — CNPD).
To exercise your rights, please contact us at
info@ubiquites.comConsequences of Processing Denial
You are entitled to choose which Personal Data the Company may collect and may refuse the relevant processing. However, where processing is based on the fulfilment of contractual or legal obligations, any such refusal — as well as the withdrawal of consent — may result in the Company being unable to accommodate your requests or fulfil its obligations to you.
Amendments & Updates
This Privacy Notice has been updated on the date shown above. The Company reserves the right to make changes, which will be communicated in accordance with applicable law.