Privacy Notice and Access Policy
Privacy Notice and Access Policy
As part of our day-to-day business we need to collect personal information from our customers and potential customers to ensure that we can meet their needs for a range of transactional services and provide them with information about our services.
Your privacy is important to us and it is our policy to respect the confidentiality of information and the privacy of individuals. This notice outlines how we manage your personal information supplied to us by you or a third party in connection with our provision of services to you or which we collect from your use of our services and/or our app(s) or website(s). It also details your rights in respect of our processing of your personal information.
Our privacy notice will be reviewed from time to time to take account of new obligations changes to our operations and practices and to make sure it remains appropriate to the changing environment. Any personal information we hold will be governed by our most current privacy notice.
Please note that if you are an employee, a contractor or a third party service provider of ANote Music S. A R.L. (ANote), your personal information will be used in connection with your employment contract, your contractual relationship or in accordance with our separate policies which are available by contacting us.
Any reference to ‘us’, ‘our’, ‘we’ or ‘ANote’ in this privacy notice is a reference to each group company within the ANote Group as the context requires unless otherwise stated.
Similarly, any reference to ‘you’, ‘your’, ‘yours’ or ‘yourself’ in this privacy notice is a reference to any of our customers and potential customers as the context requires unless otherwise stated.
WHO ARE WE?
This privacy notice applies to the processing activities of the ANote Group. The main trading entity within the ANote Group is ANote Music S. A R.L., a company registered in Luxembourg with company number B226351 and whose registered office is 9 avenue des Hauts-Fourneaux, Esch-sur-Alzette Luxembourg.
ANote provides Information Technology services and information on Intellectual Property investments and is the data controller of your personal information in relation to those services.
The data controllers within the ANote Group may change from time to time in line with developments in the ANote Group business.
WHAT KIND OF PERSONAL DATA AND INFORMATION DO WE COLLECT?
If you are an actual or potential customer, we may collect the following types of information about you:
- name, address and contact details;
- date of birth and gender;
- profession and employment details;
- location data;
- ANote Music account information about your income and wealth including details about your assets and liabilities;
- ANote Music account information about balances, trading statements, tax and financial statements, trading performance;
- any other similar information related to your ANote Music account.
We obtain this information in a number of ways through your use of our services or other dealings with us including through any of the ANote websites, apps, the account opening applications, our demo sign up forms, webinar sign up forms, subscribing to RSS and/or push notifications, news updates and from information provided in the course of ongoing customer service correspondence. We may also collect this information about you from third parties either through bought-in third party marketing lists, publicly available sources or through our “refer a friend” scheme.
We also keep records of your trading behaviour, including a record of:
- products you trade with us and their performance;
- products we trade on your behalf and their performance;
- historical data about the trades and investments you have made including the amount invested;
- your preference for certain types of products and services.
We may ask for other personal information voluntarily from time to time (for example, through market research, surveys or special offers). If you choose not to provide the information, we need to fulfil your request for a specific product or service, we may not be able to provide you with the requested product or service.
We may record any communications, electronic, by telephone, in person or otherwise, that we have with you in relation to the services we provide to you and our relationship with you. These recordings will be our sole property and will constitute evidence of the communications between us. Such telephone conversations may be recorded without the use of a warning tone or any other further notice.
Further, if you visit any of our offices or premises, we may have CCTV which will record your image.
WHO MAY WE DISCLOSE PERSONAL INFORMATION TO?
As part of using your personal information for the purposes set out above, we may disclose your information to:
- other companies within the ANote Group who provide trading, transactional, financial and other back office services;
- service providers and specialist advisers who have been contracted to provide us with administrative, IT, financial, regulatory, compliance, insurance, research or other services;
- introducing brokers with whom we have a mutual relationship;
- credit providers, courts, tribunals and applicable regulatory authorities as agreed or authorised by law or our agreement with you;
- credit reporting or reference agencies;
- anyone authorised by you.
Generally, we require that organisations outside the ANote Group who handle or obtain personal information acknowledge the confidentiality of this information, undertake to respect any individual’s right to privacy and comply with the all relevant data protection laws and this privacy notice.
Third party service providers such as credit referencing agencies may keep a record of any searches performed on our behalf and may use the search details to assist other companies in performing their searches.
Please note that the use of your personal information by external third parties who act as data controllers of your personal information is not covered by this privacy notice and is not subject to our privacy standards and procedures.
HOW DO WE OBTAIN YOUR CONSENT?
Where our use of your personal information requires your consent, such consent will be provided in accordance with the applicable customer agreement available on our website(s) or any other contract we may have entered into with you or as set out in our communication with you from time to time.
If we rely on your consent as our legal basis for processing your personal information, you have the right to withdraw that consent at any time by contacting us using the contact details set out in this privacy notice.
MANAGEMENT OF PERSONAL INFORMATION
We always take appropriate technical and organisational measures to ensure that your information is secure. In particular, we train our employees who handle personal information to respect the confidentiality of customer information and the privacy of individuals. We regard breaches of your privacy very seriously and will impose appropriate penalties, including dismissal where appropriate and necessary.
We have assigned the duties of data privacy and security to a Board member because we are committed to compliance with this privacy notice and the applicable legislation.
HOW DO WE STORE PERSONAL INFORMATION AND FOR HOW LONG?
Safeguarding the privacy of your personal information is important to us, whether you interact with us personally, by phone, by mail, over the internet or any other electronic medium. We hold personal information in secure computer storage facilities, cloud servers and paper-based files and other records and take steps to protect the personal information we hold from misuse, loss, unauthorised access, modification or disclosure.
Regarding the use of cloud servers, we currently use Amazon Web Services (AWS). AWS offers customers a number of compliance measures they can rely on to comply with European data protection laws. For example, customers are able to rely on the AWS Data Processing Addendum, which includes the Model Clauses as approved by the Article 29 Working Party (Data Processing Addendum). The Data Processing Addendum is available to all AWS customers transferring data from the EU to any of AWS regions around the world, whether in the US or otherwise. The Data Processing Addendum gives customers the assurance that AWS will give customers’ data the same high levels of security, privacy and data protection that it would receive in the EU.
AWS customers have granular control over their data they store in the AWS cloud. AWS also enables a high level of security and maintains certification with robust security standards, such as ISO 27001, SOC 1/2/3and PCI DSS Level 1.
When we consider that personal information is no longer needed, we will remove any details that will identify you or we will securely destroy the records.
However, we may need to maintain records for a significant period of time. For example, we are subject to certain anti-money laundering laws which require us to retain:
- a copy of the documents we used to comply with our customer due diligence obligations; and
- supporting evidence and records of transactions with you and your relationship with us,
for a period of five years after our business relationship with you has ended.
If we hold any personal information in the form of a contract, we will retain this contract deed in its complete form for a period of 10 years after our business relationship with you has ended.
If we hold any personal information in the form of a recorded communication, by telephone, electronic, in person or otherwise, this information will be compliant with local regulatory requirements which will either be 5 years or 10 years, subject always to statutory requirements, after our business relationship with you has ended.
Where you have opted out of receiving marketing communications we will hold your details on a separate designated list of persons so that we know you do not want to receive these communications.
TRANSFERS OUTSIDE OF THE EUROPEAN ECONOMIC AREA
We may transfer your personal information outside the European Economic Area to other ANote Group companies as well as processors who are engaged on our behalf (‘Transferees’). To the extent we transfer your information outside the European Economic Area, we will ensure that the transfer is lawful and that there are appropriate security arrangements.
In order to transfer personal information to third parties in territories that do not have a finding of adequacy by the applicable authority and regulations, we enter into agreements with the Transferees ensuring appropriate and suitable safeguards based on standard contractual terms adopted by the European Commission. Where we make transfers to Transferees in the US, we may in some cases rely on applicable standard contractual clauses, binding corporate rules, the EU-US Privacy Shield or any other equivalent applicable arrangements. If you would like a copy of such arrangements, please contact us using the contact details below.
THE PERSONAL INFORMATION WE HOLD ABOUT YOU
For further information about any rights that might be available to you in relation to the personal information we hold about you, please refer to our website or contact us at email@example.com.
HOW CAN YOU MODIFY/ASK FOR REMOVAL THE DATA WE HOLD ABOUT YOU?
To modify, or ask for the removal of the information that we hold about you, you can contact us at firstname.lastname@example.org with your case in subject. You can easily modify certain types of information from your personal profile page on our platform.
A cookie is a small piece of text stored on your computer or device when you visit a website or an app.
- TECHNOLOGY IMPROVEMENTS
We are constantly striving to improve functionality on the ANote site through technology changes. This may mean a change to the way in which personal information is collected or used. The impact of any technology changes which may affect your privacy will be notified in this privacy notice at the time of the change.
LINKS TO THIRD PARTY WEBSITES
Our websites or our apps may have links to external third-party websites. Please note, however, that third party websites are not covered by this privacy notice and those sites are not subject to our privacy standards and procedures. Please check with each third party as to their privacy practices and procedures.
WHAT IF YOU HAVE A COMPLAINT?
If you have a concern about any aspect of our privacy practices, you can make a complaint. This will be acted upon promptly. To make a complaint, please contact us via one of the methods set below.
If you are not satisfied with our response to your complaint, you have the right to lodge a complaint with our supervisory authority, the National Commission for Data Protection (Commission Nationale pour la Protection des Données (CNPD)). You can find details about how to do this on the CNPD website at https://cnpd.public.lu/en.html or by calling their main line on (+352) 26 10 60-1.
HOW TO CONTACT US
If you have any questions about this privacy notice or want to exercise your rights, please contact us by:
- email at email@example.com; or
- writing at the address provided in the “Contact us” section of this website.
This policy will govern all dealings between ANote (‘us’, ‘our’ and ‘we’ as appropriate) and the applicant customer (‘you’, ‘your’, ‘yours’ and ‘yourself’ as appropriate) during the application process. Once you open an account with us, your dealings with us will be governed by the applicable customer agreement for that account type.
In return for us granting you access to the Platform, you agree to the following terms.
For the purposes of this policy, ‘Platform’ means any electronic services (together with any related software or application) accessible by whatever means we grant you access to or make available to you either directly or through a third-party service provider.
You will take all reasonable steps to ensure that no computer viruses, worms, software bombs or similar items are introduced into any computer hardware, software, applications, equipment or network facilities you use to access our Platform.
We and our licensors (as the case may be) will retain the intellectual property rights in all elements of the software and such software and databases contained within our Platform and you will not in any circumstances obtain title or interest in such elements.
With respect to any market data or other information that we or any third party service provider provides to you in connection with your use of any Platform, you agree that: (a) we are not responsible or liable if any such data or information is inaccurate or incomplete in any respect; (b) we are not responsible or liable for any actions that you take or do not take based on such data or information; (c) such data or information is proprietary to us and/or any such provider and you will not retransmit, redistribute, publish, disclose or display in whole or in part such data or information to third parties except as required by applicable regulations or as agreed by us; (d) you will use such data or information solely in compliance with the applicable regulations and this policy; and (e) we may at our absolute discretion remove your access to market data at any time.
No one other than a party to this policy, their successors and permitted assignees shall have any right to enforce any of its terms.
This policy and all our dealings with you are in all respects governed by and construed and interpreted in accordance with the laws of the Grand-Duchy of Luxembourg, and the competent courts of the Grand-Duchy of Luxembourg will have exclusive jurisdiction to settle any legal action or proceedings arising out of or in connection with this policy, including any non-contractual disputes and claims. Nothing in this term will prevent us from bringing proceedings against you in any other jurisdiction.
No part of this document may be reproduced in any form whatsoever without the previous written permission of ANote.