1 Who we are

European Depositary Bank SA is a Luxembourgish credit institution and a subsidiary of Apex Group Limited.

For the purposes of this notice, European Depositary Bank SA and its branches are collectively referred to as “EDB”. Apex Group Limited, its affiliates, and its subsidiaries are collectively referred to as “Apex”.

2 About this notice

This notice covers how EDB, acting as data controller, collects, uses, transfers and stores your personal data in connection with your interactions (as defined below) with us via our website, as a client, as a prospective client or as a vendor. This notice summarises the nature of the information that is stored by EDB, why and how it is used, and your rights in regard to this data, as well as the protections in place to safeguard it.

In relation to personal data processed under this privacy notice EDB is responsible for ensuring that such processing complies with applicable data protection laws, including but not limited to the European Union General Data Protection Regulation (the “GDPR”). Your privacy is important to us. Please be aware that EDB employees are required to comply with EDB's data privacy practices as set out in this privacy notice and other data privacy-related policies.

3 What personal information do we collect and how do we obtain it?

‘Personal information’ is any information that can be used to identify you or that we can link to you and which we have in our possession or control.

We will collect and process the following personal information about you:

  • personal details such as your full name, title, occupation, nationality, country of residence, contact details, home/work address, email addresses and telephone numbers;
  • information required by EDB to meet legal and regulatory requirements in respect of anti-money laundering legislation, including personal details such as gender, date of birth, passport number(s), other government issued number(s), nationality, images of passports and driving licences, signatures, occupation, source of funds and source of wealth, criminal records and political or family associations;
  • information required by EDB to meet legal and regulatory requirements relating to the automatic exchange of tax information (e.g. US FATCA and OECD CRS), including details of tax residency, tax classification and tax identification numbers;
  • financial information, including billing address, bank account numbers, instruction records, transaction details, counterparty details, and specimen signatures;
  • details of meetings and telephone calls with our offices and employees;
  • information about entities with which you are connected, including your employer, your advisers, banking and other service providers and entities in which you have an interest; and
  • any other information you may provide to us in the course of corresponding with us or might be provided to us by our clients, third parties etc.

Special category data: we may collect this where we are required to do so for the purposes of our legal and/or regulatory obligations including but not limited to those in relation to anti-money laundering and combatting the financing of terrorism. This may include information relating to your racial or ethnic origin or information relating to criminal records.

We collect this information in a variety of ways but mainly directly from you when you contact us or request information from us where we are providing services to you or we receive services from you including:

  • Information set out in any agreements entered into with us;
  • As part of the client due diligence process and through onboarding documentation; and
  • Personal data provided by you by way of correspondence with us by telephone, email or otherwise.

We also collect information from third parties or publicly available sources. These third parties and publicly available sources include lawyers, accountants and professional advisors, other financial institutions that process your personal data to satisfy their own regulatory requirements, credit reference agencies and financial crime databases in order to comply with our regulatory requirements as well as from other Apex companies.

Website and cookies: we may collect your personal information through your use of our website via cookies. These cookies help us to provide you with an optimised experience, understand how you use the website, provide personalised features and content, and to deliver advertisements. We also use cookies to ensure that our website is functioning correctly. For further information about cookies, please see our cookie notice here.

4 How do we use your data?

We generally collect and use your personal information to fulfil our contractual obligations, to comply with our regulatory obligations, or to pursue legitimate interests, in particular to;

  • provide, and perform our obligations with respect to the services or otherwise in connection with fulfilling instructions;
  • validate authorised signatories for processing agreements and transactions;
  • contact nominated individuals in connection with transactions and contractual agreements;
  • respond to enquiries and fulfil requests from you/our clients, service providers and/or relevant third parties who may require information for providing services and to administer account(s) and manage our relationships;
  • verify an individual’s identity and/or location (or the identity or location of our client’s or service provider’s representative or agent) in order to allow access to relevant client accounts or conduct online transactions;
  • protect the security of accounts and personal data;
  • risk management/audit, compliance with our legal and regulatory obligations and for fraud detection, prevention and investigation, including “know your customer”, anti-money laundering, conflict and other necessary onboarding and ongoing client checks, due diligence and verification requirements, credit checks, credit risk analysis, compliance with sanctions procedures or rules, and tax reporting;
  • comply with applicable law including treaties or agreements with or between foreign or domestic governments (including in relation to tax reporting laws), (which may include laws outside the country you are located in), to respond to requests from public and government authorities (which may include authorities outside the country you are located in), to cooperate with law enforcement, governmental, regulatory, securities exchange or other similar agencies; and
  • monitor and record communications, including emails, for investigation and fraud prevention purposes, crime detection, prevention and investigation.

5 Use of AI and Automated Technologies

We may use Artificial Intelligence and automated technologies to automate some of our processes, streamlining repetitive tasks, enhancing efficiency, user experience, and security while interacting with us. We continuously review our AI systems to ensure compliance with legal and ethical standards. If you have any questions about our use of AI in relation to your data, or if you wish to exercise any rights related to automated decision making, please contact us using the details provided in this privacy notice set out in section 12 of this notice.

6 Disclosure and Sharing of Data

Personal Data may be disclosed to third parties in connection with the services we are providing. The recipients of such information will depend on the services that are being agreed and provided.

Subject to any restrictions around confidentiality such disclosures may include disclosures:

  • to other Apex companies for the purposes described in this privacy notice;
  • to our third party service providers (including in relation to website hosting, data analysis, client research, payment processing, order fulfilment, information technology and related infrastructure provision, customer service, email delivery, auditing and other services) and to our professional advisers and agents;
  • to third party advisers of clients (including external legal counsel, notaries, auditors and tax advisers);
  • to payment, banking and communication infrastructure providers including SWIFT, financial institutions or intermediaries with which we may have dealings (including correspondent banks), insurers/insurance brokers, central counterparties, clearing houses, clearing and settlement systems, exchanges, trading platforms, regulated markets, credit institutions and other service providers assisting on transactions;
  • to third party storage providers (including archive service providers and document repositories) and trade data repositories;
  • to third party distribution platforms and to operators of private or common carrier communications or transmission facilities, time sharing suppliers and mail or courier services;
  • to other deal/transaction participants including issuers, borrowers, advisers, translation service providers and within prospectuses and marketing materials;
  • to counterparties, vendors and beneficiaries, and other entities connected with our clients;
  • to other persons as agreed with a client or as required or expressly permitted by applicable law;
  • to central banks, regulators, trade data repositories, or approved reporting mechanisms which may be outside your country; and
  • to courts, litigation counterparties,  law enforcement, foreign authorities and others, pursuant to subpoena or other court order or process or otherwise as reasonably necessary, including in the context of litigation, arbitration and similar proceedings to enforce our terms and conditions, and as reasonably necessary to prepare for or conduct any litigation, arbitration and/or similar proceedings and to comply with legal and regulatory requirements.

Where there is a transfer within Apex or to a third party in a different jurisdiction, including, but not limited to transfers outside of the European Economic Area, we will take appropriate steps to ensure there is an adequate level of protection for personal information (which includes a legal agreement and appropriate security measures) in place in accordance with applicable legal requirements. The third parties are permitted to use the personal data only for the purposes which we have identified, and not for their own purposes, and they are not permitted to further share the data without our express permission.

7 Retention of your data

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

8 Data security

We have put appropriate security measures in place to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a legitimate need to know. They will only process your personal information on our instructions, and they are subject to a duty of confidentiality.

We have put procedures in place to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

9 Your choices and rights as a data subject

You have several legal rights in relation to the personal information that EDB holds about you, and you can exercise your rights by contacting us using the details set out in section 12 below.

Depending on applicable law, these rights may include:

  • Right to access. You have the right to request information regarding the processing of your personal information and access to the personal information we hold about you.
  • Right to rectification. You have the right to request that EDB corrects any information you believe is inaccurate. You also have the right to request EDB to complete information you believe is incomplete.
  • Right to erasure. You can request we erase your personal information in certain circumstances. There may be circumstances where you request us to erase your personal information, but we are legally entitled to retain it.
  • Right to restrict processing. You have the right to request that EDB restricts the processing of your personal data under certain conditions. There may be circumstances where you object to or ask us to restrict our processing of your personal information, but we are legally entitled to refuse that request.
  • Right to withdraw consent. You have the right to withdraw consent at any time where the sole legal basis for processing your personal data is your consent.
  • Right to object to processing. You have the right to object to EDB’s processing of your personal data under certain conditions.
  • Right to data portability. You have the right to request that we transfer the data we have collected to another organisation or directly to you under certain conditions.
  • Make a complaint. You can lodge a complaint with the relevant data protection authority if you think that any of your rights have been infringed by us or if you are not satisfied with our response.

In certain circumstances, we may refuse your request or limit our response to your request. These circumstances include where the request is excessive or unfounded, your requests prejudice the rights of others, where the information you are requesting is subject to ongoing criminal investigations, legal processes, or other regulatory restrictions, or where we no longer hold the data. 

If we refuse your request, we will provide you with reasons for the refusal. You can lodge a complaint with the relevant data protection authority if you think that any of your rights have been infringed by us or if you are not satisfied with our response:

  • Commission nationale pour la protection des données | 15, Boulevard du Jazz | 4370 Belvaux | Luxembourg
  • Data Protection Commission | 6 Pembroke Row | Dublin 2 | D02 X963 | Ireland
  • Information and Data Protection Commissioner | Floor 2 Airways House | Triq Il-Kbira | Tas-Sliema SLM 1549 | Malta

10 Recording of communications

When individuals communicate with EDB by way of telephone conversations and electronic communications, including emails, text messages and instant messages, these may be recorded and/or monitored for evidentiary, compliance, quality assurance and governance purposes or as required by applicable law.

11 Email marketing and unsubscription

You can stop the delivery of marketing emails from Apex at any time by unsubscribing or opting out via the link included in every email. Alternatively, you can make a direct request to unsubscribe by emailing enquiries@apex.bm

12 How to contact us

If you have any concerns or questions about this privacy notice or would like to exercise your rights as a data subject, you can contact our Data Protection Officer:

Email: dataprotectionofficer@eudepobank.eu  

Post: Data Protection Officer | European Depositary Bank SA | 9A, Rue Gabriel Lippmann | 5365 Munsbach | Luxembourg

13 Updates

We will update this privacy notice when necessary to reflect changes in the law, our practices and in our services, as well as to ensure it is accurate and up to date. When we make an update we will amend the date at the top of this notice, you are therefore advised to check this privacy notice periodically.  We may also notify you in other ways from time to time about the processing of your personal information.

Get in touch with our team

Ask a question

Contact Us
ABOUT EDB
SERVICES
APEX GROUP