Regulated by CySEC
License No CIF 251/14
Skanestas Investments Limited (the “Company”) is a Cyprus Investment Firm (‘CIF’) that was incorporated and is operating as a private, limited liability company, with registration number HE322788, having its registered office and head offices at Arch. Makariou III, 226, Limassol 3030, Cyprus. The Company is licensed by the Cyprus Securities and Exchange Commission with license number 251/14.
If you have any questions, need clarifications or want more details about how we use your personal information, you can contact the Company’s Data Protection Officer at tel. +357 25 370 220 email firstname.lastname@example.org.
The Company is committed to protecting your privacy and handling your data in an open and transparent manner. The personal data that we collect and process depend on the service or product requested and agreed in each case. It is thus related with the necessity of the specific personal data to be used for the execution of our contract or/ and because of other legislation, regulation or European directives that the Company is obliged to comply with and that they will not be used for any other purpose, unless you give your consent (see section C below).
For the purposes of this statement, personal data shall mean any information relating to an individual (natural person) with which he is being, or may be, identified and which includes, for example, the name, address, date of birth, or identification/passport number.
In this privacy statement, your data is sometimes called “personal data” or “personal information”. We may also sometimes collectively refer to handling, collecting, protecting and storing your personal data or any such action as “processing” such personal data.
This Privacy Statement:
o provides an overview of how the Company collects and processes your personal data and informs you about your rights under the EU General Data Protection Regulation (‘GDPR’) (Regulation EU 2016/679) and the Cypriot legislation for data protection, as applicable from time to time,
o is directed to natural persons who are either current or potential clients of the Company, or are authorised representatives, officers, shareholders or beneficial owners of legal entities or of natural persons which/who are current or potential clients of the Company,
o is directed to natural persons who had such a business relationship with the Company in the past,
o contains information about when we share your personal data with other third parties (for example, the regulators, our service providers or suppliers).
A. What personal data we process and where we collect it from
We collect and process different types of personal data which we receive from our clients (potential and current) in person or via their representative or via our associates, in the context of our business relationship.
We may also collect and process personal data which we lawfully obtain not only from you but from other entities or other third parties e.g. companies that introduce you to us, or entities that provide information for regulatory compliance (due diligence).
We may also collect and process personal data from publicly available sources (e.g. the Department of Registrar of Companies and Official Receiver, commercial registers, the internet), which we lawfully obtain and we are permitted to process.
If you are a prospective client or an authorised representative, officer, shareholder or beneficial owner of a legal entity or of a natural person which/who is a prospective client, the relevant personal data which we collect may include:
Name, address, contact details (telephone, fax, email), identification data, date of birth, place of birth (city and country), if you hold/held a prominent public function (for PEPs), tax identification number, tax residency and other FATCA/CRS info (US Foreign Account Tax Compliance Act /EU Common Reporting Standard), national identification according to your nationality for MiFID II purposes, authentication data (e.g. signature).
When we agree to provide products and services to you or the legal entity you represent or beneficially own, then, in the context of the provision of investment services additional personal data will be collected and processed which may include:
Current income and expenses, profession, current employment position, other professional activities (e.g. as per corporate certificates of directors/shareholders), property ownership and personal debts, personal investments and income from investments, number of dependents, other banking relationship details, tax residence and tax ID, data from entities that provide information for regulatory compliance, knowledge and experience with shares and other financial instruments (complex and non-complex), investment strategy and scope, risk appetite, personal investment portfolio, personal objectives, recorded conversations, orders and minutes of meetings.
B. Whether you have an obligation to provide us with your personal data
In order that we may be in a position to proceed with a business relationship with you and provide you with investment and/ or ancillary services (MiFID II), you must provide your personal data to us which are necessary for the required commencement and execution of a business relationship and the performance of our contractual obligations. We are furthermore obliged to collect such personal data given the provisions of the anti-money laundering law which require that we verify your identity before we enter into a contract or a business relationship with you or the legal entity for which you are the authorized representative, officer or owner. You must, therefore, provide us at least with your identity card/passport, your full name, and your residential address so that we comply with our statutory obligation as mentioned above.
We note that if you do not provide us with the required data, then we will not be allowed to commence or continue our business relationship either to you as an individual or as the authorized representative, officer or owner of a legal entity.
C. Why we process your personal data and on what legal basis
As mentioned earlier we are committed to protecting your privacy and handling your data in an open and transparent manner and as such we process your personal data in accordance with the GDPR and the Cypriot legislation for data protection for one or more of the following reasons:
a. For the performance of a contract
We process personal data in order to provide investment and ancillary services based on contracts with our client but also to be able to complete our acceptance procedure so as to enter into a contract with prospective clients.
The purpose of processing personal data depends on the requirements for each service or product and the contract terms and conditions provide more details of the relevant purposes.
b. For compliance with a legal obligation
There are a number of legal obligations emanating from the relevant laws to which we are subject as well as statutory requirements, e.g. the Money Laundering Law, the Investment Services Law, Tax laws. There are also various supervisory authorities whose laws, directives and regulations we are subject to e.g. the Cyprus Securities and Exchange Commission. Such obligations and requirements impose on us necessary personal data processing activities for identity verification, compliance with court decisions/ court orders, tax law or other reporting obligations and anti-money laundering controls.
c. For the purposes of safeguarding or servicing legitimate interests
We process personal data so as to safeguard the legitimate interests pursued by us or by a third party. A legitimate interest is when we have a business or commercial reason to use your information. But even then, it must not unfairly go against what is right and best for you. Examples of such processing activities include:
o Means and processes undertaken to provide for the security of the Company’s IT and systems, preventing potential crime, asset security, admittance controls and anti-trespassing measures.
o Company risk management.
o Sharing your personal data for the purpose of updating/verifying your personal data in accordance with the relevant anti-money laundering compliance framework.
o Initiating legal claims and preparing our defence in litigation procedures.
d. For other reasons, provided you have given your consent
Provided that you have given us your specific consent for processing (other than for the reasons set out hereinabove) then the lawfulness of such processing is based on that consent. You have the right to revoke consent at any time. However, any processing of personal data prior to the receipt of your revocation will not be affected. This may cover the provision of promotional material for services.
D. Who receives your personal data
In the course of the performance of our contractual and statutory obligations your personal data may be provided to various departments within the Company. Various service providers and suppliers may also receive your personal data so that we may perform our obligations. Such service providers and suppliers enter into contractual agreements with us by which they observe confidentiality and data protection according to the Cypriot legislation of data protection and GDPR.
It must be noted that we may disclose data about you for any of the reasons set out hereinabove, or if we are legally required to do so, or if we are authorized under our contractual and statutory obligations or if you have given your consent. All data processors appointed by us to process personal data on our behalf are bound by contract to comply with the GDPR provisions.
Under the circumstances referred to above, recipients of personal data may be, for example:
o Supervisory and other regulatory and public authorities, inasmuch as a statutory obligation exists. Some examples are the Cyprus Securities and Exchange Commission, the income tax authorities.
o Other investment firms, management companies and depositaries, such as Custodians, Depositaries, Exchanges.
o According to our procedures for combating money laundering and financing of terrorism, the entities that provide information on regulatory compliance
o External legal consultants.
o Auditors and accountants.
o File storage companies, archiving and/or records management companies.
o Companies that developed the Company’s systems, companies who assist us with the effective provision of our services to you by offering technological expertise, solutions and support and facilitating trading.
E. Transfer of your personal data to a third country or to an international organisation
Your personal data may be transferred to third countries (i.e. countries outside of the European Economic Area) in such cases as e.g. to transmit or/and execute your investment orders, or the transfer of financial instruments (receipt or delivery) or if this data transfer is required by law (e.g. reporting obligation under Tax law) or you have given us your consent to do so. Processors in third countries are obligated to comply with the European data protection standards and to provide appropriate safeguards in relation to the transfer of your data in accordance with GDPR Article 46.
F. To what extent there is automated decision-making, including the set-up of a profile
In general, in establishing and carrying out a business relationship, we do not use any automated decisionmaking. We may process some of your data automatically, with the goal of assessing certain personal aspects (profiling), in order to enter into or perform a contract with you, which are carried out in the context of combating money laundering and fraud. An account may be detected as being used in a way that is unusual for you or your business. These measures may also serve to protect you.
G. How long we keep your personal information for
We will keep your personal data for as long as we have a business relationship with you (as an individual or in respect of our dealings with a legal entity you are authorized to represent or are beneficial owner).
Once our business relationship with you has ended, we may keep your data for up to ten (10) years.
We may keep your data for longer than 10 years if we cannot delete it for legal, regulatory or technical reasons or if are needed for the purposes of legal or similar processes.
For prospective client personal data (or authorized representatives, officers or owners of a legal entity prospective client) we shall keep your personal data for 6 months from the date of conclusion of all communications that didn’t lead to the opening of an account with the Company.
H. Your data protection rights
You have the following rights in terms of your personal data we hold about you:
o Receive access to your personal data. This enables you for example to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. In order to receive such a copy you can contact the Company’s Clients’ Service division.
o Request correction (rectification) of the personal data we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected.
o Request erasure of your personal information. (known as the ‘right to be forgotten’) This enables you to ask us to erase your personal data where there is no good reason for us continuing to process it.
o Object to processing of your personal data where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground. If you lodge an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms.
o Request the restriction of processing of your personal data. This enables you to ask us to restrict the processing of your personal data, i.e. use it only for certain things, if:
o it is not accurate, until its correctness is verified,
o it has been used unlawfully but you do not wish for us to delete it,
o it is not relevant any more, but you want us to keep it for use in possible legal claims,
o you have already asked us to stop using your personal data but you are waiting us to confirm if we have legitimate grounds to use your data.
o Request to receive a copy of the personal data concerning you in a format that is structured and commonly used and transmit such data to other organisations. You also have the right to have your personal data transmitted directly by ourselves to other organisations you will name (known as the right to data portability).
o Withdraw the consent that you gave us with regard to the processing of your personal data at any time. Note that any withdrawal of consent shall not affect the lawfulness of processing based on consent before it was withdrawn or revoked by you.
To exercise any of your rights, or if you have any other questions about our use of your personal data please contact the Company’s Data Protection Officer on the subject matter.
Right to lodge a complaint
If you have exercised any or all of your data protection rights and still feel that your concerns about how we use your personal data have not been adequately addressed by us, you have the right to the Company’s Clients’ Service division. You also have the right to submit a complaint to the Office of the Commissioner for Personal Data Protection:
1 Iasonos Street, 1082 Nicosia, P.O. Box 23378, CY-1682 Nicosia,
Tel. +357 22 818 456, Fax +357 22 304 565,
I. Changes to this privacy statement
Copy of this privacy statement is available on our website and is given/ contained with the account opening documents. This privacy statement may be modified or amended from time to time.
We will notify you appropriately when we make changes to this privacy statement and we will amend the revision date stated below. You may also review the privacy statement published on our website periodically so as to be always informed about how we are processing and protecting your personal information.
Note: The General Data Protection Regulation (EU) 2016/679 shall apply from 25th May 2018.
Phone: (+357) 25 212 293
Fax: (+357) 25 253 640
Phone: (+357) 25 212 293
Fax: (+357) 25 253 640