Privacy Notice

Last Version : N/A

Current Version : 14 January 2023

1. Overview

Cuatro Torres Capital S.A. (“Cuatro Torres” or the “Company”) is committed to protecting and respecting your privacy, and to process your Personal Data lawfully, fairly and in a transparent manner, in accordance with local data protection regulation. “Personal Data” means any information about an identified or identifiable individual. This Privacy Notice is intended to help you understand why and how we collect, process and destroy your Personal Data where requested or as applicable by law and/or best practices. It sets out the legal basis upon which any Personal Data we collect about you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your Personal Data and how we will treat it.

The data protection clauses of any contract concluded with an entity of the Cuatro Torres shall be solely applicable in the event of a contradiction between those clauses and this Privacy Notice.

2. What types of Personal Data does Cuatro Torres collect?

Cuatro Torres collects information about you when you use our website, opt-in in to receive any investors communications that we may prepare (such as newsletters) as well as while onboarding you as a client. We also collect information you share with us based on your consent by participating in surveys or attending events. The types of Personal Data we may collect and process include, but are not limited to:

• Names,
• Work and or residential addresses,
• Email addresses,
• Telephone numbers,
• Your investment information
• Information we deem necessary to comply with applicable legislation (g. AML & KYC checks)
• Information about your use of the website,
• Any other information that you provide to us.

In appropriate cases and to the extent permitted by law, we may collect and process certain special categories of Personal Data which are more sensitive in nature. Example of some of these cases may arise when undertaking “Know Your Customer” (KYC) on potential clients where potential restrictions may arise from political or religious beliefs; or while collecting information as part of our anti-money laundering (AML) checks, we may come across past criminal conviction offence that you or the directors of any company might have committed.

3. Identity of the data controllers

Cuatro Torres Capital S.A. is a Swiss-based company, with its registered address at Rue de la Servette 13, 1201 Geneva, Switzerland. Our website provider is AIRE NETWORKS DEL MEDITERRÁNEO, S.L.U., whose registered address is c/ Santiago Ramón y Cajal nº 11, Elche Parque empresarial 03203, Elche (Alicante).

4. Contact details of the data controllers

Cuatro Torres Capital S.A.

Phone : +41 XX XXX

Email : [email protected]

The Company has no regulatory obligations under the GDPR to appoint a Data Protection Offer (“DPO »). However, the Company has named a Responsible Officer for all matters relating to Personal Data protection, who may be reached at [email protected].

If you wish to exercise a right with regards to the processing of your Personal Data, or if you have any questions or concerns about such processing or this Privacy Notice, we suggest that you first contact the Company.

5. Lawful basis for Processing

We rely on the following legal basis for processing your Personal Data:

• Consent: if you are a recipient of our electronic direct marketing or if you agree to unnecessary cookies on our website. When the processing is based on your consent, you may opt out at a later date by contacting us at [email protected]
• Performance of a Contract: if you are our client, supplier, business affiliate or our website visitor (necessary cookies).
• Legal Obligation: if we process Personal Data according to requirements of applicable legislation as in the case of AML checks.
• Legitimate Interest: if our legitimate interests or those of a third party are not overridden by your interests or rights, subject to an internal review to ensure that processing is in line with your rights.

6. Purpose of Personal Data processed

If you are a client, we may process your personal information, in particular but not exclusively, for the following purposes:

• Provision of financial products and services;
• Administration of your investments;
• Promotion of ideas and events relating to services we provide;
• Keeping your records accurate and up to date;
• Maintenance of records of communications and management of your relationship with us;
• Responding to your enquiries;
• Compliance with any present or future law, rule, regulation, guidance, decision or directive (including those concerning anti-terrorism, fraud, AML and anticorruption);
• Carrying out, in appropriate cases, KYC checks and other procedures that we undertake prior to you becoming a customer of ours;
• Prevention and detection of fraud and other illegal activity or misconduct; and
• Informing you about compliance with legal and regulatory obligations and provide related guidance.

If you are a supplier or business affiliate, we may process your Personal Data for any legitimate reason in connection with the performance of your contract with us or in order to take steps prior to entering into a contract.

If you are a visitor of our website, we collect and process necessary cookies to ensure basic functionalities and security features of the Website.

7. Who we share information with

The Company may transfer your Personal Data to other entities who provide additional or complementary services to the Company.

For example, we are required to sometimes pass on Personal Data to:

• law enforcement agencies; financial regulators and other relevant regulatory authorities; government bodies; tax authorities; courts tribunals and complaints/dispute resolution bodies; or other bodies as required by law or regulation;
• related financial institutions such as trustees, custodians and sub-custodians; insurers; fraud protection agencies; and/or similar suppliers or service providers.

To efficiently fulfil our contract with you, for our legitimate interests or for legal reasons, we transfer personal information to:

• Third party IT Service Providers (data processors);
• Any other third-party services providers e.g. HR consultants, legal counsels or auditors.

You may, at any time, request to see the list of processors we use to process your Personal Data by sending your request to [email protected]. Please allow at least 7 working days to receive a reply to your request.

With your consent, to third party marketing agencies (e.g. if you accept unnecessary cookies on our website).

8. International transfer outside the EEA

Your Personal Data will be processed by the Company in Switzerland and the European Union.

However, our IT service providers (data processors) may process your Personal Data outside the European Economic Area (EEA). We will only transfer Personal Data outside the EEA if one of the following conditions applies:

• the European Commission has issued a decision confirming that the country to which we transfer the Personal Data ensures an adequate level of protection for the Data Subjects (it is currently the case for Switzerland),
• appropriate safeguards are in place such as standard contractual clauses approved by the European Commission,
• the Data Subject has provided Explicit Consent (Explicit Consent is where permission has been given by the Data Subject in writing to the proposed transfer after being informed of any potential risks).

The Company may also transfer your personal information outside of the EEA for other legitimate reasons, e.g. to exercise or defend legal claims or to protect your vital interests of those of a third party.

9. Communication Recording

We may monitor, record, store and use any telephone, email or other communication with you in order to maintain a record of any instructions given to us, for training purposes, for crime prevention, for regulatory purposes, and to improve the quality of our customer service.

10. Retention

We will keep your Personal Data for no longer than reasonably necessary. We will retain your personal information in accordance with legal and regulatory requirements as set out in our Data Retention Policy.

11. Your rights and your Personal Data

You have a right:

• to request a copy of your Personal Data which the Company holds about you;
• to request to correct any Personal Data if it is found to be inaccurate or out of date;
• to request your Personal Data is erased where it is no longer necessary to retain such data;
• to withdraw your consent to the processing at any time if consent constitutes the lawful basis for processing;
• to object to a processing based on grounds relating to your situation if the processing is necessary for the performance of a task carried out in the public interest or the processing is necessary for the purposes of the legitimate interest by us or a third party, unless such interest is overridden by your fundamental rights and interests;
• to request a restriction is placed on further processing of your Personal Data;
• to lodge a complaint with the data protection authority; the relevant data protection authorities for Switzerland is the following:
  • In Switzerland, the data protection authority it he Federal Data Protection and Information Commissioner (FDPIC); you can contact the PFPDT by phone +41 (0)58 462 43 95 or by email at [email protected] or by postal mail at the following address: Office of the Federal Data Protection and Information Commissioner FDPIC, Feldeggweg 1, CH – 3003 Berne.
• not to be subject to a decision based on automated Processing; the Company does not practice such decision making.

12. Safeguarding measures

We take your privacy seriously and take every reasonable measure and precaution to protect and secure your Personal Data. We work hard to protect you and your information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures in place, including, without limitation, encryptions.