Personal Data Protection Policy

of Assetwise Capital Management S.A
[REGULATION (EU) 2016/679 - GDPR]

The company Assetwise Capital Management (the “Company”) informs, in accordance with Regulation (EU) 2016/679, Law 4624/2019 and the other provisions of the relevant Greek and European legislation on the protection of personal data, in its capacity of controller, that it processes your personal data, collected either by the signing of the agreement for the provision of services (General Terms or others) or later, including those that will result from the conclusion and operation of the agreement(s) with the Company, or in the context of general relations and collaborations with the Company, in accordance with the following . This information concerns, indicatively: active, potential and former customers of the company, suppliers and associates of the Company, third parties related to them (proxies, representatives, lawyers, attorneys, employees, etc.) and the employees of the Company and where “Client ” applies to all of the above. This update may be supplemented by more specific updates on a case-by-case basis, such as in the case of cookies , specific categories of data , data collected through the website www.assetwise.gr ), video recording systems etc.

1. The type of personal data collected by Assetwise .
The type of data collected by the Company, apart from the basic ones (the following under a and b), depends on the capacity of the data subject (e.g. client, employee), the type of service it offers to the specific client and any requests of third party associates of the Company (see below for under 3 “Data Recipients”). In view of the above, the personal data collected by the Company may, as an indication, be the following and may not apply to you in their entirety.
a) identification data: name, father’s name, mother’s name, identity card or passport, TIN, Tax, Social Security number, Reg.No – Social security , place and date of birth, sex, citizenship, signature sample etc.
b) Contact data: postal address, e-mail address, landline and mobile phone, home and work address, etc.
c) Financial Data: work, period of work, earnings, , marital status, tax reports (E1, E9 etc.), clearing the acquisition or transfer of property documents, property contracts, tax statements.
d) Data concerning the level of knowledge of the Customer regarding the specific service and in general investment sector (risk taking, investment objectives, etc.).
e) Data on transaction behavior during the provision of investment services.
f ) Video and audio data from the video recording systems of the Company’s premises and recording of conversations in accordance with the applicable provisions of laws and upon notice.
g) Data concerning the identifiers (IP address, location data, traffic, etc.) which results from the use of electronic applications (such as the company ‘s site, cookies, etc.)
h) Data of third parties operating on behalf of the Client
i) Data resulting from the documents and supporting documents sent / submitted by the Client.
j) Data resulting from the operation of the contractual relationship(s) with the Customer.
k) Data relating to or arising from the realization of investment transactions or the acquisition of investment products by a Client, held funds and financial instruments that have been acquired in the framework of the Client’s contractual relationship with the Company.
l ) Data on risk assessment of money laundering and / or terrorist financing.
m) Data on the provision of financial information required by law or international organizations (eg FATCA , Committee on Money Laundering, etc.)
n ) Data of beneficiaries owners of legal entities or entities that are, were or will be Clients of the Company.
o ) Special categories of data (data of dependent members, minors), provided that they are provided by the Client and that the special legal conditions are met.
q ) Any other data provided by the Client on his own initiative.

The above data is collected, updated and verified directly by the Client and / or by publicly accessible sources and / or by the electronic information systems of the Company. The collection and processing of the above data by the Company is necessary for the initiation, execution and maintenance of the transactional relations between the Company and the Client.

2. Purposes of collection and processing of personal data by Assetwise.
The Company collects and processes only necessary personal data for the following purposes:
A. For the completion of Agreement.
a) The identification, the verification of the data and the communication with the Client during the pre-contractual and contractual relationship.
b) The evaluation of Client’s requests, the execution, support and service of the agreement and in general smooth operation of the contractual relationship, defense of the interests and exercise of legal rights of the Company.
c) The classification of the Client as a private or professional client in accordance with the relevant legislation (eg MIFID II), the assessment of the suitability and compatibility of the Client for the provision of investment services (direct or indirect) and investment products.
d) The communication with the Client for the purpose of information.

B. For the compliance of the Company with its legal and regulatory obligations.
a) The compliance of the Company with the legal framework (regulatory, supervisory), the decisions of authorities (supervisory, prosecutorial) or courts.
b) The prevention and suppression of money laundering and terrorist financing.
c) The protection of clients, employees, visitors and facilities of the Company and their property.
d) The Company’s compliance with the obligations imposed by the legislation regarding the provision of financial information (eg FATCA ) and / or the submission of reports to the authorities.

C. For the protection of legal interests of the Company.
a) Security of IT systems.
b) Management of Clients complaints.
c) Carrying out due diligence in accordance with the legal framework.

D. With the consent of the Customer.
Especially in cases where the above 2A-2C legal basis do not exist, the collection and processing of data is based on the explicit consent of the Client (eg in the case of cookies, communication via website or by telephone without a contractual relationship, newsletters etc .). The client has the right to revoke his consent at any time. However, the revocation of consent does not affect the legality of the processing based on the consent until the revocation. For the way of revoke (see under 7 below) . The reallocation of revoked consent is always permissible.

3. Recipients of the data.
In the context of the above 2 purposes, the Company may transmit Clients data to the following indicative recipients:

a) Board of Directors of the Company or its employees within the framework of their duties.
b) Lawyers, accountants / auditors, bailiffs of the Company within the framework of their responsibilities.
c) Companies or individuals responsible for IT support, software installation and in general information and electronic systems of the Company (cloud type) , but also providers of electronic communications ( e- mail , telecommunications, internet hosting, sms sending application, mms etc. )
d) Insurance companies (including the insurance of the clients and the Company from cyber attack risk).
e) Providers of postal services.
f ) Third parties indicated by the Client (lawyers, Client’s representatives, etc. ).
g) Supervisory, judicial, prosecutorial, police, tax, etc. authorities in the context of the respective legal provisions.
h) Bank institutions and custodian / settlement / execution providers from which, through which or products of which the Customer acquires or receives services. Today, these institutions include UBS, Credit Suisse, EFG International, Banque de Luxembourg, Eurobank SA, National Bank SA, Pantelakis Securities.
i) Potential buyers of all or part of the Company.
j) Upon request, the Company may disclose data to competent supervisory authorities, including, for example, the Hellenic Capital Market Commission, the Bank of Greece, HELEX, the Anti-Money Laundering Committee or other competent Data Processing Authority.

The Assetwise always transmits the minimum possible of your data and always under the condition of confidentiality and discretion. For the personal data processing of the above mentioned recipients, that act as independent controllers, we recommend that you refer to theirs relevant privacy policies.

4. Transmission of data outside the European Economic Area (EEA)
The Company does not transmit the personal data of its Clients outside the EEA. Data transmission is possible only upon written request and explicit consent of the Client.

Furthermore, the Company informs that it has regulatory and legal obligations regarding the provision of information, before or after the execution of the transactions, which include the collection and reporting to the competent Public Authorities of information related to the beneficiaries of accounts whose tax residence are outside Greece or for which there is an indication that they have tax liabilities in the US, under the Common Reporting Standard of the OECD for the fight against tax evasion or the Foreign Account Tax Compliance Act (Foreign Account Tax Compliance Act) – FATCA) between Greece and the USA respectively.

The Assetwise always transmits the minimum possible of your data and always under the condition of confidentiality and discretion. For the personal data processing of the above mentioned recipients, that act as independent controllers, we recommend that you refer to theirs relevant privacy policies.

5. Duration of data retention.
a. The data will be maintained throughout the contractual relationship between the Client and the Company.
b. The data is kept after the end of the contractual relationship and until the expiration of the statute of limitation period for the legal actions as defined by law or the issuance of an irrevocable judicial decision in case legal proceedings with the Company were initiated.
c. The data is kept for the period of 5 years after the rejection of the application for cooperation or, in case of pending court proceedings, until the issuance of an irrevocable judicial decision.
d. In case the processing of the data is imposed as a legal obligation, the personal data will be kept for the period provided by the relevant provisions of laws or regulations and in any case for the time necessary for the exercise of claims or defense rights and legitimate interests.
The data can be kept in digital / electronic form after the lapse of (5) five years from the beginning of its collection.

6. The rights of processing subjects.
a) Right of access and information. The client is entitled to be informed of the personal data kept and processed by the Company, as well as its origin, processing purposes, categories of its recipients, but also his rights regarding them.
b) Right to correct and / or complete the data, by submitting any necessary document.
c) Right of objection. The customer has the right to object to further processing of his data.
d) Right to be forgotten (or deleted). The client has the right to request the deletion of his data if it is no longer necessary, the consent has been revoked, the data had been processed despite the law and so on.
e) Right of restriction. The customer may request a restriction on the processing of his data.
f ) Rights of data portability. The customer can request the transfer of his data to another controller.
g) Right to revoke consent. The revocation of consent can be made at any time, however it does not affect the legality of the processing based on the consent before its revocation.
h) Right to appeal to the Personal Data Protection Authority. The complaint is submitted on the website of the Authority at www.dpa.gr

It should be noted that the above rights under c, d, e , f may not be satisfied if they are:
– necessary for the preparation and / or continuation of the agreement (s) regardless of the source from which they originated or, in the case of the rights under c and d, for the protection of the rights and legal interests or obligations of the Company.
– The exercise of the right under f does not imply the deletion of the Customer’s data, which continue to be retained for the protection of the rights, legal interests or obligations of the Company.
The exercise of the above rights (a to h) applies only for the future.

7. The way of exercising the rights by the subjects.
In order to exercise the rights 6 a-g, clients may contact in writing the company’s headquarters Ethnikis Antistaseos 57B, Chalandri,15231, Greece or online at www.gdpr@assetwise.remdesign.gr.
The company undertakes to make every effort to respond to Clients’ request within thirty (30) days, a period which may be extended, after Client’s notification, for another thirty (30) days in the event of a complex request.

8. Personal Data Protection Officer.
Customer may contact the Data Protection Officer for processing matters of personal data at the company’s headquarters Ethnikis Antistaseos 57B, Chalandri, 15231, Greece or online at www.gdpr@assetwise.remdesign.gr.

9. Protection of personal data by Assetwise.
The Company implements appropriate organisational and technical measures for the security of its Customers’ data, ensuring the confidentiality of it’s processing and protection from accidental or unlawful destruction, loss, alteration, illegal dissemination or access and any other form of unlawful processing.

10. Amendments to this policy.
The Company may modify this policy. In this case it will notify the Clients with a relevant announcement on its website.

This Policy was conducted on January 2, 2019. It is posted on the website of Assetwise Capital Management www.assetwise.gr and is available in printed form at the Company’s headquarters.

Last modification: December 2020.