All Collections
Disclaimers
Privacy Policy
Privacy Policy
Updated over a week ago

FlexInvest is a brand registered by Investium Limited. Investium Limited is authorized and regulated by the Cyprus Securities and Exchange Commission (“CySEC” or the “Commission”), with CySEC License number 421/22, is registered with the Registrar of Companies under number HE412142, and has its registered office at 6 Nikou Georgiou, Office 302, 1095 Nicosia, Cyprus.

1. Introduction

Investium Ltd (the “Company”) is committed to protecting customers’ privacy. This Privacy Policy describes what Personal Data we collect, use and process and how this information is used in the course of our business.

2. Customer data

The Company collects customer data for various reasons, which include:

  1. The provision of investment and ancillary services,

  2. To ensure compliance with the provisions of the Prevention and Suppression of Money Laundering and Terrorist Financing Law of 2007-2021,

  3. To communicate with customers,

  4. For marketing purposes,

  5. To defend its legal rights,

  6. For recruitment, employment and payroll, and

  7. For any other purpose similar or connected to the above or for any other purpose that the customer will provide personal data to us.

Customer’s data include name, address, identification details, postal and business address, mobile phone number, email, profession, bank account details, social insurance number, tax identification number, certificate of clean-criminal record, certificate of non-bankruptcy and other relevant details. This data is stored and processed by the Company throughout the validity period of the contract / relationship, in order to provide the requested services, handle requests and/or enquiries and perform payments. This data is also stored for a period of five years after the termination of the contract / relationship.

3. Processing activity name

The Company may process the personal data set out above for any of the following purposes:

  1. Disclose personal data to the Cyprus Securities and Exchange Commission and/or the Central Bank of Cyprus, as per the relevant legal requirements,

  2. Disclose information that is essential to auditors, legal consultants, operational partners, support services partners and affiliates for the complete provision of the service to the customer,

  3. Provide information to the customer’s authorized representative,

  4. For compliance with a legal obligation of the Company,

  5. For the protection of the customer’s vital interests,

  6. For purposes of legitimate interests of the Company, such as legal actions against the customer, the detection and prevention of fraud and IT purposes (e.g., cyber-security, data loss prevention),

  7. Reveal to regulatory authorities, competent governmental authorities and agencies (other than tax authorities), law enforcement agencies, intergovernmental or supranational bodies, and other third parties with the requisite authority to request such information,

  8. Reveal information in response to criminal or civil legal process as requested by the competent courts of the relevant jurisdiction and as permitted under Cyprus Laws,

  9. Provide information for statistical purposes that do not include personal identification information but are of rather aggregate nature.

The Company takes all necessary steps to safeguard the Confidentiality, Integrity and Availability of its systems and services, e.g., to protect against cybersecurity threats, fraud, etc. Personal data is stored by the Company for a period of five years after the termination of the contract / relationship. After the lapse of this period this data is erased.

The following data is not erased:

  1. Data processed for the purposes of legitimate interest (e.g., an action against a customer), which are maintained until the legitimate purpose is completed.

4. General Customers’ Rights According to European Regulation 2016/679 (“GDPR”)

4.1 Right of Access

Customers may be informed in more detail about the Personal Data processes of the Company by:

  1. Visiting the offices of the Company, completing, and submitting the relevant application form, or

  2. Requesting via email at [email protected] the relevant application form and submitting the said via the same email address.

The right of access is subject to the provisions of the Cyprus data protection legislation and the authentication of the legal subscriber.

4.2 Right to Erasure (“Right to be Forgotten”)

Customers may request the erasure of any of their Personal Data by:

  1. Visiting the offices of the Company, completing, and submitting the relevant application form, or

  2. Requesting via email at [email protected] the relevant application form and submitting the said via the same email address.

The right to erasure is subject to the provisions of the Cyprus data protection legislation and the authentication of the legal subscriber.

4.3 Data Portability

Customers may exercise the right to data portability by:

  1. Visiting the offices of the Company, completing, and submitting the relevant application form, or

  2. Requesting via email at [email protected] the relevant application form and submitting the said via the same email address.

Data portability is subject to the provisions of the Cyprus data protection legislation and the authentication of the legal subscriber.

4.4 Right of Updating, Rectification or Minimization of Personal Data

Customers may update their Personal Data or request the correction of any inaccurate Personal Data or data minimization, by:

  1. Visiting the offices of the Company, completing, and submitting the relevant application form, or

  2. Requesting via email at [email protected] the relevant application form and submitting the said via the same email address.

These rights are subject to the provisions of the Cyprus data protection legislation and the authentication of the legal subscriber.

5. Information security measures

The Company maintains solid information security measures and procedures to safeguard customers’ Personal Data, in line with our legal obligations.

A comprehensive approach is considered for information security to effectively ensure the Confidentiality, Integrity and Availability of customers’ Personal Data. The Company endeavors to implement a holistic Information Security Management System to effectively safeguard the Confidentiality, Integrity and Availability of our Customers data.

6. Transfers outside the EU/EEA

Customers are informed that the associates of the Company are based both within the EU and/or the EEA but also outside the EU and/or the EEA. Partners within the EU/EAA are contractually committed to the Company to provide appropriate security safeguards and to maintain the confidentiality of the customers’ Personal Data. With regards to Personal Data shared outside the EU/EEA and subsequently accessed by other entities, these shall only be shared when there are guarantees of an adequate level of protection in terms of applicable law and remain limited to the minimum necessary for the intended purposes, on the condition that all relevant data protection agreements (“DPA”) are in place and duly signed by the parties.

7. Contact information and complaints

Customers can contact the Company for any information on its Privacy Policy by phone at +357 22730078, or by post at 6 Nicou Georgiou Street, Cyprus, or by email at [email protected]. The same contact details may be used for any inquiry or complaint.

The Company has appointed a Data Protection Officer’s (“DPO”).

8. Definitions

8.1 “Controller”

Means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State Law.

8.2 “Personal Data”

Means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

8.3 “Processing”

Means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

8.4 “Processor”

Means a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Controller.

Did this answer your question?