Security and privacy are our priorities
WHO ARE WE?
The data controllers within the ANote Music Group may change from time to time in line with developments in the ANote Music Group business.
WHY DO WE COLLECT PERSONAL DATA?
We use and disclose personal information only for the purposes that we disclose to you. We will request your consent before we use or disclose your personal information for any materially different purpose.
We collect, use and disclose personal information to meet the needs of our customers and users to better our business purposes for their benefit, including:
- to provide the products and services you request;
- the day-to-day operation and maintenance of accounts and services;
- collecting of the amounts outstanding from you;
- to tell you about services or other related products and services offered by us;
- to manage our website, Platform, app and services;
- to understand the needs of our customers and users;
- to learn about our markets and design and improve our services and related products;
- to administer and process any request for information or job application;
- to comply with our regulatory and legal obligations, including but not limited to warrants, subpoenas, and court orders or to meet government tax reporting requirements;
- to contact you (including by way of e-mail), including, but not limited to:
- in response to your inquiries and comments, and to safeguard your interests;
- to provide you with information about our products and services, or those of others, that you may be interested in;
- to investigate suspicious activities; and
- to protect our rights and property.
PURPOSE FOR WHICH WE PROCESS PERSONAL AND USAGE DATA AND ITS LEGAL BASIS
Personal data can be defined as any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, etc (“Personal Data”). In addition to collecting Personal Data, we gather information automatically as part of your use of our products and services, also known as usage data (“Usage Data”). This information may include identifiers, commercial information, and internet activity information such as the IP address.
We collect and process your Personal Data for the following purposes, and rely on the following legal bases:
Providing our website, Platform, app and services
We process your personal information to operate and administer our website and services to provide you with the content you access and request
Our legitimate interest in providing online content to our customers and prospective customers regarding our service offering and related information
Improving our website, Platform, app
We process your personal information to analyze overall trends and help us improve the user experience on our website, Platform, app
Our legitimate interest in providing a relevant and well-functioning website, Platform, app for the benefit of our visitors/users
Promoting the security of our website, Platform, app
We process your personal information by tracking use of our website and verifying and investigating activity
Our legitimate interest in promoting the safety and security of our website, Platform, app and in protecting our rights and the rights of others
Displaying personalized advertisements and content
We process your personal information to conduct market research, advertise to you, provide personalized information about us on and off our Website and to provide other personalized content based upon your activities and interests
Our legitimate interest in advertising our products and services or, where necessary, to the extent you have provided your prior consent
We process your personal information, including registration information and associated non-disclosure information, for security reasons
Our legitimate interest in protecting our offices, staff, visitors and our confidential information against unauthorized access
Managing event registrations and attendance
We process your personal information to plan and host events or webinars for which you have registered or that you attend, including sending related communications to you.
Performance of a contract or where we receive your explicit consent
Ensuring the safety and security of our employees, events and premises
We process your personal information where necessary based on a credible threat to our employees, events or premises
Our legitimate interest in protecting our employees, events and premises
We process your personal information to send you marketing information, product recommendations and other non-transactional communications (e.g., marketing newsletters, push notifications, information about our products, news or events) about us, our affiliates and partners
Our legitimate interest in conducting direct marketing or where you have provided your prior consent
Recording phone calls
We process your personal information, including recording phone calls (in accordance with applicable laws) for training, quality assurance, and administration purposes.
Consent or our legitimate interest in maintaining the high quality of our phone calls with users
Handling contact and user support requests
We process your personal information, if you fill out a “Contact Us” web form or if you contact us by other means such as sending us an email at: email@example.com or writing us at: 9 rue du Laboratoire, L-1911 Luxembourg
Necessary for the performance of a contract or our legitimate interest in fulfilling your requests and communicating with you
Providing our services
Necessary for the performance of a contract or our legitimate interest to provide and administer our services
Developing and optimizing the performance of the services
We process your personal information to develop, optimize, and improve the performance of the services
Legitimate interest to develop services and ensure that the services are performing in line with customer expectations; if special categories of personal information are processed, where the personal information is manifestly made public by the data subject
Providing personalized interactions
We process your personal information to customize our interactions with you
Legitimate interest to offer the best-in class services to our customers
Managing our customer and user accounts
We process your personal information (including usage data) to manage customer and user accounts generally, such as billing, customer correspondence and customer relationship management
Necessary for the performance of a contract or our legitimate interest in the management of customer and user accounts
Managing usage and licensing compliance
Necessary for the performance of a contract or our legitimate interest in managing the provision of our services to customers
Preparing internal reports and business modeling
We process your personal information (including usage data) for internal reporting and business modeling purposes (e.g., forecasting, revenue, capacity planning, product strategy)
Our legitimate interest in the management of our business operations
Maintaining our security
We process your personal information (including your usage data) for the purposes of maintaining our own security, including investigating, detecting and preventing suspicious activity, fraud and cybercrime that may affect ANote Music or its services
Our legitimate interest in promoting our own safety and security generally and to protect our rights and the rights of others
Managing compensation for employees
We process your personal information (including your usage data) for the purposes of determining compensation for our own employees, such as commission
Necessary for the performance of a contract with an employee or our legitimate interest in fairly compensating our employees
Undertaking financial reporting
We process your personal information (including your personal information) for the purposes of financial reporting
Our legitimate interest in meeting our obligations associated with the reporting of our finances
We process your personal information (including your usage data) for the purposes of aggregating this information to ensure that it is no longer identifying
Our legitimate interest in minimizing the amount of personal information processed as part of the noted processing activity
Managing, and participating in, webinars, contests, programs, training, certifications or promotions
We process your personal information if you register for a webinar, training, certification or a program. In some cases where the training or certification is through your employer, we will share your personal informationa with your employer.
Consent, necessary for the performance of a contract or our legitimate interest in providing the webinar, contest, promotion, training, certification or promotion
If you have provided financial information to us, we process your personal information to verify that information and to collect payments to the extent that doing so is necessary to complete a transaction and perform our contract with you
Necessary for the performance of a contract
Administering surveys and conducting research
We process your personal information (including, where legally permitted, special categories of personal information) in order to meet the goals set out in surveys or research as well as to analyze our compliance with internal policies
Consent or explicit consent (if required under applicable law) or our legitimate interest in conducting the survey or research based on its stated goals (where no special categories of personal information are in scope)
Collecting diversity information
We process your personal information (including special categories of personal information) to the extent you voluntarily consent to provide it to meet our broader community goals related to diversity and equality of opportunity
Consent or explicit consent (if required under applicable law)
Complying with legal obligations
We process your personal information (including usage data) when cooperating with public and government authorities, courts or regulators in accordance with our legal obligations under applicable laws to the extent this requires the processing or disclosure of personal information to protect our rights
Legal obligation or our legitimate interest in protecting against misuse or abuse of our website or services, protecting personal property or safety, pursuing remedies available to us and limiting our damages, complying with judicial proceedings, court orders or legal processes, responding to lawful requests, or for auditing purposes
WHAT KIND OF PERSONAL DATA AND INFORMATION DO WE COLLECT?
If you are an actual or potential customer, we may collect the following types of information about you:
- name, address and contact details;
- date of birth and gender;
- profession and employment details;
- location data;
- ANote Music account information about your income and wealth including details about your assets and liabilities;
- ANote Music account information about balances, trading statements, tax and financial statements, trading performance;
- any other similar information related to your ANote Music account.
We obtain this information in a number of ways through your use of our services or other dealings with us including through any of the ANote Music website, Platform, app, the account opening applications, our demo sign up forms, webinar sign up forms, subscribing to RSS and/or push notifications, news updates and from information provided in the course of ongoing customer service correspondence. We may also collect this information about you from third parties either through bought-in third party marketing lists, publicly available sources or through our “refer a friend” scheme.
We also keep records of your trading behaviour, including a record of:
- products you trade with us and their performance;
- products we trade on your behalf and their performance;
- historical data about the trades and investments you have made including the amount invested;
- your preference for certain types of products and services.
We may ask for other personal information voluntarily from time to time (for example, through market research, surveys or special offers). If you choose not to provide the information, we need to fulfil your request for a specific product or service, we may not be able to provide you with the requested product or service.
We may record any communications, electronic, by telephone, in person or otherwise, that we have with you in relation to the services we provide to you and our relationship with you. These recordings will be our sole property and will constitute evidence of the communications between us. Such telephone conversations may be recorded without the use of a warning tone or any other further notice.
Further, if you visit any of our offices or premises, we may have CCTV which will record your image.
WHO MAY WE DISCLOSE PERSONAL INFORMATION TO?
As part of using your personal information for the purposes set out above, we may disclose your information to:
- other companies within the ANote Music Group who provide trading, transactional, financial and other back office services;
- service providers and specialist advisers who have been contracted to provide us with administrative, IT, financial, regulatory, compliance, insurance, research or other services;
- introducing brokers with whom we have a mutual relationship;
- credit providers, courts, tribunals and applicable regulatory authorities as agreed or authorised by law or our agreement with you;
- credit reporting or reference agencies;
- anyone authorised by you.
Third party service providers such as credit referencing agencies may keep a record of any searches performed on our behalf and may use the search details to assist other companies in performing their searches.
HOW DO WE OBTAIN YOUR CONSENT?
Where our use of your personal information requires your consent, such consent will be provided using consent form or any other contract we may have entered into with you or as set out in our communication with you from time to time.
MANAGEMENT OF PERSONAL INFORMATION
We always take appropriate technical and organisational measures to ensure that your information is secure. In particular, we train our employees who handle personal information to respect the confidentiality of customer information and the privacy of individuals. We regard breaches of your privacy very seriously and will impose appropriate penalties, including dismissal where appropriate and necessary.
HOW DO WE STORE PERSONAL INFORMATION AND FOR HOW LONG?
Safeguarding the privacy of your personal information is important to us, whether you interact with us personally, by phone, by mail, over the internet or any other electronic medium. We hold personal information in secure computer storage facilities, cloud servers and paper-based files and other records and take steps to protect the personal information we hold from misuse, loss, unauthorised access, modification or disclosure.
Regarding the use of cloud servers, we currently use Amazon Web Services (AWS). AWS offers customers a number of compliance measures they can rely on to comply with European data protection laws. For example, customers are able to rely on the AWS Data Processing Addendum, which includes the Model Clauses as approved by the Article 29 Working Party (Data Processing Addendum). The Data Processing Addendum is available to all AWS customers transferring data from the EU to any of AWS regions around the world, whether in the US or otherwise. The Data Processing Addendum gives customers the assurance that AWS will give customers’ data the same high levels of security, privacy and data protection that it would receive in the EU.
AWS customers have granular control over their data they store in the AWS cloud. AWS also enables a high level of security and maintains certification with robust security standards, such as ISO 27001, SOC 1/2/3and PCI DSS Level 1.
When we consider that personal information is no longer needed, we will remove any details that will identify you or we will securely destroy the records. However, we may need to maintain records for a significant period of time. For example, we are subject to certain anti-money laundering laws which require us to retain:
- a copy of the documents we used to comply with our customer due diligence obligations; and
- supporting evidence and records of transactions with you and your relationship with us,
for a period of five years after our business relationship with you has ended.
If we hold any personal information in the form of a contract, we will retain this contract deed in its complete form for a period of 10 years after our business relationship with you has ended.
If we hold any personal information in the form of a recorded communication, by telephone, electronic, in person or otherwise, this information will be compliant with local regulatory requirements which will either be 5 years or 10 years, subject always to statutory requirements, after our business relationship with you has ended.
Where you have opted out of receiving marketing communications we will hold your details on a separate designated list of persons so that we know you do not want to receive these communications.
TRANSFERS OUTSIDE OF THE EUROPEAN ECONOMIC AREA
We may transfer your personal information outside the European Economic Area to other ANote Music Group companies as well as processors who are engaged on our behalf (‘Transferees’). To the extent we transfer your information outside the European Economic Area, we will ensure that the transfer is lawful and that there are appropriate security arrangements.
In order to transfer personal information to third parties in territories that do not have a finding of adequacy by the applicable authority and regulations, we enter into agreements with the Transferees ensuring appropriate and suitable safeguards based on standard contractual terms adopted by the European Commission. Where we make transfers to Transferees in the US, we may in some cases rely on applicable standard contractual clauses, binding corporate rules, the EU-US Privacy Shield or any other equivalent applicable arrangements. If you would like a copy of such arrangements, please contact us using the contact details below.
HOW CAN YOU MODIFY AND/OR DELETE THE PERSONAL DATA WE HOLD ABOUT YOU?
To modify and/or delete the information that we hold about you, you can contact us at firstname.lastname@example.org or fill out “Contact Us” web form. . You can also easily modify certain types of information from your personal profile page on our website.
In accordance with the GDPR regulations you have the right to:
- request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you;
- request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected;
- request the erasure of your personal information. This enables you to ask us to remove/delete personal information where there is no good reason for us continuing to process it;
- object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes;
- request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it;
- withdraw your prior consent to processing of your personal information at any time;
- the right to object to a decision based solely on automated processing, including profiling.
To exercise your rights, you can contact us at email@example.com or fill out “Contact Us” web form or write us at the following address: ANote Music, 9 rue du Laboratoire, L-1911 Luxembourg.
We will respond to your request without undue delay and at the latest within 1 calendar month upon receiving your email or the “Contact Us” web form or the letter sent to our registered office address.
A cookie is a small piece of text stored on your computer or device when you visit a website or an app.
LINKS TO THIRD PARTY WEBSITES
WHAT IF YOU HAVE A COMPLAINT?
If you have a concern about any aspect of our privacy practices, you can make a complaint. This will be acted upon promptly. To make a complaint, please contact us via one of the methods set below.
If you are not satisfied with our response to your complaint, you have the right to lodge a complaint with our supervisory authority, the National Commission for Data Protection (Commission Nationale pour la Protection des Données (CNPD)). You can find details about how to do this on the CNPD website at https://cnpd.public.lu/en.html or by calling their main line on (+352) 26 10 60-1.
HOW TO CONTACT US
- email at firstname.lastname@example.org; or
- filling out the “Contact Us” web form; or
- writing at the following address: ANote Music, 9 rue du Laboratoire, L-1911 Luxembourg
This policy will govern all dealings between ANote Music (‘us’, ‘our’ and ‘we’ as appropriate) and the applicant customer (‘you’, ‘your’, ‘yours’ and ‘yourself’ as appropriate) during the application process. Once you open an account with us, your dealings with us will be governed by the applicable customer agreement for that account type.
In return for us granting you access to the Platform, you agree to the following terms.
For the purposes of this policy, ‘Platform’ means any electronic services (together with any related software or application) accessible by whatever means we grant you access to or make available to you either directly or through a third-party service provider.
You will take all reasonable steps to ensure that no computer viruses, worms, software bombs or similar items are introduced into any computer hardware, software, applications, equipment or network facilities you use to access our Platform.
We and our licensors (as the case may be) will retain the intellectual property rights in all elements of the software and such software and databases contained within our Platform and you will not in any circumstances obtain title or interest in such elements.
With respect to any market data or other information that we or any third party service provider provides to you in connection with your use of any Electronic Trading Services, you agree that: (a) we are not responsible or liable if any such data or information is inaccurate or incomplete in any respect; (b) we are not responsible or liable for any actions that you take or do not take based on such data or information; (c) such data or information is proprietary to us and/or any such provider and you will not retransmit, redistribute, publish, disclose or display in whole or in part such data or information to third parties except as required by applicable regulations or as agreed by us; (d) you will use such data or information solely in compliance with the applicable regulations and this policy; and (e) we may at our absolute discretion remove your access to market data at any time.
No one other than a party to this policy, their successors and permitted assignees shall have any right to enforce any of its terms.
This policy and all our dealings with you are in all respects governed by and construed and interpreted in accordance with the laws of the Grand Duchy of Luxembourg, and the competent courts of the Grand Duchy of Luxembourg will have exclusive jurisdiction to settle any legal action or proceedings arising out of or in connection with this policy, including any non-contractual disputes and claims. Nothing in this term will prevent us from bringing proceedings against you in any other jurisdiction. No part of this document may be reproduced in any form whatsoever without the previous written permission of ANote Music.