Privacy Policy

Information on Data Protection

PROCESSING OF PERSONAL DATA

NAO ASSET MANAGEMENT ESG SGIIC, S.A., with registered address at Valencia, Plaza Ayuntamiento 27, 7, 46002 (hereinafter, “NAO”), will be the Data Controller for your data.

NAO obtains clients’ personal data either directly from them or through the specific forms provided for that purpose, as well as browsing data when you visit our Website. During the course of our contractual relationship, the client may provide NAO with third-party data, such as legal representatives, shareholders, ultimate beneficial owners, beneficiaries or family members. In this regard, the client confirms that they have informed, and where applicable obtained the consent of, any other individuals whose personal data they supply to us.

NAO, as Data Controller, processes the personal data of its clients, their legal representatives, shareholders, employees, agents, or other collaborators for the following purposes:

1. Performance of the contractual relationship itself:

• To formalize the investment made through the client’s order.
• Management of the relationship, holding meetings, and communication by telephone and email.
• Payment management and monitoring of the contracted services.
• Furthermore, depending on the fund chosen, personal data will be communicated to third-party depositary entities.
• Handling queries, suggestions and complaints.

2. Compliance with a legal obligation:

• Processing arising from compliance with legal and tax obligations, which may entail disclosing data to different public administrations where required by applicable law.
• Likewise, as a consequence of anti–money laundering and counter–terrorist financing obligations, NAO will be obliged to carry out formal and real identification, and professional or business checks of the Client, for which it will collect the documentation necessary for that purpose.
• • Disclosure of clients’ personal data to entities directly or indirectly owned by Grupo Zriser, the details of which can be consulted at the following links: https://www.zriser.es/sector-industrial/ and https://www.zriser.es/sector-tecnologico/, for anti–money laundering and counter–terrorist financing measures.

3. Consent

• Only if the Client has authorized it, NAO may send you updates on funds and pension plans.

4. Legitimate interest

• NAO belongs to the Zriser Group (http://www.zriser.es) and, on the basis of legitimate interests, receives various internal administrative services from it.
• In order to prevent fraudulent conduct, NAO may disclose clients’ personal data to entities directly or indirectly owned by Grupo Zriser, the details of which can be consulted at the following links: https://www.zriser.es/sector-industrial/ and https://www.zriser.es/sector-tecnologico/

 

DISCLOSURE OF PERSONAL DATA

NAO may disclose personal data to: (i) regulatory authorities; and (ii) in order to prevent fraudulent conduct, personal data may be sent to the different companies of the NAO Group or to centralized information systems. Likewise, NAO has third-party service providers that may access personal data in the course of providing their services, such as auditors, consulting services, advisors, IT maintenance, potential purchasers or investors, administrative services, and document destruction, among others. NAO preselects such providers based on data protection compliance criteria, has entered into data protection agreements with all of them, and monitors their compliance with their obligations in this area.

NAO has a virtual infrastructure under a “cloud computing” model through two leading global market providers: Microsoft Corporation and Digital Ocean, complying with security measures to carry out these processing activities within and outside the EU under the applicable regulations, using Standard Contractual Clauses and/or adhering to the EU–US Data Privacy Framework. Likewise, NAO uses the email delivery program MailChimp by The Rocket Science Group LLC (Intuit) with the same safeguards.

 

RETENTION PERIOD FOR PERSONAL DATA

Personal data accessed will be processed for as long as the contractual relationship is maintained. In this regard, NAO will retain personal data, duly blocked, after the contractual relationship has ended, for the limitation period of actions that may arise from the relationship maintained with clients. In any case, NAO will retain the information required by the Anti–Money Laundering and Counter–Terrorist Financing regulations for a period of 10 years from the termination of the business relationship or the execution of the transaction.

Personal data of those who subscribe to the newsletter will be processed until they request to unsubscribe, at which time the data will be blocked for the three years set as the limitation period by data protection regulations.

Personal data collected through the contact form will be kept while your query is being handled. Once completed, the data will be blocked for the three years set as the limitation period by data protection regulations.

 

SECURITY MEASURES

NAO has security measures appropriate to personal data, so as to prevent its alteration, loss, or unauthorized processing or access, taking into account the state of the art, the nature of the data stored and the risks to which it is exposed, whether arising from human action or the physical or natural environment. Specifically, NAO undertakes to adopt, update and maintain all organizational and technical measures necessary to guarantee the security and confidentiality of personal data, preventing any alteration, loss, processing, or unauthorized access.

NAO will not apply or use personal data for any purpose other than that stated in this contract, nor disclose it, not even for storage, to other persons.

 

CONFIDENTIALITY AND DUTY OF SECRECY

The parties agree that any proprietary information, regardless of the medium on which it is contained, shall be considered confidential information, maintained under secret, confidential and restricted treatment, and shall be handled in accordance with the provisions of this contract.

NAO will ensure at all times that the aforementioned personal data are accurate, complete and up to date, are not used for purposes other than those related to this contract, and are kept in the strictest confidence.

 

EXERCISING DATA PROTECTION RIGHTS

The client may exercise the rights of access, rectification, erasure, objection, request the restriction of processing of their personal data, data portability, as well as not to be subject to automated individual decisions, with respect to the data provided at any time, by writing to NAO, Plaza Ayuntamiento 27, 7, 46002, Valencia or via the email address [dpd@informaconsulting.com](mailto:dpd@informaconsulting.com).

 

Before whom can you lodge your data protection complaints?

If the Client believes their data protection rights have been infringed or has any complaint regarding their personal information, they may contact NAO’s Data Protection Officer at the address indicated above. In any case, data subjects may contact the Spanish Data Protection Agency, the supervisory authority for data protection matters, https:www.aepd.es C/ Jorge Juan número 6, 28001, Madrid.