This notice describes how Luna Investment Management (Luna) uses personal data. It outlines Luna’s data protection obligations and your data protection rights under the General Data Protection Regulation 2018 (“GDPR”).

Our policy is to protect your privacy and your personal information. This Privacy Policy sets out the information we collect from you in order for you to use our services, how we manage that data and our reasons for holding it. We respect the confidentiality of your information and your right to privacy. We are bound by the General Data Protection Regulation and relevant laws and regulations.

From time to time we may update this Privacy Policy and will notify you of these changes by posting the updated terms on our website www.lunaim.com

Luna is the data controller of your personal information, and this policy applies to the processing of activities by us.

Collection of your data

As part of providing our services, or information about our services, to you, and to ensure we do this in a compliant way, under the authorisation of our regulator and the General Data Protection Regulation, we must collect some personal information from our clients, potential clients, visitors to our website and service providers or suppliers. This may include third parties carrying out credit or identity checks on our behalf. The credit search is required to adhere to money laundering regulations.

We may collect your name and contact details (such as your email address, phone number or address) in order to send you information about our products and services which you might have expressed interest in. We may collect this directly from you, or through a third party. If a third party collected your name and contact details, they will only pass those details to us for marketing purposes if you have consented to them doing so. It is in our legitimate interest to use your personal information in such a way. If you do not wish to receive this information, please contact us by emailing enquiries@lunaim.com or by writing to us at the following address:

Data Protection Officer
Luna Investment Management
Level 7, Tower 12
The Avenue North
18-22 Bridge Street
Spinningfields
Manchester M3 3BZ

Our web pages and emails may contain; cookies, web beacons or pixel tags or any other similar type of data analysis tools that allow us to track receipt of correspondence and to count the number of users that have visited our webpage or opened our correspondence.

Information collected

We may collect the following types of information from actual or potential customers:

– Your full name, address and contact information including but not limited to phone number and email address;
– Your date of birth and gender;
– Your professional and employment details;
– Your identification details such as your passport or driver’s licence;
– Proof of address such as a bank statement or utility bill;
– Your national insurance or tax identification number;
– Criminal convictions data
– Corporate information;
– Information about your income or the source of your funds and wealth including details about your assets and liabilities;
– Your trading experience and transaction history;
– Financial information including investment portfolio details, income levels, taxation details;
– Information regarding relationships you have with banks and/or other financial institutions (including bank details);
– We obtain this information through your use of our services or our websites, the onboarding process and from information provided in the course of ongoing customer communication.

This information is held by us on servers based in the United Kingdom. When you interact with our services, our servers keep an activity log unique to you that collects certain administrative and traffic information including the source of your IP address, the time of access, the date of access and the web pages you visited. We need this information to provide you with our services.

We are required to collect information about visitors to our premises. We may record information if you visit us such as your name, the date and time you arrived and left, who you are visited, your firm or employer name and your contact details.

We may record any communications, email, electronic, by telephone, in person or otherwise, that we have with you in relation to the services we provide to you and our relationship with you. These recordings will be our sole property and constitute evidence of the communications between us. Any telephone conversation may be recorded without the use of a warning tone or any other further notice.

We take care to ensure your personal information is safe, secure and is protected from misuse, interference, unauthorised access, loss, modification or disclosure. Your personal information is generally stored in our computer database.  Any paper-based information is stored in secure areas. In relation to information that is held on our computer database, we apply the following guidelines:

– passwords are required to access the system and passwords are routinely checked and are not shared;
– data ownership is clearly defined and data is only held where necessary;
– employees have restricted access to certain sections of the system;
– the system automatically logs and reviews all unauthorised access attempts;
– unauthorised employees are barred from updating and editing personal information;
– all computers which contain personal information are secured both physically and electronically;
– data is encrypted during transmission over the network; and
– print reporting of data containing personal information is limited.

We train our employees who handle personal information to respect the confidentiality of customer information and the privacy of individuals. We regard breaches of your privacy very seriously and will impose appropriate penalties where necessary.

When we consider that personal information is no longer needed, we will remove any details that will identify you or we will securely destroy the records. We may need to hold some information and maintain certain records for up to 7 years after the end of us providing services to you. This is because we are subject to regulatory requirements and anti-money laundering laws which require us to retain;

Account opening forms and any documents used to comply with customer due diligence obligations;
Supporting evidence and records of trades and transactions with you;
Details of your communications and relationship with us, for a period of seven years after our business relationship with you, has ended.

Collection of personal information

Personal information will generally have been collected directly from you through our onboarding process and other communications with you. We will only use the personal information as set out in this Privacy Policy. We will not retain or have access to any debit/credit card information. We will not collect sensitive information about you without your consent unless an exemption in the regulations applies. These exceptions include if the collection is required or authorised by law or necessary to take appropriate action in relation to suspected unlawful activity or serious misconduct.

We may collect personal information about you from a third party or parties or share information with a third party, such as identity verification services, regulators, an introducing broker, marketing agencies, online vendors and service providers.  We may engage the services of third-party service providers to provide technical support, process your online transactions and maintain your account. We take steps to ensure that our arrangements with third-party service providers and online vendors protect your privacy and that any such party is subject to the General Data Protection Regulations. Any personal information will only be disclosed to third parties in accordance with this Privacy Policy. We will not sell, lend or rent your personal information.

We may be required to disclose your personal information if requested to do so by law, or if we believe in good faith that such action is necessary;

– to comply with any legal process served on us or in circumstances where we are under a similar legal or regulatory obligation;
– to protect and defend our rights or property; or
– to act to protect the personal safety of users of the services or the public. If, in our sole determination, you are found to have cheated or attempted to defraud us, our Affiliates, or any other user of the Services in any way including, but not limited to, market or price manipulation, payment fraud, including use of stolen credit cards, or any other fraudulent activity (including any chargeback or other reversal of a payment) or prohibited transaction (including money laundering).

Where required to disclose information, we reserve the right to share information, together with your identity with other financial services providers, banks, credit card companies, and appropriate regulatory and legal agencies.

Transfer of personal data abroad

We may on occasion need to transfer some of your information to other group companies or service providers in countries in or outside the EEA (European Economic Area). This may happen if our servers or suppliers and service providers are located elsewhere. When we transfer your personal data outside the EEA, we will ensure the data recipient is subject to the same data requirements under GDPR. By using our services and providing us with your information, you consent to the collection, transfer, storage and processing of your information outside of the EEA.

Your personal data rights

– You have the right to be informed,
– You have the right to check what personal information is held by us, at no cost,
– You have the right to have wrongly recorded data amended,
– You have the right to “be forgotten” I.e the removal of your data,
– You have the right to “Opt-out”
– You have the right to object to the processing of your personal information,
– You have the right to request the restriction of the processing of your personal information,
– You have the right to request the transfer of your personal information,
– You have the right to withdraw your consent.