Privacy Statement for InterVest Capital Partners S.à.r.l.

Introduction

At InterVest Capital Partners S.à.r.l. (“InterVest” or “the Company”), we prioritize the protection of personal data and uphold the rights and privacy of individuals. This Privacy Statement outlines our practices for collecting, using, and securing personal data, ensuring full compliance with the EU General Data Protection Regulation (GDPR), Luxembourg’s Law of 1 August 2018, and related guidelines. This policy applies to all interactions with InterVest, whether through our services, website, or other communications, demonstrating our commitment to privacy, transparency, and ethical data handling.

Data Collection and Processing

We collect and process various categories of personal data to provide and improve our services. This data may include:

  • Identification Information: Such as names, dates of birth, national IDs, and contact information.
  • Financial Information: Including account details, payment information, investment data, and compliance-related financial statements.
  • Usage and Technical Information: Such as IP addresses, browser types, and interaction data, collected to enhance service quality and website functionality.

Data is gathered through direct interactions, online forms, and the use of cookies or other tracking technologies on our website. Each data type is handled following GDPR requirements, ensuring it is processed for explicit, legitimate purposes and only retained as long as necessary to fulfill the intended purposes.

Legal Basis for Processing

InterVest processes personal data under lawful bases as defined by GDPR. These include:

  1. Consent: When explicit consent is provided for activities such as newsletters or cookies.
  2. Contractual Necessity: For fulfilling contracts with clients, such as processing transactions.
  3. Legal Obligations: To meet regulatory requirements, like anti-money laundering (AML) regulations.
  4. Legitimate Interests: Where InterVest’s business interests in improving services or ensuring security do not override individual rights and freedoms.

Data Usage and Purposes

The primary purposes for processing data include service delivery, account management, regulatory compliance, and communication. Data may also be used for internal analysis, personalization of user experiences, and for meeting legal reporting obligations. We ensure that each processing activity is conducted transparently and for the purpose initially communicated to the data subject.

Data Sharing and Transfers

InterVest may share personal data with:

  • Service Providers: Third-party providers assisting in service delivery, payment processing, and marketing support.
  • Business Partners: Collaborators who enhance our service offerings.
  • Regulatory Authorities: When required by law to comply with legal and regulatory requirements.

In cases of international data transfers, we ensure compliance with GDPR Chapter V, employing safeguards such as standard contractual clauses or relying on adequacy decisions by the European Commission to protect data.

Security Measures

We implement robust technical and organizational measures to protect personal data, including:

  • Encryption: Securing data at rest and during transmission.
  • Access Control: Limiting data access based on user roles and responsibilities.
  • Security Audits: Conducting regular assessments to identify and mitigate vulnerabilities.

Our incident response plan ensures that any data breaches are managed promptly, with notifications to relevant authorities and affected individuals as required.

Retention Policy

Personal data is retained only as long as necessary for its original purpose or to comply with legal requirements. Upon expiration of the retention period, data is securely deleted or anonymized. Our retention practices are regularly reviewed to ensure they meet legal standards and best practices.

Data Subject Rights

Individuals whose data we process have the following rights:

  • Access: To view the personal data we hold.
  • Rectification: To correct inaccurate data.
  • Erasure: To delete data under specific circumstances.
  • Restriction and Objection: To limit or object to data processing.
  • Portability: To transfer data to another controller upon request.
  • Withdraw Consent: At any time, without affecting the lawfulness of prior processing.

Individuals can exercise these rights by contacting our Data Protection Officer (DPO) at the provided contact details. InterVest is committed to responding to these requests within one month, as stipulated by GDPR.

Cookies and Tracking

Our website utilizes cookies to enhance user experience, track usage, and personalize content. Visitors can manage cookie settings through their browser or consult our Cookie Policy for more details.

Contact Information

For questions, concerns, or data-related requests, please reach out to our Data Protection Officer:

  • Email: b.hartmeier@intervestcapital.com
  • Phone: +352 272 168 450
  • Address: 28 Boulevard Royal, L-2449 Luxembourg

InterVest remains committed to maintaining the highest standards of privacy and data security, providing transparent and ethical handling of personal information in alignment with GDPR and Luxembourg regulations.

Last review date of this statement: September 2025