Privacy policy

1. Introduction

FlexInvest Limited (the “Company”) is committed to protecting customers’ privacy. This Privacy Policy describes what Personal Data we collect, use, and process and how this information is used in the course of our business.

2. Customer Data

The Company collects customer data for various reasons, which include:

a) The provision of investment and ancillary services,

b) To ensure compliance with the provisions of the Prevention and Suppression of Money Laundering and Terrorist Financing Law of 2007-2019,

c) To communicate with customers,

d) For marketing purposes,

e) To defend its legal rights,

f) For recruitment, employment and payroll, and

g) For any other purpose similar or connected to the above or for any other purpose that the customer will provide personal data to us.

Customer’s data include name, address, identification details, postal and business address, mobile phone number, email, profession, bank account details, social insurance number, tax identification number, certificate of clean-criminal record, certificate of non-bankruptcy and other relevant details. This data is stored and processed by the Company throughout the validity period of the contract / relationship, in order to provide the requested services, handle requests and/or enquiries and perform payments. This data is also stored for a period of five years after the termination of the contract / relationship.

3. Processing Activity Name

The Company may process the personal data set out above for any of the following purposes:

a) Disclose personal data as per the relevant legal requirements,

b) Disclose information that is essential to auditors, legal consultants, operational partners, support services partners and affiliates for the complete provision of the service to the customer,

c) Provide information to the customer’s authorized representative,

d) For compliance with a legal obligation of the Company,

e) For the protection of the customer’s vital interests,

f) For purposes of legitimate interests of the Company, such as legal actions against the customer, the detection and prevention of fraud and IT purposes (e.g. cyber-security, data loss prevention),

g) Reveal to regulatory authorities, competent governmental authorities and agencies (other than tax authorities), law enforcement agencies, intergovernmental or supranational bodies, and other third parties with the requisite authority to request such information,

h) Reveal information in response to criminal or civil legal process as requested by the competent courts of the relevant jurisdiction and as permitted under Cyprus Laws,

i) Provide information for statistical purposes that do not include personal identification information but are of rather aggregate nature.

The Company takes all necessary steps to safeguard the Confidentiality, Integrity and Availability of its systems and services, e.g., to protect against cybersecurity threats, fraud, etc. Personal data is stored by the Company for a period of five years after the termination of the contract / relationship. After the lapse of this period this data is erased.

The following data is not erased:

a) Data processed for the purposes of legitimate interest (e.g., an action against a customer), which are maintained until the legitimate purpose is completed.

4. Marketing

The Company uses customer data for communicating and/ or promoting the provision of its

services. These communications and/or promotions are in the form of emails.

The Company’s customers may choose not to receive any marketing communications and/or promotions by contacting us by phone at (+357) 22 555 800, or by post 5 Themistokli Dervi Street, Elenion Building, 1066 Nicosia, Cyprus or by email at support@investium.app.

5. General Customers’ Rights According to European Regulation 2016/679 (“GDPR”)

5.1 Right of Access

Customers may be informed in more detail about the Personal Data processes of the Company by:

a) Visiting the offices of the Company, completing, and submitting the relevant application form, or

b) Requesting via email at support@investium.app the relevant application form and submitting the said via the same email address.

The right of access is subject to the provisions of the Cyprus data protection legislation and the authentication of the legal subscriber.

5.2 Right to Erasure (“Right to be Forgotten”)

Customers may request the erasure of any of their Personal Data by:

a) Visiting the offices of the Company, completing, and submitting the relevant application form, or

b) Requesting via email at support@investium.app the relevant application form and submitting the said via the same email address.

The right to erasure is subject to the provisions of the Cyprus data protection legislation and the authentication of the legal subscriber.

5.3 Data Portability

Customers may exercise the right to data portability by:

a) Visiting the offices of the Company, completing, and submitting the relevant application form, or

b) Requesting via email at support@investium.app the relevant application form and submitting the said via the same email address.

Data portability is subject to the provisions of the Cyprus data protection legislation and the authentication of the legal subscriber.

5.4 Right of Updating, Rectification or Minimization of Personal Data

Customers may update their Personal Data or request the correction of any inaccurate Personal Data or data minimization, by:

a) Visiting the offices of the Company, completing, and submitting the relevant application form, or

b) Requesting via email at support@investium.app the relevant application form and submitting the said via the same email address.

These rights are subject to the provisions of the Cyprus data protection legislation and the authentication of the legal subscriber.

6. Information Security Measures

The Company maintains solid information security measures and procedures to safeguard customers’ Personal Data, in line with our legal obligations.

A comprehensive approach is considered for information security to effectively ensure the Confidentiality, Integrity and Availability of customers’ Personal Data. The Company endeavors to implement a holistic Information Security Management System to effectively safeguard the Confidentiality, Integrity and Availability of our Customers data.

7. Transfers Outside the EU (European Union) and/or the EEA (European Economic Area) 

Customers are informed that the associates of the Company are based within the EU and/or the EEA[MC1] . These partners are contractually committed to the Company to provide appropriate security safeguards and to maintain the confidentiality of the customers’ Personal Data.

8. The Company’s contact information/complaints

Customers can contact the Company for any information on its Privacy Policy by phone at (+357) 22 555 800, or by post at 5 Themistokli Dervi Street, Elenion Building, 1066 Nicosia, Cyprus or by email at support@investium.app. The same contact details may be used for any inquiry or complaint.

Given its scale and complexity, the Company has not appointed a Data Protection Officer’s (“DPO”). [MC2]

9. Definitions

9.1 “Controller” 

Means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State Law.

9.2 “Personal Data”

Means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

9.3 “Processing”

Means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

9.4 “Processor”

Means a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Controller.