Privacy Statement

At Fidelity we are committed to protecting your personal data. This statement explains how we do that. It sets out what we do with your personal data, how we protect it, and explains your pertinent privacy rights.

Who We Are

The Personal Data will be processed by the SICAV and/or its management company, as (joint) data controller(s).

FIL Investment Management (Luxembourg) S.A. (hereinafter referred to as “FIMLUX” or “We” or “Us”) is part of the Fidelity International Group.

You can find out more about us on www.fidelity-international.com.

FIMLUX can be contacted at the following address:

Data Protection Officer
FIL Investment Management (Luxembourg) S.A.
2a, rue Albert Borschette / B.P. 2174
L-1021 Luxembourg

Your Personal Data

We collect and use your personal data to enable us to conduct our business with you and to comply with the law. Where appropriate for the controller[s]’ legitimate interests, including for record keeping as proof of a transaction or related communication in the event of a disagreement, for processing and verification of instructions, for investigation and fraud prevention purposes to enforce or defend the controller[s]’ [and processor[s]’] interests or rights in compliance with any legal obligation to which [it is/they are] subject and for quality, business analysis, training and related purposes.

Why we collect it

The law requires us to tell you why we collect and use your personal data – this is known as the lawful basis for processing. The basis we rely upon will depend on the purposes for which we are processing your personal data. These are detailed below:

1. Performing our Contract with You

When we do business with you, we do so under a contract. For us to meet our obligations to you under that contract we must process your personal data. We will only process your personal data in line with the terms of that contract. When you provide personal data to us, we will use that personal data so we can provide our services to you or send you information about our products and services where appropriate. We will only process that data for the purposes for which it was collected or to meet our legal obligations.

2. Our Legitimate Interests

We process your information for the following reasons, which we define as our legitimate interests: · To conduct our security operations such as using your IP address to help us to identify you when you log in to our systems · To help us to run our business; this includes financial management, risk management, planning, corporate governance, audit and research · To market to you if you are a business

3. Our Legal Obligations

In some circumstances, we have a legal obligation to process and share your personal data. As a financial services business, we must provide a wide range of data to regulators. Sometimes this involves personal data. We will never transfer more personal data than is necessary to discharge our legal obligations.

4. Your Consent

We will ask you for your preferences in terms of how you would like us to communicate with you and what information you would like to receive from us. You can always adjust your communications preferences, and can opt not to receive information from us unless we are obliged to provide it.

What we collect

The personal data you provide to us will include combinations of any of the following: our name, email address, telephone number, address, identification numbers where applicable, banking account details, date of birth, voice biometrics & voice recordings, location information, employment information, gender, IP address, language, and marital status.

Who we share your personal data with

Like most businesses, we use third parties to help us deliver our services. This will often involve a third party processing your personal data but that will only be in line with the purposes set out above.

The third parties with whom we share your personal data will only be permitted to use that data in line with the instructions we provide them and we operate a regular and strict regime of third party checks on how your personal data is protected.

We will never share your personal data with third parties for a purpose not described in our Privacy Statement; but remember, in some cases, we are obligated to share your personal data with a third party in relation to matters such as countering identity theft and fraud.

Transferring your personal data to other countries

In today’s global market, it is necessary for us to transfer your personal data across national borders. On the most part, these transfers will involve at least one of our Group entities operating in the EEA and as such will apply the European standard of protections to the personal data we process. In practice, this means that all the entities in our Group agree to process your personal data in line with our high global standards.Where we transfer your personal data within our Group but outside of the EEA, that data subsequently receives the same degree of protection as it would in the EEA.

Where it is necessary to transfer personal data to a third party, we operate stringent reviews of those with whom we share the data and we will only transfer that data in line with the purpose for which it was collected. The third parties who help us process your data are located in the following countries: Ireland, Germany, Luxembourg, United Kingdom, United States and Poland.

Security of Your Personal Data

Ensuring the confidentiality, integrity and availability of your personal data defines our approach to information security. We manage the security risks to your personal data in a way that makes sure we meet our legal and regulatory obligations. In order to protect the continuity of the business we do with you, we produce, maintain and regularly test our business continuity plans. We utilise the internationally recognised information security best practices, ISO27001 and PCI-DSS. Our Information Security Policy & Standards are regularly reviewed, adhered to and tested for compliance. Information Security training is mandatory for all staff and breaches of information security, actual or suspected, are reported and investigated.

Your Rights

European law places robust obligations on businesses in the protection of personal data. Globally, the way we protect your personal data reflects our European obligations. A number of rights in relation to the use of your personal information empowers you to make certain requests of us, detailed as follows:

1. Requesting a copy of your personal data

You can access the personal data we hold about you by emailing or writing to us using the contact details at the end of this Statement.

2. Letting us know if your personal data is incorrect

If you think any of the personal data we hold about you is wrong please let us know by contacting your local client services team. We will check the accuracy of the information and take steps to correct it if necessary.

3. Asking us to stop using or to erase your personal data

You have the right to object to our use of your personal data. You can ask us to delete it, to restrict its use, or to object to our use of your personal data for certain purposes such as marketing. If you would like us to stop using your data in any way, please get in touch. Of course, if we are still providing services to you we will need to continue using your information to deliver those services. As detailed above, in some circumstances we are obligated to keep processing your information for a set period of time.

How long do we keep your personal data?

We will keep your personal data for as long as you are a client of FIMLUX. We will not retain your data for longer than is necessary for us to meet our legal obligations or to ensure our security and business continuity procedures are effective.

How to complain

If you are unhappy with how we have used your personal data you can complain to us by contacting us at:

Data Protection Officer
FIL Investment Management (Luxembourg) S.A.
2a, rue Albert Borschette / B.P. 2174
L-1021 Luxembourg

Finally, you also have the right to complain to your national data protection authority:

Luxembourg National Commission for Data Protection
1, avenue du Rock’n’Roll
L - 4361 Esch-sur-Alzette
Tel.: (+352) 26 10 60-1
https://cnpd.public.lu