PROSPERGATE CAPITAL LTD, is a company registered under the laws of the Republic of Cyprus, with registration number C369583. It is a regulated Cyprus Investment Firm (‘CIF’) by the Cyprus Securities and Exchange Commission (‘CySEC’) under license number 361/18. The Company is also acting as the External Manager of PROSPERGATE FUND AILFNP V.C.I.C LTD under the Small Alternative Investment Fund Managers Law of 2020 (L. 81(I)/2020). 

The registered office of the Company is situated at 2 Filiou Zannetou street, 3021 Limassol Cyprus. 

For the purposes of, inter alia, this Conflict-of-Interest Policy, the Company is operating under: 

• Directive 2014/65/EU of the European Parliament and of the Council of 15 May 2014 on Markets in financial instruments (“Market in Financial Instruments Directive” or “MiFID II”) which was implemented in Cyprus by the Investment Services and Activities and Regulated Markets Law of 2017 (Law  87(Ι)/2017). 
• The Alternative Investment Funds Law of 2018 L.124(I) of 2018 (“the AIF Law”) and the Small Alternative Investment Fund Managers Law of 2020 (L.81(I) of 2020) (“the SMALL AIFM Law”).  
• The Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (‘GDPR’) as implemented by the Cyprus Law 125(I)/2018 (hereinafter “Data Protection Legislation”). 
• Directive (EU) 2015/849 (4^th EU AMLD) which is the main legislative instrument for the prevention of the use of the Union Financial System for the purposes of money laundering and terrorist financing as well as Directive (EU)2018/84 (5^th EU AMLD) addressing emerging risks and increasing transparency of beneficial ownership and finally Regulation (EU) 2024/1640 of 31 May 2024 on the prevention of use of the financial system for the purposes of money laundering or terrorist financing to apply from 10 July 2027. Cyprus legislation on “The  Prevention and Suppression of Money Laundering and Terrorist  Financing Law of 2007” L188(I)/2007 as amended by Laws 58(I)/2010, 80(I)/2012, 192(I)/2012, 101(I)/2013, 184(I)/2014, 18(I)/2016, 13(I)/2018, 158(I)/2018, 81(I)/2019, 13(I)/2021, 22(I)/2021, 40(I)/2022, 98(I)/2023.
• The implementation of the Provisions of the Resolutions or Decisions of the United Nations Security Council (Sanctions) and the Decisions and Regulations 0f the Council of the European Union(Restrictive Measures) Law of 2016 -Law 58(I)/2016. The Combating of Terrorist Law 0f 2019 (Law 75(I)/2019).

Pursuant to the Data Protection Legislation as well as other related laws and regulations on the establishment and services to be provided by Cyprus Investment Firms (CIFs) as well as AIFMs, the latter are required to establish, implement and maintain an effective Data Protection and Privacy Policy set out in writing. This Policy outlines the Company’s responsibility to manage and ensure the protection of privacy of the Investors’ personal and financial information and to behave in a fair and moral manner concerning the gathering, processing, storing and handling of such personal data.

The Investors’ personal data and preservation of its privacy, is considered and treated by the Company with the utmost importance and highest priority and this Policy applies to former, existing and potential Investors as well as to any visitors of the Company’s website.

The personal data provided to Prospergate, including information about the clients/investors financial information, investments, and other personal data, which they furnish to the Company so that it will be able to provide the requested services and act on their behalf, is submitted in a lawful manner  and is lawfully processed only by the persons who are Responsible and Perform the Data Processing, within the framework of application of the appropriate contractual safeguards and legal obligations required by the Data Protection Legislation. 

The Clients’ personal data is stored in a way that guarantees the appropriate security of personal data, including its protection against unauthorized or illegal processing and accidental loss, destruction, or damage by the use of appropriate technical and organizational measures.

Prospergate stores such personal data for the period required by the applicable laws of the EU, the Republic of Cyprus and in accordance with the Regulations of the Cyprus Securities and Exchange Commission and the Central Bank of Cyprus (as appropriate).

In this Policy the Company briefly sets out information on the following: 

1. The lawful basis of processing 
2. What data we are legally obliged to collect   
3. Legal rights of the client and documentation available (attached as Annexes) 

As per the provisions of Article 6 of the GDPR there are six available bases for lawfully processing the data of a third party: 

• Consent: the individual has given clear consent for the processing of their personal data for a specific purpose. Such a document is furnished to the Client/Investor. 
• Contractual obligation: the processing is necessary in order to effectively perform a contract you have with the individual client. The Company has in place, with various data subjects, contracts and agreements and uses this lawful basis to process data subject’s personal data to fulfil contractual obligations.
• Legal obligation: the processing is necessary for the Company to comply with the law. As a licensed Cypriot Investment Firm (CIF), the Company is subject to various laws and regulations issued by the Cyprus Securities and Exchange Commission (CySEC) in order to maintain its license and authorisation. 

Reliance on this lawful basis is made when the process of personal data is needed to comply with common law and statutory obligations. 

The term “Legal obligation” inter alia includes the following:

• Customer Identification and Due Diligence in accordance with articles 60-66 of The Prevention and Suppression of Money Laundering and Terrorist Financing Law of 2007-2018 and Amending Law 158(Ι)/2018 and Part V of The Cyprus Securities and Exchange Commission for the Prevention of Money Laundering and Terrorist Financing (Directive DI144-2007-08 of 2012)
• L.87(I)/2017 Law for the provision of investments services, the exercise of investment activities and the operation of regulated markets
• The Combating of Terrorist Law 0f 2019 (Law 75(I)/2019).
• Regulation 596/2014; Regulation (EU) No 648/2012; Regulation (EU) No 600/2014
• Assessment and Collection of Taxes Laws of 1978 – 2015 
• CRS Decree: Assessment and Collection of Taxes (Exchange of Information) in the frame of the Multilateral Competent Authority Agreement
• Automatic Exchange of Financial Account Information Decree of 2016
• Vital interests: the processing is necessary to protect someone’s life.
• Public task: the processing is necessary so as to serve and protect the public interest (clearly set out in the law)
• Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. 

• • • • The Company will only use clients’ personal data in accordance with international data protection practices. In particular, the Company is registered as a Data Controller with the Office of the Commissioner for Personal Data Protection and will collect, process, maintain, store, use and handle clients’ personal information in accordance with the Processing of Personal Data Laws and General Data Protection Regulation as amended from time to time (the “Law”) this Privacy Policy and the Company’s Trading Terms and Conditions.
      • We may collect such Personal Information from other persons including, for example, fraud prevention agencies, banks, other financial institutions, third authentication service providers and the providers of public registers and such other services that may from time to time be required for Company’s legitimate purposes. 
      • “Personally identifiable information” (or “Personal Information”) means any information that may be used, either alone or in combination with other information, to personally identify, contact or locate any Customer of the Company (referred to as “User”).
      • Personal Information includes, but is not limited to:
    1. First and Last name
    2. ID/Passport numbers
    3. Physical address
    4. Date of Birth
    5. Contact information such as telephone number and email address
    6. Identity and Address verification documents such as passport and ID, utility bills and/or bank statements
    7. Company information, company incorporation documents/certificates/details in case of a corporate account
    8. Financial data such as estimated annual income and net worth, trading experience and investment knowledge including but not limited to trading data, deposits, withdrawals, and credit.
    9. Payment details and bank account details
    • We are required by law to identify the Client/Investor if he/she opens a new account or has added a new signatory to an existing account. Anti-money laundering laws require us to “sight and record” details of certain documents (i.e. photographic and non-photographic documents) in order to meet the standards, set under those laws. Identification documentation, as required under anti-money laundering legislation or other legislation relevant to the services we provide, includes, but not limited to 
    1. passport. 
    2. national identity card (if applicable); 
    3. CV
    4. Tax Declarations/Tax ID
    5. Clean Criminal Record 
    6. No Bankruptcy Statement
    7. utility bills. 
    8. Bank Statement
    9. trust deed. 
    10. other information we consider necessary to our functions and activities. 

             We also collect data regarding the following individuals: 

    1. trustees. 
    2. partners. 
    3. company directors and officers. 
    4. officers of co-operatives and associations. 
    5. client agents; or 
    6. individuals dealing with us on a “one-off” basis.
    • The Company for the purposes of fulfilling its legal obligation to apply Due Diligence and to guard the Company against persons included in the Sanctions List, as it is required to do so by Law, utilises a risk intelligence data screening system. The source of risk intelligence helps the Company to meet its regulatory obligations, make informed decisions and help prevent the Company from inadvertently being used to launder the proceeds of crime and/or association with corrupt business practices and/or Sanctioned individuals/ corporations.

    The Company uses such personal information, as may be required, of the data subject to screen against data that is derived from sources available to the public. Data is assessed using a built-in screening platform provided by the data screening system

• RIGHT OF ACCESS 

Data subjects have the right to access their personal data and supplementary information. The right of access allows individuals to be aware of and verify the lawfulness of the processing.

The DPO reserves the right to refuse to grant a data subject access if it is determined that the request is manifestly unfounded or excessive.

If the DPO approves a right to access, the latter shall liaise with all relevant departments who hold the data, for the purposes of gathering all data related to the request for access. 

Should there be a delay whereby the Company will not be in a position to provide the data within 1 month, the DPO will write to the data subject to confirm any delays and advise the reasons for same.

Data will be provided to the data subject by way of:

1. Hard copy format or
2. Digital format by electronic means. 

• RIGHT TO RECTIFICATION

The GDPR includes a right for individuals to have inaccurate personal data rectified or completed if it is incomplete. The Client/ Investor (also referred hereto as: data subjects) can make a request for rectification verbally or in writing to the Company, and details of where such request should be made are provided to the data subjects in the Privacy Notices. Data subjects may be provided supplementary forms to fill, in order to facilitate their request.

The Company responds to all requests within 1 calendar month, and may, only in certain circumstances refuse a request for rectification. A copy of the amended data will be provided by the DPO to the data subject confirming that the data has been amended or completed if deemed as being incomplete.

Should there be a delay whereby the Company will not be in a position to provide the data within 1 month, the DPO will write to the data subject to confirm any delays and advise the reasons for same.

Data will be provided to the data subject by way of:

1. Hard copy format or
2. Digital format by electronic means. 

• RIGHT TO ERASURE

The GDPR introduces a right for individuals to have personal data erased also known as ‘the right to be forgotten’. The right is not absolute and only applies in certain circumstances/lawful bases. In accordance with the Company’s regulatory obligations and as required by Law, clients’ personal information/data will be kept and retained on record for a minimum period of five (5) years, which will commence on the transmission/execution of a client transaction or the date on which the business relationship between both parties is terminated in accordance with the Company’s policies.

Data subjects can file a request with Prospergate’s DPO in writing 

The Company will respond to all requests within 1 month.

A determination to erase data will be based on the following criteria:

• The data is no longer necessary for the purpose it was collected.
• The data subject withdraws consent.
• There are no legitimate grounds to process the data.
• There is no legal obligation to continue to store the data.
• The data has been unlawfully processed; and
• To comply with GDPR or other legislation.

The DPO will examine the lawful bases of data processing, and she will decide whether such request can be granted or not. This decision will be duly disclosed to the data subject.  

• RIGHT TO RESTRICT PROCESSING

Individuals have the right to request the restriction or suppression of the processing of their personal data, however this is not an absolute right and only applies in certain circumstances/lawful bases. Once again, the DPO will examine the request and will duly reply to the data subject within one month from the date of request.

When processing is restricted, the Company is permitted to store the personal data, but not use it. 

• RIGHT TO DATA PORTABILITY/ RIGHT TO DATA TRANSFER

The right to data portability/ data transfer allows the data subject to obtain and reuse their personal data for their own purposes across different services. It allows them to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability.

Data Subjects are required to fill in a ‘Data Transfer Form’  providing details of the third party to whom they wish the data sent and must ensure that they provide permission for such a transfer to take place.

• RIGHTS RELATED TO AUTOMATED DECISION-MAKING INCLUDING PROFILING

The GDPR has provisions on:

• automated individual decision-making (deciding solely by automated means without any human involvement); and
• profiling (automated processing of personal data to evaluate certain things about an individual). Profiling can be part of an automated decision-making process.

The GDPR applies to all automated individual decision-making and profiling. Article 22 of the GDPR has additional rules to protect individuals if the Company is carrying out solely automated decision-making that has legal or similarly significant effects on them.

The Company can only carry out this type of decision-making where the decision is:

• necessary for the entry into or performance of a contract; or
• authorised by Union or Member state law applicable to the controller; or
• based on the individual’s explicit consent.

Prospergate does not engage in “Profiling” nor takes any decisions through “Automated individual decision-making” processes.  

• RIGHT TO WITHDRAW CONSENT

Under Article 7(3) of the GDPR, the data subject has the right to withdraw his/her consent for processing their personal data at any time.

However, the right to revoke consent for data processing is only applicable when the processing of the data was based solely on consent and no other legal requirement exists for keeping such data for longer periods of time. Thus, not all types of data can be deleted or amended per request of the data subject. 

As a CIF, Prospergate Capital Ltd is a highly regulated Company and carries a legal obligation to maintain most of its data, including those of its clients, for a period of 5 to 7 years after the termination of the contractual relationship between the data processor and the data subject on the requirements of the following legislation:

• The Anti-money laundering Directive DΙ144-2007-08 of 2012 or any subsequent amendment or change of this legislation.
• The Investment Service Law 87(I)/2017, or any subsequent amendment or change of this legislation.
• Inland Revenue Department legislation.
• Any legislation issued by the Unit for Combating Money Laundering (MOKAS), The Cyprus Securities and Exchange Commission, the Office of the Commission of Data protection in Cyprus or any other legislative or supervisory authority, which may be empowered by Law to supervise us.

In case the data subject wishes to withdraw their consent given for data processing, they are required to fill in the ‘Withdrawal of consent’ form. 

This policy may be updated and changed from time to time in order to comply with any new legal requirements and/or amendments. Should such changes commence, the updated Data Protection and Privacy Policy will be published on our website.

If you would like to contact us with any queries or comments, please send an email to [email protected]

Prospergate Capital Ltd is a Cyprus Investment Firm (CIF) that is authorized by the Cyprus Securities and Exchange Commission (CySEC) (License number 361/18), with the license to perform portfolio management services. The company externally manages, on a discretionary basis, client funds that are located in global financial institutions pursuant to a pre-defined investment strategy. Since the risk of investing in certain financial instruments is generally high and the market value of such financial instruments may be exposed to varying factors, such as a turbulent economic and political environment, fluctuations in foreign exchange rates and shifts in market sentiment, the investor takes full responsibility for the risk involved with such investments and understands and acknowledges that investment yield and or capital preservation is not guaranteed. The investor should ensure that they are fully aware of the potential risks connected with Portfolio Management services and with their chosen investment strategy. The investor should be aware of the fact that some investment strategies may involve a higher degree of risk compared to other strategies and investments within this framework which may result in the loss of all or part of the initial investment. The investor should also understand and acknowledge that past performance does not guarantee future returns. Past performance should not be taken as an indication or guarantee of future performance.