Privacy Policy

Data Controller Information

NobleStack SARL is the data controller for the personal data we collect. We are a company incorporated in Luxembourg with registration number RCSB618973. Our registered office is located at Boulevard Royal 82, 1384 Luxembourg City, Luxembourg.

Data We Collect

We collect various types of personal data to provide our financial management services effectively. The data we collect includes:

• Contact Information: Name, email address, phone number, postal address
• Financial Information: Income details, bank account information, investment portfolios, tax records
• Identification Data: Date of birth, nationality, identification documents for compliance purposes
• Professional Information: Employment status, business details, professional qualifications
• Website Data: IP address, browser type, pages visited, time spent on site
• Communication Records: Emails, phone calls, meeting notes, support tickets

How We Use Your Information

We use your personal data for the following purposes, based on legitimate business interests and legal obligations:

• Service Provision: To provide financial management, tax planning, and investment advisory services
• Client Communication: To respond to enquiries, provide updates, and maintain ongoing client relationships
• Legal Compliance: To meet regulatory requirements, anti-money laundering obligations, and tax reporting duties
• Service Improvement: To analyse and improve our services, develop new offerings, and enhance client experience
• Marketing: To send relevant information about our services (with your consent where required)
• Risk Management: To assess and manage business risks, prevent fraud, and ensure service quality

Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner. For detailed information about our use of cookies, please refer to our Cookie Policy.

Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to perform our services under our client agreement
• Legal Obligation: Processing required to comply with legal and regulatory requirements
• Legitimate Interest: Processing necessary for our legitimate business interests, such as service improvement and risk management
• Consent: Where you have given explicit consent for specific processing activities

Data Sharing and Disclosure

We may share your personal data with the following categories of recipients:

• Service Providers: Third-party companies that assist us in providing services (e.g., IT support, payment processing)
• Professional Advisors: Lawyers, accountants, auditors, and other professional service providers
• Regulatory Bodies: Financial regulators, tax authorities, and other government agencies as required by law
• Business Partners: Trusted partners who help us deliver comprehensive financial services

We ensure that all third parties maintain appropriate security measures and use your data only for the specified purposes.

International Data Transfers

As we operate across Europe and work with international service providers, your personal data may be transferred to countries outside the European Economic Area (EEA). We ensure that such transfers are protected by appropriate safeguards, including adequacy decisions by the European Commission or standard contractual clauses.

Data Retention

We retain your personal data for as long as necessary to fulfil the purposes outlined in this policy and to comply with legal obligations. Generally, we keep client data for a minimum of seven years after the end of our business relationship, as required by financial services regulations. Some data may be retained longer if required by law or for legitimate business purposes.

Your Rights

Under GDPR and applicable data protection laws, you have the following rights regarding your personal data:

• Right of Access: Request copies of your personal data
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data in certain circumstances
• Right to Restrict Processing: Request limitation of how we use your data
• Right to Data Portability: Request transfer of your data in a structured format
• Right to Object: Object to processing based on legitimate interests or direct marketing
• Right to Withdraw Consent: Withdraw consent for processing where consent is the legal basis

Security Measures

We implement robust technical and organisational security measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption, access controls, regular security assessments, and staff training on data protection principles.

Contact Information

If you have any questions about this privacy policy, wish to exercise your rights, or need to contact us regarding data protection matters, please reach out to us:

Complaints

If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the relevant data protection authority. In Luxembourg, this is the Commission Nationale pour la Protection des Données (CNPD). You can also contact us directly to resolve any concerns.

Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices, services, or legal requirements. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date. For significant changes, we may provide additional notice through email or other communication methods.