Introduction

Storton Fund Management Ltd (Company registration number C 99939) respects your privacy and is committed to protecting your personal data. We are authorised and regulated by the Malta Financial Services Authority to act as an Alternative Investment Fund Manager and to provide related fund management and governance services (the “Services”).

This Privacy Notice explains how we collect, use, store, share, and protect personal data:

• when you visit our website (regardless of where you visit from),

• when you contact us,

• and when you engage with us for any of our Services.

It also sets out:

• our responsibilities when processing personal data,

• your rights as a data subject,

• and how applicable law protects you.

This Privacy Notice should be read together with our Cookie Policy.

We process personal data in accordance with the Data Protection Act (Chapter 586 of the Laws of Malta) and the General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”).

1. Important Information and Who We Are

Purpose of this Privacy Notice

This Privacy Notice describes how Storton Fund Management Ltd collects and processes personal data through your use of our website and through any interaction you have with us, including where you request information or engage our Services.

Our website is not intended for children and we do not knowingly collect personal data relating to children.

Where we provide you with other privacy notices or fair processing information at specific points (for example, when onboarding a client or collecting compliance documentation), those notices supplement this Privacy Notice.

Controller

Storton Fund Management Ltd is the controller responsible for your personal data (referred to as “we”, “us” or “our” in this Privacy Notice).

Contact details

If you have any questions about this Privacy Notice or wish to exercise your data protection rights, please contact us and include the subject line “Data Protection Matter”.

Storton Fund Management Ltd (C 99939)
Registered office: 421, Ta’ Xbiex Seafront, Ta’ Xbiex, Malta
Data protection contact email: info@stortonfm.com

You have the right to lodge a complaint with the Information and Data Protection Commissioner (Malta). We would appreciate the opportunity to address your concerns first, so please contact us in the first instance.

Changes to this Privacy Notice and your duty to inform us of changes

We may update this Privacy Notice from time to time. We encourage you to review it periodically. It is important that the personal data we hold about you is accurate and current, so please inform us of any changes during your relationship with us.

Third-party links

Our website may include links to third-party websites, plug-ins or applications. We do not control these third parties and are not responsible for their privacy practices. When you leave our website, please read the privacy notice of the relevant third-party website.

2. The Data We Collect About You

Personal data is any information that can identify you directly or indirectly. We may collect and process the following categories of personal data, depending on the nature of your interaction with us:

• Identity data: name, title, date and place of birth, nationality, tax domicile, and signatures (where relevant).

• Contact data: address, email address, and telephone number.

• Compliance and due diligence data: identification documents and information required to meet legal and regulatory obligations (including anti-money laundering and counter-terrorist financing requirements), such as source of funds/source of wealth information and screening results.

• Financial data: banking details and other relevant financial information required for the provision of Services.

• Transaction data: information relating to payments to/from you and details of the Services provided.

• Technical data: IP address, browser type and version, device information, time zone setting and location, operating system, and platform.

• Usage data: information about how you use our website.

• Communications data: records of correspondence and enquiries.

We may also use aggregated data (for example, statistics about website usage). Aggregated data does not identify you and is not treated as personal data unless combined with other information that identifies you.

Where required by law and where permitted, we may process information relating to criminal convictions or offences (for example, conduct certificates), strictly for compliance purposes and with appropriate safeguards.

If you fail to provide personal data

Where we request personal data to comply with law or regulation, or to provide Services, and you do not provide it, we may be unable to provide the requested Services or may only be able to provide a limited service. We will inform you where this applies.

3. How We Collect Personal Data

We collect personal data through:

• Direct interactions: when you contact us, request information, provide documentation, complete forms, enter into agreements, or communicate with us by email, phone, post, or otherwise.

• Automated technologies: when you browse our website, we may collect technical and usage data through cookies and similar technologies. Please refer to our Cookie Policy for more information.

• Third parties and public sources: where appropriate and lawful, we may obtain information from advisers and intermediaries, public registers, compliance and screening providers, sanctions lists, and other due diligence sources.

4. How We Use Your Personal Data

We use personal data only when the law allows us to do so. The main lawful bases we rely on are:

• Performance of a contract (or steps prior to entering into a contract),

• Compliance with a legal or regulatory obligation, and

• Legitimate interests, where our interests are not overridden by your rights.

In practice, we may use your personal data to:

• respond to enquiries and provide information,

• onboard clients and complete due diligence and verification checks,

• provide and administer our Services, including operational and governance support,

• manage payments, fees, and invoicing,

• maintain business operations, record keeping, and internal administration,

• ensure security, prevent fraud, and protect our website and systems,

• meet legal and regulatory obligations (including reporting obligations), and

• improve our website, communications, and client experience.

We do not generally rely on consent as a lawful basis, except where required (for example, certain marketing communications). You may withdraw consent at any time.

5. Disclosures of Your Personal Data

We may share your personal data where necessary with:

• service providers supporting our IT, systems, and business operations,

• professional advisers (including lawyers, auditors, insurers, and banks),

• administrators, depositaries, and other service providers appointed in relation to funds (where relevant),

• regulators and public authorities, including the Malta Financial Services Authority, the Financial Intelligence Analysis Unit, the Malta Business Registry, and tax authorities, where required by law, and

• third parties where necessary to establish, exercise, or defend legal claims, or to prevent fraud and protect rights.

We require third parties to respect the security of personal data and to process it only for specified purposes and in accordance with our instructions and applicable law.

If our business is sold, merged, or restructured, personal data may be transferred as part of that transaction, subject to appropriate safeguards.

6. International Transfers

We do not generally transfer personal data outside the European Economic Area. Where international transfers are necessary, we will ensure appropriate safeguards are in place, such as an adequacy decision or standard contractual clauses approved by the European Commission.

7. Data Security

We maintain appropriate technical and organisational measures to protect personal data against accidental loss, unauthorised access, alteration, or disclosure. Access is restricted to those with a business need to know and subject to confidentiality obligations.

Where a personal data breach occurs, we will notify relevant parties and regulators where required by law.

8. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, including legal, regulatory, accounting, and reporting requirements.

As a general rule, we retain most personal data for up to six (6) years following the end of the relationship. Certain records (including transaction and accounting records) may be retained for up to ten (10) years where required by applicable law.

In some circumstances, you may request deletion of your personal data. Please note that we may be required to retain certain information to comply with legal or regulatory obligations.

We may anonymise personal data so it can no longer be associated with you, in which case it may be used for statistical purposes without further notice.

9. Your Legal Rights

Subject to certain conditions and limitations, you have rights under data protection law, including the right to:

• request access to your personal data,

• request correction of inaccurate or incomplete data,

• request erasure (where applicable),

• object to processing (including for direct marketing),

• request restriction of processing,

• request portability of certain personal data, and

• withdraw consent where processing is based on consent.

To exercise your rights, please contact info@stortonfm.com with the subject line “Data Protection Matter”.

10. Website Analytics

We may use website analytics tools to help us understand how visitors use our website and to improve the website experience. Where analytics involve cookies or similar technologies, you can control them through your browser settings and our Cookie Policy.

Contact

If you have any questions about this Privacy Notice or your personal data, please contact:

Storton Fund Management Ltd (C 99939)
421, Ta’ Xbiex Seafront, Ta’ Xbiex, Malta
Email: info@stortonfm.com (Subject: “Data Protection Matter”)