Imagine Impact Bonds S.A. is a public company limited by shares (société anonyme) incorporated under the laws of the Grand Duchy of Luxembourg, having its registered office at 18, rue Robert Stümper, L-2557 Luxembourg, Grand Duchy of Luxembourg, registered with the Luxembourg trade and companies register (Registre de Commerce et des Sociétés) under number B 269474 (“Imagine Impact Bonds S.A.”).
The website www.imagine-impactbonds.com is operated and controlled by Imagine Impact Bonds S.A.
www.imagine-impactbonds.com is referred to as the “Website”
Agreement to Terms and Conditions of Use of the Website
By accessing to this Website, you agree to use the Website only for lawful purposes and to be bound by the terms and conditions for use of this Website as set out hereunder, which may be amended from time to time by Imagine Impact Bonds S.A. without notice. It is up to the user of the Website to consult the terms and conditions on a regular basis.
The terms and conditions set out hereunder are subject to the laws of the Grand Duchy of Luxembourg and the exclusive jurisdiction of the Tribunal d’Arrondissement of Luxembourg City.
No Reliance and Limitations of Liability
The information on this Website is provided by Imagine Impact Bonds S.A. (hereinafter referred to us “we” or “us”) for informational purposes only and on an “as is” and “as available” basis, without any express or implied warranties as to the accuracy or completeness of the information provided and which may be changed by Imagine Impact Bonds S.A. without notice. The information contained on this Website should not be considered as an offer or solicitation, to deal in any of the investments or funds mentioned herein. Nothing contained in the information on this Website constitutes legal, tax, investment, or other advice, nor to be relied upon in making any decision.
You are encouraged to confirm the information contained herein, and you should not construe any information herein as a warranty or guarantee of the quality or availability of services or financial products. Any reliance on information provided on this Website is at your own risk and in no event will Imagine Impact Bonds S.A. or its service providers be liable for any loss or damage of any kind arising out of or in connection with your access, use, or browsing of this Website.
Any links to other websites or to materials provided by other parties are provided by us for your convenience only and do not imply endorsement of such websites or materials by us. These websites and materials are not owned by or under the control of Imagine Impact Bonds S.A., and Imagine Impact Bonds S.A. disclaims all liability with regard to your access to and use of such linked websites or materials from other parties.
The contents of this Website is protected by copyright and may not be downloaded, extracted, reproduced, distributed, transmitted, or published, in whole or in part, for public or commercial purposes without Imagine Impact Bonds’s prior written consent, or in case of third-party materials, the owner of that content. You may not alter or remove any logo, trademark, copyright or other notice from copies of content on this Website.
You may review, download, save, and/or print out a hard copy of individual pages and/or sections of this Website for your personal, non-commercial, non-political use.
You agree not to license, distribute, create derivative works from, transfer, sell or re-sell any content obtained from this Website, nor to modify, deface content on this Website, or reproduce content on this Website separate and out of context from the original accompanying materials. You are not permitted to use the materials on these Website except as expressly set forth herein.
This Website uses three types of cookies:
– Functional cookies: these cookies are essential for the proper functioning of our Website.
– Statistics cookies: these cookies provide us with statistics about the use of our Website, e.g. which pages are visited, which articles are downloaded, which links are clicked on.
– Marketing cookies: these cookies track online activity on our Website for marketing purposes.
If you do not wish to accept these cookies onto your device, you can disable cookies by changing the settings on your browser. Likewise, you can use the browser to delete cookies that have already been stored. However, the steps and measures required vary, depending on the browser you use. If you have any questions, please use the help function or consult the documentation of your browser or contact its maker for support. Please note that if you prevent or restrict the installation of cookies, not all of the functions on our Website may be fully usable.
Personal data protection policy
1. Scope of Application
This personal data protection policy (the “Policy”) describes how Imagine Impact Bonds S.A. (hereafter referred to as the “Company”) treats the information collected or provided during the course of the Company’s activities, how it is stored, processed, secured and what are the rights of the Data Subjects (as defined below) in relation to these Personal Data (as defined below in section 2).
Personal Data may be collected, recorded, stored in digital form or otherwise, adapted, transferred or otherwise processed and used in accordance with the Luxembourg Act of 1 August 2018 on the organization of the National Data Protection Commission and the general data protection framework (as may be amended from time to time), the European Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the “GDPR”) and any other European Union or national legislation which implements or supplements the foregoing.
This Policy is issued by the Company, identified as personal data controller within the meaning of the GDPR (“Data Controller”), and applies to individuals with whom the Company interacts, including but not limited to employees, consultants, clients, investors, prospects, directors and other counterparties (hereafter referred to as “Data Subject(s)”).
This Policy applies to any Data Subject whose Personal Data is provided to the Company directly by the Data Subject or indirectly through another natural or legal person, public authority, agency or another body in connection with the Company’s relationship with the Data Subject where the Company acts as Data Controller within the meaning of the GDPR.
This Policy may be amended from time to time to reflect changes in the Company’s practice with respect to the processing of Personal Data, or changes in applicable law, and the Company will notify Data Subjects in writing of any changes it makes.
2. Types of Personal Data collected or provided to the company and sources of personal data
The main categories of personal data processed by the Company (the “Personal Data”) are (inter alia):
– Personal identification data, such as name, date and place of birth, address, email address, phone number, any other contact details,
nationality, gender, social security number, copies of identity documents, CVs,
– Financial data, such as banking details, income details, tax information, source of wealth,
– IP addresses or other visitor origin profiles maybe traceable from visiting our website or social media profiles,
– Profile pictures, pictures from events organised by the Company and videos.
For the avoidance of doubt, the Company does not process, and service providers of the Company are not authorized to process, any special categories of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health related data (except medical certificates provided by any employee of the Company in case of sickness) or data related to sexual orientation.
The Company uses different sources to collect Personal Data including, but not limited to:
– Direct interactions: information provided verbally, electronically or in writing, including information provided on questionnaires, websites and other forms provided by the Data Subject or the Data Subject’s organization,
– Information that is generated by the Company in the course of its relationship with the Data Subjects,
– Information provided directly or indirectly by Data Subjects to comply with AML and KYC obligations,
–Third-parties or publicly available sources: information obtained from international sanctions lists, publicly available websites, financial market infrastructures and other public data,
– The performance of contract that the Data Subject has entered into with the Company from time to time,
– The use of products and services and the relationship with the Company, as well as with the service providers of the Company.
3. Purposes and legitimate basis of processing
Any Personal Data provided to the Company is processed based on the legal grounds enumerated in Art. 6, Par. 1, points a), b) c) and f) of the
GDPR. The Company does not use Personal Data for marketing purposes without explicit consent of the relevant Data Subject.
Most of the Company’s Personal Data processing arises from regulatory or contractual requirements, without which the Company would not be able to provide the contracted services or comply with applicable laws.
Regarding website users, their Personal Data is processed for statistics purposes, to communicate with the user and to answer any request.
In accordance with Art. 30 of the GDPR, each service provider of the Company which is processing Personal Data on behalf of the Company, shall maintain a record of its data processing, which shall be made available to the Data Controller for inspection upon request.
Certain Personal Data, such as business cards and photographs that the Company may have of Data Subjects further to events, or IP address (for website users), may be processed based on consent or to pursue legitimate interests, such as internal communication and business administration.
If the Company does rely on the Data Subject’s consent, it will make this clear to the Data Subjects when asking for their consent. Data Subjects will have the right to withdraw their consent at any time and request that the Company stops processing and deletes such Personal Data.
4. Profiling and automated decision-making
The Company does not use data profiling or automated decision-making as per Art. 22 and recital 71 of the GDPR.
5. Recipients of Personal data
In order to fulfil the Company’s obligations arising from contract or applicable laws, certain Personal Data may be transmitted to other
service providers of the Company, such as the Company’s website service provider, clearing agent, servicer, originator, HR support service
providers, auditors, legal advisers, external valuers or tax and regulatory authorities.
Due diligence is performed on such third-party services providers to ensure that they are complying with the GDPR.
6. Storage of Personal Data
Any and all Personal Data will be held for a period of maximum ten (10) years after the termination of the relationship between the Data Subject and the Company, and will not be retained for longer than the duration required by applicable law or contractual obligations, taking into account any required retention period to meet any legal procedural requirements in case of any need to provide information with integrity to competent authorities.
7. Transfer of Personal Data
In order to fulfil the Company’s obligations arising from contract or applicable laws, certain Personal Data may be transmitted to other
service providers outside of the European Union (“EU”).
To the extent practicable, the Company avoids transferring Personal Data to non-EU countries or to countries without EU equivalent data protection rules. In the event Personal Data is transferred outside of the EU, prior due diligence is performed to ensure that data processors or service providers only transfer data to their affiliates that are compliant with data protection rules equivalent to GDPR, that the IT cloud solutions chosen have implemented GDPR compliant security measures, and that the Personal Data is transferred in a secure way.
The data systems shall be maintained and backed-up by an external IT service provider located within the EU, in jurisdictions deemed to have an EU-equivalent level of protection, or which are otherwise bound contractually to comply with GDPR requirements, based on standard contractual clauses.
8. Rights of Data Subjects
Requests from Data Subjects related to the exercise of the rights described below shall in general be referred to as “Data Requests” and shall be handled in accordance with the section below “Handling of Data Requests”.
The Company’s Data Subjects have the following rights:
– Right to access (Art. 15 GDPR) and rectification (Art. 16 GDPR): Data Subjects have the right to see Personal Data the Company have in its files. If the Data Subject spots an error in his/her Personal Data in the Company’s files, or if his/her Personal Data is no longer up to date, the Data Subject has the right to request that it is rectified.
-Right to withdraw your consent (Art. 7 GDPR): For the processing of Personal Data that are based on Data Subjects’ consent, Data Subjects have the right to withdraw their consent and request that the Company stops processing and deletes such Personal Data at any time.
-Right of erasure (Art. 17 and 19 GDPR): Any of the Personal Data that the Company has in its files will be deleted upon request of the Data Subject, unless the Company has an overriding obligation to maintain the Personal Data such as those arising from contract or applicable laws.
– Right to restriction of processing (Art. 18+19 GDPR): Upon request from the Data Subject, the Company will limit the ways and purposes Personal Data is processed, unless there are overriding obligations arising out of contract or applicable laws.
– Right to data portability (Art. 20 GDPR): The Data Subject has the right to request that his/her Personal Data is transferred from the Company to another recipient of his/her choosing.
– Right to object (Art. 21+22 GDPR): The Data Subject has the right to object to the processing of his/her Personal Data by the Company and to request the Company to stop processing his/her Personal Data. In such case the Company will stop processing Personal Data unless there are overriding obligations such as those arising from contract or applicable laws.
– Right to complain (Art. 77 GDPR): The Data Subject has the right at all times to lodge a complaint regarding the processing of his/her Personal Data, whether to the Company using the contact form on the Company’s website or the contact details in section 12 below, or directly to a national data protection authority of a European Union Member State, such as the Luxembourg data protection authority, the Commission Nationale de Protection des Données (“CNPD”).
9. Handling of Data Requests
Data processors shall assist the Company as Data Controller within the scope of its abilities and the information reasonably available to it, to
respond to requests from Data Subjects regarding the Personal Data mentioned hereabove.
For data requests addressed to the Company, the Company shall be responsible for obtaining and coordinating the necessary information from the relevant service providers as well as responding to the relevant Data Subject.
10. Contact Information
In case of any questions about this Policy, Personal Data held by the Company or rights of the Data Subjects, please contact the Company by using the contact form on the Company’s website or the contact details below:
Postal and visitor’s address:
Imagine Impact Bonds S.A.
18, rue Robert Stümper
Grand Duchy of Luxembourg
Email: [email protected]