Legal Document
Privacy Policy
Review the governing disclosures and use conditions supporting the Qlumina public site and investor onboarding workflow.
1. Institutional Privacy Statement and Data Governance Architecture
Qlumina ('the Firm,' 'we,' 'us,' or 'our') recognizes the paramount importance of data privacy, confidentiality, and security for its institutional clients and global marketing partners. We operate a sophisticated data governance architecture designed to provide a cohesive and high-tier defensive layer over the processing of sensitive information. Our operations are strictly governed by the British Virgin Islands Data Protection Act (DPA), 2019, the Cayman Islands Data Protection Act, and the principles of the European Union's General Data Protection Regulation (GDPR) for data subjects located within the European Economic Area (EEA). This Privacy Policy serves as a comprehensive disclosure of how we collect, process, vault, and protect institutional and personal data throughout the investment lifecycle.
2. Granular Categories of Data Processed (Institutional and Individual)
In the course of providing our institutional Services, we collect and process several distinct categories of data: (A) CORPORATE AND INSTITUTIONAL DATA: Certificate of Incorporation, Memorandum and Articles of Association, share registers, and tax identification numbers. (B) KNOW-YOUR-CUSTOMER (KYC) AND IDENTIFICATION DATA: Names, dates of birth, residential addresses, passport or national identity card copies, and proof of professional tenure for authorized signatories and Ultimate Beneficial Owners (UBOs). (C) FINANCIAL AND MANDATE DATA: Source of wealth (SOW) documentation, source of funds (SOF) declarations, bank account coordinates, and historical capital commitment records. (D) TRANSACTIONAL AND PERFORMANCE DATA: Position logs, execution telemetry, and mandate-specific return metrics. (E) SECURITY AND AUDIT LOGS: IP addresses, device identifiers, session metadata, and digital heartbeat logs captured during portal interactions to ensure Platform integrity and prevent unauthorized access.
3. Comprehensive Purpose and Legal Bases for Data Processing
We process information based on the following legally recognized grounds: (i) CONTRACTUAL OBLIGATION: To perform our fiduciary and operational duties under a signed investment management, SMA, or partnership agreement. (ii) LEGAL AND REGULATORY COMPLIANCE: To satisfy our mandatory obligations under BVI and international Anti-Money Laundering (AML) and Counter-Terrorist Financing (CTF) laws, as well as automatic exchange of information (AEOI) standards such as FATCA and the Common Reporting Standard (CRS). (iii) LEGITIMATE INSTITUTIONAL INTERESTS: To defend our Proprietary IP, detect and prevent fraudulent activities, and optimize the systematic performance of our AI-native execution engine through anonymized data analysis. (iv) EXPLICIT CONSENT: Where a User has provided granular consent for specific institutional outreach, research whitepapers, or strategic event invitations.
4. Rigid Data Retention and Regulatory Archival Protocols
Qlumina maintains a non-discretionary data retention policy aligned with BVI and international regulatory mandates. All records related to a signed client mandate, including transaction logs and KYC documentation, are retained for a minimum of seven (7) years following the termination of the business relationship. For prospective investors who engage with the Platform but do not execute a formal mandate, data is typically retained for a period of five (5) years to ensure compliance with audit trails and to prevent duplicate qualification attempts. Once these statutory and operational retention periods have concluded, data is either permanently and securely purged using institutional-grade wiping protocols or irreversibly anonymized for long-term quantitative research and model training.
5. Mandatory Regulatory Disclosures and International Cooperation
As a regulated entity, Qlumina may be legally compelled to disclose institutional or personal information to the BVI Financial Services Commission (FSC), the Financial Investigation Agency (FIA), or other global regulatory counterparts (such as the SEC, FINMA, FCA, MAS, SFC, CySEC, ADGM/FSRA, or ESMA) during the course of routine audits or formal investigations. We cooperate fully with all valid requests for information issued by competent authorities in the fight against financial crime and tax evasion. Such disclosures are made strictly in accordance with the law and do not constitute a breach of our confidentiality obligations to the Client.
6. International Data Transfers and Cross-Border Protection Mechanisms
To facilitate our global operations and partnerships in Switzerland, the UAE, Singapore, Hong Kong, the UK, the EU, and the United States, your data may be transferred to or accessed from jurisdictions outside the British Virgin Islands. In all such cases, Qlumina utilizes robust cross-border protection mechanisms, including Standard Contractual Clauses (SCCs) and 'Binding Corporate Rules' (where applicable). We ensure that any third-party marketing partner or service provider receiving such data is contractually obligated to maintain security standards that are equivalent to or exceed the requirements of the BVI DPA and the GDPR. Data remains encrypted both in transit and at rest during all international transfers.
7. Data Subject Rights: Access, Rectification, and Portability
Under the BVI Data Protection Act and equivalent global frameworks, data subjects have the following non-waivable rights: (i) THE RIGHT OF ACCESS: To obtain a copy of the data we process concerning them. (ii) THE RIGHT TO RECTIFICATION: To require the correction of inaccurate or incomplete data. (iii) THE RIGHT TO ERASURE ('Right to be Forgotten'): To request deletion of data where it is no longer required, subject to mandatory regulatory retention periods. (iv) THE RIGHT TO RESTRICTION: To limit processing under certain contested circumstances. (v) THE RIGHT TO DATA PORTABILITY: To receive their data in a structured, machine-readable format. All such requests must be submitted in writing to our Data Compliance Officer at compliance@qlumina.com.
8. Institutional Service Provider Audit and Security Standards
We leverage a closed ecosystem of top-tier service providers for cloud infrastructure, fund administration, and KYC/AML screening. Each provider undergoes a rigorous annual due diligence review to ensure their security posture is sufficient to protect Qlumina's institutional data. These providers act as 'Data Processors' and are legally and contractually restricted from using client data for any purpose other than the specific service they provide to Qlumina. We maintain a zero-tolerance policy for data monetize or unauthorized secondary usage by any partner in our ecosystem.
9. Advanced Cybersecurity, Encryption, and Access Control
Qlumina employs a 'Defense-in-Depth' security strategy. All sensitive data is encrypted using AES-256 standard and is stored in logically isolated environments. Access to client data is strictly limited to authorized personnel based on the 'Principle of Least Privilege' (PoLP) and is protected by mandatory multi-factor authentication (MFA). Our digital infrastructure is subject to regular penetration testing and vulnerability assessments to proactively identify and neutralize emerging cyber threats from state-sponsored and criminal actors.
10. Mandatory Breach Notification and Incident Response
In the event of a suspected or actual data breach that poses a risk to the rights and freedoms of data subjects, Qlumina maintains an automated Incident Response Plan. We will notify the BVI Information Commissioner and all impacted data subjects without undue delay, and in any event within seventy-two (72) hours of becoming aware of the breach, providing a detailed account of the nature of the breach and the steps taken to mitigate its impact.
11. Policy Evolution and Annual Governance Review
This Privacy Policy is an evolving governance document. It is reviewed at least annually by our legal and compliance teams to ensure ongoing alignment with shifting global data protection laws and the unique requirements of our marketing partners in diverse jurisdictions. Any material changes to our data processing activities will be communicated to you via the Qlumina Secure Portal or through institutional email channels.