GDPR Privacy Notice

Last updated: Mar 18, 2025

This GDPR Privacy Notice (“Notice”) has been revised and is effective as of the date above and will remain in effect except for future changes to its terms. The management of HORIZON OEIC LTD may amend this Notice at any time. Investors will be notified about material changes. However, they are encouraged to review this Notice periodically to stay informed about how the HORIZON OEIC LTD (“HORIZON”) processes and protects personal data.

This Notice provides the necessary information about your rights and our obligations and explains how, why, and when HORIZON processes your personal data.

Please read this Notice carefully, as it becomes legally binding when interacting with HORIZON. HORIZON takes the privacy and protection of your data very seriously. It is committed to handling the personal information of those it engages with responsibly and in a way that meets the legal requirements.

What is the GDPR?

The General Data Protection Regulation (GDPR) standardises data protection law across all EU countries and imposes strict new rules on controlling and processing personally identifiable information. The GDPR applies not only to organisations located within the EU but also to organisations located outside of the EU if they offer goods or services to monitor the behaviour of EU data subjects, regardless of that company’s location. You may read the full list of GDPR regulations here: https://gdpr-info.eu/

This Notice applies to you if:

  • You are a Natural or Legal Person (“Investor”) concluding the business relationship – this applies both to existing Investors and to those who are willing to proceed (“Prospective Investors”).
  • Your personal data has been provided to HORIZON by another person in connection with an application signing or in the case when you provide or are going to provide HORIZON with any services related to the activities of the HORIZON (for example, if you are a director, partner, trustee, employee, agent or direct or indirect owner of any counterparty).
  • HORIZON otherwise uses your personal data.
  • You are an applicant for a position within HORIZON.
  • You are a data subject. The GDPR defines “data subjects” as “identified or identifiable natural person(s)”. In other words, data subjects are only individuals from whom or about whom HORIZON collects information about its business and operations.

Information we collect / Information you provide to us

We process your personal data to comply with our legal, statutory, and contractual obligations and to provide you with our products and services. We will never collect unnecessary personal data from you and will not process your data in any way other than as set out in this Notice.

The personal data we collect from you

  • Personal Data include first name, last name, date of birth, photograph, passport details, CV, contact details, bank details, signature, investment history, etc.
  • Residential Address Confirmation such as a utility bill, bank statement, or tax bill.
  • Forms that include employment details, net worth, annual income, and any information and evidence within the scope of local regulatory requirements to interpret the Economic Profile and Suitability Assessment of Prospective Investors.
  • Tax identification number and country of taxation for CRS /FATCA purposes.

We may also process

  • Information we collect or generate may include information relating to your (or the Natural or Legal Person you represent) investments, emails (and related data), call records, website usage data, and messages sent through our Website.
  • Information we receive from other sources, such as information we receive for the purposes of our Know Your Client (KYC) procedures (which include anti-money laundering, counter-terrorist financing, counter-proliferation financing procedures, and politically exposed person and sanctions checks), information from public websites and other public sources and information we receive from your advisers or intermediaries.

Types of data that GDPR protects

Personal data is defined under the GDPR as any information relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. The Data Protection Act similarly defines personal data.

How we collect the information

  • Through the documents and forms provided by Prospective Investors to us.
  • In face-to-face meetings with Prospective Investors, where applicable.
  • Electronic and hard copies, in plain written form or certified/notarised/apostilled.
  • From third parties with whom we have a contractual relationship.
  • We only ask for personal information that we are required to collect by our legal obligations and relevant to your specific requests to provide our services.

You are required to provide true, complete, and accurate information and to keep it up to date. If you doubt your personal information, please feel free to contact us in any way that is preferable to outline the issue. We will take all reasonable steps to ensure that any inaccurate data relating to the purposes for which it is processed is deleted or rectified without delay.

We may retain information and data relating to your bank account, credit/debit card details, or other payment account information following the requirements of the law.

How we use your personal data

We take your privacy very seriously and will never disclose, share, or sell your data without your consent unless required by law. We only retain your data for as long as necessary and for the purpose(s) specified in this Notice. If you consent to us providing you with promotional offers and marketing, you can withdraw this consent anytime.

The purposes and reasons for processing your personal data

  • We collect, store, and process your personal data to assess and process applications for the Agreements/Contracts signing, including carrying out know-your-client procedures, ongoing working, receiving payments from and making payments to the Investors, calculating the Net Asset Value and monitoring these processes.
  • We collect, store, and process your personal data to reach an agreement with us or for any interaction.
  • We collect, store and process your personal data as part of our legal obligations for business accounting, tax purposes, audit purposes, and any legal or regulatory obligations or industry standards arising from our licenses or registrations as regulated entities.
  • We may occasionally send marketing information to you that we have deemed beneficial to you as a customer and in our interests. Such information will not be intrusive and will be processed based on legitimate interests to adequately monitor and update customer information following local legislation and providing better quality services.

Your rights

You have the right to access and request information about any personal data we process about you:

  • The personal data we hold about you.
  • The purposes of the processing.
  • The categories of personal data concerned.
  • The recipients to whom the personal data has been/will be disclosed.
  • The time period we intend to retain your personal data.
  • If we have not collected the data directly from you, information about the sources.

If you believe that we have incomplete or inaccurate information, you have the right to ask us to correct and/or complete it. We will endeavour to do so as soon as possible unless there is a good reason not to, in which case you will be notified.

You also have the right to request the erasure of your personal data or to restrict processing (where applicable) according to data protection laws; similarly, you may object to any direct marketing from us. Where applicable, you have the right to data portability and the right to be informed about any automated decision-making we use.

If you request to exercise any of the above rights, we may ask you to verify your identity before we comply; this is to ensure that your data is protected and kept secure.

Sharing and Disclosure of Your Personal Information

We will not share your personal information without your consent except for the purposes set out in this Notice or where there is a legal obligation to do so. If necessary, we may share your personal information with third parties to conduct the working process or if required by law.

When we share personal information, we do so following data protection laws. Sharing your personal information with third parties may result in transferring your personal information outside the country of your presence.

We use third parties to provide the services and business functions set out below; however, any processors acting on our behalf will only process your data following our instructions and fully comply with this Notice, Data Protection Laws, and all other relevant confidentiality and security measures. Neither party (Data Subject and/or Data Controller and/or Data Processor) will disclose any information unless strictly necessary following the law or business operations.

Personal information may be disclosed to

  • Affiliates (such as brokers, accountants, legal advisors, consultants, tax advisors, etc.) to provide services, fulfil regulatory and legal requirements, and increase the quality of services provided.
  • Regulated banking/credit institutions with whom we work to provide services to Partners.
  • Regulatory authorities and agencies, tax authorities, etc., to comply with applicable laws and regulations.
  • For Investors, we may provide information to our appointed custodian for purposes of compliance with applicable laws and regulations.

AML Law Purposes

The Law of the Republic of Kazakhstan No 191-IV dated 28 August 2009 on counteracting legalisation (laundering) of proceeds obtained through criminal means and financing of terrorism and other existing legal acts of the Republic of Kazakhstan in the field of AML/CTF (hereinafter the „AML Law“), adopted at the national level, sets the basic rules for combating money laundering and terrorist financing.

The Anti-Money Laundering Rules (the “AML Rules”) are made in recognition of the application of the Law of the Republic of Kazakhstan No 191-IV dated 28 August 2009 on counteracting legalisation (laundering) of proceeds obtained through criminal means and financing of terrorism (the “AML Law”), the Criminal Code of the Republic of Kazakhstan No 226-V dated 3 July 2014 (the “Criminal Code”) and international conventions and treaties ratified by the Republic of Kazakhstan.

The processing of personal data for the purposes of the AML Law must not be additionally processed in a manner that does not meet the purpose, for instance, for marketing purposes.

Thus, personal data submitted for the purposes of the AML Law shall be processed exclusively for the purposes of the AML Law.

The data subject’s right of access to personal data relating to him or her may be wholly or partially restricted if such restriction will:

  1. Enable HORIZON or the Financial Intelligence Unit (FIU) of the Republic of Kazakhstan to fulfil its tasks properly for the purposes of the AML Law or
  2. Avoid obstructing official or legal inquiries, analyses, investigations, or procedures to comply with the AML Law and ensure that the prevention, investigation, and detection of money laundering and terrorist financing are not jeopardised.

Measures to protect your data

We take your privacy seriously and take all reasonable steps and precautions to protect and secure your personal information. We work hard to protect you and your information from unauthorised access, alteration, disclosure, or destruction and have several layers of security measures in place, including restricted access to paper files and electronic files, firewalls, and anti-virus/anti-malware software.

Transfers outside the EU

We use some products or services (or parts thereof) that may be hosted/stored in the EU and/or in non-EU countries. Transfers of personal data between countries may be necessary for the performance of our activity and the interaction between you and us or for the performance of pre-contractual measures taken at your request. This means that we may transfer the data you provide to a jurisdiction that is not recognised as providing an adequate level of data protection for the purposes of electronic storage of your personal data, brokerage services, operational services, legal services, and marketing services.

Thus, when you provide us with your personal data and/or use our Website and/or send us an email and/or sign up for our newsletter, etc., the personal data you provide may be stored on servers hosted globally. Where this is the case, we will take steps to ensure that these providers use the required level of protection for your data, adhere to the strict agreements and measures we set out to protect your data and comply with relevant data protection legislation.

Consequences of not providing your data

You are not obliged to provide us with your personal data. However, the provision of personal data is a requirement for entering into an Agreement with us. Investors have a statutory and contractual obligation to provide and keep up-to-date and accurate personal data they provide to us. Failure to provide such data will not allow us to commence or continue the business relationship, as compliance with our legal obligations will be deemed impossible.

Legitimate Interests

As mentioned in the “How we use your personal data” section of this Notice, we may process your personal data on the legal basis of legitimate interests. Where this is the case, we have carried out a thorough Legitimate Interests Assessment (LIA) to ensure that we have balanced your interests and any risk to you against our own interests to ensure that they are proportionate and appropriate.

Personal data is processed under all applicable laws and regulations of the Republic of Kazakhstan and the AIFC. We are obliged to process personal data fairly and lawfully for specified, explicit, and legitimate purposes and to the extent that is relevant, proportionate, and not excessive concerning the purposes of the processing.

We use legitimate interests as the legal basis for processing your personal data to send you marketing information that we have determined to be beneficial to you as a customer and in our interest. We have determined that our interests are to monitor and update customer information according to local legislation and to provide better-quality services.

How long we keep your data

We retain personal data for the duration of the business relationship with an Investor and for at least five (5) years after the termination of the business relationship, unless otherwise requested by a competent authority, in accordance with the provisions of the applicable legislation.

We may keep personal data longer if we cannot delete it for legal or regulatory reasons. In particular, data retention is not limited in time in the case of pending legal proceedings or an investigation initiated by a public authority, provided that HORIZON is informed of the pending legal proceedings or the investigation initiated by a public authority within the retention period described hereinabove.

We only retain personal data for as long as required by applicable laws and regulations, and we have strict review and retention policies in place to comply with these obligations. Your data will be retained in electronic, paper, or both formats. When no longer required, it will be deleted or destroyed in accordance with applicable laws and regulations.

If you have consented to our using your data for direct marketing, we will retain that data until you inform us otherwise or withdraw your consent.

Marketing

We may occasionally send you information about products and services related to our activity or to interactions between you and us by email and/or post that have been identified as beneficial to our Investors and in our interests. Such information will be relevant to you and will not be intrusive. You will always have the option to unsubscribe at any time using the opt-out/unsubscribe options or contacting us directly.

Submitting a complaint

We will only process your personal data following this Notice and in compliance with relevant data protection laws. However, if you wish to complain about the processing of your personal data or are dissatisfied with the way we have processed your data, you have the right to lodge a complaint with the supervisory authority, the Ministry of Digital Development, Innovations and Aerospace Industry of the Republic of Kazakhstan.

Data protection officer

The GDPR requires the appointment of a data protection officer. The data protection officer is responsible for educating us and our employees about compliance, training staff involved in data processing, and conducting regular security audits. The data protection officer also serves as the point of contact between us and any supervisory authorities that oversee activities related to personal data. In addition, the data protection officer maintains comprehensive records of all data processing activities conducted by us and interfaces with data subjects to inform them about how their data is being used, their right to have their personal data erased, and what measures we have put in place to protect their personal data.

Users with questions regarding GDPR Compliance, account data use, or questions about any data use matter should contact info@horizonfund.eu.