Skip to content

Privacy Policy

Last Updated: 27-06-2025

This Privacy Policy describes how Heka Funds SICAV p.l.c. (“Heka”, “we”, “us”, or “our”) collects, uses, stores, shares, and protects personal data in accordance with Regulation (EU) 2016/679 (the “General Data Protection Regulation” or “GDPR”) and the Data Protection Act (Chapter 586 of the Laws of Malta).

We take your privacy seriously and we are committed to protecting personal data that we receive from you. This privacy policy explains our policies and practices regarding its processing of your personal data and explains your privacy rights under applicable privacy and security laws.

If you would like additional information on anything in or related to this privacy policy, or you would like to exercise any rights that you may have in relation to your personal data, please contact us at compliance@hekafunds.com

Data Controller

Heka Funds SICAV p.l.c., a collective investment scheme licensed by the Malta Financial Services Authority (MFSA) as an Alternative Investment Fund (AIF), having its registered office at:

Premium Banking Centre
475, Triq il-Kbira San Guzepp,
Santa Venera SVR 1011, Malta

is the Data Controller in respect of personal data processed in the course of its operations.

 

Categories of Data Subjects

We process personal data relating to:

  • Investors and prospective investors
  • Directors and officers of the Company
  • Service providers and their representatives
  • Visitors to our website (where applicable)

Categories of Personal Data Collected

The types of personal data relating to you that we may “process” (such as collect, use and store) depends on your interaction with us. The key types of personal data that we may process are set out below.

Personal data collected may include:

  • Identification data (e.g. name, ID number, date of birth)
  • Contact details (e.g. address, phone number, email)
  • Financial and tax-related information
  • Investment details
  • AML/KYC documents and due diligence data
  • Communication records

Personal data that we may collect through cookies

“Cookies” are small pieces of information that are stored by your browser on your computer’s hard-drive for record-keeping purposes.

We use cookies on our website for the following reason:

Enhanced website functionality – Confirmation of reading and accepting our terms and conditions will place a cookie on your computer’s hard disk. This will ease your navigation around our website by not popping up the terms and conditions again during a browser session. This cookie is temporary and will be removed after 90 days. The cookie is not used for any other reason.

You can refuse the use of cookies by selecting the appropriate settings on your browser, though please note that if you do so, you may not be able to use the full functionality of our website.

Other information that we may collect automatically

We collect the following information relating to our website visitors automatically: domain name, IP address, and type of browser used and type of operating system used.

We use this information for internal statistical analysis, such as to see where our website is being used geographically. However, we do not link this information with any personal data.

 

How and why we process your personal data

We may process your personal data in the following ways
(depending upon your interaction with us):
a) Collecting your personal data that you input on our website, or provide to us in conversations, emails, or meetings with us.
b) Recording your personal data, such as through electronic or handwritten notes that we make.
c) Organising and storing your personal data on our servers, in our case management system, in our electronic HR filing system, in our employee’s email inbox folders, or in hard copy files.
d) Using your personal data to provide our services to you, and address any preferences, complaints, or comments that you have.
e) Disclosing your personal data to third parties, where necessary, appropriate and/or as required by law.

We may process your personal data for the following purposes:
a) To process and manage your purchase and use of our services.
b) To respond to your questions, comments, complaints, or requests.
c) To follow up with you on a job application.
d) To create and deliver personalized communications that are relevant to your preferences.
e) To further our business purposes, such as to perform data analysis, audits, fraud monitoring, and prevention; enhance, improve, or modify our website or services; identify client trends; determine the effectiveness of our promotional campaigns; and operate and expand our business activities.

We process personal data to:

  • Administer investor relationships and process subscriptions/redemptions
  • Conduct due diligence, AML/KYC, and regulatory reporting
  • Manage corporate governance and compliance
  • Maintain statutory registers and records
  • Communicate with investors and regulatory authorities
  • Fulfil contractual obligations

Processing of personal data is based on:

  • Compliance with legal obligations (e.g. AML/CFT laws, MFSA regulations, tax laws)
  • Performance of a contract or pre-contractual measures
  • Legitimate interests of the Company (e.g. governance, operational efficiency)
  • Consent (in limited cases, e.g. marketing)
  •  

Data Processors and Disclosures

We take your privacy seriously and will not share your personal data with others, except in the following circumstances:
a) Service providers – we may disclose your personal data to third-party service providers to provide us with services such as website hosting and professional services, including information technology services and cloud service providers, fund administration, depositary services, auditing services, legal and regulatory services.
b) Our other group entities – we may disclose your personal data to our other group entities to provide you with tailored services and communications, or in accordance with our business administrative practices.
c) Corporate transactions or events – we may disclose your personal data to a third party in connection with a corporate reorganization, merger, joint venture, sale, transfer, or other disposition of all or any portion of our business or shares.
d) Legal reasons – we may use or disclose your personal data as we deem necessary or appropriate under applicable laws; to respond to requests from public, governmental; and regulatory authorities; to comply with court orders, litigation procedures, and other legal processes; to obtain legal remedies or limit our damages; to protect the operations of our group entities; and to protect the rights, safety, or property of our employees, you, or others.

All service providers act as Data Processors under written agreements in accordance with Article 28 GDPR.

Data Transfers

Data may be transferred outside the European Economic Area (EEA) only where adequate safeguards are in place through standard contractual clauses approved by the European Commission (for EU citizens/residents).

 

Data Retention

We retain personal data for as long as necessary to fulfil the purposes for which it was collected, and to comply with legal, regulatory, or contractual obligations, including:

  • Record-keeping requirements under MFSA rules
  • AML record retention (typically 5 years from the end of the business relationship)

Data Subject Rights

You have the right to:

  • Access your personal data
  • Rectify inaccurate or incomplete data
  • Erase your data (subject to legal limits)
  • Restrict or object to processing
  • Data portability (in applicable cases)
  • Lodge a complaint with the Information and Data Protection Commissioner (IDPC) in Malta

 

Data Security

We have implemented security policies and technical measures to protect the personal data that we collect, consistent with applicable privacy and security laws. These security measures are designed to prevent unauthorized access, improper use or disclosure, unauthorized modification, and unlawful destruction or accidental loss of your personal data.

We update and test our personal data privacy and security measures on an ongoing basis. We also provide training to our employees on privacy laws and how to comply with them and have disciplinary procedures in place that may be imposed on employees if they do not comply with our standards. We ensure that only employees who need to know your personal data to fulfil the purposes of processing that personal data (as described in this privacy policy) have access to it.

Links to third-party sites

Our website may include links to other sites operated by third parties. We are not responsible for information on these sites, nor for services or products offered by them. Use of such sites, including transmitting your personal data to them, is at your own risk. You should check the privacy policies (and other applicable terms and conditions) of these third-party sites.

Updates to This Policy

We may update this Privacy Policy from time to time. Any changes will be published on our website with an updated revision date. We encourage you to review it periodically.

Contact Us

For any questions or concerns about this Privacy Policy or how your personal data is handled, please contact:

Compliance Officer
Heka Funds SICAV p.l.c.
Email: compliance@hekasicav.com