Darwin Depositary Services (‘Darwin’) acts as depositary for investment funds according to the Alternative Investment Fund Managers Directive (AIFMD, 2001/61). The duties and responsibilities of a depositary are laid down in the Delegated Regulation of 19 December 2012, supplementing Directive 2011/61. In the prospectus of an investment fund, notice is made of the name of the depositary that is appointed. Under the GDPR regulation Darwin acts in the capacity of controller.
Darwin receives information from the fund managers in order to identify the directors and Ultimate Beneficiary Owners (UBO’s) and to fulfill the requirements as prescribed in the “Wet ter voorkoming van witwassen en het financieren van terrorisme (Wwft)”. This information includes UBO statements and copy IDs. The personal data Darwin collects from investors in an investment fund is used to comply with the obligations of the AIFMD. Darwin receives personal data from investors in investment funds directly or indirectly from the fund manager in order to perform the activities as required by law. This information is divided into two categories:
1. Subscription and redemption payments which are reviewed during the daily cash flow monitoring process (pursuant to article 86 of the Delegated Regulation of 19 December 2012, supplementing Directive 2011/61 EU).
2. Statements of investments and divestments and participating holdings (pursuant to article 87 and 93 of the Delegated Regulation of 19 December 2012, supplementing Directive 2011/61).
The information with regard to the subscription and redemption payments is received directly from the bank with which the fund or fund manager on behalf of the fund has opened a bank account. The fund or the fund manager on behalf of the fund has provided a proxy for viewing rights in the bank account to Darwin. Information about investment/divestments and the register of shareholders/participants is derived from the fund manager or the administrator acting as a delegate on behalf of the fund manager. Darwin is never able to possess more personal data of investors than the fund manager and/or administrator of an investment fund. If Darwin does not receive the above described information, it is not able to comply with the obligations of the AIFMD legislation. Darwin does not process any data of investors in investments for another purpose than mentioned in category 1 and 2. The personal data of investors that is processed by Darwin is only used for the purposes needed to fulfill its obligation under the AIFMD. Darwin’s systems do not provide the possibility to prepare an overview of all personal data that is processed during a certain time frame for an individual investor. Personal data is shared with several service providers which act as controller or processor.
According to article 14 and 15 of the GDPR each investor has the right to request access to and rectification or erasure of personal data or restriction of processing concerning the data subject and to object to processing as well as the right to data portability. This request can be directed to the Data Protection Officer, Mr F.C. Hand:
Darwin Depositary Services
Attn. F.C. Hand
Barbara Strozzilaan 101
1083 HN Amsterdam
All Darwin’s data is stored on Microsoft servers in Ireland, the Netherlands, Austria and Finland.
There is no other transfer of any personal data to a third country. No international organization receives any personal data form Darwin. If a third party, like an auditor of a fund, requests for copies of documents which include investor information, Darwin will send this information to the fund manager with the request to forward it to the third party. An exception is made in the case Darwin is obliged to disclose information in accordance with the requirements of the law. Darwin makes use of the services of third parties and has entered into a processor agreement with those which qualify as a processor. Processors are subject to the same requirements as the controller in relation to keeping personal data secure as mentioned in article 32 GDPR.
Darwin has implemented appropriate technical and organizational measures to protect personal data against unintentional or unlawful loss, alteration, unauthorized disclosure or access and unlawful processing. The information Darwin received is stored for a period of seven years.
Each investor has the right to file a complaint with the Dutch supervising authority:
2509 AJ Den Haag
Phone nr. +3170 888 85 55