Universal Investment

Universal Investment

More search suggestions
Sprachen

Universal Investment Group’s
External Privacy Notice

To see Privacy Policies of our related entities, please click one of the links below:



1.Introduction

This data privacy notice ("Notice") is relevant for all entities of the Universal-Investment Group (“UI” or “Universal”). Universal Investment is committed to handling personal data in accordance with the EU General Data Protection Regulation (“GDPR”) and applicable national laws, including United Kingdom General Data Protection Regulation (“UK GDPR”) and Singapore Personal Data Protection Act (“PDPA”). We take the protection of your personal data very seriously. Hence, we handle your personal data confidentially.

The purpose of this notice is to inform you of the data relating to you that we may collect and use. This will depend on the type of interaction we have with you. This notice applies to all individuals, excluding our employees to whom other notice applies.

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, alteration or disclosure, aligned with our Group information security and data protection policies.

In case of any questions or concerns you can always contact our Group Data Protection Officer (“GDPO”) at gdpo@universal-investment.com.

2. Who is the controller of your personal data?

The Universal Investment Group is comprised of several legal entities.

Please note, with regard to personal data which must be collected and processed based on local laws, as well as related data necessary to manage relevant contractual relationships, the UI entity subject to such legal requirements and/or entity which is a party of such contractual relationships (as relevant), will be a controller of your personal data. This is something you will always learn when a contract is signed with you, and/or when any such requirement to process personal data is communicated. In contrast to that, other types of data normally processed in the normal course of business, including business contact details, business documents, business correspondence, etc., will be processed by all entities of the Group as joint controllers. Similarly, IT-related data, data related to security and compliance, as well as investigations, inasmuch as group-relevant, will also be processed by entities of the Group as joint controllers. All entities are responsible for compliance and work together under a joint privacy and security program adhering to the same standards. You can always contact each entity who processes your personal data or contact directly our Group Data Protection Officer. Your data will not be shared or otherwise transferred without business justification and legal basis even withing the Group. Transfers within the Group are regulated under a common intra-group contractual framework for personal data transfers. Please contact us to find out more.

For more details about specific entities please see below:

Universal- Investment-Gesellschaft mbH (UID)
Europa-Allee 92-96
D-60486 Frankfurt am Main
Germany

Universal-Investment-Gesellschaft mbH (sp. z o.o.) Poland Branch (UIP)
UI. Pawia 23
31-154 Kraków
Poland

Universal- Beteiligungs- und Servicegesellschaft mbH (UIB)
Europa-Allee 92-96
D-60486 Frankfurt am Main
Germany

Universal- Beteiligungs- und Servicegesellschaft mbH (sp. z o.o.) Poland Branch
Ul. Pawia 23
31-154 Kraków
Poland

UI Information Technologies GmbH (UIIT)
Europa-Allee 92-96
D-60486 Frankfurt am Main
Germany

Universal-Investment-Labs GmbH (UI Labs)
Europa-Allee 92-96
D-60486 Frankfurt am Main
Germany

UI BVK Kapitalverwaltungsgesellschaft mbH (UIBVK)
Europa-Allee 92-96
D-60486 Frankfurt am Main
Germany

Universal- Investment-Luxembourg S.A. (UIL)
15, rue de Flaxweiler
L-6776 Grevenmacher
Luxembourg

Universal-Investment-Luxembourg S.A., Niederlassung Frankfurt am Main
Europa-Allee 92-96
60486 Frankfurt am Main
Germany
Postal address:
Postbox 17 05 48
60079 Frankfurt am Main
Germany

UI efa S.A. (UI efa)
2, rue d'Alsace
1122 Luxembourg
Luxembourg

UI efa S.A. (Spółka Akcyjna) Oddział w Polsce
UI. Pawia 23
31-154 Kraków
Poland

UI efa S.A. – France
10 avenue Franklin Roosevelt
75008 Paris
France

UI efa Sweden Filal
United Spaces Waterfront Stockholm
Klarabergsviadukten 63
101 23 Stockholm
Sweden

Universal Investment Ireland (UII)
Spencer Dock, Kilmore, N Wall Quay,
Dublin 1, D01 YE64,
Ireland

Universal Investment Ireland (UK Branch)
3 Hill Street
London
WIJ 5LB
United Kingdom

UI FundServices APAC Pte. Ltd. (UI APAC)
9 Raffles Place
#24-01
Republic Plaza
Singapore 048619
Singapore

3. What types of personal data do we process?

We collect your data when you share it with us. This may, for instance, be information you enter into our contact form. We also may collect such data indirectly, e.g. data relating to you in connection with our relationship with you (and afterwards as set out below). 

Such data may include: 

  • contact details and communications (e.g. name, business contact information, your messages, meeting or event registrations)
  • website usage and device data, collected via cookies and similar technologies (e.g. IP address, identifiers, browser and device information, pages viewed, clicks, timestamps) , this category also includes non-personal data
  • marketing preferences and subscription data (e.g. newsletter signups, your choices)
  • career pages and applications: if you apply for a role, a dedicated applicant privacy notice applies
  • any other personal information that you provide to us or that we generate or otherwise obtain about you as part of specific business processes – such information will be subject to additional transparency measures
  • KYC and AML related data – for more information please refer to the specific notic

Additionally, while visiting our websites, our web servers temporarily log certain technical data. The following data is collected and stored until it is automatically deleted:

  • IP address of the requesting computer
  • Date and time of access
  • Name and URL of the retrieved file
  • Transferred data volume
  • Notification whether the retrieval was successful
  • Recognition data of the used browser and operating system
  • Size of the screen or browser window
  • Website (URL) from which the access was made

 

4. Purposes and legal basis

Please note, we will always undertake to process only the minimum amount of data necessary for the purpose. The actual scope of data will differ based on applicable local law, type of contractual relationship, and specific circumstances concerning process involved. 

Your personal data may be processed in particular for the following purposes:

a. responding to queries, including through contact forms, and business communication
b. managing investments and related legal requirements (including maintaining the register of shareholders or beneficial owners)
c. maintaining business relationships
d. marketing purposes, subject to your preferences
e. complying with our regulatory, fiscal, tax information reporting, anti-trust, anti
f. money laundering and terrorist financing and other legal, regulatory and contractual obligations, including related audits
g. internal administration
h. legal claims 

We only process your personal data when we have a lawful ground to do so.  Depending on the business contact we have with you, the legal bases on which we collect and process your personal data in the manner described above are:

  • for the fulfilment of contractual obligations or taking steps prior to entering into a contract, including the enforcement of contractual rights, processing of claims, participation in events, etc. This is justified pursuant to Art. 6 (1) (b) General Data Protection Regulation (GDPR).
  • to comply with legal obligations, e.g. tax, accounting or administrative obligations. This is justified in accordance with Art. 6 (1) (c) GDPR.
  • to safeguard legitimate interests in accordance with Art. 6 (1) (f) GDPR, which we have weighed up against your interests, rights and freedoms, including:
    • Managing, maintaining and assessing the business relationship with you or the company you work for
    • Communication with you, processing of enquiries and orders, naming of contact persons
    • Information and marketing purposes in the sense of maintaining contacts, providing news and information, organising events, market research and analysis
    • Improvement of our services
    • Organising, securing and improving our business processes
    • Prevention of legal offences

 

5. Necessity of provision of certain information and consequences

We will inform you when you are obliged to provide the personal data and of the possible consequences of failure to provide such data (in most cases this will result in inability to sign a contract, and/or to comply with legal requirements, but sometimes it can impact also your daily work), if provision of data is voluntary, this will also be made clear unless it is already clear from the circumstances (in such case you will face no negative consequences from our side if you refuse to provide such data).

6. Sources of personal data

  • as a rule, the data is collected directly from you, when you provide information via forms, email, telephone or during events
  • automatically collected for IT-related data
  • other companies and vendors
  • competent authorities, where relevant
  • furthermore, in certain cases we may use data from publicly accessible sources (e.g. associations, commercial registers, websites)

7. Recipients of personal data

We may disclose your information to external recipients in connection with the above purposes, including:

  • our affiliates and external parties who we engage to provide services or benefits to us or to you, such as professional advisers, auditors, insurers and outsourced service
  • competent regulatory authorities, courts, where required by law or to protect our rights
  • banks and other financial institutions
  • legal and professional advisors as well as internal and external auditors
  • IT services providers

8. Data transfers outside EEA

Depending on our relationship with you, your personal data may be transferred within the regional and global structure of Universal-Investment, i.e. within all existing entities, as well as to service providers and external parties listed above. 

This may involve the transfer of such data to countries outside the European Economic Area (UK and Singapore). The transfer of data outside the EEA/EU will be carried out in accordance with applicable security regulations.  Transfers to other countries outside the EEA may also take place to countries where UI has no entity but cooperates with service providers, stakeholders, etc.

In the case of countries which, according to the GDPR, do not provide an adequate level of data protection (regardless of whether these entities are separate controllers or processors), will be secured by additional contractual provisions, including, among others, standard data protection clauses adopted by the European Commission or binding corporate rules constituting appropriate safeguards within the meaning of the GDPR and any other applicable regulations including United Kingdom General Data Protection Regulation and Singapore Personal Data Protection Act, as well as by appropriate technical and organizational measures. 

Please contact us for more information regarding safeguards we implement and to obtain copies of them. 

Please also check here for more details regarding Standard Contractual Clauses (SCC) - European Commission.

9. Retention of personal data

We will keep and process your personal data only for as long as necessary for the purposes for which it was collected, unless there is a legal requirement or obligation to keep your personal data for a longer period. Our goal is to store your personal data for the shortest period possible. Please note that personal data will be securely deleted or anonymised after the relevant retention period has expired.

In the case of data processed on the basis of the consent and depending of our relationship with you, personal data will be processed and stored until consent is effectively withdrawn by a data subject (which will not affect the lawfulness of processing based on consent before its withdrawal and in this respect).

Please contact us for more details regarding specific retention periods.

10. Your rights as a data subject

Under applicable data protection laws, in particular the GDPR, but also laws specific to the jurisdiction covering entities of the Universal Investment Group, including Singapore's Personal Data Protection Act, the United Kingdom General Data Protection Regulation, and under the conditions specified therein, you have the following rights, in certain circumstances and subject to certain restrictions, in relation to your personal data:

  • to be informed what kind of your data we do process or store about you
  • to access your personal data and/or demand the copy of these data
  •  to request that your personal data be rectified or erased
  • to request that the processing of your personal data will be restricted
  • to object to the processing of your personal data (in case we process data based on legitimate interests) on grounds relating to your particular situation
  • to not be subject to a decision based solely on automated processing
  • to data portability – means receiving the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, however it has to be possible technically and legally
  • to withdraw your consent for processing your personal data at any time (without affecting the lawfulness of processing based on consent before its withdrawal)
  • to lodge a complaint to the supervisory authorities (in particular in the state of your habitual residence, place of work or place of the alleged infringement). However depending on the jurisdiction we base, this might be:

For Germany
Der Hessische Beauftragte für Datenschutz und Informationsfreiheit (HBDI)
Gustav-Stresemann-Ring 1,
65189 Wiesbaden
Deutschland
https://www.datenschutz.hessen.de/

For Poland
Urząd Ochrony Danych Osobowych (UODO)
Stanisława Moniuszki 1A,
00-014 Warszawa
Polska
https://www.uodo.gov.pl/

For Luxembourg
Commission nationale pour la protection des données (CNPD)
15, Boulevard du Jazz,
L-4370Belvaux
Luxembourg
https://cnpd.public.lu/fr.html

For Ireland
Data Protection Commission
6 Pembroke Row
Dublin 2, D02 X963
Ireland
https://www.dataprotection.ie/en

For Sweden
Integritetsskyddsmyndigheten (IMY)
Fleminggatan 14, 7th Floor,
Stockholm
with a mailing address of
Box 8114,
104 20 Stockholm,
Sweden
https://www.imy.se/

For France
Commission nationale de l'informatique et des libertés (CNIL)
3 Place de Fontenoy,
75007 Paris,
France
(mailing: TSA 80715 - 75334 Paris CEDEX 07)
https://www.cnil.fr/fr

For the United Kingdom
The Information Commissioner's Office (ICO)
Wycliffe House, Water Lane, Wilmslow,
Cheshire, SK9 5AF
United Kingdom
https://ico.org.uk/

For Singapore
Personal Data Protection Commission
10 Pasir Panjang Road,
#03-01 Mapletree Business City
Singapore117438
Singapore
https://www.pdpc.gov.sg/

Please check here for more details about applicable rights as per the GDPR: https://www.edpb.europa.eu/sme-data-protection-guide/respect-individuals-rights_en; https://www.edpb.europa.eu/sme-data-protection-guide/respect-individuals-rights_en#toc12.

11. Contact details

If you have any queries or complaints regarding handling of your personal data by Universal-Investment-Group or specific entity or questions related to your individual rights, please contact the Group Data Protection Officer sending an e-mail to gdpo@universal-investment.com or by post:

Group Data Protection Officer
Europa-Allee 92-96,
60486 Frankfurt am Main,
Germany

Contact details of specific UI entities, can be found here Data Privacy | Universal Investment or at the beginning of this notice ( Please refer to point “2. Who is the controller of your personal data?”)

12. Children’s privacy

Our websites are not directed to children and we do not knowingly collect personal data from them.

If you believe a child has provided personal data to us, please contact the Group Data Protection Officer immediately so that we can take appropriate action.

13. Automated Decision‑Making

Your internet browser automatically transmits some data to our web server when accessing our website. This data is processed for the purpose of enabling the use of the website (establishing a connection), system security, technical administration of the network infrastructure, and optimizing the internet offering. The IP address is only stored temporarily. Personal user profiles are not created.

Apart from that, we do not use personal data for automated decision‑making that produces legal or similarly significant effects, unless required by law and with appropriate safeguards.

14. Cookies and similar technologies

This website is using cookies, which are stored on your device when you use this website. Cookies are only used to store data for technical session control in the memory of your browser and relevant content based on your individual needs.

This applies when storing and retrieving information is essential for providing explicitly requested content and functions. This includes storing settings and ensuring the functionality and security of our online services. Consent can be revoked at any time. We provide clear information about the scope of consent and which cookies are used.

You can manage your preferences at any time via our cookie banner (e.g. Strictly Necessary, Functional, Analytics, Advertising). For details, please refer to our Cookie Banner.

15. Version and changes to the notice

We may update this Privacy Notice from time to time. Any amendments or changes we may make to this Notice in the future will be available on this website.

Please check frequently for updates or changes to our Privacy Notice. We also encourage you to revisit this website from time to time.

The most recent version: April 2026

To top