Institutional Only|Drovix does not deal with individual investors and does not accept deposits or provide retail trading services.

Drovix.
Data Protection

Privacy Policy

Drovix (MU) Ltd

Authorized and regulated by the Financial Services Commission (FSC) of Mauritius

Investment Dealer (Full Service Dealer) excluding Underwriting, License No. GB21026813

Registered Address: C/o SALVUS (Mauritius) Ltd, Silver Bank Tower, Ground Floor, 18 Bank Street, Cybercity, Ebene 72201, Mauritius

Website: www.drovix.com

Effective Date: March 2026 | Model: Best Execution STP

View PDFDownload PDF

1. Introduction

IMPORTANT NOTICE: Available exclusively to institutional investors, professional investors, and qualified counterparties. Not intended for retail investors.

Drovix (MU) Ltd (hereinafter referred to as "the Company", "we", "us", or "our") is an alternative asset manager specialising in systematic investing. The Company is authorized and regulated by the Financial Services Commission (FSC) of Mauritius under Investment Dealer (Full Service Dealer) excluding Underwriting, License No. GB21026813. This Privacy Policy explains how the Company collects, uses, stores, discloses, and protects personal data in compliance with the Data Protection Act 2017 of Mauritius, the Financial Intelligence and Anti-Money Laundering Act 2002 (FIAMLA), and other applicable data protection legislation. The Company is committed to protecting the privacy and confidentiality of personal data relating to its institutional clients, investors, counterparties, and other individuals whose data the Company may process.

2. Scope

This Policy applies to personal data processed in connection with the Company's activities and obtained from or relating to institutional investors, professional investors, qualified counterparties, their authorised representatives, beneficial owners, employees, consultants, and service providers, as well as through the Company's website and other interactions with the Company.

3. Definitions

For the purposes of this Policy:

  • "Data Controller" means the Company, which determines the purposes and means of processing personal data;
  • "Data Subject" means any identified or identifiable natural person whose personal data is processed by the Company;
  • "Institutional Investor" includes, without limitation, pension funds, sovereign wealth funds, endowments, foundations, insurance companies, and banks;
  • "Professional Investor" includes, without limitation, family offices, funds of funds, and high net worth individuals (HNWIs) meeting applicable criteria;
  • "Qualified Counterparty" means a counterparty classified as such under applicable law or regulation.

4. Categories of Personal Data Collected

The Company may collect and process the following categories of personal data:

4.1 Identity and Contact Information

  • Names, titles, and roles of representatives and related individuals;
  • Contact details including business and registered addresses, email addresses, and telephone numbers;
  • Government-issued identification and tax identification information where required for onboarding or compliance.

4.2 Investor Due Diligence

  • Entity type and corporate structure;
  • Ownership and control information;
  • Source of funds and source of wealth, as applicable;
  • Documents and information collected for anti-money laundering (AML), know-your-customer (KYC), and related due diligence.

4.3 Technical and Device Information

  • IP address, browser type and version, and operating system;
  • Device identifiers and, where permitted, location-related data;
  • Login activity, session information, and access logs;
  • Data collected through cookies and similar technologies.

4.4 Communications Data

  • Records of correspondence (e.g. email, messaging, calls) with the Company;
  • Enquiries, complaints, and feedback;
  • Other communications metadata necessary for relationship management and compliance.

5. How We Collect Personal Data

The Company collects personal data through the following methods:

  • Directly from investor representatives and contact persons;
  • From investing entities and their delegates in the course of onboarding, transactions, and ongoing relationship management;
  • From third parties such as administrators, referrers, identity verification providers, public registers, and sanctions or screening databases, where permitted;
  • Automatically via cookies and similar technologies when individuals use the Company's website or online services.

6. Purposes and Legal Bases for Processing

The Company processes personal data for the following purposes and on the following legal bases:

6.1 Performance of Contract

  • Establishing and managing relationships with investors, counterparties, and service providers;
  • Executing agreements and facilitating investments, redemptions, and related operations;
  • Communicating about the relationship, reporting, and operational matters.

6.2 Legal and Regulatory Compliance

  • Conducting KYC, AML, and customer due diligence, including under FIAMLA and FSC requirements;
  • Sanctions screening, politically exposed person (PEP) checks, and adverse media review where applicable;
  • Filing suspicious transaction reports (STRs) and cooperating with the Financial Intelligence Unit and other authorities;
  • Common Reporting Standard (CRS) and Foreign Account Tax Compliance Act (FATCA) and other tax information reporting;
  • Maintaining records and responding to regulators, tax authorities, and law enforcement as required by law.

6.3 Legitimate Interests

  • Fraud prevention, security monitoring, and operational risk management;
  • Internal reporting, governance, and business continuity;
  • Improving the Company's services, website, and communications, where not overridden by Data Subjects' rights;
  • Protecting the Company's legal position, including in disputes.

6.4 Consent

  • Where required by law, certain processing (including some marketing or non-essential cookies) may rely on consent, which may be withdrawn at any time without affecting processing based on other lawful grounds.

7. Disclosure of Personal Data

The Company may share personal data with the following categories of recipients, subject to appropriate safeguards and contractual or statutory requirements:

  • Affiliated companies within the Drovix group;
  • Fund administrators, custodians, and prime brokers;
  • Identity verification, AML/KYC, and screening service providers;
  • Auditors, legal counsel, and other professional advisers;
  • Regulators, tax authorities, and law enforcement, where required or permitted by law;
  • Cloud and IT service providers processing data on the Company's instructions.

The Company does not sell or rent personal data to third parties for their independent marketing purposes.

8. International Data Transfers

The Company may transfer personal data to countries outside Mauritius where necessary for the purposes described in this Policy. Where such transfers occur, the Company implements appropriate safeguards in line with applicable law, such as adequate protection decisions, standard contractual clauses, or other approved mechanisms, together with organisational and technical measures.

9. Data Retention

The Company retains personal data only for as long as necessary for the purposes set out in this Policy and applicable law, including indicative minimum periods as follows:

  • Investor identification and due diligence records: seven (7) years after the end of the relevant relationship or last activity, as required under the Financial Intelligence and Anti-Money Laundering Act 2002 (FIAMLA) and FSC regulations;
  • Transaction records: seven (7) years from the date of the transaction, in accordance with FIAMLA record-keeping obligations;
  • Communications records: five (5) years from the date of the communication, in line with the Company's internal policies and applicable regulatory expectations.

10. Security Measures

The Company implements appropriate technical and organisational measures to protect personal data, including:

  • Encryption of data in transit and at rest, using industry-accepted standards where appropriate;
  • Multi-factor authentication and strong access controls for sensitive systems;
  • Security testing, including penetration testing, and ongoing monitoring;
  • Role-based access and the principle of least privilege;
  • Staff training on data protection and information security;
  • Incident detection and response procedures for suspected or actual breaches.

11. Automated Processing

The Company may use automated tools to support screening, risk assessment, or workflow efficiency. Where a decision produces legal or similarly significant effects based solely on automated processing, Data Subjects may have rights under applicable law to obtain human review or contest the decision.

12. Data Subject Rights

Subject to applicable law, Data Subjects may have the following rights in respect of their personal data:

  • Access: to obtain confirmation of processing and, where applicable, a copy of personal data;
  • Rectification: to correct inaccurate or incomplete data;
  • Erasure: to request deletion where applicable grounds exist;
  • Restriction: to limit processing in certain circumstances;
  • Objection: to object to processing based on legitimate interests or for direct marketing, where applicable;
  • Data portability: to receive personal data in a structured, commonly used, machine-readable format, where technically feasible;
  • Withdrawal of consent: where processing is based on consent, to withdraw consent at any time (without affecting prior lawful processing).

To exercise these rights, contact the Data Protection Officer at dpo@drovix.com. The Company will respond within thirty (30) days of receipt, subject to any extensions permitted by law.

13. Children's Data

The Company's services are not directed at minors. The Company does not knowingly collect personal data from children. If such data is identified, the Company will take steps to delete it promptly where appropriate.

14. Cookies Policy

The Company may use cookies and similar technologies on its website to enable functionality, analyse traffic, and improve user experience. Users may manage cookie preferences through browser settings. Further information may be provided in a separate cookie notice on the website.

15. Policy Updates

The Company may update this Privacy Policy from time to time. Material changes will be communicated as required by law or through the Company's website. Continued engagement with the Company after updates may constitute acceptance where permitted by law.

16. Contact Information

For questions about this Privacy Policy or the processing of personal data, contact:

Data Protection Officer

Drovix (MU) Ltd

C/o SALVUS (Mauritius) Ltd, Silver Bank Tower, Ground Floor, 18 Bank Street, Cybercity, Ebene 72201, Mauritius

www.drovix.com

Drovix (MU) Ltd | Financial Services Commission (FSC) of Mauritius | License No. GB21026813