Data Protection Policy
Our commitments towards you, our clients, are as follows:
your personal data
Personal data security is among our top priorities.
We make use of protective measures such as firewalls and encryption to secure your personal data.
WE DO NOT SELL
your personal data
We may possibly transfer your personal data to our service providers in order to offer you the most suitable products and services. The data will be used exclusively for the purposes agreed to and previously approved, and not for commercial purposes.
your data to improve our products and services
We make use of your personal data to continually improve our services and offer you more suitable investment products.
- the personal data we collect and use;
- the way in which we collect, use and transfer personal data within our company and with our business partners;
- your rights over the personal data we hold about you;
- how you can contact us if you have any questions about data confidentiality.
We may amend this Data Protection Policy to keep it up to date depending on the latest regulatory and legal requirements, any changes to the way we conduct our activities, or if requested to do so by our regulatory authority. We will always keep you informed of any material changes to the way we use your personal data if the process subsequently differs from that explained to you when we first collected your personal data.
This is important information and we have endeavoured to make it easier to comprehend.
Ofi Invest Asset Management
Ofi Invest Asset Management is part of the Aéma Groupe. The terms “us”, “we” or “our” refer to Ofi Invest Asset Management.
You may find more information about companies within the Aéma Groupe by visiting the following website: https://aemagroupe.fr/.
What kinds of personal data do we collect and use?
SECTION A applies to all the personal data we collect and use:
- the personal data we collect;
- the personal data that is collected via intermediaries and third parties;
- the transfer of data to organisations with which we work;
- other organisations with which we work;
- how this personal data is used to improve our products and services.
The personal data that we collect
We collect only the personal data that we need. If you choose not to provide the information that we need, we may not be able to accomplish our tasks in full, and that could have an impact on the service or product that we provide to you.
We collect personal data when you contact us through one of our off-line channels (e.g., request forms, telephone and e-mail) or when you use our website or any other online services that we make available to you.
Apart from managing our financial and investment products, we also collect personal data in the course of carrying out other activities, for example, if you:
- work with us as a supplier or service provider;
- take part in our request for proposal (RFP) process to bid on new projects;
- visit one of our offices or register to attend event that we organise or sponsor;
- are presented by third parties for legitimate marketing needs; or
- take part in a competition that we organise or sponsor.
We may also have occasion to request these personal data from persons authorised to act in your name.
Although most personal data that we collect cover the person subscribing to a product (or persons subscribing jointly), we may need to obtain information on third parties.
Some current examples:
- we may need to collect personal data from third parties authorised to act on behalf of a client. These could be an attorney or (in the case of a legal entity) other persons who work for this investor or who are otherwise authorised to represent the investor in any manner whatsoever;
- for property investments, we collect information on the owner of the property that we plan to acquire, particularly for the purpose of meeting our obligations in the area of combatting money laundering; we also collect data on the person(s) to whom this property is rented or who lives at the property (or, when the tenant is an organisation, on the key members of said organisation, such as its board directors or partners);
- when we make financial products available to a borrower, we may have to collect personal data on them. When financial products are made available to an organisation, we may have to collect data of a personal nature on the key members of said organisation, such as its directors, shareholders, partners and/or beneficial owners, as well as information on its managing partners, where applicable;
- when we establish relations with suppliers, it is also possible that we will collect personal data on their directors, shareholders and/or beneficial owners, as well as information on its managing partners, where applicable.
If you provide data of a personal nature on a third party, you must notify said third party formally and make sure that said third party is satisfied with the data provided to our company.
We treat such personal data in accordance with this Data Protection Policy. We therefore ask you to encourage the persons concerned to read this Policy if they wish to know more.
Personal data collected through intermediaries and third parties
Many clients invest in our products through a financial advisor or one of our distribution partners and, in doing so, they may provide us with personal data on this client. Other third parties (attorneys, fiduciaries, family members, etc.) may also disclose to us data of a personal nature. It is their responsibility to notify the person whose data are being shared that such data is being provided to us and to request their permission, if necessary.
Depending on the product, we may also disclose your data of a personal nature to the financial advisor who helped you to invest in our products or who is a stakeholder in your investment.
Transfer of data to organisations with which we work
We sometimes transfer data of a personal nature to trusted third parties who work with us in distributing our products and services, or to meet our legal and regulatory obligations, in particular:
- distribution partners and transfer agents who help us organise and administer our products;
- the attorneys and professional service firms who help us conduct due diligence in organising our products and who provide us with legal support regarding our products or in the event of litigation;
- suppliers of internal and external services, who support our information systems, real-estate management, marketing or other operating processes;
- fraud-prevention bodies to make checks of identity, detect and prevent fraud and combat financial crime;
- regulatory bodies that govern the manner in which we conduct our operations;
- investment exchanges, settlement systems and banks, clearinghouses and central counterparties? and securities custodians;
- providers of banking services, suppliers of systems and payment processing services, messaging services and correspondent services;
- suppliers of data and information pertaining to prices of units, securities and investments, exchange rates, interest rates and corporate actions, data on revenue and income and credit ratings.
To find out more about the transfer of your personal data, you may contact us through the procedures presented in this policy.
Use of these personal data to improve our products and services
We collect information through cookies and other similar technologies (for example, web beacons or links) when you visit our website. These tools are used either by ourselves or by third-party service suppliers, or by both at the same time, in order to improve our products and services, as well as their operations and performances, but also to make advertising more relevant. For example, we use some of these tools so you will not have to input your details each time you visit our website. This allows us to offer our services in the language you prefer.
We may also collect information on your use of other websites in order to provide advertising that, in our view, could be relevant to you, as well as to improve our own products and services, not to mention the operations and performances of our site Internet.
SECTION B applies to specific groups of products and offers a more in-depth description of the personal data we collect and use.
- When you invest directly in one of our products as a retail client.
- When you invest in one of our products as an institutional or wholesale client.
- When you interact with us as a broker or financial adviser.
When you invest directly in our product as an individual
In this case, we collect your details, data pertaining to your identity and payment details. We need such information to organise and administer your investment and your account with our company. We also need such information to verify your identity and prevent fraud. We collect such information when you request us to do so by filling out and submitting the form that can be downloaded from our website or emailed upon request.
Depending on the type of investment that you wish to make, we may need additional data, such as the origin of the assets or funds, so that we are in compliance with regulatory anti-money laundering controls. Administering your investment product requires providing you with constant service, accompanying you when you wish to make additional investments, making changes to our current investments or replying to any questions you may have regarding your existing investments. Please keep in mind that we do not collect, use, or transfer information pertaining to clients of the investment platform. Investment suppliers and platforms are responsible for processing all data of a personal nature that you submit. If you are a client with one of these suppliers or platforms, please refer to their Data Protection Policy or any equivalent document.
This involves disclosing your data of a personal nature to credit agencies that conduct research on you on our behalf. We work with fraud-prevention bodies and reputable credit agencies to detect and prevent fraudulent practices and combat financial crime, in order to comply with our regulatory responsibilities. To find out more, refer to the section on credit agencies and fraud-prevention bodies.
When you invest in our product as an institutional or wholesale client
On this case, we collect identity details and data on attorneys, board directors, partners, authorised signatories, beneficial owners and other relevant contacts within your organisation who are authorised to represent you, in order to establish a relationship with you. We also collect information on your organisation, such as its commercial name, its employee headcount and the nature of its business. We collect such information in order to manage your investment product. We also use such information to conduct KYC (Know Your Customer) checks required by anti-money-laundering (AML) regulatory inspections and to prevent fraud.
This entails disclosing data of a personal nature provided to credit agencies that conduct research on our behalf. We work with fraud-prevention bodies and reputable credit agencies to detect and prevent fraudulent practices and to combat financial crime in order to comply with our regulatory responsibilities. To find out more, refer to the sector regarding credit agencies and fraud-prevention bodies.
When you interact with us as a broker or financial advisor
In this case, we collect identity details, data, and professional information from you and key members of your organisation. We do so whenever any account is opened by an advisor or broker, in order to continue to operate said account, and to organise and manage your client’s investments. To conduct KYC (Know Your Customer) checks required by anti-money-laundering (AML) regulatory inspections and to prevent any fraud, we check your identity as a broker or financial advisor and the identity of key members of your organisation, such as board directors and/or partners. In the course of our contacts, you may be required to provide data of a personal nature that you present to us. It is your responsibility: (ii) to collect such information in a legal manner; and (ii) to ensure that the disclosure of such data of a personal nature is authorised.
We use the personal and professional data that you have provided, as well as information that we have obtained from other sources, such as credit agencies. This entails the disclosure of data of a personal nature provided to the credit agencies that conduct research on our behalf. We work with fraud-prevention bodies and reputable credit agencies to detect and prevent fraudulent practices and combat financial crime, in order to comply with our regulatory responsibilities. To find out more, refer to the section on credit agencies and fraud-prevention bodies.
How we collect, use and transfer personal data
We undertake to respect and protect your personal data in accordance with the General Data Protection Regulation (also known as the “GDPR”) - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 - and the Loi Informatique et Libertés (France’s Information Technology, Data Files and Civil Liberties Act) of 1978 as amended.
What legal framework applies to the processing of personal data?
We use your personal data only if permitted to do so by regulation or law (according to the legal framework established by these regulations or laws). In accordance with current regulations, our company has compiled a register of processing activities in order to record the data processing we carry out and manage the use we make of your data. We may process your personal data without informing you or without your consent if so required or authorised by regulation or law. We will use your personal data most often in the following circumstances and for the following purposes:
- When we need to execute a contract to which you are a party (“contractual necessity”).
- When we need to comply with a legal or regulatory obligation (“compliance with legal obligations”) to verify your identity, help detect and prevent fraud, and combat financial crime.
- When we need to comply with the Anti-Money Laundering Directive (AMLD), which specifies that the prevention of money laundering and terrorist financing must be considered to be a matter of public interest.
- When it is in our legitimate interests. Before processing your personal data for our legitimate interests, we make sure to take into consideration and weigh out any potential impact (be it positive or negative) this may have on you and your rights.
- When we have your consent to process the data (“consent”).
Whatever the circumstances surrounding the collection of your data, it is in any event collected under circumstances that comply with current regulations. Should you require any further explanations, please contact us by sending your request to our company’s Data Protection Officer at the following e-mail address: email@example.com and/or by post for the attention of the Data Protection Officer, 22 rue Vernier, 75017 Paris, France.
Credit agencies, fraud prevention bodies and regulations
We may transfer your data to credit agencies and fraud prevention bodies to help us detect and prevent fraud, tackle financial crime and fulfil our regulatory duties. We may also transfer your data and carry out searches alongside third-party organisations such as the police or other public bodies. This is a necessary part of the process of assessing solvency (including financial accessibility) and product suitability, verifying your identity, managing your account, monitoring debtors and beneficiaries, and preventing criminal activity. Should you provide us with false or inaccurate information, and should we suspect fraud, we will record the matter in order to prevent any other instances of fraud and any form of money laundering.
Some of our controls may involve verifying public registers, conducting online searches via websites, social media and other information-sharing platforms, and making use of the databases run by credit agencies and other reputable organisations. We can provide you with more details about the organisations and databases we have access to or to which we contribute, and about the way in which this information may be used.
Marketing and marketing preferences
We may use your personal data in order to send you direct marketing material about our products and related services if we believe they may be of interest to you.
In the interests of protecting the right to privacy and enabling clients to exercise control over the use of their personal data, you may ask us to cease direct marketing at any time. All our marketing communications include unsubscribe links that will help you to manage your marketing settings.
Declining one form of marketing, for instance by e-mail or by telephone, does not unsubscribe you from all forms of marketing. Please take this into consideration when selecting your preferences.
We advise you to consult the Data Protection Policy and preference settings available on all the social media platforms you use on a regular basis as they will determine the way in which advertising and other marketing communications are displayed and shared on these platforms.
How we secure your personal data
We undertake to protect your personal data. We take appropriate organisational and technical security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised manner or otherwise altered or disclosed.
We limit access to your personal data to those employees and other third parties who have a business need to know. They are all subject to a contractual confidentiality obligation.
We have procedures in place to handle any real or suspected breaches of personal data; they include notifying the Commission Nationale de l’Informatique et des Libertés (CNIL), the local authority responsible for supervising personal data protection, if necessary.
Personal data archiving in our systems
We generally retain personal data only as long as reasonably required for the purposes described in this Data Protection Policy. We will archive certain files relating to your transactions, which may include personal data, for a longer period of time if we need to do so for legal, regulatory, fiscal or accounting reasons. For instance, we are required to keep a precise register of transactions so that we can respond to any claims or requests that you or another party may make subsequently. We will also retain files if we reasonably believe there is a prospect of litigation. We have a file retention policy including clear directives on data deletion to help us manage the length of time we retain your data and store our archives.
Transferring and disclosing personal data
Some of the organisations we transfer data to may be outside your country, state or province, or in a different jurisdiction, where data protection laws may differ from those applicable in your own jurisdiction.
Entities within the Aéma Groupe undertake to ensure that your personal data receives adequate and consistent protection wherever it is transferred to within our Group.
In cases where we transfer your data outside the Aéma Groupe or to other service providers, we secure contractual commitments and assurances from them to protect your personal data.
We transfer personal data only to countries that are known to offer adequate legal protection or if we can be sure that there are other provisions in place to guarantee the protection of your right to privacy.
Your personal data could be transferred if we were to be involved in a merger, acquisition or asset disposal. In such a case, we would keep you informed before your personal data was transferred and governed by a different Data Protection Policy.
In certain circumstances, we may be required to disclose your personal data by regulation or law in response to a legitimate request from a legitimate authority (such as a court of law or government body).
You are entitled to ask us for more information about the protective measures we have in place as mentioned above.
Under current regulations, you have various rights over your personal data including the right of access, rectification and erasure of your personal data, but also the following rights over how your data is processed: the right to restriction of processing, the right to object to processing, and the right to portability of your data.
You are also entitled to contact us about your personal data if you wish to know:
- how we use it;
- who we send it to;
- if we transfer it overseas;
- how we protect it;
- how long we retain it;
- how we obtained it;
- if we have made use of automated decision-making with the help of your personal data.
We may require proof of identity if you make a request to exercise any of these rights in order to ensure that we are disclosing the information to or modifying the account details of the right person.
Find below your rights in terms of personal data:
To access your personal data
You may ask us to:
- confirm whether we hold and use your personal data;
- provide you with a copy of your personal data.
To rectify or erase your personal data
Please inform us of any changes to your personal details: it is important that the data we have about you is accurate and up to date. You may ask us to:
- rectify any incorrect data about you;
- erase your personal data if you believe we no longer need to use it for the purposes for which we initially obtained it from you;
- erase your personal data if you have withdrawn your consent for this data to be used, if you have exercised your right to object to the legitimate use of your data, if we have used it unlawfully, or if we are subject to a legal or regulatory obligation to erase your personal data.
We may not always be able to grant your request, for example if we need to continue using your personal data in order to fulfil a legal or regulatory obligation or if we need to use your personal data in the event of litigation.
To restrict the use made of your personal data or object to the way in which we use it
You may ask us to restrict the use we make of your personal data in certain circumstances, for example if:
- you consider an item of data to be inaccurate and believe we should verify it;
- an item of data is no longer required for the purposes for which it was collected but may be necessary in the event of litigation; or
- you have objected to the use we make of your personal data but we have yet to verify whether we still need to use it for other purposes.
You may object to any use of your personal data if you believe that your fundamental freedoms and rights to data protection prevail over our legitimate interests in using the data. If you submit an objection, we may still continue to use your personal data if we are able to demonstrate that we have overriding legitimate grounds for using the data.
To request a copy of your personal data
You may ask us to provide you with a copy of your personal data in a structured, commonly used and machine-readable format, or you may ask us to have it transferred directly to another data controller (for example, another company). You may exercise this right only if we use your personal data for the purposes of a contract we have with you, or if we have asked for your consent to use your personal data. This right does not apply to the personal data we hold or process for our legitimate interests, or that we do not retain in digital format.
To withdraw your consent
Subject to certain legal and contractual restrictions and a reasonable notice period, you may contact us in order to object to the processing of your personal data or withdraw your consent at any time (for example, with regard to direct marketing or cookies). We will inform you if your withdrawal of consent might affect our ability to meet your needs.
How to contact us
Please contact our Data Protection Officer if you have any questions about this Data Protection Policy or about how you can exercise your rights.
- By e-mail: firstname.lastname@example.org
- By post: for the attention of the Data Protection Officer, Ofi Invest Asset Management, 22 rue Vernier, 75017 Paris, France
If you are dissatisfied with the way in which we manage your personal data, our Data Protection Officer will endeavour to resolve any issues with you directly.
We do our utmost to respond to all valid requests within a month. However, we may take longer than a month if the request is a particularly complex one; we will inform you if this is the case. To process your request in a prompt manner, we may ask you to provide more details about your expectations or concerns.
Should any difficulties arise, or should you be dissatisfied with our response, you are entitled to file a complaint with the Commission Nationale de l’Informatique et des Libertés (CNIL), the local authority responsible for supervising personal data protection:
- By post: CNIL- 3 place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07
- Online on the CNIL website: www.cnil.fr