Data Protection Policy
Our commitments towards you, our clients, are as follows:
your personal data
Personal data security is among our top priorities.
We make use of protective measures such as firewalls and encryption to secure your personal data.
WE DO NOT SELL
your personal data
We may possibly transfer your personal data to our service providers in order to offer you the most suitable products and services. The data will be used exclusively for the purposes agreed to and previously approved, and not for commercial purposes.
your data to improve our products and services
We make use of your personal data to continually improve our services and offer you more suitable investment products.
- the personal data we collect and use;
- the way in which we collect, use and transfer personal data within our company and with our business partners;
- your rights over the personal data we hold about you;
- how you can contact us if you have any questions about data confidentiality.
We may amend this Data Protection Policy to keep it up to date depending on the latest regulatory and legal requirements, any changes to the way we conduct our activities, or if requested to do so by our regulatory authority. We will always keep you informed of any material changes to the way we use your personal data if the process subsequently differs from that explained to you when we first collected your personal data.
This is important information and we have endeavoured to make it easier to comprehend.
What kinds of personal data do we collect and use?
How we collect, use and transfer personal data
We undertake to respect and protect your personal data in accordance with the General Data Protection Regulation (also known as the “GDPR”) - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 - and the Loi Informatique et Libertés (France’s Information Technology, Data Files and Civil Liberties Act) of 1978 as amended.
What legal framework applies to the processing of personal data?
We use your personal data only if permitted to do so by regulation or law (according to the legal framework established by these regulations or laws). In accordance with current regulations, our company has compiled a register of processing activities in order to record the data processing we carry out and manage the use we make of your data. We may process your personal data without informing you or without your consent if so required or authorised by regulation or law. We will use your personal data most often in the following circumstances and for the following purposes:
- When we need to execute a contract to which you are a party (“contractual necessity”).
- When we need to comply with a legal or regulatory obligation (“compliance with legal obligations”) to verify your identity, help detect and prevent fraud, and combat financial crime.
- When we need to comply with the Anti-Money Laundering Directive (AMLD), which specifies that the prevention of money laundering and terrorist financing must be considered to be a matter of public interest.
- When it is in our legitimate interests. Before processing your personal data for our legitimate interests, we make sure to take into consideration and weigh out any potential impact (be it positive or negative) this may have on you and your rights.
- When we have your consent to process the data (“consent”).
Whatever the circumstances surrounding the collection of your data, it is in any event collected under circumstances that comply with current regulations. Should you require any further explanations, please contact us by sending your request to our company’s Data Protection Officer at the following e-mail address: firstname.lastname@example.org and/or by post for the attention of the Data Protection Officer, 22 rue Vernier, 75017 Paris, France.
Credit agencies, fraud prevention bodies and regulations
We may transfer your data to credit agencies and fraud prevention bodies to help us detect and prevent fraud, tackle financial crime and fulfil our regulatory duties. We may also transfer your data and carry out searches alongside third-party organisations such as the police or other public bodies. This is a necessary part of the process of assessing solvency (including financial accessibility) and product suitability, verifying your identity, managing your account, monitoring debtors and beneficiaries, and preventing criminal activity. Should you provide us with false or inaccurate information, and should we suspect fraud, we will record the matter in order to prevent any other instances of fraud and any form of money laundering.
Some of our controls may involve verifying public registers, conducting online searches via websites, social media and other information-sharing platforms, and making use of the databases run by credit agencies and other reputable organisations. We can provide you with more details about the organisations and databases we have access to or to which we contribute, and about the way in which this information may be used.
Marketing and marketing preferences
We may use your personal data in order to send you direct marketing material about our products and related services if we believe they may be of interest to you.
In the interests of protecting the right to privacy and enabling clients to exercise control over the use of their personal data, you may ask us to cease direct marketing at any time. All our marketing communications include unsubscribe links that will help you to manage your marketing settings.
Declining one form of marketing, for instance by e-mail or by telephone, does not unsubscribe you from all forms of marketing. Please take this into consideration when selecting your preferences.
We advise you to consult the Data Protection Policy and preference settings available on all the social media platforms you use on a regular basis as they will determine the way in which advertising and other marketing communications are displayed and shared on these platforms.
How we secure your personal data
We undertake to protect your personal data. We take appropriate organisational and technical security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised manner or otherwise altered or disclosed.
We limit access to your personal data to those employees and other third parties who have a business need to know. They are all subject to a contractual confidentiality obligation.
We have procedures in place to handle any real or suspected breaches of personal data; they include notifying the Commission Nationale de l’Informatique et des Libertés (CNIL), the local authority responsible for supervising personal data protection, if necessary.
Personal data archiving in our systems
We generally retain personal data only as long as reasonably required for the purposes described in this Data Protection Policy. We will archive certain files relating to your transactions, which may include personal data, for a longer period of time if we need to do so for legal, regulatory, fiscal or accounting reasons. For instance, we are required to keep a precise register of transactions so that we can respond to any claims or requests that you or another party may make subsequently. We will also retain files if we reasonably believe there is a prospect of litigation. We have a file retention policy including clear directives on data deletion to help us manage the length of time we retain your data and store our archives.
Transferring and disclosing personal data
Some of the organisations we transfer data to may be outside your country, state or province, or in a different jurisdiction, where data protection laws may differ from those applicable in your own jurisdiction.
Entities within the Aéma Groupe undertake to ensure that your personal data receives adequate and consistent protection wherever it is transferred to within our Group.
In cases where we transfer your data outside the Aéma Groupe or to other service providers, we secure contractual commitments and assurances from them to protect your personal data.
We transfer personal data only to countries that are known to offer adequate legal protection or if we can be sure that there are other provisions in place to guarantee the protection of your right to privacy.
Your personal data could be transferred if we were to be involved in a merger, acquisition or asset disposal. In such a case, we would keep you informed before your personal data was transferred and governed by a different Data Protection Policy.
In certain circumstances, we may be required to disclose your personal data by regulation or law in response to a legitimate request from a legitimate authority (such as a court of law or government body).
You are entitled to ask us for more information about the protective measures we have in place as mentioned above.
Under current regulations, you have various rights over your personal data including the right of access, rectification and erasure of your personal data, but also the following rights over how your data is processed: the right to restriction of processing, the right to object to processing, and the right to portability of your data.
You are also entitled to contact us about your personal data if you wish to know:
- how we use it;
- who we send it to;
- if we transfer it overseas;
- how we protect it;
- how long we retain it;
- how we obtained it;
- if we have made use of automated decision-making with the help of your personal data.
We may require proof of identity if you make a request to exercise any of these rights in order to ensure that we are disclosing the information to or modifying the account details of the right person.
How to contact us
Please contact our Data Protection Officer if you have any questions about this Data Protection Policy or about how you can exercise your rights.
- By e-mail: email@example.com
- By post: for the attention of the Data Protection Officer, Ofi Invest Asset Management, 22 rue Vernier, 75017 Paris, France
If you are dissatisfied with the way in which we manage your personal data, our Data Protection Officer will endeavour to resolve any issues with you directly.
We do our utmost to respond to all valid requests within a month. However, we may take longer than a month if the request is a particularly complex one; we will inform you if this is the case. To process your request in a prompt manner, we may ask you to provide more details about your expectations or concerns.
Should any difficulties arise, or should you be dissatisfied with our response, you are entitled to file a complaint with the Commission Nationale de l’Informatique et des Libertés (CNIL), the local authority responsible for supervising personal data protection:
- By post: CNIL- 3 place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07
- Online on the CNIL website: www.cnil.fr