IFM Privacy Notice
On 25 May 2018, the new General Data Protection Regulation (GDPR) takes effect driving to significant changes to privacy laws in the EU. It gives you more control over how your personal information is used and enables you to check and update the information we, and other organisations we work with, hold about your personal data.
1. What does this Privacy Notice cover?
This privacy notice (the “Policy”) contains information on what personal data Inter Fund Management S.A. (“IFM”, “we”, “our” or “us”) and any affiliated companies collect(s) on its business relationships, counterparties, third-party providers.
This Data Privacy Notice describes how we collect, use and process your personal data, and how we comply with our legal obligations to you. It also includes information about your data protection rights and obligations.
Personal data will be processed in compliance with European data protection legislation (including the EU Data Protection Directive (35/46/EC), the EU General Data Protection Regulation (Regulation (EU) 2016/679) and any other EU or national legislation which implements or supplements the foregoing). “Personal data”, “Processor”, and “Controller” have the meanings given in the applicable data protection laws.
2. What type of personal data do we collect and how we collect them?
We will collect the contact details of individuals at your organisation in order to ensure our relationship runs smoothly, this includes personal data you provide when we on-board with you and request or engage with us in connection with our businesses. The personal data you give us may include your name, address, e-mail address, phone number, financial information and identification documents. We may also hold extra information that someone in your organisation has chosen to tell us.
In certain circumstances, calls with you may be recorded, depending on the applicable local laws and requirements.
In some cases, the personal data we collect from you is needed to meet our legal or regulatory obligations or to perform our obligations under a contract with you (or enter into that contract).
IFM may also collect personal data indirectly from third parties, publicly available sources or other sources, generally by way of due diligence or by analysing online and/or offline public information, which we may do ourselves, or employ other organisations to do for us. We will never collect any unnecessary data from you.
Personal information we collect automatically - to the extent that you access our website or read or click on an email from us, where appropriate and in accordance with any local laws and requirements, we may also collect your data automatically or through you providing it to us.
3. Legal basis and purposes of the processing
We are not allowed to process personal data if we do not have a valid legal ground. Therefore, we will only process personal data if:
- The processing is necessary to perform our contractual obligations towards or to take pre-contractual steps on the request of the data subject;
- The processing is necessary to comply with legal or regulatory obligations to which we are subject to;
- The processing is necessary for the legitimate interests of IFM and does not unduly affect your interests or fundamental rights and freedoms. Please note that, when processing your personal data on this basis, we always seek to maintain a balance between our legitimate interest and your privacy (e.g. to benefit from cost-effective services; to prevent fraud or criminal activity, misuses of our services/assets as well as the security of our IT systems, architecture and networks; or to meet our corporate and social responsibility objectives)
To the extent that we process any special categories of data relating to you, we will do so because:
- The processing is necessary to carry out our legal or contractual obligations;
- The processing is necessary for the establishment, exercise or defence of a legal claim.
4. How do we protect personal data?
All personnel accessing personal data must comply with the internal rules and processes in relation to the processing of personal data to protect them and ensure their confidentiality. They are also required to follow all technical and organisational security measures put in place to protect the personal data.
We have also implemented adequate technical and organisational measures to protect personal data against unauthorised, accidental or unlawful destruction, loss, alteration, misuse, disclosure or access and against all other unlawful forms of processing.
5. Transfer of your personal data
We may transfer personal data internally at IFM and to other affiliated companies to which we belong to. Such other companies will either act as another controller under this notice or will only process personal data on behalf and upon request of IFM.
We may also transfer personal data to third parties outside IFM to complete the purposes listed in Section 3 above, to the extent they need it to carry out the instructions we have given to them. Such third parties may include:
- Third parties who process personal data, such as our (IT) systems providers, database providers, consultants and third parties who carry out services to us;
- Any national and/or international regulatory, enforcement or exchange body or court where we are required to do so by applicable law or regulation or at their request; and
- Any central or local government department and other statutory or public bodies.
The third parties mentioned above have entered into an agreement with IFM to keep personal data secure.
The personal data transferred within or outside IFM may also be processed in a country outside the European Economic Area (the “EEA”) while non-EEA countries may not offer the same level of personal data protection as EEA countries.
If your personal data is transferred outside the EEA, we will put in place suitable safeguards to ensure that such transfers is carried out in compliance with the applicable data protection rules. You may request additional information in this respect and obtain a copy of the relevant safeguard by exercising your rights as set out below.
6. How long do we store your data?
We will only retain personal data for as long as necessary to fulfil the purpose for which it was collected or to comply with legal, regulatory or internal policy requirements. The period of retention will depend on the type of data, our legitimate business needs and other legal or regulatory rules that may require us to retain this data for a minimum time period. There may also be legal, regulatory or risk-management requirements to retain data, including where relevant to any potential litigations.
7. Your rights
Individuals whose personal data is processed by IFM have certain legal rights in respect of the information. These include:
- request the erasure of your personal data;
- request the restriction of the processing of your personal data;
- withdraw your consent where IFM obtained your consent to process personal data (without this withdrawal affecting the lawfulness of processing prior to the withdrawal);
- object to the processing of your personal data for direct marketing purposes
- object to the processing of your personal data for other purposes in certain cases where IFM processed your personal data on another legal basis than your consent
IFM will honour such requests, withdrawal or objections as required under the applicable data protection rules but these rights are not absolute; they do not always apply, and exemptions may be engaged. We may, in response to a request, ask you to verify your identity and/or provide information that help us to understand your request better. If we do not comply with your request, we will explain why.
7.1 Exercising your rights
Any questions about the contents of this privacy notice or to exercise the above rights, you may send an email to firstname.lastname@example.org.
If you are not satisfied with our response, you have the right to make a complaint to the competent data protection authority.
This notice may be updated periodically and without prior notice to reflect changes in IFM’s personal information practices. IFM will post the updated version on its website https://www.ifm-sa.eu and indicate at the top of the notice when it was most recently updated.