AML Privacy Notice
1. What does this Privacy Notice cover?
This privacy notice (the “Policy”) contains information on what personal data Inter Fund Management S.A. (“IFM”, “we”, “our” or “us”) and any affiliated companies collect(s) as a consequence of an investment in your fund or company. IFM, acting in its capacity of Management Company may process your personal information or that of your directors, officers, employees and/or beneficial owners (the “Individuals”). Personal data will be processed in compliance with European data protection legislation (including the EU Data Protection Directive (35/46/EC), the EU General Data Protection Regulation (Regulation (EU) 2016/679) and any other EU or national legislation which implements or supplements the foregoing). “Personal data”, “Processor”, and “Controller” have the meanings given in the applicable data protection laws.
2. What type of personal data do we collect and how we collect them?
We will collect the Individuals’ personal data you provide when we on-board with you and request or engage with us in connection with our businesses. The personal data we collect may include, but are not limited to, name, address, e-mail address, phone number, financial information and identification documents. We may also hold extra information that someone in your organisation has chosen to tell us.
In certain circumstances, calls may be recorded, depending on the applicable local laws and requirements.
IFM may also collect personal data indirectly from third parties, publicly available sources or other sources, generally by way of due diligence or by analysing online and/or offline public information, which we may do ourselves, or employ other organisations to do for us. We will never collect any unnecessary data from you.
Personal information we collect automatically - to the extent that you access our website or read or click on an email from us, where appropriate and in accordance with any local laws and requirements, we may also collect your data automatically or through you providing it to us.
3. Legal basis and purposes of the processing
We are not allowed to process personal data if we do not have a valid legal ground, personal data may be processed for the following purposes:
- The processing is necessary to perform our contractual obligations or to take pre-contractual steps;
- The processing is necessary to comply with legal or regulatory obligations to which we are subject to;
- In order to carry out anti-money laundering checks and related actions which we consider appropriate to meet any legal obligations imposed on us relating to, or the processing in the public interest or to pursue IFM legitimate interests in relation to, the prevention of fraud, money laundering, terrorist financing, bribery, corruption, tax evasion, in accordance with IFM anti-money laundering procedures;
- To report tax related information to tax authorities in order to comply with a legal obligation;
- To disclose information to other third parties such as auditors, regulatory authorities and technology providers;
- To retain AML and other records of individuals in accordance with IFM anti-money laundering procedures.
To the extent that we process any special categories of data relating to you, we will do so because:
- The processing is necessary to carry out our legal or contractual obligations;
- The processing is necessary for the establishment, exercise or defence of a legal claim.
4. How do we protect personal data?
All personnel accessing personal data must comply with the internal rules and processes in relation to the processing of personal data to protect them and ensure their confidentiality. We are also required to follow all technical and organisational security measures put in place to protect the personal data.
We have also implemented adequate technical and organisational measures to protect personal data against unauthorised, accidental or unlawful destruction, loss, alteration, misuse, disclosure or access and against all other unlawful forms of processing.
5. Transfer of personal data
We may transfer personal data internally at IFM and to other affiliated companies to which we belong to. Such other companies will either act as another controller under this notice or will only process personal data on behalf and upon request of IFM.
We may also transfer personal data to third parties outside IFM to complete the purposes listed in Section 3 above, to the extent they need it to carry out the instructions we have given to them. Such third parties may include:
- Third parties who process personal data, such as our (IT) systems providers, database providers, consultants and third parties who carry out services to us;
- Any national and/or international regulatory, enforcement or exchange body or court where we are required to do so by applicable law or regulation or at their request; and
- Any central or local government department and other statutory or public bodies.
The third parties mentioned above have entered into an agreement with IFM to keep personal data secure.
The personal data transferred within or outside IFM may also be processed in a country outside the European Economic Area (the “EEA”) while non-EEA countries may not offer the same level of personal data protection as EEA countries.
If the Individuals’ personal data is transferred outside the EEA, we will put in place suitable safeguards to ensure that such transfers is carried out in compliance with the applicable data protection rules. You may request additional information in this respect and obtain a copy of the relevant safeguard by exercising your rights as set out below.
6. How long do we store your data?
We will only retain personal data for as long as necessary to fulfil the purpose for which it was collected or to comply with legal, regulatory or internal policy requirements. The period of retention will depend on the type of data, our legitimate business needs and other legal or regulatory rules that may require us to retain this data for a minimum time period. There may also be legal, regulatory or risk-management requirements to retain data, including where relevant to any potential litigations.
7. Your rights
Individuals whose personal data is processed by IFM have certain legal rights in respect of the information. These include:
- request the erasure of your personal data;
- request the restriction of the processing of your personal data;
- withdraw your consent where IFM obtained your consent to process personal data (without this withdrawal affecting the lawfulness of processing prior to the withdrawal);
- object to the processing of your personal data for direct marketing purposes
- object to the processing of your personal data for other purposes in certain cases where IFM processed your personal data on another legal basis than your consent.
IFM will honour such requests, withdrawal or objections as required under the applicable data protection rules but these rights are not absolute; they do not always apply, and exemptions may be engaged. We may, in response to a request, ask you to verify your identity and/or provide information that help us to understand your request better. If we do not comply with your request, we will explain why.
7.1 Exercising your rights
Any questions about the contents of this privacy notice or to exercise the above rights, you may send an email to Contact.dpm@ifm-sa.eu.
If you are not satisfied with our response, you have the right to make a complaint to the competent data protection authority.
8. Updates
This notice may be updated periodically and without prior notice to reflect changes in IFM’s personal information practices. IFM will post the updated version on its website and indicate at the top of the notice when it was most recently updated.