PRIVACY NOTICE
1. Introduction
This Privacy Notice (“Notice”) is addressed to individuals outside Amicorp Group
("Amicorp",
"we", "us" or "our") with whom we interact, including individual clients, personnel
or
representative of corporate clients, vendors and other recipients of our services
(together,
"you") and explains how we collect, hold, use, disclose and transfer your Personal
Data in
every contractual relationship we may have with you.
This Notice also applies to the processing of all your Personal Data when you use
the
Website, including when you, as a natural person, user or entrepreneur, or as a
representative of a business entity, provide Personal Data on the Website.
Definitions
In this Notice we may use the following words and, any time we use them, they will
have the
meaning provided below.
- Data Protection Legislation: means the personal data protection law of the country where the Controller is established. For Controller established in a member state of the European Union (hereafter the “EU Controller”), the applicable data protection law shall mean the GDPR, and all additional regulations and rules in force in the relevant Member State(s) of the European Union applicable to the Processing.
- GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27th, 2016 on the protection of natural persons with regard to the Processing of Personal data and on the free movement of such data, and repealing Directive 95/46/EC.
- Controller/Joint Controller: means any natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data that may be performed as part of this Notice;
- Data Subject: means any identified or identifiable natural person from whom Personal Data is collected; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- Personal Data: means any information relating to an identified or identifiable natural person
- Personal Data Breach or Breach: means any suspected or actual security breach leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Data Subject Personal Data transmitted, stored, or otherwise Processed
- Processing or Processed: means every operation or set of operations which is performed with regard to Personal Data, including without limitation the collection, recording, organization, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, combining, linking to other data, blocking, erasure or destruction of Personal Data.
- Website: means the Amicorp’s website at https://www.amicorp.com/ or such other website as the Amicorp may maintain from time to time.
2. Protection of personal date:
This Privacy Notice describes how we, as Controller of your Personal Data, collect,
hold,
use and disclose personal information that you provide, is provided on your behalf
or is
collected by us.
The Controller of your Personal Data is the Amicorp entity with which you have the
contractual relationship. For Amicorp Group companies and their details, please
visit:
https://www.amicorp.com/offices/
Each Amicorp Group company (“Amicorp”) is subject to any Data Protection Legislation
that may be applicable in the country in which it is located. This Privacy Notice
should not
be viewed as a supplement to such local privacy laws and shall not vary or diminish
each
Amicorp Group company’s obligations under the applicable Data Protection
Legislation. To the
extent this Privacy Notice conflicts with any provisions of local Privacy laws, such
local
Privacy
laws shall take precedence over this Privacy Notice.
This Notice may be amended or updated at our discretion from time to time to reflect
changes
in our practices with respect to the Processing of Personal Data, or any changes in
applicable law.
3. Personal Data:
In order to facilitate, enable and/or maintain our business relationship, we collect
and
otherwise Process Personal Data relating to the client and any other person(s)
involved in
the business relationship, as the case may be, such as authorized representative(s),
person(s) holding a power of attorney, beneficial owners, if different from the
client, any
natural person who exercises control over an entity (control is generally exercised
by any
natural person who ultimately has a controlling ownership interest in an entity,
"Controlling Person") and any person for the benefit of which the client is holding
a
company as agent, nominee or similar (account holder for automatic exchange of
information
purposes, "AEI Account Holder"), each an "Affected Person".
Relevant Data Processed by Amicorp includes, but is not limited to, Affected
Person's
personal information, subject to applicable law, are as follows:
- Personal details: given name(s); preferred name(s); nickname(s), gender; date of birth; age; marital status; Social Security number; passport number(s); other government issued number(s) (tax identification number(s), Green Card number(s); driving license number(s); social security number); nationality; lifestyle and social circumstances; images of passports, driving licenses, and signatures; authentication data (passwords, mother's maiden name, challenge/response questions and answers, PINs, facial and voice recognition data); photographs; visual images; and personal appearance and behavior.
- Contact details: address; telephone number; email address; and social media profile details.
- Employment details: industry; role; business activities; names of current and former employers; work address; work telephone number; work email address; and work-related social media profile details.
- Education history: details of your education and qualifications.
- Financial details: billing address; bank account numbers; credit card numbers; cardholder or account holder name and details; instruction records; transaction details; and counter party details.
- Electronic Identifying Data: IP addresses; cookies; activity logs; online identifiers; unique device identifiers; and geolocation data.
- Images: videos, pictures, CCTV footages;
4. Collection of Personal Data:
We collect Personal Data about you from a variety of sources as follows:
- Directly from you in the ordinary course of our relationship with you;
- You manifestly choose to make public, including via social media, from third parties who provide it to us (e.g., Your intermediaries; and law enforcement authorities);
- insofar as necessary to provide our service - from publicly accessible sources (e.g. debt registers, commercial and association registers, press, internet);
- from other Amicorp Group of companies or other third parties (e.g. a bank) following a legitimate transfer.
- We collect or obtain Personal Data when you visit any of our websites or use any features or resources available on or through our website. When you visit our website, your device and browser may automatically disclose certain information (such as device type, operating system, browser type, browser settings, IP address, language settings, dates and times of connecting to a Site and other technical communications information), some of which may constitute Personal Data;
5. The legal basis for Processing your Personal Data
In accordance with the current Data Protection Legislation, we Process your Personal
Data on
the following legal grounds:
-
Processing is necessary for the performance of the contract(s) entered into
with you
or in order to take steps at your request prior to entering therein:
Personal Data is Processed in order to provide services in accordance with the contract(s) with our clients or to take pre-contractual measures in preparation thereof. The purposes of Data Processing depend primarily on the concrete product (corporate services, fund services, bank account, client referral) and can include needs assessments, advice and support. You may find other details about the purposes of Data Processing in the relevant contract documents. -
Processing is necessary to comply with a legal obligation to which Amicorp
is
subject:
We are subject to various legal duties: such duties may include identification checks (know-your-customer), fraud and money laundering prevention and detection, fulfilling control and reporting obligations under fiscal laws, regulatory reporting. For these purposes, we may Process Personal Data in relation to both the Client and any Affected Person, as the case may be. -
Processing is necessary to pursue out legitimate business interests:
We Process your Personal Data, beyond the actual performance of the contract or legal obligations, to fulfil out legitimate interests, such as: improving products and services, asserting legal claims and defense in legal disputes, guarantee of the our IT security and IT operation, prevention and detection of frauds, video surveillance to protect the right of owner of premises to keep out trespassers, for collecting evidence in hold-ups or fraud, measures for building and site security (e.g. access controls), measures for business management and further development of services and products, risk management and reporting, compliance, internal supervision and internal audit, creating statistics, marketing of our products and services (to the extent it does not involve profiling).
Whenever we intend to rely on legitimate interest as the legal basis for the Processing of Personal Data, we will give due consideration to your and any Affected Person's rights and freedoms. -
Processing is based on your consent:
If we have been granted consent to Process your Personal Data relating or any Affected Person for certain purposes (e.g. for marketing of our products and/or services), the related Processing of Data is based on the data subject's consent. Consent given can be withdrawn at any time. However, withdrawing your consent will not affect the Data Processing carried out before the withdrawal, nor will prevent Amicorp from Processing your Personal Data based upon other legal grounds (listed under a) to c)).
6. Purposes for which we may Process your Personal Data:
The purposes for which we may Process your Personal Data are:
- on-boarding new clients; and compliance with our internal compliance requirements, policies and procedures;
- maintaining and updating your contact information where appropriate;
- Marketing and promotional activities;
- providing you with information or assistance that you request from us;
- conducting verifications, monitoring and reporting in accordance with anti-money laundering and counter terrorist financing laws;
- providing our clients with the services requested, including administration, corporate and trust, banking, custody, middle office services, financial products, reporting and tax services amongst others;
- notifying you or our clients about changes to our services;
- monitoring and improving the quality of our services;
- quality assurance and training purposes.
7. Disclosure of Personal Data to third parties
We may disclose your Personal Data to other entities within Amicorp, for legitimate
business
purposes (including providing services to you), in accordance with applicable law.
It is to be noted that we are bound by confidentiality obligations regarding all
client-related matters of which we acquire knowledge. We may pass Personal Data only
if
required by a legal provision or in case of client consent. Bearing in mind these
requirements, please be informed that we may disclose your Personal Data to:
- public bodies, such as Governmental, legal, regulatory, or similar authorities, accreditation bodies, central and/or local government agencies, upon request or where required, including for the purposes of reporting any actual or suspected breach of applicable law or regulation;
- other entities within Amicorp Group for the provision of the services under an intercompany service agreement;
- business partners , such as accountants, auditors, financial advisors, lawyers and other outside professional advisors to Amicorp, and other service providers, subject to binding contractual obligations of confidentiality;
- debt collector, such as debt-collection agencies and tracing agencies;
- third-party service providers (such as payment services providers; shipping companies, anti-fraud services etc.), located anywhere in the world;
- parties to disputes, such as any relevant party, claimant, complainant, enquirer, law enforcement agency or court, to the extent necessary for the establishment, exercise or defense of legal rights in accordance with applicable law;
- investigative bodies, such as any relevant party for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including safeguarding against and the prevention of threats to public security in accordance with applicable law;
- potential purchasers, any relevant third-party acquirer(s), in the event that we sell or transfer all or any relevant portion of our business or assets (including in the event of a reorganization, dissolution or liquidation);
- voluntary and charitable organizations.
- your family, your associates and your representatives;
8. International transfer of Personal Data
We may transfer Personal Data to Data Recipients located countries outside the
European
Economic Area1. Such transfer takes place so long as:
- A country has been recognized by the EU Commission as guaranteeing adequate level of data protection (in particular, Switzerland), or
- We have executed the Standard Contractual Clauses as adopted by the European Commission (the “SCCs”) with the Data Recipient, or
- It is necessary for the performance of a contract between the Client and the Bank or implementation of the pre-contractual measures taken at your request (e.g. for the purpose of carrying out your orders (e.g. payment and securities orders), even if the recipient country has not been recognized by the EU Commission as guaranteeing adequate level of data protection, or
- the Client has granted us an explicit consent, even if the recipient country has not been recognized by the EU Commission as guaranteeing adequate level of data protection.
9. Data security
We have implemented appropriate technical and organizational security measures
designed to
protect your Personal Data against accidental or unlawful destruction, loss,
alteration,
unauthorized disclosure, unauthorized access, and other unlawful or unauthorized
forms of
Processing, in accordance with applicable law.
You are responsible for ensuring that any Personal Data that you send to us are sent
securely.
10. Data accuracy and data
We take reasonable steps designed to ensure that:
- your Personal Data are accurate and, where necessary, kept up to date; and
- if any of your Personal Data is inaccurate (having regard to the purposes for which they are Processed), it is erased or rectified without delay.
At the same time, we take reasonable steps designed to ensure that your Personal Data are limited to that reasonably required in connection with the purposes set out in this Notice.
11. Retention of your Personal Data
We will retain your Personal Data in accordance with Amicorp’s Data Retention
Policy.
If the Data is no longer required in order to fulfill contractual or statutory
obligations,
it is deleted, unless its further Processing is required - for a limited time - for
the
following purposes:
- Fulfilling obligations to preserve records according to commercial and tax laws as well as financial sector laws and regulations.
- for the establishment, exercise or defence of legal claims.
12. Your rights:
Subject to applicable law, you may have a number of rights regarding the Processing
of your
Personal Data, including:
- the right to request access to, or copies of, your Personal Data that we Process or control, together with information regarding the nature, Processing and disclosure of those Personal Data;
- the right to request rectification of any inaccuracies in your Personal Data that we Process or control;
- the right to request erasure or restriction of your Personal Data that we Process or control;
- the right to have your Personal Data that we Process or control transferred to another Controller, to the extent applicable;
- the right to withdraw your consent. Please note that processing that was carried out before the withdrawal is not affected by it;
- the right to lodge complaints with a Data Protection Authority regarding the Processing of your Personal Data by us or on our behalf;
- the right to object to the Processing of your Personal Data by us or on our behalf that is necessary for our purposes of the legitimate interests. Please note that in such cases we might not be able to provide services and/or maintain a business relationship with you anymore.
13. Joint controllership of your Personal Data :
From time to time, two or more entities within the Amicorp Group may together
provide their
services to the same client. In this case, these entities jointly determine the
purposes and
the means of Processing, thus qualifying as Joint Controllers.
In an internal policy on joint controllership, taking effect of the arrangement
required by
Article 26(1) GDPR, Amicorp has determined how the respective tasks and
responsibilities in
the Processing of Personal Data are structured among the Joint Controller and who
fulfills
which data protection obligations.
The following is the essence of the arrangement between Joint Controllers which must
be made
available to the Data Subjects under Article 26(2) of the GDPR:
Joint Controllers Obligations |
|
Procedure in case of breach of personal data |
|
Data subjects’ rights |
|
14. Use of the Website:
This Notice also applies to the processing of all your Personal Data when you use
the
Website, including when you, as a natural person, user or entrepreneur, or as a
representative of a business entity, provide Personal Data on the Website.
This Notice is legally binding on you from the moment you log in to the Website,
regardless
of which device (computer, tablet, TV, etc.) You use. By using the Website and
providing
Personal Data, you acknowledge that you have read and agree to abide by this Notice.
If you
do not agree to the terms of the Notice, please do not visit (log out of) the
Website or use
its content and / or services.
If you are under the age of 18, please ensure that you have the permission of a
parent /
legal representative before providing us with Personal Data. Upon Our request, you
will need
to prove that such consent has been given. It is forbidden for persons under 14
years of age
to provide Personal Data on the Website.
14.1 Third party websites, services and products Website
The Website may contain third-party billboards, links to their sites and services
over which
we have no control of. We are not responsible for the security or privacy of
information
collected by third parties. In this case, if You are directed to a third-party
website by
clicking on a link or panel, we recommend that you read the rules and privacy
notices
applicable to such website before using it.
14.2 Social network accounts
The Website may contain links to our social networking accounts. We may offer you to
publish
graphic, visual and / or other information about you on Our social networking
accounts. We
process this information in accordance with our legitimate interest to raise
awareness about
our goods and services. This Notice does not apply to the particular processing of
Personal
Data in our social network accounts for which we have obtained your consent (consent
terms
govern for these situations).
The Personal Data You post on our social network account is public and accessible to
anyone
with an internet connection until we fulfil your request to remove your personal
data from
our social network account.
When you post your Personal Data on our social network account, the social network
website
manager (e.g., Twitter International Company, LinkedIn Ireland Unlimited Company,
Meta
Platforms Ireland Limited, Google Ireland Limited, etc.) and third parties which
they have
chosen may have access to your posts.
For more detailed information about the processing of your Personal Data published
on a
particular our social network account, please refer to the privacy policy of the
relevant
social network website.
15. Cookies A cookie is a small file that is placed on your device when you visit a website (including our websites). It records information about your device, your browser and, in some cases, your preferences and browsing habits. We may Process your Personal Data through cookie technology, in accordance with Amicorp Group of companies’ Cookie Notice.
16. Contact details
If you have any comments, questions, complain or any other issues relating to the
Processing
of Personal Data by Amicorp, please contact the Group Data Protection Officer at:
- e-mail: privacy@amicorp.com
- address: C/ Pau Claris 165, 3rd Floor, Barcelona - 08037, Spain