This website (“the website”) is operated by S.A.I. Erste Asset Management S.A. („EAM”). In this Policy, EAM may be referred to as “we”, “us” or “our”.
(i) the processing of your personal data as website visitor;
(ii) the processing of your personal data by EAM for its business purposes, as detailed below.
This EAM website may include links to other websites managed by third party entities/legal persons which have no connection to EAM and for which EAM cannot be held liable. It may also include links to other websites operated by EAM affiliates, with separate privacy policies. If you access websites through our website links, you should read their privacy policies to understand how they collect, use and communicate your personal data.
EAM and data privacy
EAM is processing your personal data according to Law no. 677/2001 and starting 25 May 2018, according to the General Data Protection Regulation no. 679/2016. Taking into consideration the type of activities concerned, EAM will process your personal data as data subject as follows:
Ø if you are an EAM employee (including an applicant, temporary hire, employee relative, etc.), EAM will process your personal data for the following purposes and on the following grounds (see the sections below): A(e)(f)(g)(h); B(d); C(f)(g).
Ø if you benefit from the products and/or services provided by EAM (beneficial owners, individual clients and prospects, client representatives, etc.), EAM will process your personal data for the following purposes and on the following grounds (see the sections below): A(a)-(h); B(a)-(c); C(a)-(g).
Ø if you are an EAM business partner (including a representative of the business partner, an appraiser, an agent, a service provider, a lessee, a participant to the events organised by EAM), EAM will process your personal data for the following purposes and on the following grounds (see the sections below): : A(b)(c)(e)(f)(g)(h); B(a)(c)
Ø if you are a third party with no connection to EAM, we may process your personal data under section A(h), provided that EAM receives certain documents and/or requests; thus, EAM may receive your identification data and other information, as appropriate (for instance, seized accounts and overdue debts).
The personal data we process
EAM is processing the personal data provided directly by you or other related data such as client identifier and other information reported as non-compliant by other persons. We may also collect personal data when you use our website as well as for the purposes of business relationships and provision of services by EAM.
If you refuse to provide your personal data, we may be unable to provide you with the financial services you requested and/or to meet other processing purposes.
How we use and communicate your information
EAM will process your personal data as follows:
A: To comply with legal obligations, for the following purposes:
a) prevention of fraud by analysing/reviewing the authenticity of your identity documents, in order to perform and improve the services provided by us to you; we do this by recording your identification data in the EAM IT system, according to the applicable legal provisions;
b) compliance with the legal requirements applicable to investment management companies in order to observe know your customer rules, prevent money laundering and control terrorist financing, report suspicious transactions, handle conflicts of interest, and enforcement actions carried out by authorities;
c) compliance with supervisory obligations at EAM and Erste Group level, as well as with reporting obligations to Erste Group and supervisory authorities;
d) performance of suitability and appropriateness tests in order to provide you with standard or tailor-made products and services (including the client review/approval process); to do this, we will create your financial profile, including your annual income and expenses, your risk appetite, and your experience in the financial sector;
e) financial management and administrative duties;
f) retention/storing and archiving of documents concerning our legal arrangements with you (including other ancillary activities) and/or other documents including your personal data;
h) internal audit;
g) compliance with local and European prudential requirements applicable to investment management companies;
h) handling relations with public authorities and other public service providers (enforcement agents, notaries, etc.).
For all the purposes above, EAM will act on the basis of its legitimate business interests.
B. To conclude and perform agreements, for the following purposes:
a) performance of legal arrangements as a result of the agreements executed between EAM and you or the company you represent;
b) adequate monitoring of all the obligations undertaken by the (individual) parties to legal arrangements conclude with of EAM and/or by the clients of various EAM Group entities;
c) payment processing and performance through SWIFT, if requested by clients;
d) conclusion and performance of employment contracts.
C. To perform the legitimate business interests of EAM, for the following purposes:
a) improved services through improved internal workflows, policies and procedures;
b) portfolio management;
c) marketing, PR and communication, surveys concerning the financial services provided by EAM, and the business of EAM, other Erste Group members, BCR and third party service providers;
d) handling your complaints concerning the financial services received; creating your profile in order to provide you with the most suitable products/services;
e) communicating your data under FATCA and CRS for legal and business arrangements within the scope of FATCA/CRS; data searches in FATCA/CRS databases by any participant in the FATCA/CRS systems, for the provision of financial services, when you apply for such services;
f) establishment, exercise or defence of legal claims by EAM in court and the provision of evidence in court;
g) recruitment and HR processes; provision of employment benefits.
According to the law, your consent is needed for compliance with some of the purposes above. EAM will obtain your consent by various means, for instance by signing an Information Note made available to you by EAM when you visit our venues. You may withdraw your consent at any time, and EAM will consider your preferences. EAM will most likely request your consent for the processing of the following information: your National Identification Number, including the transfer of the same to EU/EEA member states or third countries, when your consent is required according to the law; this processing is needed so that EAM can provide you with the financial services you requested after establishing your identity via the EAM IT systems; direct marketing, advertising by distributing/promoting the most suitable products and services offered by EAM, the BCR Group, the Erste Group and the business partners thereof, including transmission by EAM of marketing communications to this end; access to your data with FATCA and CRS systems, as well as with ANAF (National Agency for Fiscal Administration) and other public databases under the law, in order to perform appropriateness and suitability tests for the provision of standard or tailor-made products and services.
For data processing purposes, EAM may disclose certain categories of personal data to the following categories of data recipients: the data subject and/or the legal representatives thereof, EAM representatives, Erste Group or BCR Group members, courts or other public authorities of any kind, international organisations, service providers, banks, trade organisations, market research bodies, other EAM business partners and/or agents.
Personal data transfers
EAM may currently transfer some of your personal data outside Romania to other EU/EEA countries: Austria, the Czech Republic, Hungary, Croatia, Belgium, Germany, the United Kingdom of Great Britain, as well as to third countries outside the EU/EEA and the United States. For data transfers outside the EU/EEA, EAM will observe the standard requirements adopted by the European Commission and other safeguards provided by law.
Duration of personal data processing
For the purposes above, EAM will process your personal data throughout the provision of financial services to you and after termination thereof, in compliance with the applicable legal provisions in force, including, without limitation, document retention requirements. After expiration of mandatory retention periods EAM may anonymise personal data and continue the processing thereof for statistical purposes.
Personal data security
Your personal data is important for EAM, so we protect your personal data throughout processing. To this end, EAM implements adequate technical and organisational measures in order to ensure an adequate level of protection for your personal data and processing operations.
The rights of data subjects
You, as data subject, will be granted the following rights, according to the relevant data protection laws:
· the right to information, i.e. the right to receive details of the processing of your personal data by EAM, as detailed above;
- the right of access to your personal data, i.e. the right to receive confirmation from EAM with respect to the processing of your personal data and the right to receive information on the type of data processing;
- the right to rectification, i.e. the right to request and obtain rectification by EAM of your inaccurate and incomplete data;
- the right to erasure (“the right to be forgotten”) within the scope of the law; nevertheless, EAM may anonymise your data (which will no longer be personal data) and continue the processing thereof for statistical purposes;
- as of 25 May 2018, the right to restriction of processing within the scope of the law;
- as of 25 May 2018, the right to data portability, i.e. (i) the right to receive your personal data in a structured, commonly used and machine-readable format and (ii) the right to request the transmission of your personal data by EAM to another data controller within the scope of the law;
- the right to object to data processing for direct marketing purposes including profiling, at any time, subject to submission of a request as detailed below;
- the right to object to automated individual decision-making, i.e. the right to not be subject to an automated individual decision;
- the right to file a complaint with the National Supervisory Authority for Personal Data Processing or to bring an action in court, if deemed appropriate.
For more details on the processing of your personal data by EAM and your associated rights, please send your request at: firstname.lastname@example.org.
You can also contact our Data Protection Officer at: email@example.com (following appointment).
SAI Erste has appointed a Data Protection Officer (DPO), as required by the applicable legal provisions. Contact data: SC.WhiteList.SRL, adress: 1-5 Magurei Street, Bl. D1, Sc. 2, Ap. 302 Romania. tel: 021.310.64.68; e-mail: firstname.lastname@example.org