This Privacy Notice explains the manner in which Trustody GmbH collects, processes and maintains personal data about you pursuant to the Data Protection Law.
You should review this notice carefully as it contains information about the treatment of your personal data and your rights under the Data Protection Law (as defined below).
For the purposes of this Privacy Notice: (i) Data Protection Law means any applicable law from time to time relating to the processing of personal data and/or privacy, including the German Privacy Act (Bundesdatenschutzgesetz – BDSG), as amended from time to time and the General Data Protection Regulation (EU) 2016/679 (GDPR); (ii) data controller, data processor, data subject, personal data, and processing shall have the meanings given to them under the Data Protection Law, (iii) the Company, we, us or our means Trustody GmbH, a limited liability company duly incorporated under the laws of Germany, registered with Local Court (Amtsgericht) Frankfurt am Main under HRB 117441, with registered office at Taunusanlage 8, 60329 Frankfurt am Main, Germany acting as a custodian (hereinafter the “Company”), in its capacity as data controller and/or data processor (as applicable) of the personal data, and (iv) you or your means the potential, current or former customer and includes any person owning or controlling the customer, having a beneficial interest in the customer, or for whom the customer is acting as agent or nominee.
All capitalized terms not otherwise defined in this Privacy Notice shall have the meanings ascribed to them in section 1 of the Company’s General Terms and Conditions.
2. SOURCES OF PERSONAL DATA
The Company collects personal data (including identifiers such as names, date of birth, gender, addresses, nationalities, tax identification numbers, and financial and investment qualifications, bank details and telephone/mobile numbers) about potential customers and customers, including about their ultimate beneficial owners, management board members, Authorized End Users, mainly through the following sources:
a) agreement, customer questionnaires and other information provided by the customer in writing (including any anti-money laundering, identification, and verification documents), in person, by telephone (which may be recorded), electronically or by any other means;
b) transactions within the Company’s Platform, including account balances, deposits, withdrawals and transfers;
c) information gathered on our Platform Interface, including registration information and any information captured via cookies, and
d) we may also collect personal data relating to you from credit reference agencies and available public databases or data sources, such as news outlets, websites and other media sources and international sanctions lists.
The storage, processing and use of personal data will take place for the following purposes:
Where the processing is necessary for compliance with a legal obligation to which the Company is subject to comply with in-house procedures and statutory/regulatory requirements applicable to the Company (including under FATCA, CRS, AML legislation and customer due diligence verification purposes).
Where the processing is necessary for the Company to perform a contract to which you are a party or for taking pre-contract steps at your request:
a) to manage or administer your commitments and/or interests and any related accounts on an ongoing basis;
b) to administer and operate by the Company’s Platform;
c) risk management and risk controlling purposes relating to the Company’s business.
Where the processing is necessary in order to pursue Company’s or a third party’s legitimate interest:
a) for direct marketing purposes;
b) to help detect, prevent, investigate and prosecute fraud and/or other criminal activity, and share this data with our legal, compliance, risk and managerial staff to assess suspicious activities;
c) to investigate and respond to any complaints about us and to help maintain service quality and train staff to deal with complaints and disputes.
Where you consent to the processing of personal data:
a) for any other specific purpose to which you have given specific consent.
As a data controller, we will only use your personal data for the purposes for which we collect it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you in advance and we will explain the legal basis.
4. AUTOMATED DECISION-MAKING
We do not envisage that any decisions will be taken about you using fully automated means, however, we will notify you in writing if this position changes.
5. DISCLOSURE OF PERSONAL DATA
Any disclosure of personal data shall be in accordance with the obligations of the disclosing party under the Data Protection Law. Further:
a) where you have notified us of your representative, including Authorized End User, providing us with the proof of its authorities (e.g., power of attorney), the personal information provided may be shared with such representative. You must notify us in writing if you no longer wish us to share your personal information with your representative or of any change to your representative. Your representative should have its own arrangements with you about its use of your personal information;
b) we may share your personal information with companies or other entities or persons affiliated with the Company and any third party to whom the Company may delegate or may appoint as service provider in respect of certain functions in relation to the Company which may include an auditor, AML provider (data processors) for the purposes set out in this Privacy Notice;
c) if we undergo a group reorganization or are sold to a third party, the personal information provided to us may be transferred to that reorganized entity or third party and used for the purposes highlighted above;
d) in the course of the processing of personal data such personal data may be transferred to Processors situated or operating in countries outside of Germany and the European Economic Area, and such countries may not have data protection laws equivalent to those in Germany and the EEA. The Company will, where required to do so by law or where it considers appropriate, implement contracts which seek to ensure that any such entity is contractually bound to provide an adequate level of protection in respect of the personal data transferred to it and that any such transfer complies with the requirements of the Data Protection Law.
6. CUSTOMER’S RIGHTS
You have the right to:
a) access your personal data;
b) correct your personal data where it is inaccurate or incomplete (“right to rectification”) under certain circumstances;
c) restrict under certain circumstances the further processing of your personal data;
d) ask for erasure of your personal data (“right to be forgotten”);
e) object to the use of your personal data and right to opt out (including for direct marketing purposes);
f) ask for personal data portability under certain circumstances.
Further, you may at your discretion refuse to communicate personal data to the Company or object to some processing of your personal data. There are, however, situations where the Company can refuse to comply with such a request. For example, where it is subject to a legal or contractual obligation to process the data. In this case, however, there may be implications in respect of your using of the Company’s services until such time as the requisite data has been provided.
Where the processing is based on consent, the withdrawal of consent shall not affect the lawfulness of processing for other reasons and based on other grounds where this is permitted under applicable law.
7. EXERCISE OF RIGHTS
You may exercise your rights by writing to the Company at the following e-mail address: firstname.lastname@example.org.
Should you have any unresolved complaints in relation to the retention or processing of personal data, you may lodge a complaint with the Data Protection Authority in Germany:
Tel +49 (0)228 99 77 99-0 or through other contacts mentioned at https://www.bfdi.bund.de/DE/Service/Kontakt/kontakt_node.html
9. RETENTION OF PERSONAL DATA
The personal data shall not be held by the Company for longer than necessary regarding the purposes of the data processing, subject to any limitation periods provided by law.
10. DATA PROTECTION OFFICER
The Company may appoint an expert on data privacy who works independently to ensure that the Company is adhering to the policies and procedures set forth in the Data Protection Law (data protection officer). Data protection officer assists the Company to monitor internal compliance, informs and advises on data protection obligations, provides advice regarding data protection impact assessments, and acts as a contact point for data subjects and the supervisory authorities.
The information about appointment of data protection officer will be provided by the Company by insertion appropriate details of this officer into this Privacy Notice.
11. CHANGES TO PRIVACY NOTICE
The Company reserves the right to update this Privacy Notice at any time and will ensure that any update to this privacy notice is made available. We encourage you to regularly review this and any updated Privacy Notice to ensure that you are always aware of how personal data is collected, used, stored and disclosed. We may also notify you by other means from time to time about the processing of your personal data.
Trustody GmbH Taunusanlage 8
D-60329 Frankfurt am Main
Phone: +49 69 34874425