Data Privacy Policy – Certinvest Management Solutions

Protecția Datelor

Following the entry into force of the General Data Protection Regulation (“GDPR”) on 25 May 2018 Certinvest Management Solutions SA – as Controller – informs you about the processing of personal data in accordance with Regulation (EU) 2016/679 .

The main purpose of this Regulation is to increase the level of protection of personal data and to create a climate of trust, allowing each person control over their own data.

We process personal data that you provide to us, directly or indirectly (e.g. through other persons representing you in relations with Certinvest Management Solutions SA, such as, persons vested with parental/guardian authority), as well as data that are generated on the basis thereof, such as client identification code, information resulting from non-compliances reported by any person.
We may collect personal data about you when you use our website as well as in the course of the contractual relationships entered into and the provision of services by Certinvest Management Solutions SA.

Refusal to provide personal data may make it impossible for Certinvest Management Solutions SA to provide financial services and/or to fulfil other processing purposes.
The personal data privacy policy may be amended and Certinvest Management Solutions SA will publish an updated version of the policy on this page. By consulting this site frequently you can ensure that you are always aware of the processing activities undertaken by Certinvest Management Solutions SA.

The Certinvest Management Solutions SA websites (www.certms.ro and www.certms.ro) may include links to other websites that are managed by other entities/legal entities that are not related to Certinvest Management Solutions SA and for which the company bears no responsibility. We may also provide links to other websites, which apply separate privacy policies. If you access these websites through our websites, you should consult the privacy policies of these websites so that you can understand how they collect, use and disclose your information.

“Controller” – the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of processing are determined by Union or national law, the controller or the specific criteria for its designation may be set out in Union or national law;

“personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity.

“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

“Restriction of processing” means the marking of stored personal data for the purpose of limiting their further processing;

‘pseudonymisation’ means the processing of personal data in such a way that they can no longer be attributed to a specific data subject without the use of additional information, provided that this additional information is stored separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;

“Protected Data” means personal data that the Processor receives/is made available to it from or on behalf of the Controller; or that it obtains in connection with the performance of its contractual obligations.

“Consent” of the data subject means any freely given, specific, informed and unambiguous expression of will by the data subject by which he or she accepts, by way of a statement or unambiguous action, that personal data relating to him or her may be processed;

“Biometric data” means personal data resulting from specific processing techniques relating to the physical, physiological or behavioural characteristics of a natural person which allow or confirm the unique identification of that person, such as facial images or dactyloscopic data;

“personal data breach” – a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or unauthorised access to, personal data transmitted, stored or otherwise processed.

WHAT PERSONAL DATA DO WE COLLECT?

Certinvest Management Solutions SA collects and processes, as appropriate, different types of personal data about you:

identification data: name and surname, CNP, series and number of CI/other document with similar identification function for foreign persons (passport, residence permit), date and place of birth, citizenship, IP, user identifier.
Marital status data: data from the marriage/divorce certificate, if applicable.
contact details: home address, correspondence address, residence address, e-mail, telephone.
data needed to assess your eligibility, such as:
information on occupation, name of employer, position held.
information that will help you to know your clientele, such as public position held, public exposure, etc.
financial information: transaction history, bank account number(s), bank card details, source of funds to be used in the business relationship, value of investment, tax residency;
any other data necessary or useful for the performance of the activity of Certinvest Management Solutions SA, under the law.

We also collect on a durable medium and process “sensitive data” about you, such as biometric data:

voice recording, in the context of recorded telephone calls intended for transactions with fund units by telephone or for providing support in relation to Certinvest Management Solutions SA. The Company may also record and store telephone calls made with any natural person, in order to fulfil a legal obligation, to investigate situations, to prove operations/ instructions/ agreements given by the Client/ other person concerned, to use them as evidence in court in the event of a dispute, as well as to improve its services
the image in the selfie taken by you and uploaded to the Account Opening Form
the image from your ID card

YOUR CERTINVEST SA AND DATA PRIVACY

Depending on the activity carried out, Certinvest Management Solutions SA processes your personal data as a data subject under the following conditions:

for processing deriving from your quality of visitor to the site, please consult the section on the use of cookies available on certinvest.ro and www.certms.ro.
to the extent that you are in the employee category (including candidate, temporary employee, family member of an employee, etc.), Certinvest Management Solutions SA will process your data for the following purposes and on the following grounds (reflected in the sections below): A (b) – (e) A (g) – (m); B (a) – (c); C (a) (b) (e) (g) (h) (i).
insofar as you are a beneficiary of the products and/or services provided by Certinvest Management Solutions SA (beneficial owners, clients/investors and potential clients/investors individuals, representatives of clients/investors, etc.) Certinvest Management Solutions SA will process your data according to the following purposes and grounds (reflected in the sections below): A(a)-(k) A (m); B(a) (b) (d); C(a)-(g) C (i).
to the extent that you are a contractual partner ofCertinvest Management Solutions SA (including partner’s representative, appraiser, agent, service provider, lessee, participant in events organised by Certinvest Management Solutions SA): A(b) – (d) A(g) – (k) A(m); B(a) (b) (e); C(a) (b) (d) (e) (g) (i)
to the extent that you are a third party with no connection to Certinvest Management Solutions SA there is a possibility that the company may process your data according to section A(k) – to the extent that Certinvest Management Solutions SA receives certain documents and/or requests from these entities, Certinvest Management Solutions SA may receive your identification data as well as other information as appropriate (for example, data on certain accounts that are seized and the amount of the debits, in the event that seizures are received in your name).

FOR WHAT PURPOSE DO WE USE PERSONAL DATA?

Personal data of data subjects (site visitors, employees, candidates, clients/investors, potential clients/investors, legal or contractual representatives of potential investors/investors, proxies and beneficial owners, etc.) are processed under applicable law for the following purposes, the grounds for processing personal data being, as appropriate – legal obligation, legitimate interest, conclusion and performance of contract and consent:

A: In order to fulfil legal obligations, for the following purposes:

(a) management of open-ended investment funds and individual portfolios (under the provisions of GEO 32/2012 on undertakings for collective investment in transferable securities and investment management companies, as well as amending and supplementing Law no. 297/2004 on the capital market) and management of alternative investment funds (under Law 74/2015 on the management of alternative investment funds);

b) fraud prevention by analysing/verifying the authenticity of the identity document presented by you, for the execution and improvement of the financial services offered to you, by retrieving the data contained in the identity document from the computerised record system of Certinvest Management Solutions SA, in accordance with the applicable legal requirements;

c) compliance with the legal rules applicable in the field of investment management companies in order to comply with the requirements of customer knowledge, prevention of money laundering activities and combating the financing of terrorism, reporting of transactions in accordance with applicable legislation, management of conflicts of interest, management of controls by the authorities in relation to the relationship with clients;

d) for the fulfilment of all obligations of Certinvest Management Solutions SA related to the financial supervision carried out on the company and reporting to the supervisory authorities;

e) reporting to public institutions (Financial Supervisory Authority – ASF -, Territorial Labour Inspectorate – ITM -, National Tax Administration Agency – ANAF -, National Office for the Prevention and Combating of Money Laundering – ONPCSB -, etc.), depository banks, suppliers, according to legal provisions;

f) assessment of eligibility for standard or customized investment products and services (including the granting/approval stage), through the creation of a profile taking into account indicators in the assessment of annual income and expenses, investment risk, determination of experience in the field of financial investments;

g) administrative/financial management and execution of tax/accounting obligations;

h) keeping/storing (prior to archiving) and archiving according to legal provisions of contractual documentation (including ensuring operations related to these activities) and/or other documents containing personal data;

i) the conduct of internal audit processes;

j) compliance with national and European prudential requirements applicable to investment management companies;

k) managing relations with public authorities or other persons providing a public service (bailiffs, notaries, etc.);

l) management of obligations under employment legislation (management of personnel files, health and safety at work, etc.);

m) implementation of technical measures to ensure the security of personal data (including by making backups).
In order to achieve these purposes, Certinvest Management Solutions SA will also rely, to the extent necessary, on its legitimate interest in the performance of its object of activity.

B. For the conclusion and execution of contracts, for the following purposes:

(a) the performance of any legal relations resulting from contracts concluded betweenCertinvest Management Solutions SA and you (including the conclusion of the subscription form, redemption form and/or the contract for operations with fund units by internet and telephone) or the company you represent;

b) proper monitoring of all obligations undertaken by the contractual partners ofCertinvest Management Solutions SA(individuals);

c) conclusion and execution of employment contracts (training, payroll, bonus, performance evaluation, etc.);

d) entering the data of investors/potential investors into the IT systems oCertinvest Management Solutions SA for the purpose of managing the relationship with them;

(e) debt collection/recovery of debts (as well as activities prior thereto, including due diligence activities).

C. For the fulfilment of the legitimate interests ofCertinvest Management Solutions SA in the context of carrying out its object of activity, for the following purposes:

a) improving the financial services provided by improving internal flows, policies and procedures;

b) implementing an internal reporting line for reporting non-compliance by any person in relation to the services provided;

c) portfolio management;

d) simple marketing, PR and communication purposes, conducting surveys on financial services, the activity of Certinvest Management Solutions SA and third party contractual partners;

e) management of complaints received from you;

f) transmission of data to FATCA and CRS during the management of the contractual relationship falling within the scope of the FATCA/CRS rules; consultation of the information registered in your name in the FATCA/CRS database by any FATCA/CRS Participant for the purpose of providing financial services, at your request or for the purpose of offering you such products;

g) to establish, exercise or defend rights of Certinvest Management Solutions SA in court, and to provide evidence in this regard;

h) recruitment and human resources purposes in relation to candidates and employees of Certinvest Management Solutions SA; granting benefits to the persons concerned;

i) design, development, testing and use of existing or new information systems and IT services (including storage of databases at home or abroad).

There are certain processing purposes for which it is required by law that Certinvest Management Solutions SA obtains your consent. Certinvest Management Solutions SA will obtain this consent by various means. The consent thus provided may be revoked at any time in writing at the offices of Certinvest Management Solutions SA or by e-mail at [email protected] .
One of the purposes for which Certinvest Management Solutions SA needs to obtain your consent is direct marketing, advertising through the intermediation/promotion of the most suitable products and services of Certinvest Management Solutions SA, of its partners, including the transmission by Certinvest Management Solutions SA of commercial communications for this purpose.

WHO WILL HAVE ACCESS TO PERSONAL DATA?

According to the legislation in force, we may disclose some or all of your personal data to the following entities: public authorities (ASF, ANAF, ONPCSB, ITM, etc.), courts of law, police bodies, financial auditors, custodian bank, bailiffs, notaries public, lawyers, as well as companies providing various services – courier services, SMS transmission services for resetting passwords in the My InvestOnline account, document management, archiving, IT development and support, etc.

Transfer of personal data
At present, in order to fulfil the above-mentioned purposes, it is possible that Certinvest Management Solutions SA transfers certain categories of personal data outside Romania, to states within the EU. For transfers outside the EU/EEA, Certinvest Management Solutions SA will base the transfer of personal data on standard contractual clauses adopted at the level of the European Commission or other guarantees recognised by law.

HOW LONG DO WE PROCESS PERSONAL DATA?

Your personal data is processed throughout our contractual relationship and after its termination, at least for the period required by the applicable legal provisions in the field, including but not limited to archiving provisions.
It is possible that, following the expiry of the legal archiving periods, Certinvest Management Solutions SA may anonymise the data, thus depriving them of their personal nature, and continue processing anonymous data for statistical purposes.

WHAT ARE THE RIGHTS OF DATA SUBJECTS AND HOW CAN THEY BE EXERCISED?

Under the conditions laid down in the legislation on the processing of personal data, as data subjects, you have the following rights:

Right to information – you can request information on the activities of processing of your personal data;
Right to rectification – you can rectify inaccurate personal data or complete them;
Right to erasure of data (“right to be forgotten”) – you can obtain erasure of data if the processing was unlawful or in other cases provided for by law;
Right to restrict processing – you can request restriction of processing if you contest the accuracy of the data, and in other cases provided for by law;
Right to object – in relation to processing activities carried out for direct marketing purposes, including profiling activities, the right to object may be exercised at any time by submitting a request as indicated below;
The right to data portability – you can receive, under certain conditions, the personal data you have provided to us, in a machine-readable format or you can request that such data be transferred to another controller;
The right to lodge a complaint – you may lodge a complaint about the way in which your personal data is processed with the National Supervisory Authority for Personal Data Processing (http://www.dataprotection.ro/) or with the competent courts, to the extent you deem necessary;
Right to withdraw consent – in cases where the processing is based on your consent, you may withdraw it at any time. Withdrawal of consent will only have effect for the future, the processing carried out prior to withdrawal will remain valid;
Additional rights related to automated decisions – you can request and obtain human intervention in relation to that processing, express your own views on it and challenge the decision.

HOW DO WE PROTECT PERSONAL DATA?

Certinvest Management Solutions SA has implemented special security policies and procedures to protect personal information against loss, misuse, alteration or unauthorized destruction. Access to your personal data is strictly limited to those persons who have a need to know. They have a duty to maintain their confidentiality.

Use of Cookies

This site uses cookies. More details about these modules and how they are used can be found at www.certms.ro.

HOW CAN YOU GET MORE INFORMATION?

If you have any questions about the Certinvest Management Solutions SA Policy on Regulation (EU) 2016/679, on how your personal data is stored and processed, or if you wish to change your consent to the processing of personal data for marketing purposes, please send a request to the attention of the Data Protection Officer for Certinvest Management Solutions SA as follows:

By a request submitted to the Certinvest Management Solutions SA office at Str. Buzești 75-77, Floor 9, Office 4, Romania.

by post – at the above address; by e-mail, at: [email protected]

The current version of this policy was revised on 14.07.2022.