Our commitments towards you, our clients, are as follows:
WE PROTECT
your personal data
Personal data security is among our top priorities.
We make use of protective measures such as firewalls and encryption to secure your personal data.
WE DO NOT SELL
your personal data
We may possibly transfer your personal data to our service providers in order to offer you the most suitable products and services. The data will be used exclusively for the purposes agreed to and previously approved, and not for commercial purposes.
WE USE
your data to improve our products and services
We make use of your personal data to continually improve our services and offer you more suitable investment products.
This privacy policy statement provides you with more information about:
- the personal data we collect and use;
- the way in which we collect, use and transfer personal data within our company and with our business partners;
- your rights over the personal data we hold about you;
- how you can contact us if you have any questions about data confidentiality.
We may amend this Data Protection Policy to keep it up to date depending on the latest regulatory and legal requirements, any changes to the way we conduct our activities, or if requested to do so by our regulatory authority. We will always keep you informed of any material changes to the way we use your personal data if the process subsequently differs from that explained to you when we first collected your personal data.
This is important information and we have endeavoured to make it easier to comprehend.
OFI INVEST
Ofi Invest is part of the Aéma Groupe. The terms “us”, “we” or “our” refer to Ofi Invest.
You may find more information about companies within the Aéma Groupe by visiting the following website: https://aemagroupe.fr/.
What kinds of personal data do we collect and use?
SECTION A applies to all the personal data we collect and use:
- the personal data we collect;
- the personal data that is collected via intermediaries and third parties;
- the transfer of data to organisations with which we work;
- other organisations with which we work;
- how this personal data is used to improve our products and services.
SECTION B applies to specific groups of products and offers a more in-depth description of the personal data we collect and use.
- When you invest directly in one of our products as a retail client.
- When you invest in one of our products as an institutional or wholesale client.
- When you interact with us as a broker or financial adviser.
How we collect, use and transfer personal data
We undertake to respect and protect your personal data in accordance with the General Data Protection Regulation (also known as the “GDPR”) - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 - and the Loi Informatique et Libertés (France’s Information Technology, Data Files and Civil Liberties Act) of 1978 as amended.
What legal framework applies to the processing of personal data?
We use your personal data only if permitted to do so by regulation or law (according to the legal framework established by these regulations or laws). In accordance with current regulations, our company has compiled a register of processing activities in order to record the data processing we carry out and manage the use we make of your data. We may process your personal data without informing you or without your consent if so required or authorised by regulation or law. We will use your personal data most often in the following circumstances and for the following purposes:
- When we need to execute a contract to which you are a party (“contractual necessity”).
- When we need to comply with a legal or regulatory obligation (“compliance with legal obligations”) to verify your identity, help detect and prevent fraud, and combat financial crime.
- When we need to comply with the Anti-Money Laundering Directive (AMLD), which specifies that the prevention of money laundering and terrorist financing must be considered to be a matter of public interest.
- When it is in our legitimate interests. Before processing your personal data for our legitimate interests, we make sure to take into consideration and weigh out any potential impact (be it positive or negative) this may have on you and your rights.
- When we have your consent to process the data (“consent”).
Whatever the circumstances surrounding the collection of your data, it is in any event collected under circumstances that comply with current regulations. Should you require any further explanations, please contact us by sending your request to our company’s Data Protection Officer at the following e-mail address: contact.rgpd.am@ofi-invest.com and/or by post for the attention of the Data Protection Officer, 22 rue Vernier, 75017 Paris, France.
Credit agencies, fraud prevention bodies and regulations
We may transfer your data to credit agencies and fraud prevention bodies to help us detect and prevent fraud, tackle financial crime and fulfil our regulatory duties. We may also transfer your data and carry out searches alongside third-party organisations such as the police or other public bodies. This is a necessary part of the process of assessing solvency (including financial accessibility) and product suitability, verifying your identity, managing your account, monitoring debtors and beneficiaries, and preventing criminal activity. Should you provide us with false or inaccurate information, and should we suspect fraud, we will record the matter in order to prevent any other instances of fraud and any form of money laundering.
Some of our controls may involve verifying public registers, conducting online searches via websites, social media and other information-sharing platforms, and making use of the databases run by credit agencies and other reputable organisations. We can provide you with more details about the organisations and databases we have access to or to which we contribute, and about the way in which this information may be used.
Marketing and marketing preferences
We may use your personal data in order to send you direct marketing material about our products and related services if we believe they may be of interest to you.
In the interests of protecting the right to privacy and enabling clients to exercise control over the use of their personal data, you may ask us to cease direct marketing at any time. All our marketing communications include unsubscribe links that will help you to manage your marketing settings.
Declining one form of marketing, for instance by e-mail or by telephone, does not unsubscribe you from all forms of marketing. Please take this into consideration when selecting your preferences.
We advise you to consult the Data Protection Policy and preference settings available on all the social media platforms you use on a regular basis as they will determine the way in which advertising and other marketing communications are displayed and shared on these platforms.
Please refer to our Cookie Policy for more information about the cookies and other technologies we use on our website.
How we secure your personal data
We undertake to protect your personal data. We take appropriate organisational and technical security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised manner or otherwise altered or disclosed.
We limit access to your personal data to those employees and other third parties who have a business need to know. They are all subject to a contractual confidentiality obligation.
We have procedures in place to handle any real or suspected breaches of personal data; they include notifying the Commission Nationale de l’Informatique et des Libertés (CNIL), the local authority responsible for supervising personal data protection, if necessary.
Personal data archiving in our systems
We generally retain personal data only as long as reasonably required for the purposes described in this Data Protection Policy. We will archive certain files relating to your transactions, which may include personal data, for a longer period of time if we need to do so for legal, regulatory, fiscal or accounting reasons. For instance, we are required to keep a precise register of transactions so that we can respond to any claims or requests that you or another party may make subsequently. We will also retain files if we reasonably believe there is a prospect of litigation. We have a file retention policy including clear directives on data deletion to help us manage the length of time we retain your data and store our archives.
Transferring and disclosing personal data
Some of the organisations we transfer data to may be outside your country, state or province, or in a different jurisdiction, where data protection laws may differ from those applicable in your own jurisdiction.
Entities within the Aéma Groupe undertake to ensure that your personal data receives adequate and consistent protection wherever it is transferred to within our Group.
In cases where we transfer your data outside the Aéma Groupe or to other service providers, we secure contractual commitments and assurances from them to protect your personal data.
We transfer personal data only to countries that are known to offer adequate legal protection or if we can be sure that there are other provisions in place to guarantee the protection of your right to privacy.
Your personal data could be transferred if we were to be involved in a merger, acquisition or asset disposal. In such a case, we would keep you informed before your personal data was transferred and governed by a different Data Protection Policy.
In certain circumstances, we may be required to disclose your personal data by regulation or law in response to a legitimate request from a legitimate authority (such as a court of law or government body).
You are entitled to ask us for more information about the protective measures we have in place as mentioned above.
Your rights
Under current regulations, you have various rights over your personal data including the right of access, rectification and erasure of your personal data, but also the following rights over how your data is processed: the right to restriction of processing, the right to object to processing, and the right to portability of your data.
You are also entitled to contact us about your personal data if you wish to know:
- how we use it;
- who we send it to;
- if we transfer it overseas;
- how we protect it;
- how long we retain it;
- how we obtained it;
- if we have made use of automated decision-making with the help of your personal data.
We may require proof of identity if you make a request to exercise any of these rights in order to ensure that we are disclosing the information to or modifying the account details of the right person.
Find below your rights in terms of personal data:
To access your personal data
You may ask us to:
- confirm whether we hold and use your personal data;
- provide you with a copy of your personal data.
To rectify or erase your personal data
Please inform us of any changes to your personal details: it is important that the data we have about you is accurate and up to date. You may ask us to:
- rectify any incorrect data about you;
- erase your personal data if you believe we no longer need to use it for the purposes for which we initially obtained it from you;
- erase your personal data if you have withdrawn your consent for this data to be used, if you have exercised your right to object to the legitimate use of your data, if we have used it unlawfully, or if we are subject to a legal or regulatory obligation to erase your personal data.
We may not always be able to grant your request, for example if we need to continue using your personal data in order to fulfil a legal or regulatory obligation or if we need to use your personal data in the event of litigation.
To restrict the use made of your personal data or object to the way in which we use it
You may ask us to restrict the use we make of your personal data in certain circumstances, for example if:
- you consider an item of data to be inaccurate and believe we should verify it;
- an item of data is no longer required for the purposes for which it was collected but may be necessary in the event of litigation; or
- you have objected to the use we make of your personal data but we have yet to verify whether we still need to use it for other purposes.
You may object to any use of your personal data if you believe that your fundamental freedoms and rights to data protection prevail over our legitimate interests in using the data. If you submit an objection, we may still continue to use your personal data if we are able to demonstrate that we have overriding legitimate grounds for using the data.
To request a copy of your personal data
You may ask us to provide you with a copy of your personal data in a structured, commonly used and machine-readable format, or you may ask us to have it transferred directly to another data controller (for example, another company). You may exercise this right only if we use your personal data for the purposes of a contract we have with you, or if we have asked for your consent to use your personal data. This right does not apply to the personal data we hold or process for our legitimate interests, or that we do not retain in digital format.
To withdraw your consent
Subject to certain legal and contractual restrictions and a reasonable notice period, you may contact us in order to object to the processing of your personal data or withdraw your consent at any time (for example, with regard to direct marketing or cookies). We will inform you if your withdrawal of consent might affect our ability to meet your needs.
How to contact us
Please contact our Data Protection Officer if you have any questions about this Data Protection Policy or about how you can exercise your rights.
- By e-mail: contact.rgpd.am@ofi-invest.com
- By post: for the attention of the Data Protection Officer, Ofi Invest Asset Management, 22 rue Vernier, 75017 Paris, France
If you are dissatisfied with the way in which we manage your personal data, our Data Protection Officer will endeavour to resolve any issues with you directly.
We do our utmost to respond to all valid requests within a month. However, we may take longer than a month if the request is a particularly complex one; we will inform you if this is the case. To process your request in a prompt manner, we may ask you to provide more details about your expectations or concerns.
Should any difficulties arise, or should you be dissatisfied with our response, you are entitled to file a complaint with the Commission Nationale de l’Informatique et des Libertés (CNIL), the local authority responsible for supervising personal data protection:
- By post: CNIL- 3 place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07
- Online on the CNIL website: www.cnil.fr