In the event of doubt in the application of the principle described below, the employee shall refer to its superior and/ or escalate the matter to the Senior Management.
FIA qualifies as processor in the following situations:
The process of personal data is based on the consent of the data subject when any other basis cannot be used. The process of personal data is always considered as lawful when based on what is necessary for the performance of a contract and/ or to comply with European and Luxembourg laws and regulations related to the financial sector such as legislation related to anti-money laundering and fight against financial terrorism.
In addition to the aforementioned information, each time an employee of FIA collect personal data, it shall explain to the data subject the purpose followed in the collection of personal data and the legal ground to collect personal data.
In the performance of due diligence/AML on client or counterparty, the lawfulness of the processing of personal data is always considered as necessary for the compliance with laws and regulations applicable to FIA.
Prior to collect any personal data, FIA and its employees inform the data subject about their rights and invite them to consult its website.
In addition, FIA or its employees provide the contact details or person to contact in case of any question related to GDPR and/or the contact detail of the DPO (if any).
FIA or its employees assess whether the collection of personal data is collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
FIA specific, explicit and legitimate purpose is defined in article 4 of its article of incorporation. Within the Company each department followed this purpose based on the activity performed by the department.
FIA and its employees ensure that only personal data necessary to meet FIA’ legitimate purpose are collected.
FIA or its employees ensure that personal data are accurate and where necessary up to date.
When FIA or its employees identified that personal data are inaccurate, having regard to the purposes for which they are processed, it takes reasonable measures in order to erase or rectify the data.
FIA stores personal data for a limited period taking into account the objective pursued by the processing and applicable laws. In the event, any laws or regulations required to store data for a longer period of time than required by GDPR, this law or regulation shall prevail.
When the storage period ends, FIA shall either anonymise the personal data or destruct them. The person of contact for any GDPR query at the level of FIA is Mr. Marco Claus.