1. Aims of the policy
The aim of this data protection policy is to describe how DECALIA Asset Management SA (“DECALIA”) collects and processes the personal data and information that it may receive and store in the context of its business activity (the “Policy”). Other provisions may supplement this Policy in accordance with the terms of the agreement or any other contractual relationship that you or your representative might have with DECALIA and that form an integral part of this Policy. In the event of contradictions or discrepancies between this Policy and any other provision, the Policy shall prevail over the latter, unless said provision expressly stipulates that it constitutes a derogation from the Policy and specifically identifies the terms of the Policy from which it constitutes a derogation.
2. Types of personal data collected
In principle, DECALIA does not collect or process data outside the context of business relationships with its clients. Owing to legal or regulatory requirements, DECALIA may, however, be required to collect and process data outside this context.
The types of personal data that DECALIA is likely to collect and process in the context of prospective and/or existing business relationships (“Business Relationships”) are:
- personal information (such as surname, first name, date of birth, passport, telephone number, home address, postal/electronic address, telephone number);
- family information;
- financial information (including statements, transactions, real estate, debts, taxes, income, gains and investments);
- tax information (including TIN, tax number, tax domicile);
- professional information (such as CV, work experience and occupational activity);
- any other information related to our interactions with you, whether via electronic mail, the website, contact forms, telephone calls or meetings;
- data collected through using our cookies, as described below.
DECALIA does not perform any profiling or evaluation of characteristics based on automatically-processed personal data.
3. How personal data is collected or received
DECALIA collects or receives personal data:
- directly from Business Relationships, either through you or the legal entity for which you work (e.g. if you are the contact person appointed by your employer to interact with DECALIA), through meetings or by means of documents sent to DECALIA (including pre-contractual documents and business cards);
- indirectly, though one of our service providers (e.g. financial institutions or recruiters) or through external sources such as DECALIA websites or publicly-accessible sources (e.g. to keep up to date the contact information that DECALIA already has).
DECALIA does not receive or store personal data collected through organizations specializing in the provision of personal information.
4. Personal information provided by you about other people
If you disclose personal data of another person, you must ensure that you are authorized to do so and that DECALIA may collect and use this personal information, as specified in the Policy, without having to take additional measures. In particular, you must ensure that the data subject has been informed of this Policy, including the identity of DECALIA, how to contact the company, the purposes of data collection and its practices regarding the communication of personal data.
5. Objectives and legal bases of personal data collection
DECALIA collects and processes personal data for the following legal reasons and purposes, to the extent that the data is necessary, in particular:
- to provide the services you have requested from DECALIA and to develop business relationships, including in an investment fund distribution context;
- to improve the services that DECALIA provides and/or to supply information on DECALIA products and services, undertake marketing activities related to our business activity, including the organization of meetings and events, presentation to potential or existing investors, as well as other activities (such as sending greeting cards);
- to establish and manage business relationships with DECALIA, including all the procedures necessary to verify the identity of Business Relationships when this proves necessary;
- to protect the security of, and manage access to, our premises, our computer and communication systems, our internet platforms, our website and other systems;
- to perform tasks in preparation or under existing contracts;
- when processing is necessary for the purposes of our legitimate interests or those of any third party that has received your personal data, unless such interests are overridden by your interests or fundamental rights and freedoms;
- any other purpose related to and/or ancillary to what is described above or for which the personal data has been communicated to DECALIA, or any other purpose imposed upon it by virtue of legal or regulatory obligations or by the authorities.
6. Personal data transfer
Provided that this is legally possible or required, DECALIA reserves the right to transfer personal data or to make it accessible to:
- entities within the DECALIA Group;
- auditors, legal advisors and/or competent authorities (a court, a national and/or international regulatory agency or authority, a stock exchange authority), when DECALIA is required to do so by virtue of the applicable law or regulations, or at their request;
- third parties who process personal data on our behalf, such as IT system providers, web designers and hosts, recruiters, payment service providers, banks, insurance companies, social security organizations, internet-services and e-mail-address providers, database and cloud services providers, consultants.
DECALIA undertakes not to transfer any personal data to third parties other than to those mentioned above without notifying you or unless the applicable law or regulations so require.
7. Storage period of personal data
Your personal data will be erased when it is no longer reasonably necessary, or if you withdraw your consent and DECLIA is not, or no longer, legally required or otherwise authorized to continue to store your personal data. DECALIA will, however, continue to store your personal data if it is necessary for it to assert a claim or defend itself from claims until the end of the corresponding storage period, or until the claim concerned has been settled.
8. Rights of Business Relationships relating to their data
Being subject to the collection or processing of personal data, Business Relationships benefit, within the limits of the applicable legislations and regulations, from the right to:
- access their personal data and receive a copy of it;
- correct inaccurate personal data concerning them;
- prohibit or limit the processing of their personal data;
- request the erasure of their personal data when processing is no longer necessary or when it is no longer legal for other reasons.
Subject to the restrictions laid down in this Policy and/or the applicable data protection laws, Business Relationships may exercise the above-mentioned rights at no expense by contacting the data protection officer at the address given below. In the event that a Business Relationship has agreed to the processing of their personal data for the purposes mentioned above, he/she may withdraw their consent at any time by contacting the data protection officer at the address given below.
In the event of opposition or withdrawal of previously-given consent, DECALIA will respect this choice in keeping with our legal obligations. This opposition (or withdrawal of your previously-given consent) might mean that DECALIA will no longer be able to take the actions necessary to achieve the objectives listed above, or that the Business Relationship will no longer be able to use our products and services. Please note that, even after consent has been withdrawn, DECALIA might continue to process personal data to the extent required or otherwise permitted by law, particularly in connection with the exercise and defence of its rights or in order to allow it to fulfil its legal and regulatory obligations.
9. Personal data security
DECALIA takes appropriate technical and organizational measures to protect the security of your personal data from any unauthorized access, use, disclosure, modification or destruction, in compliance with applicable data protection laws.
10. Recording of telephone conversations
DECALIA may be called upon to record and check on the telephone conversations it has with Business Relationships, in order to maintain a high standard of quality, but also for security reasons and in accordance with current legal and regulatory obligations.
A cookie is a small file which your system retrieves when you visit our website and which compiles certain items of browsing data (e.g. language preferences and analyses of how you use the site, such as pages visited and length of visit).
You can choose to refuse to have cookies installed and thus prevent browsing information from being collected (including your IP address and forwarding to Google Analytics). However, refusal to allow cookies may lead to certain parts of the website not working properly. For further information see http://www.allaboutcookies.org.
12. Updating of this Policy
This Policy may be subject to changes. Any future changes or additions to the processing of personal data as described in this Policy and concerning a Business Relationship will be communicated appropriately by the means that DECALIA usually uses to communicate with the Business Relationship. Changes and additions take effect from the time they are published on DECALIA’s website.
13. Data protection officer
DECALIA Asset Management SA
31, rue du Rhône