With this policy we aim to inform you about the processing of your personal data we collect in connection with using our website. The personal data comprises all information related to an identified or identifiable individual. This includes information such as name, address, e-mail or phone number. Information that is not directly related to your identity, e.g. the number of users on the website, does not fall within this range.
- Urban Impact Ventures
UIV B.V. (UIV) and its subsidiaries provides financial services and impact investment fund solutions for professional clients. We process your personal data in accordance with the General Data Protection Regulation (GDPR), which took effect in all of Europe on 25 May 2018.
- Which personal data do we collect?
Personal data is any data that pertains to a person and that can be traced back to that person. Different bits of data, gathered together, may also be traced back to a person. For example: your gender alone does not constitute personal data, but it may well do if it is combined with your postcode and date of birth. The personal data that we collect at UIV is made up of the following three categories:
- Personal data necessary for providing products or services
This includes, for example, your name, address, place of residence, email address, telephone number, date of birth or bank account number. It also includes the type and term of the agreement you conclude with us. This also includes the data we record whenever you contact us.
- Personal data on your use of our website, apps and social media
When you visit our websites, we may record the IP address, the internet service provider and the browser you are using, the operating system, your click behaviour and the web pages you visit. We also record the date and time of your visit and, if applicable, the website from which you were referred to our website. Depending on the preferences you have set on social media sites, certain data may be shared with us. For more information about cookies and other comparable technologies we use, please see our cookie statement.
- Sensitive personal data
This includes financial data, social security number, passport, driving licence, location, account login details, etc.
- What do we use personal data for?
- To be able to review, conclude and perform the agreement or the formation of it
We use personal data for formulating and performing the agreement. We need your personal data to deliver our products and to perform our services.
We may also use data that is available from public sources, such as the Chamber of Commerce, National Statistics agencies, such as Statistics Netherlands (CBS), the Land Registry and from market research agencies to enable us perform for instance Know Your Client tasks.
We may review your application or registration by means of a fully or partly automated process. If this is the case, we will inform you about this. If you do not agree with the result of an automated review and/or handling, please contact us about it. See Section 10.
After we approve your application for access to our online services or process your registration, we use your personal data to perform the agreement and to provide our products and services. A few examples are listed below.
- We use your contact details to send you user name and password data and to answer your questions. We also register your questions in our systems.
- We use your personal data to perform our online services. For example, we make your personal data available within your secure personal account and save your settings preferences.
- We may record telephone conversations for the purpose of training and coaching or to prevent and combat fraud and abuse and to comply with statutory obligations. You are entitled to listen to the recorded telephone conversation.
- For the purpose of aligning our products and services with you and sending you relevant information
We strive to offer you the very best products and services that make your life as easy as possible. We only send you messages containing news and offers from UIV that are relevant to you. We may use several different digital media to send you our messages. These include email, apps, social media and your personal account. We may, for example, send you messages about the latest developments, news, promotions, competitions, loyalty programmes, general offers and our new or existing products or services.
We use your personal data to align our services, products and messages to your preferences and behaviour. We may combine and analyse the following personal data for this purpose (please also see Section 10):
- Personal data that you provide to us and data about your purchase of a product or service.
- Personal data that you share with us when you visit our websites and use our apps, such as your click behaviour (see also Section 2).
- Data from public sources and from market research agencies. We use these sources to subdivide customers into segments and target groups. This allows us to better align our adverts to your personal situation, wishes and needs.
- Personal data that you have shared with us using your social media profile, provided that you have given us your consent for this.
If you no longer wish to receive messages from us, you can easily unsubscribe from all commercial news messages at any time. One way to do this is by clicking on the appropriate link provided in the message.
- To prevent and combat fraud and abuse
As a financial service provider, we strive to prevent fraud. Prior to and during the term of the agreement, we process personal data for the purpose of preventing, identifying, investigating and combating fraud.
Automated processing may be used to perform risk assessments on applications which focus on fraud. On the basis of this assessment, we decide whether further investigation by our Compliance department is necessary.
- For the purpose of complying with our statutory obligations
As a financial service provider, specific laws sometimes require us to record certain personal data. The Dutch Money Laundering and Terrorist Financing (Prevention) Act (Wet ter voorkoming van witwassen en financieren van terrorisme, “Wwft”) requires us to determine and verify the identity of our customers or other third party business relations. In addition, under the Dutch Sanctions Act (Sanctiewet), we are required to check data pertaining to these third parties against lists of sanctioned persons (terrorism) compiled by recognised authorities.
In addition, we are obliged to transfer personal data to government institutions, supervisory authorities, courts or other financial institutions upon request; for instance to the Dutch Tax & Customs Administration, the Netherlands Authority for the Financial Markets (AFM), the Netherlands Authority for Consumers and Markets (ACM), De Nederlandsche Bank (DNB) or an investigative authority such as the police, the Fiscal Intelligence and Investigation Service (Fiscale Inlichtingen- en Opsporingsdienst (FIOD)) or the Public Prosecutors Office.
- Storage and the exchange of personal data
UIV securely stores personal data to prevent unauthorised access to that personal data. We do this for the following purposes:
- to ensure that information can be retrieved by and be released in a controlled manner to the persons who need it for the performance of their work;
- for the purposes of fulfilling legal obligations such as Know Your Client and the prevention and combating of fraud and abuse;
- to be able to quickly answer any general questions you may have about the products and services of the UIV;
- to provide you with a high-quality and efficient service;
- for the purpose of aligning our products and services to you, for sending you appropriate and relevant information and for contacting you about other products, if you have given us your consent for this;
- to guarantee the quality of the personal data;
- for the purposes of research and innovation; and
- for use in internal reports and management reports.
- To whom do we provide your personal data?
- Advisers, intermediaries and authorised agents
For some services and products, we collaborate with independent advisers, intermediaries and/or authorised agents. They are each independently responsible for processing your personal data. We may also exchange your personal data with independent advisers for use in marketing activities, but only if you have given your consent for this.
- Other companies with which we work
Several examples of types of companies we work with are listed below. We sometimes do this, because it is more efficient or because these parties are better than we are at one aspect of our service provision. We only provide these parties with the personal data they require to perform the subcontracted work. We have taken the requisite contractual and organisational measures with these parties to ensure that your personal data are processed for these purposes only and that this is done in a secure manner.
- Fund Management (incl. fund admin) services
- External advisors necessary for the performance of our services
- Start-up companies to stimulate innovation. We only exchange personal data with these start-up companies after you have given your consent for this
- Government institutions, regulators and other financial institutions
We will only provide your personal data to government institutions (such as the Dutch Tax & Customs Administration and the police) and to regulators (such as the Netherlands Authority for the Financial Markets and De Nederlandsche Bank) if we have a statutory obligation to do so. Finally, we may also be compelled by a court order to provide personal data.
- Service providers for mail, printing, IT, etc.
We may engage third parties to carry out certain activities. These include delivery services (for shipping packages) or IT service providers that maintain, design and improve our IT systems, tools and portals.
- International transfer of personal data
In principle, UIV does not transfer personal data to countries outside the EEA (European Union and Norway, Iceland and Liechtenstein). Some of our suppliers or third parties we work with may be established in countries outside the EEA, or they store data outside the EEA. Regulations in these countries do not always afford the same level of protection as those within the EEA. This is why we conclude agreements with these parties to ensure that privacy is safeguarded to a similar extent as in the EEA.
- Security of your personal data
We have taken appropriate technical and organisational security measures to protect your personal data against misuse and unlawful or unauthorised use.
We have established, implemented and are maintaining the appropriate technical and organizational security measures within our processes and an information security policy in accordance with the applicable legislative and regulatory requirements concerning information security and data privacy.
The implemented measures and processes are designed to ensure the confidentiality, integrity and availability of information, including personal data, by applying risk-based approach that provides adequate management of risks
Our processes and structure are based on the above mentioned policy and thus guarantee preservation of information from disclosure to unauthorized individuals, entities or processes; maintenance of consistency, accuracy and trustworthiness of information; and correctly functioning computing systems and communication channels used to access information.
We have taken into consideration the importance and specifics of private data security and we have committed to follow the principles and requirements regarding the processing of personal data pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, Personal Data Protection Act (LPPD), guidelines of the European Data Protection Board (EEAS) ), The Commission for Personal Data Protection (CPDP), and the good practices in data privacy.
We have taken the necessary actions to ensure that all personal data are handled lawfully, in a secure and transparent manner. We process accurate, adequate, relevant and limited private information only for a specific, explicit and legitimate purposes with respect to the rights and freedoms of the data subjects.
Be careful with the devices you use for our online services and take your own security measures. If you are unsure about whether a message, app or website originates with us, or if you discover a weak spot in our services, please contact us via email@example.com. Where necessary, we will inform the Dutch Data Protection Authority of this.
- Retention period
We do not use your personal data for any longer than is necessary for the purposes for which we obtained it. The period during which certain personal data are stored depends, among other things, on the nature of the personal data, the purpose of the processing and legislation. Tax law, for example, requires us to keep data for at least 7 years.
In some cases, it is our choice to retain personal data for a long time, sometimes even for years after you have terminated your relationship with us. This is not for commercial purposes, but in order to comply with document retention requirements under the law. Also, in specific cases, we may retain your personal data for a longer period if we expect we will need it for (potential) legal proceedings in the future.
In other words, the retention period can differ for each purpose. This is specified in UIV’s Retention policy. We will share this policy with you upon request.
After the expiry of the retention period, your personal data will be deleted or converted into data that can no longer be traced back to you. We will then only use the data for historical, statistical or scientific purposes.
- Other environments and social media
Depending on the preferences you have set on social media, certain personal data may be shared with us when you use social media. One example of this is using social media to contact us. We will then receive the information linked to your public profile. We can use Facebook to ensure that only our customers and users can view our messages via Facebook. For more information, please go to https://www.facebook.com/business/a/custom-audiences. For more information about social media cookies, please see our cookie statement.
If you use social media to contact us, we cannot guarantee the security of any personal data that you share with us via unsecured social media such as WhatsApp. Many social media providers are established outside the EEA and store your personal data outside the EEA. For this reason, it is possible that your personal data does not enjoy the same level of protection there as it does within the EEA. This is your own responsibility. We therefore recommend that you do not disclose any confidential, special and/or sensitive personal data to us via social media. We will never use social media to share such information with you.
For more information on the personal data we receive and to adjust your settings, please consult the website and the privacy statement of the social media provider. The use of these services is your own responsibility. This Privacy Statement does not apply to third-party services.
- Your rights
As a customer or user of our services, you have a number of rights which are described below. If you wish to invoke these rights, please contact us via email (firstname.lastname@example.org). Before we can handle your request, we ask you to share some information such as a copy of your identification. We use this to identify you and to make sure that we do not disclose any of your personal data to an individual posing as you.
We will send you a first response within five working days. We aim to provide you with a reasoned response within a month’s time. This is, however, not always possible if the case is a complicated one. In that case, we will inform you of this in good time, stating when you can expect to receive a reply from us.
- Right of access
You have a right to see all your personal data processed by us and you have a right to know the purposes for which we use this personal data and, where applicable, to which third parties we have disclosed this personal data.
- Right of rectification
You may give instructions to change your personal data if it is incorrect.
- Right to have personal data deleted
You have the right to have your personal data deleted if we no longer need it for the purpose for which it was collected. It is possible, however, that we do have an interest in retaining your file for a longer period of time, for example because a statutory retention period applies or due to fraud. In that case, we may not be able to comply with your request fully or at all.
- Right to object
You may object to our use of your personal data if we use your personal data for purposes other than the performance of an agreement, compliance with a statutory obligation or UIV’s legitimate interests.
- Right not to be subjected only to automated processing
The review of your application may be partly automated. If this is the case, we will expressly inform you about this. If you do not agree with the result of such a review, please contact us.
- Right to data portability
You have the right to request us to transfer the personal data you have provided to us to another financial services provider and/or to have the relevant personal data sent to you.
- Right to withdraw consent
In those cases where we can only use personal data with your explicit consent, you have the right, at any time, to withdraw the consent you granted previously.