Skip to main content
PRIVACY NOTICE

 

on the personal data processing activities carried out by VERTIS in relation to its clients

Vertis Environmental Finance Ltd. (hereinafter referred to as “VERTIS” or “data controller”) in accordance with Article 13 and
14 of the Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural
persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive
95/46/EC (“General Data Protection Regulation”, “GDPR” or the “Regulation”), hereby provides information relating to the
personal data processing carried out in the context of its relationship with its clients.

Identity and contact details of the data controller
Name of the controller: Vertis Environmental Finance Ltd.
Seat of the controller: Csörsz utca 45, 1124 Budapest, Hungary
Email: privacy@vertis.com
Contact details of the data protection officer: vertis@dataprotection.eu
Purpose, legal basis and retention period of the processing, in relation to each category of personal data processed
A) In the context of our client onboarding and client due diligence processes, regarding the Client’s representatives,
executive officers or authorised proxies as data subjects
Purpose of data
processing
Personal data
processed
Legal basis Retention period
Carrying out anti moneylaundering and customer
due diligence measures Monitoring EU acts and UNSecurity Council
resolutions ordering
financial and assetrelated restrictive
measures for the
purposes of our client due
diligence process
– Family name, given
name;
– Family name, given
name (at birth);
– Nationality;
– Place and date of birth;
– Mother’s maiden
name;
– Home address, or in
the absence thereof,
habitual residence;
– Number and type of
identification
document;
– Copy of indentification
document
– Family name, given
name;
– Family name, given
name (at birth);
– Nationality;
– Place and date of birth;
– Mother’s maiden name
– Home address, or in the
absence thereof,
habitual residence;
– Type of ID document,
document number;
– The fact that the person
appears/does not
appear in a sactions list;
compliance with the legal
obligation to which VERTIS
is subject, as set out in
(Hungarian) Act LIII of 2017
on the Prevention and
Combating of Money
Laundering and Terrorist
Financing, Article 7 and 56
compliance with the legal
obligation to which VERTIS
is subject, as set out in
(Hungarian) Act LII of 2017
on the Implementation of
Financial and Assetrelated Restrictive
Measures Ordered by the
European Union and the
UN Security Council
eight years after the end
of the business
relationship or after the
date of carrying out the
transaction order eight years from theexecution of the
screening
Monitoring sanctions lists
for the purposes of our
client due diligence
process
The fact of appearing /
not appearing on other
sanctions lists not
mentioned above (e.g.
FATF list)
Our legitimate interest in
conducting careful
customer due diligence
procedures, as well as the
smooth processing of
payments and the
avoidance of possible
sanctions
eight years from the
execution of the
screening
Identifying, preventing
and managing conflicts
of interests
Data on interests and
positions held in other
economic enterprises,
including government
organizations
Our legitimate interest
and that of third parties in
the exclusion of conflicts
of interest that may arise
during the provision of
investment services and
could be detrimental to
the client (see Article 110 of
Hungarian Act CXXXVIII of
2007 on Investment Firms
and Commodity Dealers,
and on the Regulations
Governing their Activities)
five years after the end of
the business relationship
Carrying out fitness tests,
compliance tests and
qualifying clients as
retail/professional clients
Personal data necessary
for the mandatory
assessment of the client’s
practice, risk-bearing
capacity, financial
situation, investment
goals, level of knowledge
and experience related to
the essence of the
transaction, the financial
instruments involved and
their risks, especially the
highest education and
professional experience
of the person concerned
as well as their financial
knowledge;
Data required for
retail/professional client
qualification (specific
position or scope of
duties, etc.) according to
Article 49 (1) of Hungarian
Act CXXXVIII of 2007 on
Investment Firms and
Commodity Dealers, and
on the Regulations
Governing their Activities,
as well as data required
for possible legal claims
compliance with the legal
obligation to which VERTIS
is subject, as set out in
(Hungarian) Act CXXXVIII
of 2007 on Investment
Firms and Commodity
Dealers, and on the
Regulations Governing
their Activities (Art. 44,45
and 49);
In the event of enforcing
legal claims, our
legitimate interest in the
availability of the
necessary evidence
five years after the end of
the business relationship
B) In the context of our client onboarding and client due diligence processes, regarding the Client’s beneficial
owners as data subjects
Purpose of data
processing
Personal data
processed
Legal basis Retention period
Carrying out anti moneylaundering and customer due diligence measures Monitoring sanctions lists for the purposes of our client due diligence process – Family name, given
name;
– Family name, given
name (at birth);
– Nationality;
– Place and date of birth;
– Home address, or in the
absence thereof,
habitual residence;
– Nature and extent of
ownership interest;
– The fact that the
beneficial owner is / is
not a politically exposed
person;
– ID document (eg
passport) data, if
necessary to verify the
identity of the beneficial
owner (document
number, expiration date),
in the case of a high-risk
customer, a copy of the
documentThe fact of appearing / not appearing on other sanctions lists not mentioned above (e.g. FATF list)
Compliance with the legal obligation to which VERTIS is subject, as set out in (Hungarian) Act LIII of 2017 on the Prevention and Combating of Money Laundering and Terrorist Financing, Article 9 In case we retain a copy of the ID document: our legitimate interest in keeping proper documentation of the client due diligence process and in the verifiability of the results thereof Our legitimate interest in conducting careful customer due diligence procedures, as well as the smooth processing of payments and the avoidance of possible sanctions eight years after the end
of the business
relationship or after the
date of carrying out the
transaction ordereight years from the execution of the screening
C) In the context of our communication and business cooperation with our clients, regarding the representatives
and contact persons acting on behalf of our Clients as data subjects
Purpose of data
processing
Personal data
processed
Legal basis Retention period
Maintaining business
communication with
clients, including
recording
communications that
relate to the reception,
transmission and
execution of client orders
(except for recordings
based on legal obligation,
see below)
Name, contact details
(business email and
phone number), data
contained in the
communication;
Personal data that may
appear in the content of
customer-related notes,
data necessary for
possible legal claims
enforcement
Legitimate interest of
VERTIS. and its client in
carrying out their
business operations,
maintaining business
relations and in the
fulfillment of concluded
contracts, as well as the
availability of evidence in
the event of enforcement
of legal claims related to
the business relationship
Five years from the end of
business relationship (or,
in case of enforcement of
legal claims, until the
respective legal
procedure is closed)
In case the data referred
to herein is contained in
invoicing or taxation
document, until the end
of the relevant document
retention period
prescribed by law (see
below at “Complying with
document retention
obligations”)
Recording
communications that
relate to the reception,
transmission and
execution of client orders
pertaining to VERTIS’s
regulated activity
concerning transactions
concluded for financial
instruments (emissions
allowances, own account
trading), brokerage and
other investment related
services;
Providing internal courses
to VERTIS employees for
quality assurance and
client complaint handling
Data contained in
outgoing and incoming
telephone conversations
and electronic messages,
letters, faxes and e-mail
messages, minutes of
personal meetings, notes,
data necessary for
possible legal claims
Contact details, personal
data contained in the
complaint or in the
response
In the case of a telephone
complaint, the audio
recording
Compliance with the
legal obligation to which
VERTIS is subject, as set
out in (Hungarian) Act
CXXXVIII of 2007 on
Investment Firms and
Commodity Dealers, and
on the Regulations
Governing their Activities,
Art. 55 (4-5), (8)
In relation to internal
courses, VERTIS’s
legitimate interest in
holding such courses in
order to improve client
serviceCompliance with the
legal obligation to which
VERTIS is subject, as set
out in (Hungarian) Act
CXXXVIII of 2007 on
Investment Firms and
Commodity Dealers, and
on the Regulations
Governing their Activities,
Art. 121
Five years after the
recording of the
telephone conversation
or electronic message
exchange, seven years in
the case of a regulation
by the Supervisory
Authority;
In case the data referred
to herein is contained in
invoicing or taxation
document, until the end
of the relevant document
retention period
prescribed by law (see
below at “Complying with
document retention
obligations”)Five years from the date
of the answer given to the
complaint, or from the
recording of the
complaint given by
telephone
Operating a
whistleblowing (breach
reporting) system
Data contained in the
breach reporting
Compliance with the
legal obligation to which
VERTIS is subject, as set
out in (Hungarian) Act
CXXXVIII of 2007 on
Investment Firms and
Commodity Dealers, and
on the Regulations
Governing their Activities,
Art. 24/G, and Art. 38 of
Decree No. 26/2020. (VIII.
25.) of the National Bank
of Hungary
eight years after the end
of the business
relationship or after the
date of carrying out the
transaction order
Providing the service
“MyVertis”
Email address, access
code, password, user
profile data (name,
company, position,
telephone number,
language); user data and
data for any possible
legal claim enforcement
The legitimate interest of
VERTIS and its client in the
provision and use of the
MyVertis service
In the event of enforcing
legal claims, our
legitimate interest in the
availability of the
necessary evidence
Five years after
registration
Provision of order
reception or forwarding
(brokerage) services, or
fulfilment of contractual
obligations arising from
engagements aiming the
creation of business
cooperation between
clients
Contact details of
representatives,
executives of clients
(including onboarding
information if applicable)
Legitimate interest of
VERTIS and its client in
providing the relevant
service or fulfilling a
contractual obligation
The retention periods
indicated at other data
processing purposes
apply
D) In the context of our internal administrative processes, regarding all data subjects mentioned above
Purpose of data
processing
Personal data
processed
Legal basis Retention period
Preparing back-up
copies of documents kept
in our IT systems,
implementing measures
of data loss prevention
All data stored in our IT
system
Compliance with the
legal obligation to which
VERTIS is subject, as set
out in (Hungarian) Act
CXXXVIII of 2007 on
Investment Firms and
Commodity Dealers, and
on the Regulations
Governing their Activities,
Art. 12 (7);
For the data not affected
by legal obligations, the
legitimate interest of
VERTIS in ensuring the
uninterrupted operation
of its IT processes and
taking the necessary
steps to ensure data
security
Five years
Complying with
document retention
obligations
Data contained in
documents relating to
invoicing/accounting or
taxes
Compliance with the
legal obligation to which
VERTIS is subject, as set
out in the Hungarian
Accounting Act and Act
on Taxation Procedures
accounting documents:
eight years,
taxation documents: the
end of the calendar year
affected by the tax
declaration obligation +
five years
Sources of personal data

The sources of the personal data are normally you as the data subject or your company, in the course of our client business
communication.

In the context of our anti money-laundering and/or customer due diligence processes, we may also rely on public registries
and sanctions lists in order to obtain your data.
In the context of business communications, minutes or messages, the source of data is the sender of the communication
or the person who took the minutes.
In the context of the whistleblowing (breach reporting) system, the source of your data is the breach reporter.

Provision of your personal data is a statutory requirement in all those events where we refer to a legal obligation VERTIS is
subject to. Provision of your data is not a requirement necessary to enter into a contract directly with you, but it may be
necessary to enter into a contract with the company you represent or on behalf of which you act towards us. Consequently,
you are generally not obliged to provide the personal data, but it might be an obligation for your company or for VERTIS to
obtain and process them. Possible consequences of failure to provide your data may be that VERTIS cannot enter into or
maintain business relationship with or provide services to its clients.

Recipients of the personal data

In the context of the data processing activities referred to in this privacy notice, personal data shall be shared with the following addressees, in relation to the below detailed services VERTIS has engaged in order to be able to operate its systems and pursue its business activities. Most of such addressees, if they provide services to VERTIS, act as data processors providing the guarantees to implement appropriate technical and organisational measures in line with the rules of GDPR, in order to ensure protection of your data.

Data category Addressee Activity or role which serves as grounds for the data sharing
All data contained in e-mail
correspondence, Skype for
business or Teams application
Microsoft Ireland Operations
Limited
Cloud based system for e-mail
correspondence, Skype for
business and Teams application
Data related to transactions where
Vertis Iberia SL acts as an agent for
VERTIS
Vertis Iberia SL (Spain) Agency activity
Data related to transactions where
Vertis Brussels SA acts as an agent
for VERTIS
Vertis Brussels SA (Belgium) Agency activity
Data related to transactions where
STRIVE Climate Action SL acts as an
agent for VERTIS
STRIVE Climate Action SL (Spain) Agency activity
Data contained in Eikon messages
(if we contact You through Eikon)
Refinitiv Ltd. (UK) “Eikon” Instant messaging service
for business purposes
Data contained in ICE chat
messages (if we contact You
through ICE chat)
International Exchange Ltd. (USA) “ICE chat” Instant messaging
service for business purposes
Data contained in WhatsApp
messages (only if You contact us
through WhatsApp)
WhatsApp Ireland Ltd. (Ireland) “WhatsApp” Instant messaging
service for business purposes
Data contained in WeChat
messages (only if You contact us
through WeChat)
Tencent International Service
Europe BV. (The Netherlands)
WeChat” Instant messaging
service for business purposes
Business contact or onboarding
data in case of brokerage services
or other services aiming creating
business cooperation between
clients
The other client affected by the
service / business cooperation
Brokerage services or other services
aiming creating business
cooperation between clients
Data used for reporting obligations,
procedures or audits by authorities
and by the statutory auditor
Supervisory or other authorities;
TRUSTED ADVISER Könyvvizsgáló és
Tanácsadó Kft. (Hungary;
appointed statutory auditor)
Compliance with legal (eg.
Reporting) obligations, supervisory
audits or administrative
procedures; performance of
annual statutory audit
Data contained in documents
necessary for enforcement of legal
claims
Legal advisors, courts Enforcement of legal claims

 

Please be kindly informed that in case of the service “MyVertis” we use our own system so no data processor or other third party is involved in the processing of your data.

Data transfer to third countries

Data transfer to third countries is carried out by VERTIS in the following events, in relation to the involvement of the following service providers. The chart below also provides you with information regarding the safeguards applied in relation to such data transfers.

 

Service provider / other addressee Third country to which data are transferred Safeguards for ensuring proper protection for the data When does it happen?
Refinitiv Ltd. United Kingdom Adequacy decision of the EU Commission In case of communication through Eikon instant messaging service
International Exchange Ltd. USA Standard Contractual Clauses In case of communication through ICE chat service

 

If, for the purposes of our data processing relating to the provision of brokerage services, or other engagements we have for creating business cooperation between our clients, it is necessary to transfer personal data to third countries or international organisations, we will ensure that proper safeguards are implemented to protect your personal data, either because there is an adequacy decision regarding the receiving country, or by using standard data protection clauses adopted by the European Commission, or specific contractual clauses concluded with the receiving party.

Automated decision making, including profiling

Automated decision making, including profiling, does not occur in the context of the data processing referred to in this Privacy Notice.

Your rights in relation to our data processing activity

As a data subject, you can exercise

  • the right to access;
  • the right to rectification;
  • the right to erasure (right to be forgotten);
  • the right to restrict the processing
  • the right to object to the processing of your personal data,
  • the right to data portability subject to the conditions as set out by the GDPR.
a) Right to  access

You as data subject shall have the right at any time to request information whether your personal data are processed, and if so, in what manner such data are processed by the data controller, including the purposes of the processing, recipients to whom the personal data have been or will be disclosed, the source of information from where the data controller obtained such data, the retention period of such data, any right that they may have concerning the processing, and where personal data are transferred to a third country or any international organisation, you as data subject shall have the right to be informed of the appropriate safeguards relating to the transfer. When exercising the right of access, the data subject shall also be entitled to request copies of such data. In the event the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in an electronic form. If the right of access exercised by the data subject would affect adversely the rights and freedoms, in particular the business secrets or intellectual properties of others, the data controller shall have the right to refuse the request of the data subject to the extent necessary and proportionate. For any further copies of the above information requested by the data subject, the data controller may charge a reasonable fee that is proportionate to the related administrative costs.

b) Right to rectification

The data controller shall rectify or supplement the personal data of the data subject based on any related request from the data subject. Where there is any doubt concerning any rectified data, the data controller may call upon the data subject to adequately verify, preferably by an official document, the rectified data for the data controller. If the data controller has disclosed the personal data affected by such right to any other persons (i.e. to another recipient e.g. the data processor), the data controller shall inform such persons of the rectification of such data without delay, provided that it is not impossible or does not require a disproportionate effort from the data controller. At the request of the data subject, the data controller shall inform the data subject of the identity of these recipients.

c) Right to erasure (“right to be forgotten”)

Where You as data subject request the erasure of any or all of your personal data, the data controller shall have the obligation to erase those without undue delay, if:

  • the data controller does not need the affected personal data in relation for the purposes for which they were collected or otherwise processed;
  • processing was based on your consent, however, you have withdrawn your consent, and there is no other legal ground for the processing;
  • processing was based on the legitimate interest of the data controller or a third party, however, You have objected to the processing, and there are no overriding legitimate grounds for the processing, except for objection to data processing for direct marketing purposes;
  • the personal data have been unlawfully processed by the data controller, or
  • the personal data have to be erased for compliance with a legal obligation.

If the data controller has disclosed the personal data affected by such right to any other persons (i.e. to another recipient e.g. the data processor), the data controller shall inform such persons of the rectification of such data without delay, provided that it is not impossible or does not require a disproportionate effort from the data controller. At the request of the data subject, the data controller shall inform the data subject of the identity of these recipients. The data controller shall not always be required to erase the personal data, in particular where e.g. the data processing is necessary for the establishment, exercise or defence of legal claims.

d) Right to restriction of processing

You as data subject may request restriction of processing in relation to your personal data where one of the following applies:

  • the accuracy of the personal data is contested by the data subject, in this case restriction of processing shall be applied for a period enabling the data controller to verify the accuracy of the personal data;
  • the processing is unlawful, but the data subject opposes the erasure of the data, and requests the restriction of their use instead;
  • the data controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise and defence of legal claims; or
  • the data subject has objected to the processing, in this case restriction of processing shall be applied until it is verified whether the legitimate grounds of the data controller override those of the data subject.

Restriction of processing means that such personal data shall not be processed by the data controller or shall, with the exception of storage, only be processed with the data subject’s consent, or in the absence of such consent the data controller may also process these data for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a member state of it. The data subject shall be informed by the data controller before the restriction of processing is lifted. If the data controller has disclosed the personal data affected by such right to any other persons (i.e. to another recipient e.g. the data processor), the data controller shall inform such persons of the rectification of such data without delay, provided that it is not impossible or does not require a disproportionate effort from the data controller. At the request of the data subject, the data controller shall inform the data subject of the identity of these recipients.

e) Right to object

Where processing of data concerning You as data subject is based on the legitimate interest of the data controller or a third party, You as data subject shall have the right to object to processing of data. The data controller shall not be obliged to accept such objection, unless the data controller demonstrates

  • compelling legitimate grounds for the processing which override the interests, rights and freedoms of the User, or • that the data processing is related to the submission, enforcement or protection of the data controller’s legal claims.
f) The right to data portability

Right to data portability means that You as the data subject shall have the right to receive the personal data concerning You, which You provided to the data controller based on consent or on a contract, and are processed by the data controller by automated means (e.g. in a computer system), in a structured, commonly used and machine-readable format, and You have the right to transmit those data to another controller, or to have the personal data transmitted directly from us to another data controller, where technically feasible. In the case of such requests, we shall make available the requested data in Pdf file format. Where the exercise of the right to data portability by You would adversely affect the rights and freedoms of others, we shall have the right to refuse to comply with your request to the extent necessary. A measure taken in the field of data portability shall not mean the erasure of the data, unless You have submitted a request for erasure at the same time, in the absence thereof, we shall continue to retain the data, until any purpose for processing or an appropriate legal basis exists.

In addition to the above, as a data subject, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of the EU of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR. For a list of the data protection supervisory authorities, see https://edpb.europa.eu/about-edpb/about-edpb/members_en. You may also enforce your rights in court pursuant to the provisions of the GDPR and the Hungarian Civil Code or other legislation applicable to you.

Additionally, according to Art. 25 of the Hungarian Act CXII of 2011 on the right to informational self-determination and freedom of information, the close relative of the deceased data subject or the person authorized by the deceased data subject might exercise data subject rights as determined by that Act within 5 years from the date of the death.

How we handle your requests or questions in relation to our data processing activities

We shall provide information on the action taken on your questions or requests submitted to us relating to the processing of your personal data or to the exercise of your rights as data subject, without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests we receive. We shall inform You of any such extension within one month of receipt of the request, together with the reasons for the delay. If You make the request by electronic means, we shall also provide you our answer by electronic means where possible, unless otherwise requested by You. Should it be the case that we do not take action on your request, we shall inform You on that without delay and at the latest within one month of receipt of the request, explaining you the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.

I am raw html block.
Click edit button to change this html