DATA PROCESSING REGULATIONS OF VERTIS ENVIRONMENTAL FINANCE
1. Name of Data Controller
Vertis Environmental Finance Ltd. (hereinafter referred to as ‘Vertis’)
2. Address of Data Controller
Csörsz utca 45, 1124 Budapest, Hungary
3. E-mail Address of Data Controller
4. Description of data processing
Vertis processes the personal data that received from you within the scope of its business relationship. Vertis also processes data that Vertis has legitimately received from publicly available sources (e.g.: commercial register, register of associations, media, other AML (anti-money-laundering) relevant registries – if any).
In case Vertis provides services to non-private individuals, all requirements related to personal data on the basis of the EU regulation No. 2016/679 (EU General Data Protection Regulation, “GDPR” hereinafter) and defined in this policy shall be applied in the following cases:
- representatives’ data
- ultimate beneficiary owners’ data
- contact person’s data
- users’ data – in case of private individuals
The personal data includes:
- Your personal details (e.g.: name, address, contact details, date of birth, place of birth, nationality, mother’s maiden name)
- Identity verification data (e.g.: identity card/passport data) and authentication data (such as a sample signature)
- Contact information (e.g.: your individual e-mail address, telephone number, applicable language)
- User’s information (e.g.: login name, the login and log-out information)
- Data for compliance with legal and regulatory requirements (e.g.: if you are a politically exposed person, word-check verifications)
You must provide most of the above mentioned personal data which is necessary to establish and maintain the business relationship with Vertis, as well as the information which Vertis is legally required to collect.
Please be informed that contact information is needed in order to manage and administer the offers, transactions, products or services of the company represented by you; to send you service, support and administrative messages, reminders, technical notices, updates, security alerts and information requested by you; and to notify you about either important changes or developments to the features and operation of those products and services. Vertis also uses this information to respond to your enquiries and complaints.
If you are not seeking to provide this data to Vertis, in most cases Vertis is obliged to refuse to enter into a contract with you or to process your transaction offer. In such cases, Vertis is no longer able to execute an existing contract and must therefore terminate it.
However, you are not obliged to grant permission to process your data in the case of data that is not relevant for the fulfilment of the contract, or is not required for this purpose by legal and/or regulatory authorities (e.g.: approval of marketing communication).
In addition, Vertis processes the following data:
- Transaction data (such as , details of the transactions and settlement, activity and payables and receivables)
- Data relating to the fulfilment of your and/or Vertis’ contractual obligations
- Information regarding the financial status of the clients
- Advertising and sales data
- Publicly available information including information on your social media profile where it is publicly accessible.
- Information about you which is obtained from other parties, for example, institutions, people appointed to act on your behalf
- Significant life events, like birthdays, that can be relevant in the business relationship with Vertis
- Your comments and suggestions, past complaints
- Documentation data (such as consulting records)
- Company register and other registries’ data
- Audiovisual data (such as video or telephone recordings)
- Information from your written and electronic communication with Vertis (e.g.: post, email, instant messenger, your website)
- Processing results generated by Vertis itself (such as client code)
In case Vertis provides services to non private individuals, please be noted that email address, telephone number and other provided identifier and contact detail – unless otherwise expressly declared by you – is presumed as the data related to the company on behalf of which you are contacted by Vertis and not considered as your personal data. All information we provide to you is considered to be provided to the company you represent.
Furthermore, please be informed that in case you initiate any correspondence with Vertis (eg: via e-mail or any other elevtronic communication) it shall be considered that you have accepted this Regulations regarding personal data processing taking into consideration that the relevant communications shall be stored by Vertis based on the legal requirements to be complied by Vertis and/or by deleting such communication the legitimate interest of Vertis or third party might be injured.
5. Legal grounds of data processing
Vertis processes your personal data in accordance with data protection regulations especially as described in the followings:
a) For the fulfilment of contractual obligations (Article 6, Paragraph 1b of GDPR)
It is necessary to handle your personal data
- for transactions made by Vertis,
- for completing the KYC (Know Your Customer) procedures required by the anti-money laundering regulations
- for completing contrating procedures
- processing personal data as part of the activities Vertis must carry out to maintain the ongoing operation and administration
b) To comply with legal obligations (Article 6, Paragraph 1c of GDPR)
Certain statutory obligations, which Vertis is subject to, may require the processing of personal data. Such obligations may arise from the provisions of the following laws:
- Act CXXXVIII of 2007 on Investment Firms and Commodity Dealers, and on the Regulations Governing their Activities (Hungarian Investment Firms’ Act)
- Directive 2014/65/EU on markets in financial instruments and Regulation 600/2014 on markets in financial instruments (MiFID II and MiFIR) and the related delegated regulations
- AML rules, especially the Act LIII of 2017 on Prevention and Combating of Money Laundering and Terrorist Financing (Hungarian AML Act)
- Act V. of 2013 on the Civil Code (Hungarian Civil Code)
- Rules of the National Bank of Hungary and of the European Securities and Markets Authority (ESMA)
Vertis is to verify the personal information provided to Vertis and meet its legal and compliance obligations, including the prevention of money laundering, tax avoidance, financing of terrorism and fraud. For example, Vertis is required to identify you, verify your identity, check your activity and transactions and ascertain your money laundering risk profile;
c) Within the scope of your consent (Article 6, Paragraph 1a of GDPR):
If you have granted Vertis consent to process your personal data, processing will only take place in accordance with the purposes set out in the declaration of consent and to the extent agreed therein. Any consent given may be revoked at any time with future effect (for example, you may object to the processing of your personal data for marketing and promotional purposes if you no longer consent to processing in the future).
Vertis can use your personal information to make you aware of news, information, products and services, which may be interesting for you.
Whenever you have provided Vertis with your consent to process your personal information, for example, so that Vertis can contact you about one of the products or services provided by Vertis, you have the right to withdraw that consent at any time. If you withdraw consent to processing (and if there is no other justification for continuing to process your information), you are also entitled to request that your personal information – that differs from the data of company represented by you – is deleted. Withdrawing consent does not affect the lawfulness of any processing undertaken by Vertis based on your consent before its withdrawal.
d) To safeguard legitimate interests (Article 6, Paragraph 1f of GDPR)
Should it become necessary to process your data over and above the terms stipulated in the contract in order to safeguard the legitimate interests of Vertis or a third party, then such processing can be carried out in especially the following cases:
- Identification of certain risks
- Review and optimisation of needs analysis and direct customer approach procedures
- Advertising or market and opinion research, provided that you have not objected to the use of your data pursuant to Article 21 of GDPR
- Complaint handling
- Certification of transaction regarding regulatory obligations under theEU Emissions Trading System (EU ETS)
- Measures relating to the management and the enhancement of services and products
- Measures for protecting employees and customers, as well as the property of Vertis
- Measures for the prevention and combating of fraud
6. Access to data
Your data is received by those offices, tied agents or employees of or connected to Vertis that require your data to fulfil contractual, statutory and regulatory obligations and to safeguard legitimate interests. Furthermore, data processing companies acting on Vertis’ behalf (especially IT and back-office service providers) receive your data if they require it to provide their respective services. Accordingly, all the data processing companies are contractually obligated to keep your data confidential and to process it only in the context of service provision.
Authorities and public institutions, (such as the National Bank of Hungary, Tax Authority, Ministries, Tribunals, etc.), may be granted access to your personal data if there is a statutory or regulatory obligation to do so.
Besides data protection regulations, Vertis as an investment firm licensed by the National Bank of Hungary, is obligated to comply with securities secrecy regulations in accordance with the Investment Firms’ Act, and must therefore maintain confidentiality regarding all client related information and facts which have been entrusted or made accessible to Vertis in the course of the business relationship.
7. Length of data retention
The period within which personal information is stored depends on the nature of the information Vertis holds and the purposes for which they are processed. Vertis determines appropriate retention periods having regard to any statutory obligations imposed on Vertis by law.
Examples: Vertis is required to retain some client information for 8 years after the end of the customer relationship in accordance with AML rules.
Length of data retention: For the entire period of the business relationship (from the initiation, to the implementation, until the end of the contract) and beyond, in accordance with the applicable law, such as among others:
- Investment Firms’ Act
- The Directive 2003/87/EC or as it was implemented by the Member States as applicable regulation regarding EU ETS compliance obligation of the clients of Vertis
- Act C of 2000 on Accounting (Hungarian Accounting Act)
Moreover, the statutory limitation periods must be taken into consideration for the retention period, and in accordance with the provisions of the Civil Code,
Finally, data provided to Vertis from 2005 will be stored considering claims might be arisen in connection with the client’s EU ETS obligation that shall have been complied with from 2005 at the earliest.
8. Voluntary Acceptance
In case of voluntary acceptance, the following shall be applied by Vertis:
Persons express their interest in the services/job opportunities provided by Vertis by filling in and submitting the data sheet and/or sending their application, and they enable Vertis to contact them and answer their questions by giving their contact data. Vertis may offer the opportunity for them to subscribe to or cancel receiving Vertis’ newsletter.
The Data Controller may not use the given personal data for any purpose other than specified. Personal data shall not be disclosed to any third parties, which, however, does not concern data transferred based on compulsory laws.
9. Data protection right
Any time you have:
- the right of access,
- the right to rectification,
- the right to erasure or
- the right to restriction of processing regarding your stored data,
- the right to object to the processing of your data
- the right to data portability as set forth in the provisions of GDPR
Under certain conditions, you can exercise your data protection rights towards Vertis:
a) Right of access:
According to the Article 15 of GDPR, you have the right to receive information about your data that we have saved.
b) Right to rectification:
According to the Article 16 of GDPR, you have the right to obtain the rectification of inaccurate data that we have stored concerning you.
c) Right of erasure:
If you wish, Vertis will delete your data according to the Article 17 of GDPR as long as other legal regulations or one of our legitimate interests (e.g. defense of our rights and claims) do not conflict with it.
d) Right to restriction of processing:
Based on the conditions of the Article 18 of GDPR, you can request to limit the processing of your data.
e) Right to object:
According to the Article 21 of GDPR, you can apply objections. You can exercise this right to object in the case of certain circumstances that arise from your specific situation and only for data processing whose legality is based on a balance of interests which concerns profiling or which fulfils the purpose of direct advertising. In this case, we will no longer process your data unless we are legally entitled to deny your objection. However, an objection to direct marketing, including profiling, is mandatory for us and we are no longer permitted to process your data for these purposes.
f) Right to revoke authorization:
If you have granted your authorization regarding certain types of processing operations, you can revoke this authorization at any time with effect in the future. However, the retraction doesn’t affect the legality of the processing before the withdrawal of the consent, or as long as the processing can be justified with another legal basis.
g) Right to data portability:
According to the Article 20 of GDPR, you also have the right to receive your data in a structured, machine-processable format or to submit it to a third party.
h) Complaints to the data protection authority:
You have the right to submit complaints to any responsible data protection authority (Article 77 of GDPR). However, we recommend that you first send your complaint to Vertis so that Vertis can solve your problem quickly and in a client-friendly way.
phone: +36 1 489 1900Fax: +36 1 489 1901
Post: 1124 Budapest, Csörsz utca 45. Hungary
In case the answer is not acceptable to you, you have the right to submit your complaint to the Hungarian National Authority for Data Protection and Freedom of Information (NAIH) (1125 Budapest, Szilágyi Erzsébet fasor 22/C. Hungary, E-mail: firstname.lastname@example.org).
10. Deletion of personal data
If the purpose for which the information was obtained has ceased and the personal information is no longer required, the personal information will be deleted or anonymised which means that your personal information is stripped of all possible identifying characteristics. Vertis has put in place procedures to ensure that files are regularly purged and that personal information is not retained any longer than is necessary and only limited access can be permited for persons defined in Vertis data protection internal rules.
Any request for deletion shall be sent to the address: email@example.com. In this case, if the request is well-founded, Vertis shall delete the personal data within five workdays as of the receipt of such request, provided that the data porcessing is made based on voluntary acceptance of the private individual.
11. Cookies, Social Media
Vertis uses “cookie” technology on vertis.com and myvertis.com. Cookies are small pieces of information, held in simple text files, stored on your computer when you visit a website.
Accepting the application of cookies is not mandatory, in the settings of your browser or of your device used for browsing you can refuse the application of cookies. Please note, that in the case you refuse the usage of cookies you will not be able to fully benefit of all functions and services of our website. Please note, that these cookies alone cannot identify the visiting person.
Using cookies allows us to document the following data about you and the device used while browsing:
• the type of browser used by you
• your IP-address,
• date and time of your visit,
• address of the site you visited previously
• features of the operating system of the browsing device,
• on vertis.com the visited sub-sites, functions used and time spent on the site and sub-pages.
Session cookies are crucial to enable you to browse our website and use all its functions smoothly. Session cookies are only valid for the current visit and by finishing the session or closing the browser, this type of cookie is deleted automatically from the computer. Persistent cookies remain on the computer of the visitor or in its browser until deletion by the visitor. Performance cookies are used to collect information about how visitors use our website. The aim of all above is to optimise our website and improve your user experience.
Third party cookies on our website:
• Google AdWords remarketing display/banner, retargeting and search remarketing services,
• Google Analytics services
If you would like to change the cookie settings on your device used for browsing – including blocking the use or placement of cookies – you are free to do this, as all browsers and devices used for browsing allow the modification of cookie settings. Please bear in mind that blocking the application of cookies or deleting them may result in preventing you from using all functions of our website fully and smoothly.
For the cookie settings of the most popular browsers, click on the following links:
12. Data security
The security of your data is Vertis’ highest concern. Vertis’ stated aim is to take all technical and organisational measures required to ensure that its data processing is carried out in a secure manner and to process your personal data in such a way that it is protected from access by unauthorised third parties.
Vertis makes sure its IT infrastructure complies with the highest security standards requred by the applicable law by using the most up-to-date security software and encryption procedures.
13. Application of third parties
Only staff members who are suitably authorised can access your personal information if that information is relevant to the performance of their duties, whether it is in connection with the delivery of products or services or in accordance with legal or regulatory obligations. This may include, for example, staff members working in Vertis’ Sales and Marketing Department, Back Office and other operations.
Furthermore, Vertis sometimes shares your personal information with trusted third parties who perform important functions for Vertis based on Vertis’ instructions and applying appropriate confidentiality and security measures.
For example, Vertis uses third party service providers to help providing services (within the frame of outsourcing or specialised consultation). Vertis also uses third parties to help it detect, prevent address fraud, security or technical issues. Besides above Vertis applies third parties for technical support in IT services e.g.: mail management.
Some examples of where Vertis shares your personal information:
- tied agents, partners
- external auditors
- legal advisors
- services providers regarding outsourced activities
- mail management (Mailchimp)
- the Hungarian and other member states and EU regulatory and enforcement bodies based on the authorisation of law
14. Rights enforcement and contact details
You may enforce your rights in court pursuant to the provisions of the GDPR and the Hungarian Civil Code, and they may request the assistance of the National Authority of Data Protection and may also send their requests or complaints directly to the e-mail address of Vertis (firstname.lastname@example.org or email@example.com).
15. Right to amend Data Processing Regulations
Vertis reserves the right to amend this Data Processing Regulations unilaterally subject to the prior announcement to be made on Vertis’ website. The client and/or the relevant person may object against the amended Data Processing Regulations within 8 days after the annoncement unless it shall be considered as accepted.