Last updated on 21/09/2020
This policy describes personal data that we process, purposes for which we use such data, and how you can review and correct any personal data processed by us. VELVET ensures, within the framework of applicable law, the confidentiality of Personal data and has implemented appropriate technical and organisational measures to safeguard Personal data from unauthorized access, unlawful processing or disclosure, accidental loss, modification or destruction.
“Applicable Data Privacy Laws” means data protection laws and regulations implementing the Data Protection Directive 95/46/EC and as of 25 May 2018 the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (the “GDPR“).
“Client” means any natural person who uses, has used or has expressed a wish to use or is in other way related to any of the services provided by VELVET.
“Personal data” means information relating to you or another identifiable individual.
“Processing” means any operation carried out with Personal data (incl. collection, recording, storing, erasure, transfer, etc.).
The Controller is a part of the Velvet group of companies. An updated list of companies within the Velvet group companies can be found by sending a request to dpo@VelvetCollab.com.
The Velvet group of companies has established an Intra Group Data Transfer Agreement which governs any transfer of Personal data within the group of companies.
We collect your personal data and other information when you use or register into our products and services, or make a payment, take part in campaigns or subscribe to newsletter, or otherwise interact with us. We are responsible for the processing of personal data we receive and if subsequently we transfer to a third party acting as an agent on its behalf.
Personal data may be collected from a Client, from the Client’s use of the services and from external sources such as public and private registers or third parties. Personal data categories which VELVET primarily, but not only, collects and processes are:
“Identification data” such as name, personal identification code, date of birth, data regarding the identification document (e.g. copy of the passport, ID card, video-call etc).
“Contact data” such as address, telephone number, email address, language of communication etc.
“Data about the relationships with legal entities” such as data submitted by the Client or obtained from public data-bases or through third party service providers for the execution of transactions on behalf of the legal entity in question etc.
“Professional data” such as educational or professional career, etc.
“Financial data” such as accounts, ownership, transactions, credits, income, liabilities, the Client’s financial experience and investment objectives such as data collected during the selection and provision of investment services, investment or insurance services and other products carrying investment risk knowledge, trade requests or executed transactions in financial instruments etc.
“Data on origin of assets or wealth” such as data regarding the Client’s transaction partners and business activities, etc.
“Data about trustworthiness and due diligence” such as data about payment behavior, damage afflicted to VELVET or other party, data that enables VELVET to perform its due diligence measures regarding money laundering and terrorist financing prevention and to ensure the compliance with international sanctions, including the purpose of the business relationship and whether the client is a politically exposed person.
“Data obtained and/or created while performing an obligation” arising from law such as data resulting from enquiries made by authorities, such as Tax Agency, courts, Enforcement Agency, details of income, credit commitments, property holdings, remarks, and debt balances.
“Data about the Client’s tax residency” such as data about country of residence, tax identification number, etc.
“Communication data” collected when the Client visits branches, ATMs and other areas where renders services or communicates with VELVET via telephone, visual and/or audio recordings, e-mail, messages and other communication mechanisms such as social media, data related to the Client’s visit at VELVET’s web sites or communicating through other VELVET channels (e.g. internet- and mobile bank) etc.
“Data related to the services” such as the performance of the agreements or the failure thereof, inter alia executed transactions, usage of ATMs, concluded and expired agreements, submitted applications, requests and complaints, interests and service fees, , etc.
“Data about habits, preferences and satisfaction” such as the activeness of using the services, services used, personal settings, survey responses, hobbies, Client satisfaction, etc.
“Data about participation in games and campaigns” such as the points gained, prizes won in games or campaigns, etc.
We use your personal data based on legitimate interest and/or legal requirement in order to provide you with our services.
VELVET processes Personal data primary to:
To conclude and execute an agreement, for example a transaction, with the Client, keeping data updated and correct by verifying and enriching data through external and internal registers based on: performance of an agreement or in order to take steps at the request of the Client prior to entering into an agreement or compliance with a legal obligation.
To carry out internal credit- and risk assessments in order to determine which services and products and on what terms can be offered to a Client and to comply with applicable law relating to credit- and other risk assessments when providing credits and other financial services, risk hedging and capital requirements for VELVET, internal calculations and analyses based on: performance of an agreement or in order to take steps at the request of the Client prior to entering into an agreement or compliance of a legal obligation or VELVET’s legitimate interest to a sound risk management.
To protect the interests of the Client and/or VELVET and examine the quality of services provided by VELVET and for the purpose of providing proof of a commercial transaction or of other business communication (recorded conversations) based on: performance of an agreement or in order to take steps at the request of the Client prior to entering into an agreement or compliance with a legal obligation or consent from the Client or VELVET’s legitimate interests to prevent, limit and investigate any misuse or unlawful use or disturbance of our services and products, internal training or quality assurance of services.
Offer to the Client the services of VELVET or carefully selected cooperation partners, including personalized offers, based on: consent from the Client or VELVET’s legitimate interest to offer additional services. Perform Client surveys, market analyses and statistics; organize games and campaigns for a Client based on: ours legitimate interest to improve services, improve the Client’s user experience of services and to develop new products and services or consent from the Client.
To comply with applicable law, inter alia related to due diligence, prevent, discover, investigate and report potential money laundering, terrorist financing, if the Client is subject to financial sanctions or is a politically exposed person and to verify identity based on: performance of an agreement or in order to take steps at the request of the Client prior to entering into an agreement or compliance with a legal obligation or VELVET’s legitimate interest for a sound risk management and corporate governance.
To authorize and control access to and functioning of digital channels, prevent unauthorized access and misuse of those and to ensure the safety of information based on: performance of an agreement or take steps at the request of the Client prior to entering into an agreement or compliance with a legal obligation or consent from the Client or VELVET’s legitimate interests to have control over authorizations, access to and functioning of VELVET digital services.
Improve technical systems, IT-infrastructure, customizing the display of the service to the device and to develop VELVET services inter alia by testing and improving technical systems and IT-infrastructure based on VELVET’s legitimate interests to improve technical systems and IT-infrastructure.
To establish, exercise and defend legal claims based on: performance of an agreement or in order to take steps at the request of the Client prior to entering into an agreement or compliance with a legal obligation or VELVET’s legitimate interests to exercising legal claims.
To fulfil obligations to execute national and international transactions via credit institutions and payment-systems based on: performance of an agreement or take steps at the request of the Client prior to entering into an agreement or compliance with a legal obligation.
We share your personal data with our affiliates in order to provide you our services. Personal data is shared with other recipients, such as:
1 Authorities (such as Tax Agency, supervisory authorities, and Financial Supervisory Authority). We may also occasionally be required by law, court order or governmental authority to disclose certain types of personal data. Examples of the type of situation where this would occur would be:
2 VELVET’s affiliates and subsidiaries. Full list of affiliates and subsidiaries may be requested by email dpo@VelvetCollab.com .
3 Credit and financial institutions, insurance providers and intermediaries of financial services, third parties participating in the trade execution, settlement and reporting cycle.
4 Financial and legal consultants, auditors or any other service providers of VELVET.
5 Third parties maintaining databases and registers e.g. to credit registers, population registers, commercial registers, securities registers or other register holding or intermediating Personal data debt collectors and bankruptcy or insolvency administrators.
6 Credit reference agencies.
7 Participants and/or parties related to domestic, European and international payment systems.
8 Processors authorized by VELVET.
9 We may disclose depersonalized data (such as aggregated statistics) about the users of our site in order to describe our traffic patterns and their site information to prospective partners, advertisers, investors and other reputable third parties and to other lawful purposes, but these statistics will include no personal data.
10 Finally, in the event of a reorganization, sales or takeover we may need to disclose personal data.
VELVET may use authorised processors for processing Personal data or transfer Personal data to other recipients. In such cases, we take needed steps to ensure that such data processors process Personal data under the instructions of VELVET and in compliance with applicable law and requires adequate security measures.
We use third parties, such as a credit card processing company, to bill you for services and a Live Chat service to assist you if you have questions while using our website or regarding your order. When you sign up for our services, we will share your personal information only as necessary for the third party to provide that service. Some third parties will provide us with information about you from publicly available sources to provide you a personalized experience while using our services.
As a general rule the Personal data is processed within the European Union/European Economic Area (EU/EEA) but in some cases transferred and processed to countries outside the EU/EEA.
Transfer and processing of Personal data outside the EU/EEA can take place provided there is a legal ground i.e. due to legal requirement or Client’s consent and appropriate safeguards are in place. Appropriate safeguards, such as:
Upon request the Client can receive further details on Personal data transfers to countries outside the EU/EEA.
Personal data will be processed no longer than necessary. Personal data will be saved as long as the contractual relationship exists and thereafter for a maximum of 7 years with regard to rules of limitation. In some cases, the data may be saved longer due to capital adequacy legislation applicable to VELVET. Other deadlines may also apply when Personal Data is stored for purposes other than due to the contractual relationship. The retention period may be based on agreements with the Client or Partner, the legitimate interest of VELVET or applicable law (such as laws related to accounting (7 years), anti-money laundering (7 years), statute of limitations, civil law, etc.).
You have various rights in relation to your personal data, including:
Please note, these rights are not absolute and there may be conditions which must be met before you can enforce these rights.
Please see Cookies policy here: https://VelvetCollab.com/cookies-policy.
We are committed to protecting the security of your personal data. We use a variety of security technologies and procedures to help protect your personal data from unauthorized access, use, or disclosure.
Our site may contain links to other websites. While we try to link only to websites that share our high standards and respect for privacy, we are not responsible for the content, security, or privacy practices employed by other websites.
You may contact VELVET with any enquiries, withdrawal of consents, requests to exercise data subject rights and complaints regarding the use of Personal data. Contact details of VELVET are available on VELVET website: VelvetCollab.com. Contact details of the appointed Data Protection Officer: dpo@VelvetCollab.comVelvet Asset Management Ltd