Privacy Notice
It is of importance for us at Catella Bank that you as a customer feel confident that your personal integrity is safeguarded with us. We are therefore actively working within Catella Bank to ensure that our products, processing and services comply with your expectations as a customer and with external requirements of data protection (under the requirements set by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), (“GDPR”).
Below you are provided with all relevant Personal Data currently processed by us and where necessary, additional information enabling you a better understanding of how we at Catella Bank handle your Personal Data.
Content
- What information we collect about you
- How we use the information collected about you
- Your Rights as a Data Subject
- Third parties that we may share your Personal Data with
- Where applicable, potential transfers to a third country or international organization
- How we protect your Personal Data
- Retention period
- How to contact us
What information we collect about you
Personal Data is any information relating to you as an individual, for example your name, email or any other information that can be tied back to you.
We process Personal Data provided for example in connection with an application and / or agreements or other information in connection with the administration of an agreement. We may also save email communication or otherwise document the interaction and communication that you have had with us.
Depending on what contractual agreement you have with us, we collect different types of information from, or about you. Below you will see the categories of Personal Data we process as well as examples of Personal Data included in these categories.
Personal Identification – Full name, date of birth, nationality, signature
Contact Information – Address, phone number, email address, job title
Financial Information – Information about transactions, securities, bank account information
Government Identifiers – National identification number, national identity card / passport
Family Information – Parents’ names, partner's name
User Account Information – Account creation date, account number, account password, activation key
How we use the information collected about you
We collect Personal Data for different purposes. Find below an overview of the purposes.
Purpose
| Description | Legal basis [If legitimate interest -Specify the legitimate interest] |
Security purpose | To identify and prevent fraud To enhance the security of our network and information systems | Legitimate interest [The processing of Personal Data is necessary to meet our and your legitimate interest in handling requests from you.] |
Use of personal information to administrate your contract with us
| If you have entered into a legal agreement we may store any communication concerning the agreement and will store the agreements themselves. In relation to your contract with us, we will process your Personal Data. The processing of Personal Data may include onboarding/terminating you as a customer, managing transactions and deposits, managing application forms etc. The Personal Data processed may include your name, contact information, signature and any other information provided by you to confirm your identity in relation to the agreement. | Performance of a contract [The processing of personal data is necessary to
|
Use of personal information to administrate customer complaints and requests
| We may use your personal information in order to handle a request or compliant received from you.
| Legitimate interest [The processing of Personal Data is necessary to meet our and your legitimate interest in handling requests from you.] |
Use of personal information to comply with legal obligation (KYC)
| We may use your Personal Data to conduct Know Your Customer (KYC) controls in order for us to meet the requirements placed on us by external regulations. The Personal Data may include your name, contact information, financial information or any other information required by the KYC regulations. | Legal obligation [The processing of Personal Data is necessary for us to
|
Use of personal information to ensure compliance with statutory external reporting including government reporting | We may use your Personal Data to comply with statutory external reporting including government reporting that we are required to perform.
| Legal obligation [The processing of Personal Data is necessary for us to
|
Use of personal information to report suspicion of anti-money laundering
| We may use your data to perform measurements to deal with the risk of anti-money laundering and terrorist financing. The Personal Data may include your name, contact information, or any other information related to AML. | Legal obligation [The processing of Personal Data is necessary for us to |
Your Rights as a Data Subject
You have rights as an individual which you can exercise in relation to the information we hold about you. You may for example request an extract with your Personal Data or request to have your information corrected. For us at Catella Bank it is of importance that you are aware of your rights. Find below your rights as a Data Subject:
- Request access to your Personal Data (commonly known as a “data subject access request”). This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it.
- Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure ‘right to be forgotten’ of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have exercised your right to object to processing (see below).
- Object to processing of your Personal Data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your Personal Data for direct marketing purposes.
- Request the restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of Personal Data about you, for example if you want us to establish its accuracy or the reason for processing it.
- Right to data portability. You may ask us to transfer your Personal Data to another party. Thus, you have the right to receive a copy of your Personal Data in a structured, commonly used, machine-readable format that supports re-use or store your data on a private device for personal use
- Right to withdraw consent. In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your Personal Data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time.
- Automated decisions-making. You are entitled to request that fully automated decisions which have a legal effect on you are handled manually.
- Right to lodge a complaint. If you wish to lodge a complaint about privacy related topics you can contact the Commission Nationale pour la Protection des Données (cnpd – www.cnpd.public.lu)
Before responding to your request, Catella Bank will perform an identity check.
If you choose to exercise any of your abovementioned rights in connection with your Personal Data, we will provide a response within one month of the date of the request. The period of one month may however be extended by two further months where necessary, taking into account the complexity and number of the requests. If we need to extend the period in which we will provide you with an answer, we will inform you of that as well as the reason for the delay.
Third parties that we may share your Personal Data with
We may need to share your Personal Data with other internal or external parties. If we share your Personal Data, the third party is responsible for processing the information in a safe and accurate way and they are contractually bound to comply with external requirements of data protection and all other applicable regulatory and legal obligations.
We may also disclose your Personal Data to third parties to comply with legal obligations in accordance with applicable laws and regulations.
Below you find a list of third parties that we may share your Personal Data with:
- Other Catella entities; we may share your Personal Data with other entities in Catella group when organizing an event, sharing CRM system etc.
- Service providers; In order to fulfill the purposes of our processing of your Personal Data, we will share your Personal Data with companies providing services to Catella Bank such as IT services etc.
- Supervisory Authorities; we may provide the necessary information to the authorities if we are required by law to do so, for example information to the CSSF.
Where applicable, potential transfers to a third country or international organization
In very limited circumstances, which as of today is strictly restricted to situations where a Chargeback is requested in our Acquiring activities, the Bank may transfer your Personal Data to countries outside of the EEA. This will only be permitted where the Bank has obtained the necessary guarantees that the third party processor is able to implement equivalent data protection measures as that of the Bank. Rest assured that the Bank will never transfer your Personal Data outside the EEA where we are unable to guarantee this level of protection. Moreover, this transfer will always occur in full compliance with applicable data protection legislation and with the full approval of our regulatory authorities.
How weprotect your Personal Data
We have taken physical, technical and organisational measures to protect your Personal Data from unauthorised use, loss, destruction or damage. Within Catella Bank, employees are only given the minimum access permissions required for performing their assigned work tasks, thereby access to your Personal Data will only be given to authorised persons that require the access for legitimate purposes.
Retention period
Your information is retained for as long as necessary to meet legal, regulatory and business requirements. Upon request we will provide you with more information on the exact retention periods applying to your Personal Data in each case. A retention policy is applied for all the Catella Bank’s documents.
How to contact us