1. Who does this privacy statement apply to?
FinDatEx (Financial Data Exchange Templates) is a joint structure established by the following associations: Insurance Europe, the European Banking Federation (EBF), the European Fund and Asset Management Association (EFAMA), the European Savings and Retail Banking Group (ESBG), the European Association of Cooperative Banks (EACB), and the European Structured Investment Products Association (EUSIPA).
FinDatEx is led by a Steering Group that consists of one senior representative from Insurance Europe, EBF, EFAMA, ESBG, EACB and EUSIPA. The Steering Group creates Technical Working Groups (TWGs) that will be in charge of one or several template(s) and disbands them as appropriate.
FinDatEx’ mission is to coordinate, organise and carry out standardisation work, in the form of technical templates, to be used for the exchange of data between stakeholders, in particular regarding the exchange of information resulting from European legislation related to Financial Markets such as MiFID II, PRIIPs and Solvency II.
Insurance Europe, the EBF, EFAMA the ESBG (“the associations”) run the secretariat of the Steering Group on a rotating basis.
The association that runs the secretariat of the steering group is responsible for requesting data subjects’ consent, when needed for processing their data.
The associations are based in Brussels and act as data controllers as they jointly determine the purposes and means of processing personal data in the context of FinDatEx’s activities and are jointly responsible for providing to data subjects information about the collection and use of their personal data.
The associations process personal data in the context of FinDatEx as safely and reasonably as possible and in strict compliance with the applicable data protection legislation, including the General Data Protection Regulation 2016/679 of 27 April 2016 (‘GDPR’).
Please note that data protection rules apply to personal data. Personal data means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
This Privacy Statement covers the following data subjects:
2. What is covered by this Privacy Statement?
This Privacy Statement tells you what personal data we process, why and how we process your personal data when we perform FinDatEx’s business activities, when you use FinDatEx’s website, or extranet, to whom we give that information, what your rights are and who to contact for more information or queries.
When we refer to website, we mean the web pages containing the domain name ‘findatex.eu.’ and including all its subsites, including but not limited to www.findatex.eu When we refer to the extranet website, we mean the webpages containing the domain name “extranet.findatex.eu”.
The website may link to other websites provided by members, members’ members or third parties. Whilst we try to link only to websites that share our high standards and respect for privacy, we are not responsible for the content or the privacy practices of other websites.
When linking to any such websites, we strongly recommend that you read the Privacy Statements on those websites before disclosing any personal information.
3. What personal data do we collect?
The main personal data that we generally collect and hold in our database includes:
4. How do we obtain your personal data?
We may obtain your personal data in the framework of the execution of our business activities that serves the mission of FinDatEx and in particular because:
5. Why do we process your personal data?
For legitimate business purposes including:
We will use your personal data only for the purposes for which we collected it or for reasons compatible with the original purpose. If we intend to use your personal data for reasons that are not related to the original purpose, we will contact you and notify you of the legal basis that allows us to do so.
6. What are the legal grounds for processing your personal data?
We process your personal data for the purposes mentioned in the previous section relying upon the following legal bases:
7. What are your rights?
You have several rights concerning the personal data we hold about you. You have the right to:
Should you wish to stop any of our communications then you may disable these by logging in to our Extranet and clicking Settings.
Insurance Europe will be your contact point for submitting a request to exercise any of your rights. To this end, you can send us a request, indicating the right you wish to exercise by e-mailing us at [email protected] You may also use these contact details if you wish to make a complaint to us relating to your privacy.
If you are unhappy with the way we have handled your personal data or any privacy query or request that you have raised with us, you have a right to complain to the Data Protection Authority (“DPA”) in your jurisdiction.
8. Who are the recipients of your personal data?
Staff members of the associations that are dealing with FinDatEx’s business activities, their members and members’ members, as well as the Coordinators, Vice-Coordinators and the members of the Technical Working Groups will have access to your personal data on a “need-to-know” basis for the purposes described above.
In principle, we do not intend to transfer your data to third countries or international organisations. In case your data needs to be transferred to a third country or an international organisation (eg if we engage an non EU-based processor), we will transfer your data only when an adequate level of protection according to an adequacy decision issued by the European Commission is provided or when there are appropriate safeguards (eg by means of Standard Contractual Clauses) that ensure your personal data is protected or when we can rely on derogations within the limits permitted by the GDPR. You can ask for more information and/or obtain a copy of those safeguards by sending us an e-mail ([email protected]).
We will take all steps reasonably necessary to ensure that your personal data is treated securely and in accordance with this Privacy Statement.
We reserve the right to disclose your personal data as required by law, or when we believe that disclosure is necessary to protect our rights and/or freedoms and/or comply with a judicial proceeding, court order and/or injunction, request from a regulator or any other legal process, including out of court proceedings, served on us.
9. For extranet visitors: cookies
You can refuse the installation of cookies on your device. The ability to enable, disable and/or delete cookies can be completed in your browser. You can delete all cookies that are already on your device and you can set most browsers to prevent them from being placed. The settings are usually in the “options” or “preferences” menu of your browser. To understand them, the “Help” option in your internet browser or the following links may be helpful:
You can find more information about cookies at: www.allaboutcookies.org. Please note that turning off functional cookies might restrict the use of the extranet website.
The extranet website uses the following types of cookies:
10. How is the security of your personal data ensured?
The associations employ strict technical and organisational (security) measures to protect your personal data from access by unauthorised persons and against unlawful processing, accidental loss, destruction and damage both online and offline.
These measures may include:
Although we use appropriate security measures once we have received your personal data, the transmission of data - especially over the internet (including by e-mail) - is never completely secure. We endeavour to protect personal data, but we cannot guarantee the security of data transmitted to us or by us.
We limit access to your personal data to those who we believe reasonably need to access that information to carry out their tasks.
11. Data retention
We will retain your personal data for as long as:
For website visitors: the IP that we collect when you visit our websites is retained for 90 days.
For more information about the expiry dates of the cookies used on the extranet websites, please consult the cookie section.
12. Automated Decision-making
Automated decisions are defined as decisions about individuals that are based solely on the automated processing of personal data and that produce legal effects that significantly affect the individuals involved.
As a rule, your personal data will not be used for automated decision-making. We do not base any decisions about you solely on automated processing of your personal data.
13. How to contact us?
We hope that this Privacy Statement helps you understand and feel more confident about the way we process your data. If you have any further queries about this Privacy Statement, please contact us:
14. Changes to this privacy statement
We may modify or amend this Privacy Statement in the future. Should this happen, the revised Privacy Statement will be posted on FinDatEx’s website, and you may also be notified by e-mail.
10 May 2019
Please sign in with your email and password or click on the 'Sign up' link to sign up.
We will send you a new password when we have an account matching your e-mail address.
We will send you a new password when we have an account matching your e-mail address.