CLIENTS PRIVACY POLICY

Introduction

EuroAmerican Financial Advisors Eaf S.L. (hereafter “the Company” or “EAFA”) is incorporated and licensed in Spain with CIF B67975045 and registered office at Plaza de Villasis, n.º2, office 210, 41003, Sevilla.

The Company will be considered as a Data Controller of the client´s personal data and has established a Privacy Policy (the “Policy”) appropriate to the size and organization of the Company and the nature, scale, and complexity of the Company’s business.

 

Purpose and Scope

The Policy is meant for use by EAFA clients, prospective clients, and former clients, and by relevant authorities.

EAFA is compliant with the requirements of the General Data Protection Regulation as well as other applicable legislation. We have established this Privacy Policy in accordance with the General Data Protection Regulation (GDPR) and laws, regulations, and/or directives issued pursuant to this Law. This policy applies to former, existing and potential clients.

This policy aims to provide you with information on what type of information we collect, how it is used and the circumstances where it could be shared with third parties.

 

Commitment

The protection of your privacy and personal information is very important to us. This is in relation to personal and financial information and any other data as provided to us by you, whether in paper form, verbally, or electronically.

We are committed to safeguarding any client information we collect, process, and store, applying all reasonable measures, including strict security standards and security technology, to ensure that your personal data will be processed in a manner that provides protection against unauthorized or unlawful processing and against accidental loss, destruction or damage.

 

Collection of personal data

We collect information required to fulfill our legal and regulatory obligations and to improve our service to you.

To help us offer our services effectively, we gather information and documentation to personally identify, contact, or locate you, as well as information regarding your financial and personal circumstances. This information is gathered from conversations with you, questionnaires we may ask you to complete, and from third parties or other sources.

You are responsible for providing us with true and accurate information and to keep us informed of any changes in your personal information or circumstance by emailing us at: privacy@eurousafa.com.

We are required to evaluate the appropriateness of the financial instruments we offer to you and the suitability of our advice to you based on three main parameters;

  1. The sources of your income and wealth, as well as your financial
  2. Your investment knowledge and experience including your objectives, your knowledge and experience of financial markets, and your understanding of the risks involved in investing.
  3. Your experience in dealing in complex and non-complex financial instruments, especially your investment and risk attitude as they relate to such financial instruments.

 

The following is an example of personal data that we may request from you:

  • Personal information requested during the registration process such as your name, date and place of birth, citizenship, domicile and residency.
  • Marital status, national identification numbers, and contact
  • Financial information such as your income, source of funds, investment
  • Documents verifying your identity and residential

 

We are obliged by Law to maintain these records for five years after the termination of a client relationship, or up to 10 years upon request by the local competent authority.

 

 

Purpose of collecting and processing of personal data

Your personal data is used for specific, explicit, and legitimate purposes and only as required to provide a quality service to you and to comply with applicable legislations as referred to above. The personal data collected from you is used to verify your identity, to construct your economic and investment profile in order to ensure that we provide you with products and services suitable to your requirements, knowledge, and risk appetite, to manage your account with us, to process your transactions, to provide you with post- transaction information, to inform you of additional products and/or services relevant to your economic and personal circumstances, to produce analyses and statistical data which helps us improve our products and services, and for website improvement purposes. These are necessary for the entry into or performance of our contract once signed. We will carry out regular checks to ensure that our systems are working as intended.

 

Affiliates and Partners

Clients acknowledge and consent that the Company and its partners, affiliates, and/or associates, may share information in a manner that is useful and relevant in relation to one of the following purposes:

  1. Reasonably required by such affiliate, partner and/or associate of the Company to provide products and services to its clients,
  2. To offer additional similar products and services that meet clients’ needs

 

At a client’s request the Company may disclose the client’s personal information to any organisation or to any persons acting on behalf of the client, including client’s financial advisor, broker, solicitor or accountant.

The Company may disclose clients’ personal information to companies hired by the Company to provide limited services on behalf of the Company, including but not limited to postal or email services. The Company will take all reasonable measures to ensure that the said companies will only use the personal information/data as necessary to deliver the service and not for any other purpose.

 

Non-affiliated third parties

The Company may disclose information to non-affiliated third parties where necessary in order to carry out the following internal functions of the Company:

  1. Use of specialized agencies to help carry out certain internal functions such as account processing, fulfilment, client service, client satisfaction surveys or other data collection activities relevant to its business.
  2. Use of customer relationship management, financial planning, and portfolio management and reporting software.
  3. Trading and custody of client

 

 

Contact Clients/Recordings

Under the information society and telecommunications services regulations (in the case of clients) and the consent (in the case of prospects), the Company may contact clients or prospective clients by telephone, email, or other means for the purpose of offering them further information about the Company’s products and services and/or informing clients of unique promotional offerings.

Prospects can always withdraw their consent, and in the case of clients they can always object to that data processing. In order to exercise any of these rights, data subjects may send a communication to: privacy@eurousafa.com.

For regulatory and quality assurance purposes, any type of communication between clients and the Company whether in writing, email or by telephone or other means of medium shall be monitored and may be recorded by the Company. Clients accept that such recordings constitute conclusive evidence of the Orders/Instructions/Requests or conversations so recorded. These communications are based on the fulfilment of regulatory obligations necessary for the maintenance of the contractual relationship.

 

Who controls and processes your personal data

EAFA, and any undertakings being a member of our group or agents which we engage with for the purpose of collecting, storing, and processing, personal data and any third parties acting on our or their behalf, may collect, process, and store, personal data provided by you.

For the purpose of processing and the storage of personal data provided by you in any jurisdiction within the European Union or outside of the European Union, EAFA can confirm this will be done in accordance with applicable laws.

EAFA can confirm that if it contracts any third party a written contract will be in place and this privacy statement will be updated accordingly. The contract is important so that both parties understand their responsibilities and liabilities. The GDPR sets out what needs to be included in the contract which EAFA has adhered to, the below is not an exhaustive list of the obligations of all relevant parties;

  • The third party must only act on the written instructions of EAFA (unless required by law to act without such instructions);
  • Ensure that people processing the data are subject to a duty of confidence;
  • Take appropriate measures to ensure the security of processing;
  • The rights of clients will not be impaired in meeting with GDPR requirements;
  • The security of processing, the notification of personal data breaches and data protection impact assessments will not be impaired;
  • Deletion or return of all personal data as requested at the end of the contract;

EAFA has a regulatory obligation to supervise and effectively oversee the outsourced functions and its obligation to take appropriate measures when it determines that the service provider is not performing the said functions effectively and in accordance with the applicable legislation.

We may use or disclose personal information without your consent only in certain circumstances:

  • If required by law or by order of a court, administrative agency, or other government
  • If there are reasonable grounds showing disclosure is necessary to protect the rights, privacy, property, or safety of users or others.
  • If EAFA believes the information is related to a breach of an agreement or violation of the law, that has been, is being, or is about to be committed.
  • If it is necessary for fraud protection, risk reduction, or the establishment or collection of funds owed to EAFA.
  • If it is necessary to enforce or apply the Terms and Conditions and other agreements, to pursue remedies, or to limit damages to EAFA.
  • For other reasons allowed or required by
  • If the information is

When we are required or permitted to disclose information without consent, we will not disclose more information than necessary to fulfill the disclosure purpose.

EAFA informs all clients to maintain confidentially and not share with others usernames and private passwords. EAFA bears no responsibility for any unlawful or unauthorized use of clients’ personal information due to the misuse or misplacement of clients’ access codes (i.e. passwords /credentials), negligent or malicious, however conducted.

 

 

Your rights Rights to Access:

You have the right to request copies of your personal data.

Information must be provided without delay and at the latest within one month of receipt. EAFA will be able to extend the period of compliance by a further two months where requests are complex or numerous. If this is the case, EAFA will inform the individual within one month of the receipt of the request and explain why the extension is necessary.

Can EAFA charge a fee for dealing for an access request?

EAFAmust provide a copy of the information free of charge. However, a “reasonable fee” can be charged when a request is manifestly unfounded or excessive, particularly if it is repetitive.

The fee, if applied, will be based on the administrative cost of providing the information.

If at any time, EAFA refuses to respond to a request, we will explain why, informing clients of their right to complain to the supervisory authority and to a judicial remedy without undue delay and at the latest within one month.

When information is provided:

EAFAwill verify the identity of the person making the request using reasonable means based upon data provided by you.

Right for rectification:

When should personal data be rectified?

Individuals are entitled to have personal data rectified if it is inaccurate or incomplete.

The GDPR includes a right for individuals to have inaccurate personal data rectified or completed if it is incomplete. You can make a request for rectification verbally or in writing.

If EAFAhas disclosed the personal data in question to others, we must contact each recipient and inform them of the rectification unless this proves impossible or involves disproportionate effort. If asked to, we must also inform the client about these recipients.

 

How long does EAFA have to comply with a request for rectification?

EAFA must respond within one month.

This can be extended to two months where the request for rectification is complex.

Where EAFA is not taking action in response to a request for rectification, we must explain why to the client, informing them of their right to complain to the supervisory authority and to a judicial remedy.

Your right to erasure;

When does the right to erasure apply?

The right to erasure does not provide an absolute ‘right to be forgotten’. Individuals have a right to have personal data erased and to prevent processing in specific circumstances:

  • Where the personal data is no longer necessary in relation to the purpose for which it was originally collected/processed.
  • When the individual withdraws
  • When the individual objects to the processing and there is no overriding legitimate interest for continuing the processing.
  • When the personal data was unlawfully processed (i.e. otherwise in breach of the GDPR).
  • When the personal data has to be erased in order to comply with a legal
  • When the personal data is processed in relation to the offer of information society services to a

 

There are some specific circumstances where the right to erasure does not apply and EAFA can refuse to deal with a request

EAFA has a legal obligation to obtain data on you meeting with its regulatory obligations. Based on the legal obligations imposed on EAFA, clients or former clients may have no right to erasure, no right to data portability, or no right to object to the information gathered in meeting with EAFA’s legal obligation under its license to provide financial services.

 

When can EAFA refuse to comply with a request for erasure?

EAFA can refuse to comply with a request for erasure where the personal data is processed for the following reasons:

  • To comply with a legal obligation for the performance of a public interest task or exercise of official
  • For the exercise or defense of legal

 

Does EAFA have to tell other organizations about the erasure of personal data?

If EAFA has disclosed the personal data in question to others, we must contact each recipient and inform them of the erasure of the personal data unless this proves impossible or involves disproportionate effort. If asked to, we must also inform the individuals about these recipients.

Your right to restrict processing:

When does the right to restrict processing apply?

EAFA will be required to restrict the processing of personal data in the following circumstances:

  • Where an individual contests the accuracy of the personal data EAFA should restrict the processing until the accuracy of the personal data has been verified.
  • Where an individual has objected to the processing (where it was necessary for the performance of a public interest task or purpose of legitimate interests) and EAFA is considering whether EAFA organization’s legitimate grounds override those of the individual.
  • When processing is unlawful and the individual opposes erasure and requests restriction
  • If EAFA no longer needs the personal data but the individual requires the data to establish, exercise, or defend, a legal claim.

 

EAFA may need to review procedures to ensure we are able to determine where we may be required to restrict the processing of personal data.

If EAFA has disclosed the personal data in question to others, we must contact each recipient and inform them of the restriction on the processing of the personal data unless this proves impossible or involves disproportionate effort. If asked to, we must also inform the individuals about these recipients.

EAFA must inform individuals when we have decided to lift a restriction on processing.

 

Your right to data portability:

  • The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services.
  • It allows them to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability.
  • It enables consumers to take advantage of applications and services which can use this data to find them more favorable terms or help them understand their spending habits.
  • EAFA will respond without undue delay, and within one This can be extended to two months where the request is complex or where EAFA may receive a number of requests. EAFA will inform the individual within one month of the receipt of request and explain why the extension is necessary, if applicable.
  • Where EAFA is not taking action in response to a request, we will explain why to the individual, informing them of their right to complain to the supervisory authority and to a judicial remedy without undue delay and at the latest within one month.

 

Right to object:

Individuals have the right to object to:

  • Processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling).
  • Direct marketing (including profiling).
  • Processing for purposes of scientific/historical research and

 

EAFA will stop processing the personal data unless:

  • EAFA can demonstrate compelling legitimate grounds for the processing, which override the interests, rights and freedoms of the individual; or
  • The processing is for the establishment, exercise or defense of legal claims.

 

EAFA does not process your personal data for research purposes.

Raising a concern:

You have the right to be confident that EAFA handles your personal information responsibly and in line with good practice.

If you have a concern about the way EAFA is handling your information, for example if you feel we:

  • May not be keeping your information
  • May be holding inaccurate information about
  • May have disclosed information about
  • May be keeping information about you for longer than is
  • May have collected information for one reason and are using it for something

 

Please contact us to discuss your concern.

EAFA takes all concerns seriously and will work with you to resolve any such issues.

Any concerns and/or requests can be raised to EAFA’s appointed contact person, as stated below:

EAFA´s Data Protection  Officer at the following address: [maria Vidal Finreg360 mvidal@finreg360.com.

If you are not satisfied with any responses provided by EAFA you have the right to raise such matters with the Spanish Data Protection

Contact Clients/Recordings

Under the information society and telecommunications services regulations (in the case of clients) and the consent (in the case of prospects), the Company may contact clients or prospective clients by telephone, email, or other means for the purpose of offering them further information about the Company’s products and services and/or informing clients of unique promotional offerings.