We collect and use your personal data to the extent necessary in the framework of our activities and to achieve a high standard of personalised products and services.

We may collect various types of personal data about you, including:

• personal identification data and contact details (e.g. name, place and date of birth, picture, ID card and passport numbers, postal and electronic address, phone number, sexes, age or signature);
• identification and authentication data, necessary to the online banking services usage (technical logs, IT tracking, information regarding security and use of terminal, IP address);
• Tax data (tax ID, tax status, country of residence);
• Data concerning household composition (e.g. family situation, number of children);
• Education, training, qualification and employment data (e g. employment, employer's name, remuneration, level of education, professional qualification);
• Banking, financial data and transactional data (e.g. banking details, credit card number, transactional related data including information on transfers, investor profile, assets values);
• data relating to your habits and preferences:
  
  • data which relates to your use of our products and services (banking, financial and transactional data);
  • data from your interactions with us: our office (contact reports), our websites, our apps, our social media pages, meetings, calls, chats, e-mails, interviews, phone conversations;
  • data relating to your lifestyle and consumption habits,
• phone recording data;
• image recording data

Only upon obtaining your explicit prior consent, we may collect sensitive data:

• biometric data (e.g. fingerprint, voice pattern or facial recognition) for identification and security purposes
• Health data (when necessary and as part of insurance contract conclusion).

Unless we are required by law, we do not collect personal data related to your racial or ethnic origins, political opinions, religious or philosophical beliefs, trade union membership, genetic data or data concerning your sex life or sexual orientation.

We only process data relating to criminal convictions and offences if required through a legal obligation.

The data we use about you may be directly collected from you or obtained from other sources in order to verify or enrich our databases, such as:

• publications/databases made available by official authorities (e.g. the ”registre de commerce et des sociétés”);
• our service providers/vendors;
• third parties such as commercial organisms dealing with information to fight against fraud,  and in conformity with data protection legislation;
• websites/social media pages containing information made public by you and databases made publicly available by third parties.

In certain circumstances, we may collect and use personal data of individuals with whom we could have (prospects) or used to have a direct relationship (former members and former services providers/vendors).

We may also collect information about you even if you do not have a direct relationship with us. This may happen for instance when your employer provides us with information about you, or when your contact details are provided by one of our members if you are for example:

• a family member;
• a successor or a right holder;
• a legal representative (power of attorney);
• a beneficiary of payment transactions made by our member;
• an ultimate beneficial owner;
•  a landlord;
• a company shareholder;
• a representative of a legal entity (which may be a client or a service provider/vendor);
•  a staff member of one of our service providers/vendors or commercial partners;

a.  To comply with our legal and regulatory obligations

Amongst those obligations we can note:

• The obligations issued from banking and financial regulations in compliance with which we set up security measures in order to prevent abuse and fraud, we detect transactions which deviate from normal patterns, we record, when necessary, phone calls, chats, e-mails, etc.;
• Reply to an official request from a duly authorised public or judicial authority;
• Prevention of money-laundering and financing of terrorism;
• Compliance with legislation relating to sanctions and embargoes;
• Fight against tax fraud and fulfilment of tax control and notification obligations;

b. To perform a contract with you or to take steps at your request before entering into a contract

We use your personal data to enter into and perform our contracts with you, including to:

• manage our products
• manage our relationship with you;
• provide you with information regarding our products and services;
• assist you and answer your requests;
• evaluate if we can offer you a product or service and under which conditions;

c. To pursue our legitimate interests

We use your personal data in order to develop and deploy our products and services, to improve our risk management and to defend our legal rights, and as well to:

• keep proof of transactions,
• perform behavioural and transactional analysis in order to detect fraud;
• prevent personal injury and damage to goods;
• ensure the security of persons and property,
• perform IT management, including infrastructure management (e.g. shared platforms) & business continuity and IT security;
• establish aggregated statistics, tests and models, for research and development, in order to improve the risk management of AMFIE or in order to improve existing products and services or create new ones;
• perform member satisfaction and opinion surveys;
• personalise our product and service offering

d. To respect your choice if we request your consent for specific processing

If we need to carry out further processing for purposes other than those outlined in section 3, we will inform you and, where necessary, obtain your consent.

In order to fulfil the aforementioned purposes, we communicate your personal data to:

• service providers/vendors that perform services on our behalf;
• financial institutions, banking and commercial partners with which we have a regular relationship;
• supervisory, financial, taxation, administrative or judicial authorities, state agencies or public bodies, upon request and to the extent permitted by law;
• certain regulated professionals such as lawyers, notaries or auditors.

In case of international transfers originating from the European Economic Area (EEA)

if the European Commission has made a decision on adequacy, recognizing the country a level of data protection equivalent to the one provided by the legislation of the EEA, your personal data will be transferred on this basis;

If the level of protection has not been recognized as equivalent by the European Commission, we rely either on a derogation applicable to the situation (e.g. in case of international payment, the transfer is necessary to the execution of the contract), or on the establishment of appropriate safeguards to ensure the protection of your personal data (standard contractual clauses approved by the European Commission binding corporate rules).

To obtain a copy of theses or to know how to access them, you can send a written request as indicated in Section 9.

We will retain your personal data for the period required in order to comply with applicable laws and regulations, or for the period defined by our operational requirements, such as proper account maintenance, facilitating member relationship management, and responding to legal claims or regulatory requests. For instance, most member information is kept for the entire duration of the contractual relationship and for 10 years after the end of the contractual relationship.

in accordance with applicable regulations, you have the following rights to:

• Access right: you can obtain information relating to the processing of your personal data, and a copy of such personal data.
• Rectification right: where you consider that your personal data is inaccurate or incomplete, you can require that such personal data be modified accordingly.
• Erasing right: you can require the deletion of your personal data, to the extent permitted by law.
• Right to restriction of the treatment: you can request the restriction of the processing of your personal data.
• Objection right: you can object to the processing of your personal data, on grounds relating to your particular situation.
  You have the absolute right to object to the processing of your personal data for direct marketing purposes, which includes profiling related to such direct marketing.
• Data portability right: where legally applicable, you have the right to have the personal data you have provided to us be returned to you or, where technically feasible, transferred to a third party.
• Right to withdraw your consent: where you have given your consent for the processing of your personal data, you have the right to withdraw your consent at any time.

If you wish to exercise the rights listed above, please send a letter or an e-mail to the address set out in section 9. Please include a copy of your valid identity card for identification purposes.

In accordance with applicable regulation, in addition to your rights above, you are also entitled to lodge a complaint with the competent supervisory authority: the “Commission nationale pour la protection des données” (www.cnpd.lu).

We invite you to review the latest version of this notice online www.amfie.org and we will inform you of any material changes through our website or through our other usual communication channels.

If you have any questions relating to our use of your personal data under this Data Protection Notice, please contact us by postal mail AMFIE, 25A, Boulevard Royal  - BP268, L-2012 Luxembourg or by email at amfie@amfie.org.

If you want to know more about cookies, you can read the “Legal notice”  available on our web site (www.amfie.org).