Article 1 – General information
The Createrra Finance website collects and processes personal data belonging to its customers and prospects. By personal data, the Createrra Finance website means all information by which a natural person may be identified or identifiable, either directly or indirectly.
This refers to one or more pieces of data specific to a person’s physical, physiological, genetic, psychological, economic, cultural or social identity, such as, for example, an online identifier, a name, a postal address, an email address, a telephone number, etc.
However, the Createrra Finance website shall not request or retain any so-called ‘sensitive’ data. Such data may concern, for example, political opinions, religious and philosophical beliefs, racial or ethnic origin, trade union membership, sexual life or sexual orientation, medical information or biometric data (digital fingerprints and photographs), in accordance with Article 9.1 of the General Data Protection Regulation (hereinafter the ‘GDPR’).
With the entry info effect of the GDPR, the Createrra Finance website has put in place the following code of conduct:
A. DATA CONTROLLER
The Createrra Finance website is designated as the ‘data controller’ with regard to its customers’ data, in accordance with Articles 4 and 5 of the GDPR. Its contact details are as follows:
- CREATERRA FINANCE
- Rue d’Arlon 6
- L-8399 Windhof
- Email : email@example.com
- Tel : +352 451 636 – 1
The data controller’s representative is:
- Department of the Compliance & Risk Officer
- Mr Hugues Derem
- Email: firstname.lastname@example.org
- Tel: +352 45 16 36 411
B. DATA PSEUDONYMISATION
As far as possible, and with the exception of official documents requiring useful information, the Createrra Finance website has adopted the use of pseudonyms to manage its customers in the form of a single ID used mainly in its commercial management and billing systems.
These systems have password access, are secure and encrypted as recommended in best practices and meet the requirements of Articles 4 and 5 of the GDPR.
C. LAWFULNESS, FAIRNESS AND TRANSPARENCY
Subscription to a sale, service or contract is subject to collection by the Createrra Finance website of personal data from its customers and prospects, the processing of which is necessary for the execution of the business relationship or legal obligations.
This data may be processed, saved and archived by the Createrra Finance website, or even communicated to third parties, in the context of a legitimate interest pursued by the Createrra Finance website or by the third party to which the data are provided, in particular for the management of customers’ files, the management of contracts, customer services, the management of the commercial relationship, the detection, prevention and fight against fraud, statistical studies, the management of litigation and debt collection, and payment for services.
These terms and conditions are deemed lawful, fair and transparent and correspond to the requirements set out in Article 5 of the GDPR. The lawfulness of the processing is recognised as such if it corresponds to at least one of the conditions set out in Article 6.1 of the GDPR; if none of these conditions are met, the Createrra Finance website shall not collect data, with the exception of data that may be used in the context of commercial prospecting (see point ‘D. Limitation of Purposes’).
D. LIMITATION OF PURPOSES
Personal data communicated by customers and/or prospects may be used by the Createrra Finance website for direct marketing purposes (commercial actions, personalised advertising, etc.) with a view to informing customers and/or prospects about Createrra Finance activities, products and services, unless the data subject objects to the processing of their personal data for prospecting purposes, in accordance with the provisions of Article 21 of the GDPR.
Incidentally, the Createrra Finance website does not make automated individual decisions, including profiling (i.e. any form of automated processing of personal data consisting in using such data as defined in Article 4.4 of the GDPR).
E. DATA MINIMISATION
The Createrra Finance website only collects from its customers and prospects the information needed to establish a sale, service or contract. In particular, it does not collect any personal data that would not be useful in the context of its services and will not collect any data considered sensitive or defined as such in point ‘A. General Information’ or in Article 9 of the GDPR.
The Createrra Finance website will therefore collect personal data that is adequate, relevant and limited to what is necessary for the purposes for which they are processed (principle of data minimisation) in accordance with Article 5 of the GDPR.
The Createrra Finance website processes personal data and ensures they are accurate and, where necessary, kept up to date. It also provides customers with specific forms which they can use to communicate directly with the data controller or its representative in order to allow the data to be accessed, rectified or erased so that they are always accurate, in accordance with the principle of accuracy expressed in Article 5 of the GDPR.
G. STORAGE LIMITATION
In principle, the Createrra Finance website stores the personal information of its customers throughout the duration of the sale, service or contract entered with them or, failing that, for the legal storage period of the documents as defined in the CNPD’s storage period guidelines, compatible with the principle of data storage limitation described in Article 5 of the GDPR.
It also stores the personal data of its prospects for three years before cancelling them if no commercial transaction has been carried out during such time.
H. INTEGRITY AND CONFIDENTIALITY
The Createrra Finance website shall put in place solutions to ensure the appropriate security of personal data, including against unauthorised or unlawful processing and against accidental loss, destruction or damage by means of technical or organisational measures.
These solutions are in line with the recommendations described in Article 5 of the GDPR concerning the integrity and confidentiality of personal data.
I. RESPONSABILITY OF THE CREATERRA FINANCE WEBSITE
As data controller, the Createrra Finance website shall implement all the points mentioned in this code of conduct and will give itself the means to demonstrate to the competent supervisory authorities that they are duly complied with and monitored over time, in accordance with the description given in Article 5 of the GDPR.
To this end, the Createrra Finance website has set up a processing register in which it records all the processing performed within the scope of the GDPR.
Details of the Createrra Finance website’s personal data processing policy are available at: https://www.createrra-finance.com/legal-notice?lang=en
Article 2 – Service agreements
Under the GDPR, where data are outsourced, customers are required to enter into an agreement with the Createrra Finance website containing, in particular, mandatory information relating to the planned data processing, such as the duration, nature and purpose of the processing, the type and sensitivity of the data provided, the categories of data subjects concerned, access authorisation, security requirements and restrictions on transfers outside the EU, etc., in accordance with Article 28, paragraph 3, of the GDPR.
Article 3 – Obligations of customers
Customers and/or prospects alone shall determine the purposes and means of processing of the personal data for which they are responsible. Where customers and/or prospects intend to outsource the processing of personal data, it is their responsibility to select a data processor that provides sufficient guarantees regarding the implementation of the required technical and organisational measures, in accordance with Article 28, paragraph 1, of the GDPR.
Where personal data for which customers and/or prospects are the data controllers are outsourced to the Createrra Finance website for processing, the customers and/or prospects represent that they have complied with all legal obligations regarding the protection of personal data, and in particular that they have:
- ensured that where all or part of the personal data whose processing is outsourced to the Createrra Finance website have already been outsourced to a third party, that said third party processor provided sufficient guarantees regarding the implementation of the technical and organisational measures required in accordance with Article 28, paragraph 1, of the GDPR;
- provided their customers with information relating, in particular, to the data storage period, the right to access, rectify and erase data, and the right to restrict or object to the processing of their personal data, in accordance with the provisions of Articles 13 to 21 of the GDPR;
- implemented an internal policy and appropriate technical and organisational measures to demonstrate to the supervisory authorities at all times that the processing of the personal data complies with the requirements of Articles 24 to 26 of the GDPR.
Where the service ordered by the Createrra Finance website’s customers requires the written consent of their own customers to the processing of their sensitive personal data as referred to in Article 9.1 of the GDPR, the Createrra Finance website customers shall obtain the written consent of their customers before transmitting such data to the Createrra Finance website in accordance with Article 7 of the GDPR, and shall guarantee same.
Customers will compensate the Createrra Finance website for any harm it may suffer as a result of their failure to comply with their personal data protection obligations.
Article 4 – Processing of personal data by an outsourcer of the CREATERRA FINANCE website
Where the Createrra Finance website outsources a service requiring the processing of personal data on behalf of its customers, the Createrra Finance website shall seek the latter’s prior written consent, as indicated in Article 2 – Service Agreements, before hiring or replacing service providers, in accordance with Article 28, paragraph 2, of the GDPR.
Article 5 – Processing of personal data by CREATERRA FINANCE as an outsourcer
Where the service ordered by the Createrra Finance website’s customers requires that certain personal data of their respective customers be outsourced by the Createrra Finance website, Createrra Finance website customers are required to enter into a contract with the Createrra Finance website as indicated in Article 2 – Service Agreements.
Article 6 – Transfers of personal data to third countries or international organisations
Personal data collected by the Createrra Finance website shall not be transferred to third countries or international organisations by default. The only case in which personal data may be transferred to third countries or international organisations shall be in the event of the outsourcing for which the Createrra Finance website has entered into a service agreement with its data processors, proving de facto that they provide an adequate level of protection as required by Articles 44 to 50 of the GDPR (see also Articles 2, 4 and 5 of this section).
Article 7 – Personal data not collected from the data subject
The Createrra Finance website may use public and/or private data sources for marketing purposes. In the context of this commercial prospecting, it shall inform the prospect of the identity of the data controller and of their rights, as well as the manner in which such rights may be exercised. It may also indicate the data source and data storage period (see ‘G. Storage Limitation’).
Article 8 – Policies and procedures
CREATERRA FINANCE S.A. will satisfy any request for information, free of charge, regarding the following policies and procedures:
- Best execution policy;
- Order execution policy RTS 28 reports;
- Remuneration policy;
- Procedure in the event of a conflict of interest;
- Procedure for handling complaints and grievances (Appendix – Compendium of legislation);
- Procedure relating to voting rights.
This information may be obtained free of charge by sending an email to email@example.com (copying it to firstname.lastname@example.org), by phoning +352 451 636 – 1, or by sending a letter to CREATERRA FINANCE S.A., 6 rue d’Arlon, L-8399 Windhof (Luxembourg).
The MiFID II directive came into force on 3 January 2018. We have provided more information on this directive here.
CREATERRA FINANCE S.A. does not attend the general meetings held by the various companies in which it holds shares, for the following reasons:
- its interest in the company may not be substantial enough to enable it to have any meaningful impact on the outcome of a vote
- the administrative costs for the customer and for the company may be too steep in relation to the added value.
CREATERRA FINANCE S.A. has set itself realistic goals and has, accordingly, provided for measures that are consistent with the size, culture, shareholder structure and organisation of the company. However, these measures must be re-examined in view of the constraints introduced in this regard by new or planned regulations, as well as the indirect operational constraints that have been imposed by its partner banks and insurance companies, which have already introduced restrictive policies in this respect, particularly as regards ESG criteria.
The engagement policy pursued by CREATERRA FINANCE S.A. will be re-examined on an annual basis.