Who is responsible for processing personal data?
The following company is responsible for processing your data:
Erste Asset Management Ltd
Ivana Lučića 2a
Responsible authority for data protection issues:
Croatian personal data protection agency
Martićeva ulica 14
Fax. 00385 (0)1 4609-099
What personal data are processed?
- Master and identification data such as first and last name, e-mail address, and if necessary telephone number, date of birth, hobbies, etc. when you provide this information to us
- The results of processing to fulfil contracts and declarations of consent
- Data to meet legal and regulatory requirements
Please note: This is simply a general list. We do not have all of the data specified above in every case. You have the right to receive a detailed, individual list from us upon request at any time. Please contact firstname.lastname@example.org to this end
Where do you obtain the personal data that you process?
Most of your personal data that we process was provided by you: for example when you signed up for our newsletter or submitted an enquiry.
Data can also come from the following sources:
- Public sources such as the trade register, property register, bankruptcy database, or register of associations
- From other institutions in the Erste Group
- We may also receive data from government agencies or from individuals acting under government mandate, such as from the Financial Market Authority, guardianship or criminal courts, public prosecutors, or court-appointed notaries. You have the right to receive a detailed, individual list from us.
For what purposes and on what legal basis are my personal data processed?
We are a management company pursuant to the Croatian Investment Fund Act (Official Gazette 44/16, 129/19) and pursuant to the Alternative Investment Fund Manager Act (NN 21/18, 126/19). We process your personal data in connection with this activity. In detail, this means:
Processing for contract fulfilment
We are permitted to render certain services for you depending on the type of contracts that we have concluded with you. This can be an agreement relating to a special purpose fund, or can be a management agreement, for example. We must process your data to this end. Our offerings are just as diverse as the wide range of contracts that we enter into. The scope of data processing is specified in the terms of the respective contract.
Processing to fulfil legal obligations
Certain legal regulations and purposes also require that we process your personal data, such as:
- Act on Open-Ended Investment Funds with Public Offering (Official Gazette 44/162 129/19)
- Alternative Investment Funds Act (Official Gazette 21/18, 126/19)
- Capital Market Act (Official Gazette 88/08, 146/08, 74/09, 54/13, 159/13, 18/15, 110/15, 123/16 and 131/17)
- Antimony laundering and terrorist financing law (Official Gazette 108/17)
- Ascertaining your identity, transaction monitoring, reporting suspicious activity: Financial Market Money Laundering Act and the EU Wire Transfer Regulation 847/2015
- Provision of information to public, courts, and criminal financial authorities pertaining to criminal proceedings based on intentional financial crimes: criminal procedural code, criminal financial code
Processing based on legitimate interests
We or third-party agents have a legitimate interest in processing data in the following cases:
- Measures for the prevention of fraud, fraud transaction monitoring
- Data processing for exercising legal claims
- Recording telephone calls, for example for complaints and for documenting declarations that are relevant for transactions
Processing personal data for the purposes of direct marketing can also be a legitimate interest.
Processing based on declaration of consent
If there is no contract, legal obligation, or legitimate interest, data processing can also be legal when you have given us your consent or authorisation to do so. The scope and contents of this data processing are always defined by the specific consent that you have granted. You can revoke this consent at any time.
The revocation has no impact on the legality of data processing up to the point in time that the consent is revoked. In other words, revocation has no retroactive effect.
Am I obligated to provide my personal data? What happens when I do not wish to do so?
We require certain personal data from you for our business relationship. If we do not know your name and e-mail address, we cannot send you any newsletters or information about our new products, or invitations to interesting events. We also cannot manage your special purpose fund without this information. If we cannot verify your identity, the law prohibits us from accepting you as a special purpose fund client. If you do not wish to provide your personal data to us, we may be unable to offer you certain products and services. If we are only permitted to process your data based on your consent, you are not obligated to give this consent or provide your data.
Are any decisions made based on automated processing, such as profiling?
We employ no automated decision-making processes pursuant to Article 22 GDPR at the beginning of or during our business relationship.
To whom are my personal data passed on?
Your personal data can be passed on to:
Companies, units, and persons (employees and contract agents) within the group headed by Erste Asset Management GmbH when these entities need these data to fulfil contractual, legal, or supervisory obligations and to realise their legitimate interests
Public agencies and institutions when we are legally obligated to do so, for example the Croatian Financial Market Authority HANFA, tax authorities, etc.
Third parties contracted by us, such as IT and back office service providers, when they require these data for their activities. Third parties are contractually required to treat your data confidentially and to only process them for the provision of the relevant services
Third parties when this is required for contract fulfilment or based on legal regulations, for example the recipient of a wire transfer and their payment transaction service provider.
Your data may also be passed on to third parties when you have consented to this forwarding.
How long are my personal data stored?
Your personal data are stored for as long as required to fulfil the relevant purposes in any case. The law also stipulates for how long we must keep the data. These retention obligations may also apply when you are no longer our customer or an interested party.
What security measures are applied in data processing?
We place high value on data protection and data security. We have taken all technical and organisational measures needed to secure our data processing. This especially pertains to the protection of your personal data. We protect these data against unauthorised and unlawful processing, unintentional loss, unintentional destruction, and unintentional damage. These measures include the use of modern security software and encryption methods, physical access control, and precautions to prevent and defend against external and internal attacks.
What about cookies, social networks, web analytics, and re-targeting?
Web analytics: We forward personal data to the service provider Webtrekk GmbH for the purposes of anonymised statistical analyses of the user flow on our web sites. You can prohibit the forwarding of your data.