1 Who are we?
We are ETM Corporate Services B.V. (“ETM”) (“We”) and together with our affiliated entities form the ETM group. We have our registered office in Amsterdam and our principal place of business at Krijn Taconiskade 430. We are registered with the trade register of the Dutch Chamber of Commerce under company number 34206371.
In the context of our activities, we collect, hold, disclose and/or otherwise process personal data. Pursuant to applicable data protection and privacy legislation, we qualify as the controller with respect to the personal data that we process.
2 We know your privacy is important to you
We value your right to privacy and strive to protect your personal data in accordance with applicable data protection legislation and more specifically with the General Data Protection Regulation (“GDPR”) and its national implementing legislation.
Note: This acknowledgement does not constitute your ‘consent’ to the processing of your personal data. We do not process your personal data on the basis of your consent, unless specifically indicated.*
3 Whose personal data do we collect?
In the context of our services, we may collect personal data relating to contact persons of our clients (directors, officers and employees), Ultimate Beneficial Owners (UBOs), proxyholders, advisors, (contact persons of) service providers, directors of group entities of ETM’s client companies (Clients), (contact persons of) counterparties of Clients in related transactions, (contact persons of) their affiliates, (directors, officers, employees) and attorneys, where such collection and processing of data is necessary for the performance of legal and contractual obligations of ETM and/or its Clients as well as personal data relating to visitors of our website.
4 How do we collect personal data relating to you?
We may collect information about you in various ways:
- From our clients in relation to the provision of our services consisting of management, domiciliation services, corporate secretarial and administrative services, bookkeeping, accounting services or any other services as agreed upon.
- Directly from you or your authorized representatives, whereby the data is provided to us in order to enable us to provide services to our clients and in order to comply with legal obligations associated to provision of such services.
- from other third parties, for example via service providers, feeders, contact persons, tax advisers, notaries, internet and other open sources, as well as external database purchased by ETM.
5 What personal data do we collect and for what purposes do we use your personal data?
We collect the following information about you and we use it for the following purposes:
i. Personal data as included in the Client Due Diligence file (CDD): your identification and contact information (name, address, telephone number, email address or other contact details) passport copy and passport information, place of birth, CV and information including therein, including career history, bank account details, tax returns and tax identification number, income statements, salary slips, documents describing your source of wealth, current income and assets, other personal data as might be required for completion of CDD file and/or for provisions of service by ETM;
Purposes: Customer administration, and administration of contractual relationships; Performance of the services our client applied for; For administrating payment of invoices and to collect debts; For communication with the client (including for direct marketing purposes);
Legal ground: Necessary for the performance of a contract or in order to take steps to entering into a contract; Compliance with a legal obligation;
ii. Personal data to prevent money Laundering and Terrorist Financing: name, address, copy identity, place of birth, passport copy, source of wealth and source of funds, tax identification number, residence address, overview of assets, bank movements, tax returns;
Purpose: Compliance with the Dutch Money Laundering and Terrorist Financing Act (“Wwft”); Compliance with transaction monitoring and source and destination of funds provisions of WTT2018 and Wwft.
Legal ground: Compliance with a legal obligation;
iii. Personal data related to UBOs: Name, surname, date of birth, place of birth, passport or any other identification document, residence address, tax ID number, ID number, C.V., career history, information related to source of wealth, financial information e.g. salary slips, personal income tax returns, other information which helps to identify source of wealth (available through the data subject, data controller, open sources or databases purchased by ETM for performing due diligence, as required by applicable laws and regulations);
Purpose: Client research: identification and verification of UBO; Compliance with source of wealth of WTT 2018;
Legal ground: Compliance with a legal obligation;
iv: Personal data related to client representatives: Name, surname, place of birth, data of birth, passport or any other identification document, contact details, CV and information included therein, employment information, position and title.
Purpose: Client research, identification and verification of client representatives;
Legal ground: Compliance with a legal obligation;
v: Personal data: Your identification and contact information (name, address, telephone number, email address or other contact details).
Purpose: to protect our assets, business and personnel and in the context of a possible business transactions;
Legal ground: Necessary for the performance of a contract or in order to take steps to entering into a contract; Necessary for legitimate interest of ETM in relation to litigation.
vi: Personal Data: We can also consult identification and contact information via external databases which we purchase and combine this information with the data we have collected from you, in order to obtain more complete or accurate information
Purpose: For making decisions about selecting you as a vendor, for compliance with CDD requirements under Dutch law; for processing your application regarding recruitment.
Legal ground: Legitimate Interest; Compliance with legal obligations; Necessary to enter into a contract.
6 With whom do we share your personal data?
As far as permitted by applicable laws, ETM may share certain personal data with third parties, such as affiliates, its service providers, employees, software suppliers, insurers, pension schemes providers, banks, authorities, payroll service providers, possible acquirers of (a part of) the business of ETM and law firms, notaries, external auditors, a trusted adviser, or any other contractor engaged by ETM to assist in providing services where ETM has no presence, or whether for support in IT, Tax, salary administration or other consultancy services.
We will ensure that, where relevant, contractual safeguards are implemented to ensure the protection of your personal data when disclosing your personal data to a third party. For example, we will enter into data processing agreements with relevant parties (providing for restrictions on the use of your personal data and obligations with respect to the protection and security of your personal data).
Third parties may be located in countries outside the European Economic Area, which countries may offer a lower level of data protection than the Netherlands. In such case, ETM shall ensure that the international transfer of the personal data shall comply with the applicable data protection legislation. For example, such shall be the case in the following situation: we are required to transfer personal data to a foreign tax authorities, or tax adviser to assess tax aspects of the foreign country, which is necessary for conducting transaction by the client company or where such information is sent to a foreign lawyers, administrators, auditors, client groups’ foreign entities, their employees, administrators, affiliates, as might be required for provision of services by ETM to its Clients, or for compliance with its legal obligations.
In such case, it shall be ensured that adequate measures are taken to ensure adequate protection of your personal data in accordance with applicable data protection legislation. More specifically, we will base such transfer on a legal ground and where necessary on the EU Standard Contractual Clauses.
Personal data will not be sold or licensed to third parties.
7 How long do we store your personal data?
Your personal data will not be stored for longer than is necessary in relation to the purposes for which we process them (we refer to the purposes as listed above in paragraph 5). Only where we are legally obliged to, or where this is necessary for defending our interests in the context of judicial proceedings (e.g. in case of a dispute), we will store the personal data for longer periods.
More specifically, the following storage periods apply
i. Personal data: Documents collected for costumer due diligence (“CDD”) purposes: your identification and contact information (name, address, telephone number, email address or other contact details, date of birth, place of birth, passport, residence address, tax ID number, ID number, information related to source of wealth, financial information e.g. salary slips, other information which helps to identify source of wealth (available through the data subject, data controller, open sources or databases purchased by ETM for performing due diligence, as required by applicable laws and regulations:
Storage period: as long as required by law, not less than 5 years after termination of the relationship with ETM.
ii. Personal data: Name, surname, date of birth, place of birth, passport, residence address, tax ID number, ID number other contact details, or financial information for administrative and accounting purposes, and where ETM is as a custodian of the client company after its liquidation;
For accounting purposes, as long as required by law, not less than 7 years from the time of drafting FS (art. 2: 394 Burgerlijk Wetboek).
In case of custodian services, 7 years after the company is dissolved;
Dividend statements are kept as long as required by law, not less than 5 years from the time of drafting;
8 How do we protect your personal data?
We will implement the necessary administrative, technical and organizational measures for ensuring a level of security appropriate to the specific risks that we have identified. We protect your personal data against destruction, loss, alteration, unauthorized disclosure of or access to personal data transmitted, stored or otherwise processed. For the technical security of your data, ETM has engaged an IT service provider, who complies with applicable requirement and standards for IT security in the Netherlands and EU. Furthermore, we have taken the following measures storage of all data on secured cloud server, which complies with EU privacy security standards, comprehensive password policy, minimizing work outside the office, clean desk policy in the office, back up of all the data once a day; implementation of anti-virus systems which are upgraded regularly, conducting random testing and training the team by increasing awareness on privacy security.
In addition, we seek to ensure that we keep your personal data accurate and up to date. In view thereof, we kindly request you to inform us of any changes to your personal data (such as a change in your contact details).
9 What are your rights and how you can exercise these?
Under circumstances you have the right to:
- information about and access to your personal data;
- rectify your personal data;
- erasure of your personal data (‘right to be forgotten’);
- restriction of processing of your personal data;
- object to the processing of your personal data;
- receive your personal data in a structured, commonly used and machine-readable format and to (have) transmit(ted) your personal data to another organization.
To read more about these rights, and circumstances under which you can use these rights, in particular your right to object please contact the privacy employee of ETM via email@example.com.
Finally, you have the right to lodge a complaint with the Dutch Data Protection Authority relating to the processing of your personal data by us (www.autoriteitpersoonsgegevens.nl).