Why are you seeing this notice?
This privacy notice informs you about the processing of personal data within our website on behalf of Openstone, a brand of Innovative Finance SAS ("Openstone") and its affiliates.
You have provided or may need to provide personal data to us by virtue of requesting information about Openstone, becoming a Openstone client, using the Openstone platform available at https://www.openstone.com or any of its subdomains (the “Platform”), including by simply viewing content on the Platform, or otherwise interacting with Openstone. The Platform is part of your agreement with Openstone and, as applicable, Openstone affiliates, as well as any fund vehicle (each, a “Fund”) you may choose to invest in via the Platform. The privacy notice applies regardless of the domains, platforms and devices used (e.g. desktop, mobile, etc.).
We inform you about the processing of your personal data and the rights to which you are entitled under the European General Data Protection Regulation (GDPR) and any other applicable legal data protection laws and regulations. Personal data as defined by the GDPR is any information relating to an identified or identifiable natural person ("data subject"), e.g., name, address, e-mail, order data, vehicle data.
In our privacy notice, we use various other terms as defined by the GDPR. These include terms such as processing, profiling, pseudonymisation, controller, processor, recipient, third party, consent, supervisory authority and international organisation. You can find the corresponding definitions for these terms in Article 4 of the GDPR.
Who is responsible for data processing and whom can I contact?
The entity responsible for the collection and processing of personal data in the EU is:
Innovative Finance SAS
5 Parv. Alan Turing,
75013 Paris - France
France
Email: bonjour@openstone.com
What sources and data do we use?
We process personal data that we receive from you while using our website and, if applicable, in the course of our business relationship.
In the case of purely informational use of our website, i.e. if you do not register or otherwise submit information to us, we only collect the personal data that your browser transmits to our server. When you access our website, we collect the following access data, which is technically necessary for us to present our website to you and to ensure stability and security. The access data includes the IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (i.e. name of the specific website accessed), access status/HTTP status code, amount of data transferred in each case, referrer URL (previously visited page), operating system and its interface, language and version as well as type of browser software and notification of successful retrieval.
If you undergo certain verification checks and submit identity information such as your identity card or passport, we process your personal data contained in these documents.
Furthermore, we receive your personal data if you contact us via a contact form, chat or email, and through any associated documentation that you complete when subscribing for an interest in Openstone. The personal data that we collect in these circumstances are, for example, name, address, e-mail address, telephone number, date of birth, passport details or other national identifier, driving license, your national insurance or social security number and income, employment information and details about your investment or retirement portfolio(s), and, if applicable, any data contained in the message that you send us.
Who can access my data?
Within the organization, departments that need to know your data to fulfill our contractual and regulatory obligations can access your data.
In addition, processors (Art. 28 GDPR) engaged by us may also obtain access to data for the above-mentioned purposes. These may be, for example, our IT service providers, hosting provider, background and/or credit reference check providers or third parties that provide printing services, telecommunications, sales and marketing services. If we use processors to provide our services, we will take appropriate legal precautions as well as the relevant contractual, technical and organizational measures to protect personal data in accordance with applicable law.
Any transfer of data to third parties will be made only within the scope of legal requirements. We will disclose your data to third parties only if this is required, for example, under Art. 6 para. 1 (b) GDPR for contractual purposes or based on legitimate interests pursuant to Art. 6 para 1 (f) GDPR in the economic and effective operation of our business or if you have consented to the transfer of data. In the case of purely informational use of the website, we do not pass on any data to third parties.
Recipients of the data may also be Openstone Ambassadors and Members of the Openstone Investor Club who have referred you to Openstone; Openstone group members; Openstone’s funds, the underlying funds and the fund sponsors / fund managers of such underlying funds and other service providers and delegates employed and/or retained by them; professional partners such as private banks, family offices, fund managers, law firms and other service providers; and public authorities.
Process of identification
Based on legal requirements (e.g. French Banking Act, Money Laundering Act, Securities Trading Act, tax laws) as well as banking supervisory requirements (e.g. of the European Central Bank, the European Banking Authority, the ACPR and the French Financial Supervisory Authority - AMF), we are obliged to establish your identity.
For the purpose of identification, we process the personal data you provide (name, date of birth, address, e-mail address, telephone number) for verification. Finally, during the identification procedure, photos of you and your identification document (passport, ID card) are taken via the camera of your device.
We would like to point out that it is not possible to become a customer with us without such identification procedure. A personal identification on site is not possible, also sending a copy of an ID card is not sufficient. The reason for this is the legal regulations.