This Privacy Statement sets out how we handle your personal data. You can be confident that we handle your personal data with due care. We, Pymwymic Investment Management B.V., the manager of all Pymwymic entities, are the controller of your personal data.
This Privacy Statement is intended for you, if:
- you are a community or an investment member of Pymwymic;
- you or your company showed interest to get in touch with Pymwymic through our website;
- you have been connected to the Pymwymic network at some point in the last 24 years;
We collect personal data you provide when interacting with Pymwymic via telephone, website, in person or over email. Furthermore, we ask for personal data when you enter into a contract with us. We will process your personal data, or that of your related individuals, for carrying out business or contact with you.
Further information concerning why we process personal data will be set out in this Privacy Statement.
Personal data is information that says something about you. The best-known forms of personal data are your name, address, email address, telephone number, age and date of birth. Personal data also includes your bank account number and your IP-address.
Further to this, there are several special categories of personal data. An example of a special category of personal data that we may process, is your passport photograph. This type of personal data is more sensitive.
What legal basis for processing do we have?
Processing of personal data is only allowed when it is based on one of the “grounds” permitted by law. We only use your personal data for one or more of the following reasons:
- Processing is necessary for the performance of a contract to which you are a party;
- Processing is necessary for compliance with a legal obligation; and
- Processing is necessary for the purpose of the legitimate interests of Pymwymic, such as staying in contact.
We may only use special categories of personal data if this is permitted by law or if consent for this specific processing is obtained. In all other situations, we are prohibited from using sensitive personal data.
For what purpose do we use your personal data?
We use your personal data to help make our operations, business development and services as effective, reliable and efficient as possible. This is done for either one of the following purposes, depending on the nature of your relationship with us:
- Staying in contact with members and other network relations (e.g. potential investment opportunities);
- Sending invoices for memberships;
- Providing investment members with information about their investment;
- Verifying the identity of investment members in order to accept and maintain their investment;
- Complying with tax and regulatory requirements; and
- Complying with anti-money laundering, anti-corruption, and other financial laws.
Service providers using your personal data
Sometimes it is necessary to provide your personal data to third party companies that perform services on behalf of Pymwymic. We only work with service providers that comply with the GDPR.
Financial service providers
If you are a community member of Pymwymic, we share the necessary part of your personal data with our financial administrator and accountant in order for them to carry out their work.
If you are an investment member of Pymwymic, we share the necessary part of your personal data with our fund manager and our accountant in order for them to carry out their work. Our fund manager may also conduct profiling activities in order to prevent fraud, manage risks and investigate unusual transactions.
Email service provider
If you have given us your name and email for purposes of communication, your email address is shared with our email service provider. Through this service, we take use of email tracking technology that records your IP address and data on when you open an email or click on links therein. This data will be used only in automated ways to help improve timing and content of future messages and/or to prioritise follow-ups based on perceived communications relevance. No further personal data will be saved.
Service providers outside Europe
We may occasionally share personal data with other companies or organisations outside Europe. In that case, we ensure that either the country has adequate equivalent protections, or that we have concluded separate agreements with those parties, and that these agreements comply with the European standard.
Retention period of your data
We keep personal data for as long as necessary to achieve the specific purpose. After this period, your personal data will be erased from our systems to the best of our capability.
The law does not stipulate specific storage periods for personal data. Other legislation may specify minimum storage periods, however. If it does, we are under the obligation to observe these periods. Such legislation includes tax laws or laws governing financial undertakings specifically. Another reason for which we may keep your data longer is if we become involved in a lawsuit or other legal proceedings.
What rights do you have?
GDPR entitles you to a number of rights in relation to your personal data. You may exercise these rights by sending an email to email@example.com. We will respond without undue delay, in any even event within one month, and will handle your request free of charge.
Right to object to processing for informative emails
If you no longer want to receive newsletters or other emails containing information on events, you can unsubscribe for such emails at any time. Any email you receive from us includes this possibility, and you can follow the link at the bottom of the email to immediately and easily take care of this. If you also wish us to delete your email address from any other storage place within Pymwymic, please read the subsequent section.
Right of access, right to rectification, right to restriction of processing, right to be forgotten
Upon request, we will provide you with information as to whether and what personal data we store in relation to you. Should your personal data be incorrect, you may have it rectified. You may also ask us to restrict our use of your personal data in the future, in whole or in parts, or request deletion of your personal data. Note however, that we can’t comply to a request to restrict processing or to be forgotten, if we must process your personal data for compliance with a legal obligation. Please see ‘retention periods of your data’ for further explanation.
Right to data portability
If we process your personal data on the basis of the contract that we entered in with you, we can arrange that you receive the data you have provided to us, so that you can provide this data to another party you choose. This is referred to as data portability. Information which is processed for the purpose of a legal obligation or legitimate interests is not covered by this obligation.
Right to object to profiling
It may be the case that you do not want us to use your personal data for profiling. Sometimes, however, we are allowed to do this, for instance to prevent fraud, manage risks or investigate unusual transactions, even if you object to the processing of data. In such situations, we will of course comply with the law.
Questions or complaints?
Should you have any questions about this Privacy Statement, please send an email to firstname.lastname@example.org. We are happy to help you. Furthermore, you have the right to take your complaint to the Data Protection Authority (Autoriteit Persoonsgegevens).
Changes to the Privacy Statement
Changes to the law or our services and products may affect the way in which we use your personal data. If this happens, we will make changes to our Privacy Statement and notify you on these changes.
This Privacy Statement was most recently amended on the 17th of May 2018.