Like any business, IELXIS collects all kinds of data, including personal data. Our privacy policy describes what data we collect, how we process it and for what purposes.
This privacy policy is an integral part of our terms and conditions for using IELXIS's services, including its website and mobile app. If you do not agree with our terms and conditions, you cannot use our services.
You rightly expect us to take care of your personal data. That is why we take care to set up secure IT systems and make our employees aware of the protection of your privacy.
This policy applies both to the data which is initially collected when you come into contact with IELXIS and to those which are subsequently obtained by IELXIS (for example when subscribing to a complementary product or service or when updating date of the data entered initially).
We store and process personal data in accordance with the GDPR, i.e. Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of individuals with regard to the processing of personal data. personal character and the free movement of such data. You can obtain further information on data protection from the Data Protection Authority (https://www.autoriteprotectiondonnees.be). We use, in this privacy policy, specific terms that are defined in these regulations (such as "personal data", "processing", "processor", "controller").
Before going into details, you will find below a summary of the questions that are frequently asked to us in terms of the processing of personal data:
| Do you keep my personal data? | YES |
| Do you keep my financial transaction data? | YES |
| Do you use cookies? | YES |
| Do you use plugins? | YES |
| Do you delete my data once my user account is deleted? | NO |
| Can I use IELXIS without giving my permission for the processing of my personal data? | NO |
| Do you sell my personal data? | NO |
| Do you communicate my personal data to other institutions financial? | YES |
| Do you regularly update this policy? | YES |
| Can I exercise my GDPR rights? | YES |
| Can I file a complaint somewhere? | YES |
IELXIS SPRL is a russian company with its registered office at St Vavilova, 19, 117997, Moscow, Russia under Russian Federation General banking licence N° 1481 dated August 11, 2014 and whose company number is BE0631.809.696.
We are responsible for the storage and processing of your data ("controller"). This means that we determine the purposes and methods of processing.
We have in-house a person dedicated to data protection, a DPO or “Data Protection Officer”. You can contact this person by email at investin@delta-sberbk.com or by mail at the above address.
For some services, we call on specialized partners who act as subcontractors. They must comply with our personal data protection policy and must also comply with their legal obligations in this area. We take care to ensure the protection of your personal data through appropriate provisions in our contracts with subcontractors.
We start keeping your data as soon as you contact us through any of IELXIS 's contact channels. This can happen when:
We also keep data on visits and behavior on our website and mobile app, without being able to link them to you until you have communicated your identity to us.
Then, we collect your data for each interaction you have with IELXIS whether it is when you put money into your account, carry out a stock transaction, speak on the phone with one of our collaborators, visit us in our offices, ask us a question or log into our app.
By personal data, we mean not only data that identifies you directly but also data that does so indirectly.
We keep different data for different purposes. For example, we need certain data to identify you in accordance with applicable financial legislation, others as part of the services subscribed to or your use of our site or our mobile app, and others to be able to offer you an exceptional user experience.
We process your data on four legal bases in accordance with the GDPR: legal obligation, contractual obligation, legitimate interest and / or explicit consent.
First, some regulations legally require us to collect certain data. This is for example the case of the MiFID directive, which requires us to know our client well before giving him financial advice. Money laundering, particularly for the purposes of tax evasion or the financing of terrorism, is a subject to which we pay particular attention. Due to our profession, we see financial transactions happening and we therefore have a role to play in the prevention of money laundering. For this purpose, it is possible that we ask you questions about the origin of your funds and that we keep this data to comply with anti-money laundering regulations.
Secondly, the signing of the service contract between you and us implies that we will process certain data in order to perform this contract. For example, we keep data about your transactions and the status of your portfolio so that we can report to you on the progress of your portfolio.
Thirdly, IELXIS also processes your data for the realization of its legitimate interests, in particular its commercial prospecting and customer service interests. To this end, IELXIS takes care to preserve a fair balance between the needs to process data and respect for your rights and freedoms, in particular the protection of privacy.
Fourth, we may process certain data as a result of the express consent you can give us. For example, by agreeing to our policy on the use of cookies when you browse our website, you authorize us to retain your preferred language for browsing.
The table below lists more precisely what data we collect, for what purpose and on what basis. This list is intended to be as comprehensive as possible, but may not be exhaustive.
| What data ? | For what purpose? | On what basis? |
|---|---|---|
| Contact details Name, first name, e-mail address, phone number |
|
|
| Identification data Copy of identity document ( double-sided russian identity card or passport), expiry date, date and place of birth, national identification number, home address, tax identification number |
|
|
| Bank account data IBAN / BIC |
|
|
| MiFID data Experience and financial knowledge, investment objective , investment horizon, risk appetite, amount of your fortune |
|
|
| AML data Profession, source of funds, destination of funds , political exposure, financial convictions and embargoes, links with legal entities and listed companies, analysis of atypical transactions, identification data of the spouse and / or children |
|
Above all, we process the aforementioned data to offer you a service and a user experience that we want exceptional. To be more specific, we use your data to provide our banking, investment and insurance brokerage services. In an anonymized or aggregated manner, we use your data for internal strategic decision-making or as a basis for external communication.
As a Banking and Investment Service Agent, which requires authorization from the russian Financial Markets Authority (the FSMA), we have a legal obligation to collect a great deal of data in order to be authorized to provide ad hoc investment advice.
While some other data should not be collected for a legal reason, we still process it because we believe this data helps us provide better service, not only to you, but also to all of our existing customers. and future.
We are also licensed with the FSMA as an insurance broker, which allows us to distribute life insurance contracts as part of your pension planning. As with banking and investment services, we collect your data for legal reasons or for a legitimate interest.
We anonymize the data of our users and translate them into statistics. These statistics help us make strategic and operational decisions internally. For example, the data allows us to assess whether we should continue with a marketing campaign because it is successful or whether to promote it in a city or to a specific customer segment.
We use the same anonymized data to communicate outward. For example, when we announce to the press how many clients we are happy to have with us, the average performance of our clients' portfolios or the amount of assets in custody.
We use computer cookies. These are small text files that contain information and that we store on the device from which you access our platform.
Cookies allow us to provide you with a better user experience. For example, we store there the last language choice you made or the fact that you gave your consent to our privacy policy, so that you do not have to respecify your choice of language or your acceptance of our policy. every time you visit our site.
We use a series of extension modules (or plugins). The purpose of these plugins is to gain a better understanding of how you use the site so as not only to improve the functionality of the site, but also to be able to present commercial messages to you from other sites.
For example, we use Google Analytics to analyze in real time the number of visitors to our site, to know by what means they arrived on the site (eg search engine, live, from the link of another site) and which pages they like to visit. Another plugin allows us to offer you a chat functionality on our website.
We keep all data in a highly secure IT environment. To do this, we use the services of subcontractors who offer database technologies used in many government, military and financial applications. The contractors' servers are located in Europe and they are duplicated in different locations to allow data recovery in the event of a server failure or destruction. These servers are extremely well protected against attempted physical or computer attacks.
We make it a point of honor to use trusted, well-established services recognized for their respectful processing of personal data.
Of course, we do everything we can to protect the data entrusted to us as much as possible. However, we cannot provide any guarantees in this regard as 100% security does not exist. If someone were to illegally break into our database, then you could not hold us responsible. Even if it gives you problems and causes you damage. But we repeat: we are doing everything we can to ensure that this does not happen. In this context, we use strict security standards, which are regularly tested both by us and by our auditors.
Within IELXIS , our Data Protection Officer filters access to data by our employees according to a precautionary principle, which means that an employee can only access the data they need to perform their work.
The design of our infrastructure therefore hides data from our employees by default. If, despite everything, an employee should have access to data to which he should not, he is aware of respecting your privacy. In such a case, he is invited to destroy any data that has mistakenly arrived in his possession and to report this potential security breach to our IT department, which will take the appropriate corrective measures.
As part of our activities as a banking and investment service agent and insurance broker, we must share your personal data with our principal (Leleux Associated Brokers) and our partner insurance companies.
/ p>
This not only because financial regulations require us to do so, but also because without it these financial institutions simply cannot issue a contract allowing you to open a title account or a life insurance contract. through which you will invest.
In addition, like these other financial institutions, we are placed under the rigorous supervision of financial controllers. As a result, we must monitor all of our users to verify that they are not on international blacklists, PEP ("politically exposed") lists or other official lists. For this, we keep your name, first name, date and place of birth.
No one, even the GDPR, can object to our keeping this data. This also means that in the event of a presumption on our part of money laundering or terrorist financing, we have the obligation to communicate to the authorities the personal data concerned as well as additional evidence information that we have in our possession. .
We process all data that concerns you for as long as you continue to use our services. When you stop being a user, the retention period will depend on the type of contractual relationship you had with us, as well as the type of data.
If you have never been a true customer, that is, if you have never signed an agreement with us, we can delete all your data on request.
In the event that you have been a customer, we are legally bound to keep all your data for a period of 10 years. Indeed, we are subject to financial legislation, in particular to the law of September 18, 2017 on the prevention of money laundering and terrorist financing, article 60 of which requires us to keep certain data for up to 10 years later. that the collaboration has ended.
In other words, from the moment you no longer use our services, we have a legal obligation to keep certain data for another 10 years.
In summary, we do not store your personal data longer than necessary to provide our services to you, unless we are legally required to do so.
Finally, we may keep your personal data for longer if you have given your consent to this or if it is necessary for us in the context of legal proceedings. Of course, we do everything we can to avoid having to provide your data to a court one day as evidence.
In principle, the GDPR gives you certain rights. However, as previously stated, we are legally required to keep your identification and transaction data for 10 years. Most of your GDPR rights do not apply to this storage. Article 65 of the Anti-Money Laundering Law, to be precise, states: "The person concerned by the processing of personal data under this law does not benefit from the right of access and rectification of their data, nor the right to be forgotten, to the portability of said data, or to object, nor the right not to be profiled or to be notified of security breaches ”.
Notwithstanding these exceptions, the GDPR gives you six rights: the right of access and rectification (we must be able to tell you what data we hold about you and you can modify this data), the right to be forgotten ( you can ask us to delete all the data we hold about you), the right to restriction of processing (for example you can ask us to no longer receive our blogs), the right to portability (you can ask us for an extract of your data), the right to withdraw consent (for example you can withdraw your authorization to use commercial profiling cookies), the right to object (for example you can ask us to no longer use your data to receive commercial actions on our part).
Please remember that we can only offer our services if we store and process your personal data. Without the processing of your data, the functionality of our app, such as personal financial simulations, simply would not work. For this reason, we will unfortunately have to end our relationship if you ask us to limit or stop the processing of your personal data. In this case, you will no longer be able to use our services. On the other hand, your rights of access, rectification or portability of your personal data can of course be exercised without problem.
Your privacy rights remain applicable to the processing of your personal data for commercial purposes, for example processing to offer you discounts. This means, for example, that you have the right to request that we no longer process your personal data for these purposes, or to restrict their processing.
Where we have processed your data in statistics, we cannot modify or delete the statistical data which has been derived from your personal data. This statistical data has already been processed and it has become impossible to trace a person's identity. It is therefore no longer personal data protected by the GDPR. Therefore, your rights to privacy, such as the right of access, rectification or portability, do not apply to statistical data derived from your personal data.
If we cannot come to an agreement, you can submit a mediation request to the russian Data Protection Authority: Data Protection Authority