Data Protection Policy
As at 17 April 2019
CMTA GmbH is an Austrian investment company licensed by the Financial Markets Authority. The licence includes investment advisory services in accordance with Article 3 Paragraph 2 Item 1 of the Securities Supervision Act 2018 (WAG 2018) and the acceptance and transmission of orders in accordance with Article 3 Paragraph 2 Item 3 of the WAG 2018 relating to financial instruments in accordance with Article 1 Item 7 of the WAG 2018, transferable securities (item a) and money market instruments (item b). The protection of your privacy and thus your personal data is very important to us. With this Data Protection Policy, we want to inform you of how we collect information on you and what categories of information we collect, why we are required to do so, whom we forward it, and with whom we share it.
The responsibility lies with the natural or legal person that has the control over and responsibility for the personal data. In your case, the responsibility for the processing of your personal data lies with
Should you have concerns regarding or questions about the processing of your personal data by our company, we kindly ask you to contact us directly at email@example.com, or in writing to the above address for the attention of the management.
Collection and processing of your personal data
Personal data refers to all of the information that pertain to an identified or identifiable natural person. These e.g. comprise your name, date of birth, address or other personal data that you provided us with in the course of your business activity or these have been made available to us by a third party.
In the collection and processing of your personal data we strictly adhere to the relevant legal provisions and focus especially on the principles of legality, fair processing, transparency, purpose related processing, data minimization, storage limitation, as well as integrity and confidentiality.
All data processing that we perform is based on your consent or is required for the performance of pre-contractual and contractual provisions, our legal obligations, the performance of public interest tasks, and the protection of our legitimate interests and / or those of third parties (Article 6 of the General Data Protection Regulation). In particular, the enforcement, exercise or defense against legal claims before authorities and courts are deemed to be legitimate interests.
The processing of your personal data is part of order management, risk assessment, order processing as well as part of the comprehensive support and advisory in relation to our services. Subject to your express consent, we also use your personal data in order to be able to provide you with additional offers.
In particular, the personal data we process may include your name, date of birth, place of birth, address data, telephone number, e-mail address, identification data and bank details.
Kindly note that you can object to the processing of your data - as described above - at any time without stating any reasons. To do so please contact firstname.lastname@example.org. In this case, however, the provision of our services is usually no longer possible.
Dissemination of personal data
Especially since we as an investment firm are subject to high regulatory requirements by the financial market supervision and to various reporting obligations to other authorities and courts, we are sometimes legally obliged to disclose the personal data of our clients to the authorities or courts at their request. As part of our agency business, we will also pass on your contact details as a contact person for one of our clients to Compass Asset Management S.A., Via Calprino 18, 6900 Paradiso, Switzerland, if required, in order to arrange the business for you. Any transmission of your data is always executed in accordance with the relevant regulatory provisions (esp. Article 8 of the WAG 2018 Obligation to Confidentiality) and is based on the "Need-to-know principle".
The security of your data is our top priority. We also have encryption options for internal and external data traffic, which allow for the best protection of your data against loss or misuse.
At the same time, all our employees are bound by data secrecy and the obligation to confidentiality in accordance with Article 8 of the WAG 2018 and are regularly trained in the lawful and trustworthy handling of personal data.
You may at any time request information on the source, the data categories, and the duration of storage, the recipients, the purpose of the data processed on you and your account, and the nature of this processing. If we process personal data that is incorrect or incomplete, you may request it to be corrected or completed.
You may also request the deletion of the data processed unlawfully. Please note, however, that this only applies to incorrect, incomplete or unlawfully processed data. If it is unclear whether the data processed regarding your person is incorrect or incomplete or has been processed unlawfully, then from 25 May 2018 onward you can demand a restriction on the processing of your data until the final clarification of this issue. We ask you to note that these rights are complementary, so you can only ask for either the correction or completion of your data or its deletion.
Even if your personal data is accurate and complete and we are processing it in accordance with the legislation, you may object to the processing of such data in specific individual cases. You can also object, if you receive direct mail from us and do not wish to receive it in the future.
As of 25.05.2018, you may receive your personal data that we processed, provided that we have received it from yourself, in a common, machine-readable format determined by us or instruct us to directly transfer this data to a third party of your choice, if this recipient enables us to do so from a technical standpoint and the data transfer represents neither an unreasonable expense nor do any legal or other obligations of confidentiality or confidentiality considerations exist related to us or to third parties.
We kindly request that you contact us using the contact details below in relation to any concerns you might have. We must however ask you to provide evidence of your identity, for instance by submitting an electronic copy of your ID card.
While we strive to provide safety and the integrity of your data, disagreements regarding the way we use your data cannot be ruled out. If you believe that we are using your data in an unacceptable manner, you have the right to appeal to the Austrian Data Protection Authority.
Kindly contact us at email@example.com for your data protection related questions and concerns.
Our data storage
Basically, we keep your data for the duration of our contractual relationship with you. In addition, we are subject to a variety of retention obligations, according to which we have to keep your data and the data on our contractual relationship with you beyond the termination date of the contract, as is the case for example due to the compulsory company retention periods. We store the data on you as long as the possibility of legal claims arising from our contractual relationship with you exists.
The requirement to process your data
Making your personal data available to us and, where appropriate, third parties making you known to us, is necessary for the provision of our services and for regulatory reasons (money laundering prevention). If you do not provide us with this data or do not provide it to the extent required, we may not be able to provide the services you require. Please note that this would not be considered a default on our contractual obligations.
If we have received and have processed your information based on your consent, you may revoke this consent at any time, with the result that, from receipt of the consent withdrawal, we will no longer process your data for the purposes stated in the consent from.
For queries regarding data protection, we are at your service at firstname.lastname@example.org or using regular mail.