Privacy policy

1st of June 2019

1. What is i-Hub?

i-Hub S.A. (hereinafter referred to as i-Hub”) is a company established in the Grand Duchy of Luxembourg and licensed as a professional of the financial sector (PFS of support).

i-Hub offers an innovative solution that continuously manages the maintenance and review of data and documents necessary for monitoring and identifying customers of professional bodies such as banks, insurers, investment funds, management companies, law firms (hereinafter referred to as “Business Relations”) under the legal and regulatory obligations covering money laundering and the financing of terrorism (including international financial sanctions and embargoes) and tax reporting (Foreign Account Tax Compliance Act (“FATCA”) and the OECD Common Reporting Standard  (“CRS”).

As part of its services, i-Hub is therefore required to manage and keep data and documents concerning existing Business Relations customers and concerning persons who have taken steps to become Business Relations customers (hereinafter referred to as the “Data and Documents”). These customers or potential customers can be either private individuals or legal entities.

The i-Hub solution enables to store these Data and Documents electronically and regularly check their accuracy and validity, as well as to share them between Business Relations.

i-Hub also benefits you as a customer or future customer of one or more Business Relations and/or as a user of i-Hub, by giving you access to www.i-hub.com or https://user.i-hub.com (hereinafter referred to as the “Websites”) to check and update the Data and Documents relating to you (or the person you represent) and share them with your Business Relations.

2. What are Business Relations?

Business Relations are regulated companies such as banks, insurers (or other entities operating in the financial or insurance sector), actors in the investment fund sector (in particular management companies or transfer agents), law firms or other professionals subject to legal and regulatory obligations to monitor and identify their customers under legislation to fight against money laundering and the financing of terrorism (including international financial sanctions and embargoes) and tax reporting requirements (FACTA and CRS). 

The Business Relations with whom your Data and Documents may be shared are i-Hub customers (and therefore subject to contractual obligations regarding such sharing) that have a contractual or pre-contractual relationship with you or with the person you represent. Moreover, Business Relations are also subject to legal obligations of professional secrecy or confidentiality.

3. Who is affected by this Privacy Policy

As the Data and Documents contain personal data, this Privacy Policy aims to provide you, as the person concerned by  collecting and processing  such personal data, with all of the information required by law. As such, it is important to distinguish between the following persons who may use the i-Hub Websites:

  • You are an “End Client” if you have taken steps to become a customer or you are already a customer of a Business Relation (by having an account in a bank for example) who has asked i-Hub to process its data and documents.
  • You are an “Authorised User” if you are authorised to access the i-Hub Websites in the name and on behalf of a “Legal Entity”, which is defined as a legal entity (a company or a trust, for example) who has taken steps to become a customer or is already a customer of a Business Relation that has asked i-Hub to process the Data and Documents of this entity. Individuals related to a Legal Entity (e.g., their legal representative, beneficial owner, shareholders) are defined as “Related Individuals”, whose data processing is described in the Privacy Policy for Individuals Related to a Legal Entity.    
  • You are a “Legal Representative” if you are an individual who accesses to i-Hub Websites in the name and on behalf of an End Client who is an individual (e.g. because that individual is a dependent minor or is otherwise legally incapable).

The End Client, the Legal Representative and the Authorised User are hereinafter collectively referred to as “Users” and are covered by this Privacy Policy.

If you are an Authorised User:

  • references to your “Business Relations” and “Data and Documents” in this Privacy Policy are to be understood as your Legal Entity’s Business Relations and your Legal Entity’s Data and Documents, respectively (which may, however, contain personal data about you but whose processing by i-Hub is detailed in the Privacy Policy for Individuals Related to a Legal Entity that is also applicable to you); and
  • the sections of this Privacy Policy relating to the sharing of Data and Documents do not apply to you.

If you are a Legal Representative, references to your “Business Relations” and “Data and Documents” in this Privacy Policy are to be understood respectively as the Business Relations of the End Client you represent and the Data and Documents of that End Client (which may, however, contain personal data about you). 

4. When are your Business Relations responsible for processing your personal data?

Your Business Relations are responsible for data processing undertaken to add Data and Documents to the i-Hub solution; storage of the Data and Documents and regular checking of the validity and accuracy thereof, as well as of the use made of these Data and Documents by your Business Relations once they have been shared. Please refer to your Business Relations’ data privacy policy, which will usually be available on their website, or contact your Business Relations if you wish to know more about the processing carried out by your Business Relations as data controllers.

5. When is i-Hub responsible for processing your personal data?

i-Hub is responsible for the processing of your personal data in relation to:

  • sharing your Data and Documents with your Business Relations within the framework of the i-Hub Websites to the extent that you have consented to this sharing. The sharing of Data and Documents implies the centralisation (prior to and necessary for the sharing) of these Data and Documents by i-Hub;
  • your registration on the Websites allowing you to access and add Data and Documents or perform any other action on the Websites;
  • the call centre support and mailing services (for non-commercial purposes) offered by i-Hub.

6. Information on sharing Data and Documents between Business Relations

What is the legal grounds for sharing? Your consent to sharing, which you may or may not choose to give. 

What categories of data are shared? Data including: (1) identification information (e.g., first name, last name, address, date and country of birth, gender, marital status, nationality, occupation, tax residence, identity card, passport number, NIF); (2) personal data contained in documents that enable your Business Relations to fulfil their legal and regulatory obligations as set forth in Section 1 of this Privacy Policy (1. What is i-Hub?), such as, for example, proof of address, tax residency certificate, tax self-certification document, specimen signature, delegation of authority, identity document or equivalent document.

What are the sources of shared data? (1) Yourself, when you send the Data and Documents to i-Hub; (2) your Business Relations.

What are the objectives of data sharing? (1) To simplify your initiation and maintenance of a business relationship with your Business Relations who will receive the Data and Documents; (2) to allow you to provide the mandatory Data and Documents to a single point of contact, i-Hub; (3) the most recent Data and Documents will be validated by i-Hub and potentially be shared with your Business Relations, thereby avoiding the need for you to repeat the process for each of your Business Relations, i.e. ID, certificate of residence, etc.

Who will the data be shared with? (1) Your current and future Business Relations and, where applicable, certain of their subcontractors; (2) sharing will be extended to any of your Business Relations that become i-Hub customers after you have given your consent. As a User, you will be able at any time to see the names of the Business Relations with whom the Data and Documents are shared on the Websites; (3) the competent authorities, only if i-Hub is required to do so by law or by virtue of an enforceable decision of a competent authority or jurisdiction; (4) i-Hub’s service providers (e.g. IT, scanning providers), who are subject to confidentiality obligations and only to the extent that they require such information to provide their services; (5) if applicable, the Business Relations of the Legal Entity to which you are linked if you have other roles than that  End Client on i-Hub (as detailed below).

What happens if I am an End Client and I am also an Individual Related to a Legal Entity present on i-Hub (for example, I am a director or beneficial owner of a company present on i-Hub)? We should distinguish between two different situations: (1) as an End Client, you have consented to your data being shared: in the event of any update to your Data and Documents on the i-Hub solution for a Business Relation, your updated Data and Documents will be shared with all Business Relations with which you have a direct connection (as an End Client). This sharing can also be extended to other roles you may have with other Business Relations. For example, you might update your ID in the context of a Business Relation with your bank (you are a bank account holder). If you have consented to sharing your information, this identity document may then be shared in the role of Director or Beneficial Owner that you may have in an Entity that has a business relationship with another bank. This sharing will only take place to the extent that the document or data is necessary for a given role; (2) in the event of an update to your Data and Documents on i-Hub for a Business Relation for one of your roles, your Data and Documents updated for one role (e.g. End Client) can be propagated and used by this same Business Relation for all the roles that you have with it (company director, beneficial owner, etc.), on the legal basis of legitimate interest. This will avoid the need for you to give separate consent for this propagation.

What happens if I am a legal representative of an Individual Related to a Legal Entity present on i-Hub?

The answer to the previous question is equally applicable to this case (see question explanation**).

How long is data kept for? Data and Documents will no longer be shared if you withdraw your consent or once the last record of you held with i-Hub by your Business Relations has been closed.

Can I withdraw my consent to share? Yes, you may withdraw your consent to share Data and Documents at any time. However, this will not affect the lawfulness of the processing carried out prior to the withdrawal.

7. Information on other processing by i-Hub in its capacity as data controller

Data processingAccount activation and other User actions on i-HubCall center support and mailing service
    Categories of data processed                            Data including: 1. Personal identification information (e.g. first name, last name). 2. Electronic identification data (e.g. email address, IP address, login identifiers). 1. Telephone records data. 2. Any data required to provide support (e.g. last name, first name, date of birth, etc.) and any data that you provide the support service with as part of your request. 3. Data required for mailing services, including your address (electronic and physical), fax and your name.
Data source1. Your Business Relations.  2. Yourself.1. Yourself. 2. The i-Hub database.
Legal groundsPerformance of a contract to which you are a party or, for Legal Representatives and Authorised Users, the legitimate interests of i-Hub.The legitimate interests of i-Hub and, regarding telephone records, also the collection of data in order to provide evidence of a commercial communication.
Objectives of the processingTo provide the User with the option of accessing the Websites and the Data and Documents and to perform any other action on the i-Hub Websites.1. To enable Users to contact a support service to submit a request. To enable follow-up and processing of this request. 2. To provide a mailing service for information and to make contact with Users.
Categories of data recipients1. Your Business Relations (for example when you add Data and Documents to the i-Hub Websites). 2. The competent authorities, only if i-Hub is required to do so by law or by virtue of an enforceable decision of a competent authority or court. 3. i-Hub service providers (for example IT, scanning or call centre providers).1. i-Hub service providers. 2. The competent authorities, only if i-Hub is required to do so by law or by virtue of an enforceable decision of a competent authority or court.  
Data retention periodDuring the time your file is active and 10 years after its closure (where necessary).

8. What are your rights with regard to the processing carried out by i-Hub in its capacity as data controller?

You have the right to obtain confirmation from i-Hub as to whether or not your personal data is being processed and, if it is, to access your personal data and essential information about the processing of your personal data.

You also have the right to have inaccurate personal data about you rectified and, under certain conditions, deleted.

To the extent that i-Hub is the controller of your personal data, you have the right to request the restriction of processing, or to object to processing, and the right to data portability where the conditions set out in the General Data Protection Regulation (or GDPR) apply.

You have the right to lodge a complaint with the Luxembourg data protection authority,  the National Commission for Data Protection, via its website https://cnpd.public.lu/en.html or with the data protection authority in the EU Member State in which you habitually reside.

9. How can I contact i-Hub?

You can exercise your rights by using the form available for this purpose at www.i-hub.com, or by sending a request to i-Hub by letter or email:

i-Hub S.A.

For the attention of the Data Protection Officer

208, rue de Noertzange

L-3670 Kayl

email: dpo@i-hub.com.

10. Amendments to this Privacy Policy

i-Hub may amend this Privacy Policy at any time. i-Hub will give notice of such an amendment via a message on the Websites. It is recommended that you review this Privacy Policy regularly.