Privacy Policy  Individual Related to a Legal Entity

17 march 2022

1. What is i-Hub?

i-Hub S.A. (hereinafter referred to as  “i-Hub”) is a company established in the Grand Duchy of Luxembourg and licensed as a.professional of the financial sector (PFS of support).

i-Hub offers an innovative solution that continuously manages the maintenance and review of data and documents necessary for monitoring and identifying customers of professional bodies such as banks, insurers, investment funds, management companies, law firms (hereinafter referred to as “Business Relations”) under the legal and regulatory obligations covering money laundering and the financing of terrorism (including international financial sanctions and embargoes) and tax reporting (Foreign Account Tax Compliance Act  “FATCA” and the OECD Common Reporting Standard (“CRS”).

As part of its services, i-Hub is therefore required to manage and keep data and documents concerning existing Business Relation customers and concerning persons who have taken steps to become Business Relation customers (hereinafter referred to as the “Data and Documents”). These customers or potential customers can be either private individuals or legal entities.

The i-Hub solution makes it possible to store these Data and Documents electronically and regularly check their accuracy and validity, as well as to share them between Business Relations.

2. What are Business Relations?

Business Relations are regulated companies such as banks, insurers (or other entities operating in the financial or insurance sector), actors in the investment fund sector (in particular management companies or transfer agents), law firms or other professionals subject to legal and regulatory obligations to monitor and identify their customers under legislation to fight against money laundering and the financing of terrorism (including international financial sanctions and embargoes) and tax reporting requirements (FACTA and CRS). 

The Business Relations with which Data and Documents can be shared are i-Hub customers (and therefore subject to contractual obligations regarding this sharing) and have a contractual or pre-contractual relationship with the legal entity to which you are related (for example, one Business Relation could be the bank of the company you manage). Moreover, Business Relations are also subject to legal obligations of professional secrecy or confidentiality.

3. Who is affected by this Privacy Policy?

This Privacy Policy concerns you, as the “Related Individual”of a legal entity, since your personal data contained in the Data and Documents will be collected and processed by i-Hub and the Business Relations because of your relationship with your legal entity (for example, as a legal representative or beneficial owner of your company) and the fact that the latter has taken steps to become a customer, or is already a customer, of a Business Relation (hereinafter referred to as your “Legal Entity”).

This Privacy Policy gives details on how your personal data is processed in your capacity as a Related Individual. If the Legal Entity authorises you to access i-Hub Services on its behalf, you are a Related Individual acting as an “Authorised User” and you are also subject to the End Client Privacy Policy. If you are solely, or also, an End Client and/or a Legal Representative, as defined in the End Client Privacy Policy, please refer to that policy.

4. Which data processing operations are Business Relations responsible for?

Business Relations are responsible for data processing undertaken to add Data and Documents to the i-Hub solution; storage of the Data and Documents and regular checking of the validity and accuracy thereof, as well as of the use made of these Data and Documents by the Business Relations once they have been shared. Please refer to the Business Relations’ data privacy policy, which will usually be available on their website, or contact the Business Relations if you wish to know more about the processing carried out by the Business Relations as data controllers.

5. When is i-Hub responsible for processing your personal data?

i-Hub is responsible for processing your data relating to:

  • the sharing of your personal data contained in your Legal Entity’s Data and Documents that are shared with your Legal Entity’s Business Relations as part of the i-Hub Services. The sharing of Data and Documents implies the centralisation (prior to and necessary for the sharing) of these Data and Documents by i-Hub;
  • the propagation of data from one of your roles as a Related Individual (e.g. as a company director), to another of your roles as a Related Individual (e.g. as a beneficial owner of a company) within the same Business Relation (e.g. your company’s bank) in the event of any update to the Data and Documents for this Business Relation.
Data processingSharing Data and Documents with your Legal Entity’s Business RelationsPropagation of data through your roles as a Related Individual when data is updated
Categories of Individuals Related to a Legal EntityFor example: Directors, legal representatives, managers,delegates to daily management, partners, shareholders, nominees, liquidators, beneficial owners, constituents, beneficiaries, administrators or protectors of trusts or fiduciaries, authorised signatories, Authorised Users, etc.
Categories of data processedDepending on your relationship with the Legal Entity: (1) identification information (e.g. first name, surname, address, gender, date of birth, place of birth, nationality, tax residence); (2) official identification data (e.g. identity card, passport number, NIF, proof of address); (3) information about your relationship with the Legal Entity (e.g. your role and, if applicable, date of appointment and, for beneficial owners, the type and percentage of shareholdings and sources of income); (4) other personal data that may be contained in the documents that allow the Business Relations of your Legal Entity to fulfil their legal and regulatory obligations mentioned in point 1 of this Privacy Policy (e.g. declaration of beneficial owner, extracts from the trade register, tax self-certification document, organisation chart and delegation of powers).   
Data source1. The Business Relations of your Legal Entity. 2. Public sources, such as information publicly available on the Internet, watch lists of official organisations (e.g. for politically exposed persons) and information available in official company registers or commercial databases, such as screening and watch lists. 3. The Legal Entity to which you are related.1. The Business Relations of your Legal Entity. 2. Public sources. 3. Your Legal Entity.
Legal basisThe legitimate interests of the data controller and third parties.
Objectives of the processing1. To simplify the initiation and maintenance of business relationships between your Legal Entity and its Business Relations. 2. To facilitate compliance with the legal and regulatory obligations of Business Relations and your Legal Entity.
Categories of data recipients 1. The Business Relations of your Legal Entity, current and future and, where applicable, certain of their subcontractors. Please contact i-Hub to find out who these data recipients are.  2. The competent authorities, only if i-Hub is required to do so by law or by virtue of an enforceable decision of a competent authority or court.
3. i-Hub’s service providers (e.g. IT and scanning providers), who are subject to confidentiality obligations, and only to the extent that they require such information to provide their services.
1. The Business Relations of your Legal Entity for which the data update is performed. 2. The competent authorities, only if i-Hub is required to do so by law or by virtue of an enforceable decision of a competent authority or court.
3. The i-Hub service providers.
Data retention periodData sharing will end if your Legal Entity withdraws its consent to share or when the last file concerning your Legal Entity maintained on i-Hub by the Business Relations is closed.Propagation will end when the last file concerning your Legal Entity maintained on i-Hub by the Business Relations is closed.

6. What are your rights with regard to the processing carried out by i-Hub in its capacity as data controller?

You have the right to obtain confirmation from i-Hub as to whether or not your personal data is being processed and, if it is, to access your personal data and essential information about the processing of your personal data.

You also have the right to have inaccurate personal data about you rectified and, under certain conditions, deleted.

To the extent that i-Hub is the controller of your personal data, you have the right to request the restriction of processing and the right to data portability where the conditions set out in the General Data Protection Regulation (or GDPR) apply. You can also object to the processing of your data if you can justify this on the basis of your specific circumstances.

You have the right to lodge a complaint with the Luxembourg data protection authority,  the National Commission for Data Protection, via its website https://cnpd.public.lu/en.html, or with the data protection authority in the EU Member State in which you habitually reside.

7. How can I contact i-Hub?

You can exercise your rights by using the form available for this purpose at www.i-hub.com, or by sending a request to i-Hub by letter or email:

i-Hub S.A.

For the attention of the Data Protection Officer

208, rue de Noertzange

L-3670 Kayl

email: dpo@i-hub.com.

8. Amendments to this Privacy Policy

i-Hub may amend this Privacy Policy at any time. i-Hub will give notice of such an amendment via a message on the Websites. It is recommended that you review this Privacy Policy regularly.