Privacy policy
Responsibility:
Who is the Controller of the processing of your data?
Data of the Data Controller.
Identity: HOROS ASSET MANAGEMENT, SGIIC, SA hereinafter “the Entity”.
TAX ID: A87813143
Mailing address: Núñez de Balboa 120, 2-Izq, 28006 Madrid
Telephone: T. 91 737 09 15
E-mail: sac@horosam.com
Mercantile registry data: Volume 35.953, Folio 87, Section 8, Page: M:646000
CNMV registration data: 263
The Entity acts as data controller and service provider to its clients, users and visitors of this website.
Contact details of the Data Protection Officer: AUDAT SERVICES, S.L. – sac@horosam.com
Processing:
What personal data do we process?
“Personal data” includes any information that directly (e.g., first name, last name) or indirectly (e.g., passport number or combination of data) identifies a natural person.
The personal data of Stakeholders that we process may include:
-
- IDENTIFICATION DATA, e.g., names, addresses, telephone numbers, email addresses, business contact information.
-
- PERSONAL CHARACTERISTICS, e.g., date of birth, gender, country of birth; facial image.
-
- PROFESSIONAL INFORMATION, e.g., employment and work history, position, powers of attorney.
-
- IDENTIFIERS ISSUED BY PUBLIC BODIES, e.g., passport, identity card, tax identification number.
-
- FINANCIAL INFORMATION, e.g., financial data and credit history, bank details.
-
- TRANSACTION/INVESTMENT DATA, e.g., current and previous investments, investment profile, investment preferences and amount invested, number and value of units held, role in a transaction (seller/buyer of units), transaction details.
-
- COOKIE INFORMATION, e.g., cookies and similar technologies on websites and in e-mails (see also our Cookie Policy).
-
- ACADEMIC or HR management DATA.
Purpose:
What do we process your personal data for?
We process the information provided to us by the interested parties for the following possible purposes:
1.- CONTRACTING WITH CLIENTS
To manage the client contracting process with the different funds.
2.- INFORMATIVE COMMUNICATIONS
Management of informative communications to contact you. For example: Sending commercial communications. We clarify that we use your contact details by email to offer you suggestions of content and experiences more relevant to our services, for example: newsletter about our activities. In each communication you will be able to unsubscribe from our mailing list.
In the event that users must provide their email address to access some of the services offered, they may state that they do not wish to receive any type of communication that the Entity may send, provided that it is not strictly linked to the purpose for which the service was requested, such as confirmation emails, information on transactions carried out or notifications of confirmation of cancellation or registration of services. We also add that we may contact you by telephone as well as by email.
3.- REGULATORY COMPLIANCE
Management of all obligations with national or international regulations.
4.- PERSONNEL
We process the personal data of our employees in order to be able to work in the Entity and provide the service to the clients.
5.- RECRUITMENT
We can manage your curriculum to be able to work in the Entity.
Automated decisions, profiles and applied logic.
Each client shall have the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects on him or her or significantly affects him or her in a similar way. The Entity may rely on its prior decision making on the suitability of different profiles but they will never be the key to the decision making. No profiles are made, only information is collected in compliance with current regulations. In no case, no automated decisions will be made on the basis of such profile.
Legitimation and legal basis:
what is the legitimacy for the processing of your data?
Detail of the legal basis for the processing, in cases of legal obligation, public interest or legitimate interest.
Before the three main purposes described above, we describe the legitimacy of the use of the treatment.
Purpose and legitimacy:
1.- CONTRACTING WITH CUSTOMERS.
A.- Performance of a contract: GDPR: 6.1.b) Processing necessary for the performance of a contract to which the data subject is a party or for the implementation at the request of the data subject of pre-contractual measures.
The opening and management of an account or the establishment of a business relationship between you and/or the Connected Person and us, including all related operations for your identification.
Any other related services provided by any service provider of the Controller(s) and Processors in connection with our Business Relationship.
The management, administration and distribution of investment funds, including any ancillary services related to these activities; or
The processing of subscription, transfer and redemption requests in investment funds, as well as the maintenance of the ongoing relationship with respect to positions in such investment funds.
B.- In legal compliance. GDPR: 6.1.c) Processing necessary for compliance with a legal obligation applicable to the data controller.
To provide product and service offering information to Stakeholders.
Fulfilling legal obligations relating to accounting, compliance with legislation on markets in financial instruments.
Carrying out any other form of cooperation with, or reporting to, competent administrations, supervisory authorities, law enforcement and other public authorities (e.g., in the field of the prevention of money laundering and combating the financing of terrorism (“AML-CTF”), for the prevention and detection of offenses under tax law (e.g., reporting name, address, date of birth, taxpayer identification number (TIN), account number and account balance to tax authorities under the Common Reporting Standard (“CRS”)), reporting name, address, date of birth, TIN, account number and account balance to tax authorities under the Common Reporting Standard (“CRS”) or the Foreign Account Tax Compliance Act (“FATCA”) or other tax legislation designed to prevent tax evasion and avoidance, as applicable).
Prevent fraud, bribery, corruption and the provision of financial and other services to persons subject to economic or trade sanctions on an ongoing basis in accordance with our AML-CTF procedures, as well as retain AML-CTF and other records necessary for monitoring purposes.
Engage in active risk management within the group whereby market, credit, default, process, liquidity and image risks, as well as operational and legal risks, must be identified, limited and monitored.
Record conversations with Stakeholders (such as telephone and electronic communications) in particular to document instructions or to detect fraud and other potential or actual offenses. Also between our fund managers and market operators to secure transaction transactions.
C.- Consent of the data subject: GDPR: 6.1. a) The data subject consented to the processing of his personal data for one or more specific purposes.
2.- INFORMATIVE COMMUNICATIONS
A.- Legitimate interest of the Entity. RGPD: 6.1. f) the processing is necessary for the satisfaction of legitimate interests pursued by the controller.
Developing our business relationship with you; Sending you informative communications.
Improve our internal organization and operations, including for risk management purposes.
Assess our risks and make business decisions in the case of risk management.
Establish, exercise and/or defend actual or potential legal claims, investigations or similar proceedings.
Record conversations with Stakeholders (such as telephone and electronic communications) to verify instructions, assert or defend our interests or rights, evaluate, analyze and improve the quality of our services, train our employees and manage risks.
3.- REGULATORY COMPLIANCE
A.- In legal compliance. RGPD: 6.1.c) Processing necessary for compliance with a legal obligation applicable to the data controller.
KNOWLEDGE OF THE CLIENT
– PBC; Prevention of Money Laundering.
– FATCA; Foreign Account Tax Compliance Act.
– CRS; Common Reporting Standard.
The information contained in this annex will be reported to the tax authority of the country or countries of tax residence of the investor, in application:
Agreement between the Kingdom of Spain and the United States of America for the Improvement of International Tax Compliance and the Implementation of the Foreign Account Tax Compliance Act – FATCA, made in Madrid on May 14, 2013 (FATCA).
of Order HAP/1136/2014, of June 30, regulating certain matters related to the reporting and due diligence obligations established in the agreement between the Kingdom of Spain and the United States of America for the improvement of international tax compliance and the implementation of the US Foreign Account Tax Compliance Act and approving the annual informative declaration of financial accounts of certain US persons, model 290 (FATCA Development Order).
of Royal Decree 1021/2015, of November 13, which establishes the obligation to identify the tax residence of persons who hold ownership or control of certain financial accounts and to report about them within the scope of mutual assistance and any implementing regulations adopted after the signing of this document.
4.- PERSONAL
A.- Performance of a contract: GDPR: 6.1.b) Processing necessary for the performance of a contract to which the data subject is a party or for the implementation at the request of the data subject of pre-contractual measures.
B.- In legal compliance. RGPD: 6.1.c) Processing necessary for compliance with a legal obligation applicable to the data controller.
C.- Consent of the data subject: GDPR: 6.1. a) The data subject consented to the processing of his personal data for one or more specific purposes.
5.- RECRUITMENT
A.- Legitimate interest of the Entity. RGPD: 6.1. f) the processing is necessary for the satisfaction of legitimate interests pursued by the controller.
The user guarantees that the personal data provided to the Entity are truthful and is responsible for communicating any changes in them, in order to continue offering our best service. The information sent to the Entity, through any of its channels, must be truthful and will not violate the rights of third parties or the law.
Obligation or not to provide data and consequences of not doing so.
The requested data are necessary to be able to contract with the Entity. In the event that all the required information cannot be obtained, the contractual relationship with the Entity cannot be established.
Retention:
How long will we keep your data for?
Time limits or criteria for data retention.
The data will be kept until the purpose, which has originated the processing of your information, is terminated. Once this fact happens, the data will be kept in a blocked form to the attention of possible legal or administrative requirements until the prescription of the same. In compliance with current regulations it is 10 years.
Recipients:
To whom is your data communicated?
Recipients or categories of recipients.
If necessary or useful to achieve the Purposes, we reserve the right to disclose or provide access to personal data to the following recipients, where authorized or required by law:
1.- Public/government administrations, courts, competent authorities (e.g., financial supervisory authorities) or financial market agents/operators (e.g., third party or central depositories, banks, brokers, exchanges and registries).
Legal and tax advice.
3.- Cloud hosting services and maintenance of the website or other computer applications.
We undertake not to transfer personal data to third parties other than those listed above, except when the Stakeholders are so informed or if required by laws and regulation applicable to them or by order of a court, governmental, supervisory or regulatory body, including tax authorities.
Adequacy decisions, warranties, binding corporate rules or specific situations apply.
No communications are made outside the European space.
Rights:
What are your rights when you provide us with your data?
How to exercise the rights of access, rectification, deletion and portability of your data, and the limitation or opposition to its processing.
The rights recognized by the RGDP are:
-
- Right to request access to personal data relating to the data subject,
-
- Right to request its rectification or erasure,
-
- Right to request the limitation of their processing, and to
-
- Right to object to the processing,
-
- Right to data portability.
To exercise your rights you only have to write an email to the address above, requesting your right and attaching to the mail your ID, to identify yourself.
Optionally, you can redirect the interested party to the Spanish Control Authority to obtain additional information about your rights.
https://www.aepd.es/reglamento/derechos/index.html
What are your rights when you provide us with your data?
Any person has the right to obtain confirmation as to whether or not The Entity is processing personal data concerning them.
Interested parties have the right to access their personal data, as well as to request the rectification of inaccurate data or, where appropriate, request its deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected.
In certain circumstances, interested parties may request the limitation of the processing of their data, in which case we will only keep them for the exercise or defense of claims. In certain circumstances and for reasons related to their particular situation, data subjects may object to the processing of their data.
The Entity will stop processing the data, except for compelling legitimate reasons, or the exercise or defense of possible claims. The Entity’s privacy policy ensures, in any case, that the Data Subject may exercise his/her rights by writing to the Entity, at the address indicated above and in the manner provided for by law.
RGDP rights: what are your rights?
Access
You have the right to be informed of the following:
-
- The purposes of the processing, categories of personal data to be processed and of possible data communications and their recipients.
-
- If possible, the storage period of your data. If not, the criteria for determining this period.
-
- The right to request the rectification or deletion of data, the limitation to the treatment, or to oppose to it.
-
- The right to file a complaint before the Control Authority.
-
- If there is an international transfer of data, to be informed of the appropriate safeguards.
-
- Of the existence of automated decisions (including profiling), the logic applied and consequences of this Processing.
Rectification
You have the right, in addition to rectification of inaccurate data, to have incomplete personal data completed, including by means of an additional declaration.
Deletion (the “right to be forgotten”)
With this right you can request:
The deletion of personal data without due diligence when any of the cases contemplated occur. For example, unlawful data processing, or when the purpose for which the data was processed or collected has disappeared.
However, there are a number of exceptions in which this right does not apply. For example, when the right to freedom of expression and information must prevail.
Limitation of processing
This right allows you to:
Request the controller to suspend data processing when: The accuracy of the data is contested, while the accuracy is being verified by the controller. The data subject has exercised his or her right to object to the processing of data, while we verify whether the legitimate reasons of the controller prevail over the data subject.
Ask the controller to retain your personal data when: The data processing is unlawful and the data subject objects to the erasure of his or her data and requests instead the limitation of their use The data controller no longer needs the data for the purposes of the processing but the data subject does need them for the formulation, exercise or defense of claims.
Data portability
You may receive your personal data provided in a structured, commonly used and machine-readable format and be able to transmit it to another data controller, provided that this is technically possible.
Furthermore, the Data Controller expressly authorizes that, in case of a request for portability, his/her personal data may be transferred for data communication, in order to be able to carry out such operations.
Opposition
By means of the right of opposition, you may oppose the processing of your personal data: When, for reasons related to your personal situation, the processing of your data must cease unless a legitimate interest is accredited, or it is necessary for the exercise or defense of claims.
When the purpose of the processing is direct marketing.
Not to be subject to individualized decisions
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or affects you. An exception to this is made when: It is necessary for the conclusion or performance of a contract. It is permitted by EU or Member State law, with appropriate measures to safeguard the rights and freedoms of the data subject. There is explicit consent of the data subject.
Right to withdraw the consent given.
You can always refuse to receive information by e-mail. In case of not giving consent to the main treatment can not be carried out the relationship with you. Right to complain to the Supervisory Authority Request to file a complaint for the protection of rights before the Supervisory Authority.
https://www.aepd.es/reglamento/derechos/index.html
Sources. Origin:
How did we obtain your data?
Detailed information on the origin of the data, even if it comes from publicly available sources.
To achieve the Purposes, as described above, we collect or receive personal data:
– Directly from Data Subjects. E.g.: On the web. Or by using the various forms or when contacting us or by means of (pre)contractual documentation sent directly to us; and/or
– Indirectly from other external sources, including any publicly available sources (e.g., UN or EU sanctions lists), information available through subscription services (e.g., Bloomberg) or information provided by other third parties.
– It has been provided by a third party with the legal or contractual authority to do so.
Indicate to you in turn, that you are not obliged to provide us with personal data that we do not need in order to register you for their service.
Security measures:
How do we protect data?
The Entity has adopted the necessary technical and organizational measures to guarantee the security and integrity of the data, as well as to avoid its alteration, loss, treatment or unauthorized access.
Intellectual Property Rights
All contents accessible on the Entity’s website are subject to intellectual property rights.