Who is responsible for the processing of MdF customer data?
MDEF GESTEFIN S.A.U. SGIIC, a management company of Collective Investment Institutions with registered office in Madrid, Calle Serrano, 1, 3rd floor, CP:28001 (hereinafter “MdF”) will be responsible for the processing of your data. For this purpose, MdF has a Data Protection Officer in charge of monitoring compliance with data protection, whose email address is: dpo@mdffp.com
How does MdF obtain customer data?
MdF may obtain personal data: (i) directly provided by its clients, either those provided when contacting us or through the contractual relationship itself arising from the information necessary for advisory services, (ii) through public records or other public means of information such as social media or the internet, (iii) browsing data when visiting our Website, and finally (iv) from third party databases for money laundering and fraud prevention purposes.
In the course of our contractual relationship, the customer may provide MdF with data of third parties, such as legal representatives, shareholders, beneficiaries or family members. In this regard, you confirm that you have informed and, where applicable, obtained the consent of any other individuals whose personal data you will provide to us.
What does MdF process your data for?
MdF, as Data Controller, processes the personal data of its customers, their legal representatives, shareholders, employees, agents, or other collaborators for the management of the contractual relationship with them, such as: (i) the identification of contact details for the management of the relationship, maintenance of meetings, telephone and email contact, (ii) billing management and (iii) sending relevant information and monitoring of contracted services. MdF also processes personal data in order to comply with legal obligations, such as issues of prevention of money laundering or requirements arising from tax regulations.
MdF GESTEFIN may obtain personal data: (i) directly provided by you about yourself, as well as from third parties that you provide us (legal representatives, shareholders, relatives, etc.), either those provided when you contact us or through the contractual relationship itself arising from the information necessary for the contracted services, (ii) through public records or other public means of information such as social media or internet, (iii) navigation data when visiting our Website, and finally (iv) from third party databases for money laundering and fraud purposes. You confirm that you have informed and, where appropriate, obtained the consent of any other individuals whose personal data you provide to us.
Communication of personal data
MdF may disclose personal data to: (i) regulatory authorities and (ii) in order to prevent fraudulent conduct, personal data may be forwarded to individual MdF Group companies or centralised information systems. In addition, MdF has third party service providers who may access personal data in the course of providing their services, such as auditors, consulting services, advisors, IT maintenance, potential buyers or investors, administrative services and document destruction, among others. MdF pre-selects these suppliers based on data protection compliance criteria, has signed data protection contracts with all of them and monitors their compliance with their data protection obligations.
Retention period of personal data
Personal data to which access is gained will be processed for as long as the contractual relationship is maintained. In this regard, MdF will retain personal data after the end of the contractual relationship, duly blocked, for the period of limitation of actions that may arise from the relationship with customers. In any case, MdF shall retain the information that it is required by the Prevention of Money Laundering and Terrorist Financing regulations to obtain for a period of 10 years from the termination of the business relationship or the execution of the transaction.
Security Measures
MdF will establish security measures for personal data, so as to avoid its alteration, loss, unauthorized access or processing, given the state of technology, the nature of the data stored and the risks to which they are exposed, whether from human action or from the physical or natural environment. Specifically, MdF undertakes to adopt, update and maintain all organizational and technical measures necessary to ensure the security and confidentiality of personal data, preventing any alteration, loss, treatment, processing or unauthorized access.
MdF will not apply or use personal data for purposes other than those contained in this contract, nor communicate them, even for storage, to others.
Confidentiality and duty of secrecy
The parties agree that any proprietary information, regardless of the medium in which it is held, will be considered as confidential information and will be treated as secret, confidential and restricted, and will be processed in accordance with the provisions of this contract.
MdF will at all times ensure that the above personal data are accurate, complete and up to date, are not used for purposes other than those related to this contract and are kept strictly confidential.
Exercising data protection rights
The client may exercise their rights of access, rectification, suppression, opposition, as well as request that the processing of their personal data be limited, portability of their data, and not being subject to automated individual decisions, in relation to the data provided at any given time, by writing to the Data Protection Delegate in Madrid, Calle Serrano, 1, 3rd floor, CP: 28001 (enclosing a copy of their ID card or official identification document), or via the address dpo@mdffp.com.
To whom can you lodge data protection complaints?
In the event that the customer’s data protection rights have been violated or if they have any complaint regarding their personal information, they may contact the Data Protection Delegate by e-mail at dpo@mdffp.com. In any case, interested parties may contact the Spanish Data Protection Agency, the supervisory authority for data protection at www.agpd.es C/ Jorge Juan 6, 28001, Madrid. Tel. 901.100.099/91.266.35.17.
For more information, please visit:
Legal Notice and Privacy Policy
