Data Protection Policy

Data Protection Policy – Specific information related to Farad International S.A. (Farad)

 In the event of doubt in the application of the principle described below, the employee shall refer to its superior and/ or escalate the matter to the Senior Management.

1.      Qualification

 Farad qualifies as processor in the following situations:

  • Relation with intermediary when appointed by the intermediary;
  1. Farad qualifies as controller in the following situations:
  • Relation with intermediary when appointing the intermediary (e.g distribution activity);
2.      Lawfulness of the processing

 The process of personal data is based on the consent of the data subject when any other basis cannot be used. The process of personal data is always considered as lawful when based on what is necessary for the performance of a contract and/ or to comply with European and Luxembourg laws and regulations related to the financial sector such as legislation related to anti-money laundering and fight against financial terrorism.

In addition to the aforementioned information, each time an employee of Farad collects personal data, it shall explain to the data subject the purpose followed in the collection of personal data and the legal ground to collect personal data.

In the performance of due diligence/AML on client or counterparty, the lawfulness of the processing of personal data is always considered as necessary for the compliance with laws and regulations applicable to Farad.

3.      Data subject right

Prior to collect any personal data, Farad and its employees inform the data subject about their rights invite them to consult its website.

In addition, Farad or its employees provide the contact details or person to contact in case of any question related to GDPR and/or the contact detail of the DPO (if any).

4.      Purpose Limitation, data minimisation and data accuracy

Farad or its employees assess whether the collection of personal data is collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.

Farad specific, explicit and legitimate purpose is defined in article 4 of its article of incorporation. Within the Company each department followed this purpose based on the activity performed by the department.

Farad and its employees ensure that only personal data necessary to meet Farad’ legitimate purpose are collected.

Farad or its employees ensure that personal data are accurate and where necessary up to date.

When Farad or its employees identified that personal data are inaccurate, having regard to the purposes for which they are processed, it takes reasonable measures in order to erase or rectify the data.

Farad stores personal data for a limited period taking into account the objective pursued by the processing and applicable laws. In the event, any laws or regulations required to store data for a longer period of time than required by GDPR, this law or regulation shall prevail.

When the storage period ends, Farad shall either anonymise the personal data or destruct them. The person of contact for any GDPR query at the level of FARAD is Mr. Andrea Tassisto.

Full Data Protection Policy document available here