NCI Advisory is the data controller
NCI Advisory A/S incorporated under CVR no. 31332443, Nordic Corporate Investments A/S incorporated under CVR no. 31332818, jointly referred to as “NCI Advisory”, “us” or “we” is each a data controller for the personal data you share with each of us.
Our contact information is:
NCI Advisory A/S
We ensure that your personal data is protected. We are subject to secrecy of duty and confidentiality, and hence our systems are protected with appropriate technical and organisational measures.
Our internal rules on IT security contain instructions and measures protecting your personal data against destruction, deletion or changes, and against unauthorised or unlawful loss or disclosure.
In case of a data protection breach we will inform you and the relevant authorities as soon as practicable possible and within the time limits stipulated in the GDPR.
The purposes and the legal basis for the processing of personal data
We process personal data for the following purposes:
- General client administration in relation to our financial services business and performing investment analysis of investment opportunities as part of our services, ref. section A., B. and D. below.
- Complying with Anti-Money Laundering regulation and reporting regulations, ref. section C below.
Information as to how and why we process your personal data can also be found in the contracts with you which include any terms of business applicable to the services.
Our legal basis for the processing of personal data is:
A: You have given consent to the processing of your personal data for one or more specific purposes (GDPR article 6, 1, a).
B: The processing is necessary for the performance of a contract with you or in order to take steps at the request of you prior to entering into a contract, and to provide you with appropriate offers, advice and services as part of our contract (GDPR article 6, 1, b).
C: The processing is necessary for compliance with a legal obligation which we are subject to (GDPR article 6, 1, c):
- Know Your Customer requirements and AML monitoring, reporting etc., including sanctions screening, pursuant to the Danish Anti-Money Laundering Act
- The Danish Bookkeeping Act
- Reporting to the tax authorities in accordance with the Danish Tax Control Act
- Reporting to supervisory authorities etc. according to the Danish Financial Business Act and the Danish Alternative Investment Funds Managers Act
- Other obligations related to service specific legislation e.g. securities trading legislation
D: The processing is necessary for the purposes of our legitimate interests, e.g. when performing investment analysis as part of our services (GDPR article 6, 1, f).
We may collect personal data about contact persons who are employees of our suppliers and business partners when such person is acting on behalf of the other party. We collect such information as part of entering into a contract with the collaborator or when receiving services from suppliers. Further, we might need to collect contact information about employees of the authorities.
Categories of personal data
The personal data is in most cases collected directly from you or generated as part of the usage of our services. Sometimes additional information is required to keep information up to date or to verify information we collect. The personal data may include the following categories:
- Identification information: name, identification number, documentation of such information, for instance a copy of a passport, driver’s license or the like
- Contact information: postal address, email address, telephone number(s)
- Employer or position
- Messages you have sent to us
- Recording of phone conversations related to securities trading
- Publicly available information from external sources such as registers held by governmental agencies, sanction lists, and other commercial information providers providing information on e.g. beneficial owners and politically exposed persons
Where do we receive the information from?
Usually, we will receive the information from you, however, we might also receive it from your employer, or from publicly available sources. Further, we might receive information you have disclosed to our service providers for performing our investment analysis.
Who we might disclose your personal data to
As part of our financial services business we may share your personal data with the following recipients or categories of recipients:
- Public authorities including the Danish State Prosecutor for Serious Economic and International Crime (SØIK) and Tax authorities, and supervisory authorities
- Suppliers and service providers assisting with technical support and services
- Business partners
- Data Processors
We have entered into agreements with selected suppliers, which as part of their services to us process personal data on behalf of us. Examples hereof are suppliers of IT development, maintenance, hosting and support.
Before sharing we will always ensure that we respect relevant financial industry secrecy obligations.
How long we keep your personal data
We will only retain your personal data for as long as needed for the purposes of which the data was collected and processed or for as long as it is required by laws and regulations, e.g. the Danish Bookkeeping Act and the Danish Anti-Money Laundering Act.
When a client relationship is terminated, information regarding KYC is stored for 5 years according to the Danish Anti-Money Laundering Act.
Your privacy rights
You have certain rights under the General Data Protection Regulation. These include the following:
- Access to your personal data: You have the right to obtain a copy of the personal data that we hold about you.
- Correction of incorrect or incomplete data: You have the right to rectification of inaccurate personal data concerning you and to have incomplete personal data completed.
- Erasure: If there is no longer a legal basis for our processing of personal data you have the right to obtain the erasure of personal data concerning you and we have the obligation to erase personal data without undue delay. However, due to financial regulation, we are in many cases obliged to retain personal data during a client relationship, and even after that, e.g. to comply with a legal or regulatory obligation or where processing is carried out to manage legal claims.
- Limitation of processing: You have the right to ask us to suspend processing of personal data in special cases.
- Object to processing: In certain specific cases you have the right to object to processing of personal data concerning you. We may not be able to comply with such request where there are compelling legitimate grounds for us to process your personal data or where the processing of your personal data is required for compliance with a legal or regulatory obligation or relating to legal proceedings.
- Data portability: You have in certain cases the right to receive the personal data concerning you which you have provided to us, in a structured, commonly used and machine-readable format and you have the right to transmit those data to another controller without hindrance.
Your request to exercise your rights as listed above will be assessed given the circumstances in the individual case.
Updating your personal data
It is important for us that we maintain accurate records of your personal data. Please inform us of any changes to or errors in your personal data as soon as possible and we will update our records accordingly.
Data protection authority
You have a right to file a complaint about the processing of your personal data with the Danish Data Protection Agency. You can find contact information here: www.datatilsynet.dk.
Notification of changes
1. Essential cookies
We may use a limited number of cookies essential to particular services you have requested or for security purposes. A few of our sites use a cookie for a shopping cart function when you purchase services or offerings. In particular, if you have registered for a site or use a customer portal we may use a cookie to authenticate the pc or mobile device that you are using.
2. Performance cookies
We may set analytics, or performance, cookies to collect and report aggregate information. These cookies provide reporting to us on an aggregate basis and so, do not identify you at all. We use the aggregate reports to understand how our web sites are used and improve their usefulness to our audiences.
3. Functional cookies
A number of cookies also support how our web sites function, identifying your pc or end device on a unique but anonymous basis. These cookies may, for example, remember your language preferences or recognize an individual’s activity within a single session.
We may conduct analyses of user traffic to measure the use of our sites and to improve the content of our web sites and our services. These analyses will be performed through the use of IP addresses and cookies.
We use web beacons and pixels in our emails to track delivery and open rates. Our email provider delivers cookies with our email to recognise a user’s response. The results are stored and reported on against the individual’s email address and the account profile within our database.
Control or block cookies
Most modern browsers offer you ways to control or block cookies. These browser controls will usually be found in the “options’ or “preferences” menu. For more help, you may take a look at the “Help” settings or review this website for more details – http://www.aboutcookies.org/Default.aspx?page=1
For more information about cookies see http://www.allaboutcookies.org/