Privacy statement & Cookies

Privacy Statement

In this Privacy Statement, we will explain how FORWARD.one Management BV (FORWARD.one) uses, processes, and protects your personal data.

When do we publish changes to this Privacy Statement?
FORWARD.one reserves the right to modify this Privacy Statement. We will always inform you about any important changes in advance.

What are personal data?
Personal data are all of the details that provide information about a natural person. Examples include their name, address or telephone number. Table 1 shows the categories of personal data that we may process. In this Privacy Statement, we will explain the purposes for which these data may be used and processed, and the rules on which this is based.

What does ‘processing of personal data’ involve?
Processing refers to everything that we can do with personal data, including collecting, storing, viewing and destroying them.

How do we handle personal data?
Your privacy is important to us. We comply with laws and regulations. These include the General Data Protection Regulation (GDPR) of the European Union and the Dutch GDPR Implementation Act. We treat personal data responsibly and carefully. We do not sell personal data to any third parties.

Does this Privacy Statement also apply to your personal data?
Wherever this Privacy Statement mentions personal data of clients, the same applies to personal data of representatives or of people associated with legal entities with which FORWARD.one has, or has had, a business relationship.

The data that will be processed will depend on the type of service you purchase from us or intend to purchase from us.

How do we secure personal data?

It is very important to us that your data and ours are safe. Our staff are bound by strict rules. Our security measures are in compliance with the relevant standards. The Dutch Central Bank, the Netherlands Authority for the Financial Markets and the Dutch Data Protection Authority supervise our security measures.

How do we deal with data leaks?

In the event of a data leak, personal data may be exposed to unauthorized individuals. We will report data leaks to the Dutch Data Protection Authority. We will not do so if you are not exposed to any risk. Furthermore, we will always inform you of such a leak. We will do so if this is necessary in consideration of any risk to which you may be exposed. Risks may include identity theft or fraud. In such an event, we will inform you about what has happened as well as about the possible consequences. In addition, we will inform you about the measures we have taken in order to mitigate any adverse consequences.

What can you ask us with respect to your personal data?

Below is a summary of what you can ask us with respect to your personal data. Whether we will be able to accommodate your request will depend on the law. Please bear in mind, therefore, that we will not be able to accommodate every request. We will respond to your request or answer your question as soon as possible. The processing of your request or question is free of charge, unless the process takes an exceptional effort on our part. Repeating the same question over and over within a short period of time would be an example of such an effort. If we do decide to charge a fee, we will inform you in advance.

Rectification of personal data, amendments or additions
You have the right to request rectification of your personal data if they are inaccurate or incomplete.

Inspection of personal data
You have the right to request inspection of your personal data and to request a copy of the data. In addition, you have the right to ask for information as to how we process your personal data (including the purposes for processing the data and the categories of the personal data).

Deletion of personal data
You have the right to request the deletion of your personal data, for instance when it is no longer necessary for us to hold on to your data or if you have withdrawn your consent for us to use your personal data.

Objection to the processing of personal data
You have the right to object to certain types of processing of your personal data. This is only possible if our processing is based on the legal grounds of ‘legitimate interest’ (under the heading ‘Why do we process personal data?’, you can find when this applies), in the event of direct marketing, and if personal data are being used for the purpose of statistics.

Restriction of processing
You can ask us to suspend the processing of your personal data temporarily. You may want to do this, for instance, if we are examining the correctness and completeness of your personal data at your request, or if we are processing personal data without authorization. In addition, you can ask us to do so if you think that you will need the data for legal proceedings or if you have objected to the processing of your data.

Data portability
Under certain circumstances, you can request to obtain the data that you have provided to us for reuse for your own purposes, or ask us to transfer the data to a third party.

Why do we process personal data?
We process personal data for a variety of different reasons. More information can be found below.

Becoming a client
Before a party becomes a client of FORWARD.one, we are obliged to conduct an investigation. During this process, we will verify whether the party can be accepted as client. This is referred to as the client acceptance evaluation. The purpose of this evaluation is to find out whether there are any reasons not to accept a certain person or legal entity as a client. At the same time, we will check whether there are any special circumstances that we will need to take into account in providing our services, for instance whether the party is exposed to any increased risk as a result of being on a national or international sanctions list. We are allowed to process personal data for the purpose of this evaluation to the extent that we need such data in order to comply with our legal obligation to conduct a client acceptance evaluation. For the purpose of this evaluation, we will collect personal data from the party. These data may consist of a copy of their proof of identity, a selfie, personal identification details, financial details, a copy of the shareholders’ register of the legal entity concerned, and their criminal record. We will also draw on external sources for this evaluation, including the Chamber of Commerce register, a register for combating money laundering and corruption, the register of financial supervisors, and the Internet. FORWARD.one is not authorised to provide any services until the necessary personal data has been obtained.

We may share personal within FORWARD.one within the framework of client acceptance research. In the event that a prospect also purchases products from an entity affiliated with FORWARD.one, we may collect information about the prospect concerned from this entity, for example to screen prospects for integrity. In addition, personal data may be shared for reasons of fraud prevention, including money laundering. These types of processing take place on the basis of our legitimate interest to run our business with integrity.

Being a client
FORWARD.one will process personal data of the client also during the relationship.

In order to be able to contact the client
During the relationship with the client, we are in touch with clients. We may be in touch with them by telephone (landlines or cell phones), by email, text messages, regular mail or via applications. For these types of contact, we use personal identification details. We may use these personal data to the extent necessary for the performance of our agreement with our clients.

Performance of the agreement
We process personal data in order to fulfil the agreement with the client. We need personal data in order to be able to execute transactions, for instance, or to provide services to the client. Also in the event of any problems in the relationship with the client, we may need to process personal data in order to solve the problem.

Legal obligations
We process personal data in order to be able to comply with our legal obligations. More information can be found below.

- Transaction monitoring. We are legally obliged to monitor our clients’ transactions. Without processing financial details and personal identification details, we are unable to comply with this obligation.
- Statutory retention obligations. We are required by law to retain certain personal data. This applies, for instance, to information with respect to the client acceptance evaluation, to executed investment transactions and telephone conversations and digital communication with the client if and to the extent that such communications may lead to an investment service.
- Information obligations and requests for information. On the basis of legal provisions, we may be required, on our own initiative or upon request, to disclose personal information about clients to a government agency, tax authority, supervisor or court. Applicable laws and regulations require us to report investment transactions to the Netherlands Authority for the Financial Markets. We have these obligations performed on behalf of us by a qualified and approved report notification mechanism or a stock exchange. Dutch authorities, in turn, may share personal data that are provided by us with other foreign or domestic authorities. Even foreign laws may require us to disclose information to foreign agencies.

The relationship between the client and FORWARD.one is or will be terminated
If the relationship with the client is or will be terminated, we will retain the collected personal data. We may do this on the basis of statutory retention obligations, for internal analysis, for the settlement of the agreement and the relationship or for use in any disputes that may arise during or after the conclusion of the relationship. For this purpose, we are allowed to process personal data because it is necessary to protect our interests to collect sufficient evidence for a time when a dispute with the client may arise. You may object to the processing of personal data based on this interest for personal reasons. More information is available under the heading ‘Objection to the processing of personal data’. For the settlement of the agreement and the account, we may also collect new personal data, such as financial data and data from public external sources (Land Registry and Chamber of Commerce).

For promotion and marketing purposes
Our activities in the field of promotion and marketing consist of acquiring new clients and consolidating the relationship with existing clients.

Attracting new clients
In order to attract and acquire new clients, we process personal identification data and personal characteristics from external sources and compare them with our clients’ personal data. We process personal data of potential clients and prospects in order to contact them within a reasonable period of time. At that time, we will ask for their permission. Consent can easily be withdrawn at any time. The withdrawal of consent has no retroactive effect; data processing is lawful until consent is withdrawn. With specific permission, we can use personal data to inform clients about products and services, for instance, or to send out newsletters. Furthermore, we will restrict the retention of personal data in the event that clients have informed us that they are not interested in our services. This will help to avoid unwanted contact. More information is available under the heading ‘How long do we keep personal data?’

Consolidating the relationship with existing clients
Promotion and marketing are used to draw clients’ attention to new products and services, or to improve our service to clients. This may take the form of television commercials, for instance, or newsletters and information on our website. At times, we will call clients or send them a personal email. For the purpose of such marketing activities, we are allowed to process personal data such as personal identification details, personal characteristics, data about products and services, and electronic identification details. We have a commercial interest in marketing and promotion, as these activities support our business operations. For personal reasons, clients may object to the processing of personal data on the basis of this interest. More information is available under the heading ‘Objecting to the processing of personal data’.

Analysis and research
We process personal data for analysis and research purposes in order to develop and improve our products and services as well as to enhance our service to clients.

For the development and improvement of products and services, and to enhance our service to clients
Our aim is to provide products and services that best meet the needs of our clients. For this reason, we continually develop new and improve existing products and services. To determine the best way to do this, we analyse the use of our products and services. Wherever possible, we try to avoid the use of personal data or anonymized data in the process.

Furthermore, we conduct customer surveys using polls and interviews for this purpose. This involves processing personal data such as personal identification details and data on products and services. The personal data are processed with the client’s consent. Consent can easily be withdrawn at any time. The withdrawal of consent has no retroactive effect; data processing is lawful until consent is withdrawn.

Do we disclose personal data to third parties?
We may disclose your personal data to third parties but only if this is necessary within the context of the performance of the agreement or as part of efforts to improve the efficiency of our business operations.

Business support
We also engage third parties who support our business operations and need to process personal data for this purpose. These parties are referred to as processors. For example, we work with a third party who takes care of certain tax authority obligations. We make agreements with these third parties to ensure that the personal data are adequately protected. Each third party is selected after extensive due diligence. We demand that your personal data are kept safe also in the hands of these third parties. We are allowed to disclose personal data to third parties for the purpose of supporting our business operations and because it is in our legitimate interest to optimize our business operations.

Do we disclose personal data to organizations in countries outside the EEA?
We try to limit the disclosure of personal data to organizations in countries outside of the European Economic Area (EEA) in view of the fact these countries may have lower standards for the protection of personal data. In the exceptional situation that we do need to share such data outside the EEA, we will only do this if it is necessary for the performance of an agreement with a client or after specific measures have been taken to guarantee the safety of the personal data. For individuals whose personal data are shared with third parties outside of the EEA, FORWARD.one will remain the point of contact with respect to the processing of such data.

How long do we keep personal data?
We observe maximum time periods for the storage of personal data. These periods are specified in table 2. Once the maximum retention period has lapsed, we will delete the personal data.

Do you have any questions or complaints?
For general questions or complaints in connection with this Privacy Statement, please contact us. E-mail: [email protected]

If you feel that FORWARD.one has violated your rights, you can submit a complaint to the Dutch Data Protection Agency.

Appendices
Below is a list of categories of personal data that we are lawfully entitled to process. The Privacy Statement explains for which purposes and on which basis we may process these personal data.

Table 1. Categories of personal data that may be processed

Category of personal data: Example

Personal identification details: Name, address, city, postcode, email address, telephone number, signature, selfie

Personal characteristics: Age, gender, date of birth, marital status, nationality,

Electronic identification data: IP address, cookies

Communication data: Information recorded from face-to-face interactions, interactions by telephone, email, app, letter; recordings of conversations about services; recordings of complaints and queries

Special personal data: Data as referred to in Article 9 of the General Data Protection Regulation

Miscellaneous personal data: Citizen service number, National Register number

Table 2. Retention periods

Data type: Retention period
Personal data pertaining to the client: Ten years after termination of the relationship
Personal data of potential clients who have yet to be contacted: Six months following collection
Personal data of potential clients who have expressed an interest in contact: Two years after the last contact
Contact details of potential clients who have indicated that they no longer want to the last contact be contacted: Three years after the last contact
Conversations with clients on investments by landline or mobile phone or via electronic means of communication such as email: Ten years following recording
Conversations with clients on other types of services by landline or mobile phone or via electronic means of communication such as email:
Two years following recording

The stated retention periods may not be extended unless after expiry of the retention period as mentioned, a complaint is ongoing, or legal or regulatory proceedings or investigations are active in connection with the (terminated) relationship. The same retention periods apply to personal data stored at third parties.

Cookies

Read our cookie statement to find out how we handle your personal data processed through cookies.

Why FORWARD.one uses cookies

A cookie is a small text file placed on your computer, tablet or mobile device when you visit a website. The FORWARD.one website also uses cookies. We want to offer you the best possible online experience and use cookies to help us do so. You have a choice of three profiles: Essential, Basic and Comprehensive.

What do cookies do?
Cookies help to distinguish a website’s users, making websites easier for their users to navigate. They keep you logged in, remember your preferences – e.g. location and language – and website owners use cookies to collect information that helps them improve their websites. Some cookies capture your browsing behaviour, enabling websites and advertisers to find out more about your preferences and to tailor their offering to you. Cookies are never used to store personal data such as email addresses or telephone numbers.

What cookies are part of the profiles Essential, Basic and Comprehensive?

Essential

•    Functional cookies
Essential cookies help to make a website more usable by enabling fundamental functions such as page navigation and access to secure areas of the website. The Essential profile is the default setting, as these cookies are vital for our website’s proper operation.

Basic
•    Functional cookies
•    Preference cookies
•    Statistical cookies

This profile includes essential cookies as well as preference and statistical cookies.

Preference cookies help our website remember information that affects its behaviour and look and feel. We use these analyses to provide content specifically tailored to you on the FORWARD.one websites and apps.

Statistical cookies help us understand how visitors use our website, by collecting and reporting anonymous data. We use this information to improve our websites and apps.

Comprehensive
•    Functional cookies
•    Marketing cookies

This profile includes all essential cookies alongside marketing cookies. The latter type of cookies may be used to follow visitors accessing external websites, with the aim to feature ads tailored and relevant to individual users based on the pages visited on our website. Users will remain anonymous to FORWARD.one.

What happens when you click on OK?
By clicking on OK you give us permission to place certain types of cookie. If you do not give permission, we place a “no-follow cookie”, which ensures that we only place cookies on your computer or mobile device that are essential for our website to function properly. No permission is required for the Essential profile.

Can cookies be turned off?
Yes, you can opt to turn cookies on or off. This does not apply to the Essential profile, as our website cannot run properly without functional cookies. We feel a user-friendly website to be essential, which is why you cannot turn off these cookies.

Changing cookie settings in your browser
Cookies are saved onto your computer. If you don’t want any cookies, you can adjust the settings of your browser to warn you that cookies are about to be placed. You can also set it to refuse all cookies or just those of third parties, and you can remove cookies already there. Note that you’ll have to do this for all browsers, computers and devices separately.

Please be aware that our website might not work properly if you reject cookies and that you will not have access to all the options offered by the website. Cookies enable you to view the website properly and are essential for you to be able to use Online Banking.

Different browsers have different ways of changing settings. Consult your browser’s guide or help function. And you can always go to youronlinechoices.eu/nl to disable cookies from specific websites.

How does FORWARD.one handle your personal data?
FORWARD.one does everything it can to safeguard your privacy. Our Privacy Statement (at the top of this page) details how we handle your data.

forward one logo
member of invest europe logo
PRI signaturefunded by europa logo