In the event of doubt in the application of the principle described below, the employee shall refer to its superior and/ or escalate the matter to the Senior Management.
All personal data collected prior to 25/05/2018 are considered compliant with this Policy and GDPR. Personal data received prior to 25/05/2018 and process after 25/05/2018 shall be fully revised in light of GDPR and this Policy.
A. SMC qualifies as processor in the following situations:
B. SMC qualifies as controller in the following situations:
The process of personal data is based on the consent of the data subject when any other legal basis cannot be used. The process of personal data is always considered as lawful when based on what is necessary for the performance of a contract and/ or to comply with European and Luxembourg laws and regulations related to the financial sector such as legislation related to anti-money laundering and fight against financial terrorism.
In addition to the aforementioned information, each time an employee of SMC collect personal data, it shall explain to the data subject the purpose followed in the collection of personal data and the legal ground to collect personal data.
In the performance of due diligence on client or counterparty, the lawfulness of the processing of personal data is always considered as necessary for the compliance with laws and regulations applicable to SMC.
Prior to collect any personal data, SMC and its employees inform the data subject about their rights and invite them to consult their website.
In addition, SMC or its employees provide the contact details or person to contact in case of any question related to GDPR and/or the contact detail of the DPO (if any).
SMC or its employees assess whether the collection of personal data is collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
SMC specific, explicit and legitimate purpose is defined in article 3 of its article of incorporation. Within the Company each department followed this purpose based on the activity performed by the department.
SMC and its employees ensure that only personal data necessary to meet SMC’ legitimate purpose are collected.
SMC or its employees ensure that personal data are accurate and where necessary up to date.
When SMC or its employees identified that personal data are inaccurate, having regard to the purposes for which they are processed, it takes reasonable measures in order to erase or rectify the data.
SMC stores personal data for a limited period taking into account the objective pursued by the processing and applicable laws. In the event, any laws or regulations required to store data for a longer period than requirement provided under GDPR, this law or regulation shall prevail.
When the storage period ends, SMC shall either anonymise the personal data or destruct them.