Know Your Customer KYC Privacy Policy

In accordance with Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016 (“GDPR”), as well as with the applicable principles of Law no. 58/2019, of 8 August, which ensures the implementation, in the Portuguese legal system, of the GDPR, we inform you that the personal data that may be provided in response to this request will be processed by Ventures.EU – SCR, S.A. (“Management Entity”), as controller, exclusively for the purposes provided for by the anti-money laundering legislation, Law no. 83/2017, of 18 August (Articles 57 and following), in particular to fulfill obligation of proper verification of the client, information preservation and eventual reports of suspicious transactions to the “Departamento Central de Investigação e Ação Penal da Procuradoria-Geral da República” and to the Financial Information Unit. Therefore, the lawful basis for the processing of personal data is the compliance with the Management Entity´ legal obligations.

The processing of data will take place, using electronic means, or not, adopting, in any case, the security measures provided for by the GDPR.

The provision of data is mandatory in accordance with the provisions of Article 24 of Law No. 83/2017, of 18 August, so any refusal to provide it will make impossible to comply with the obligations imposed by the legislation regarding anti-money laundering and, consequently, the establishment or maintenance of the business relationship.

Additionally, personal data of signatories and representatives of the subscriber shall also be processed for the purposes of managing the signature and identification process, based on the legitimate interest of the Management Entity, and compliance with applicable legal obligations. Such data shall not be processed for any other purposes in compliance with the Management Entity’ legal obligations resulting from the GDPR.

Personal data subject to processing will not be disclosed or communicated to third parties unless that is due to legal obligations. Service providers hired by the Management Entity (acting as data processors) may also have access to the personal data. These processors ensure that appropriate technical and organisational measures are put in place to protect the personal data.

Personal data will be retained for at least 7 (seven) years after the identification of the data subject has been performed, unless a specific retention period is established for a particular purpose required by law or regulation and without prejudice to that period being extended for the duration of an eventual judicial procedure and up to the limit of 6 (six) months after the final judicial decision.

Finally, we inform that Articles 15 and following of the GDPR give the interested party the power to exercise specific rights, such as access to data held by the controller, rectifying and, subject to certain terms, the deletion or limitation of the processing or the objection, by the data subject, to the data processing.

For any communication, request and exercise of the aforementioned rights, interested parties may contact the person responsible for the processing of their personal data to the following e-mail address: [email protected].

If you consider that the Management Entity is in breach of its obligations with regard to the processing of personal data, or that the rights to your personal data have been infringed, you have the right to lodge a complaint with the National Supervisory Authority (Comissão Nacional de Proteção de Dados).

With regard to making the identification document available for the purposes of compliance with the anti-money laundering and terrorist financing legislation and with the Law that creates the citizen card (Law No. 7/2007, of 5 February), the Article 5 of that Law provides that the identity check that is require to be done by any public or private entity does not allow the retention or conservation of the citizen’s card, except in the cases expressly provided by law or by decision of a judicial authority. Compliance with the identification duties under the anti-money laundering and financing of terrorism Law is one of the situations covered by this exception, thus making it possible to copy or digitise the identification document and retain such copy or digitisation.

Finally, as the completion of the form implies the provision of personal data of other parties by the subscriber’s representatives, these representatives must communicate to the data subjects the information contained in this document.