Privacy Policy

1. What we collect

• Identity & contact data: name, date of birth, address, email, phone, identity-document images (during KYC).
• Financial data: bank account details, source of wealth, source of funds, holdings, transactions, fee history.
• Suitability data: risk profile, investment objectives, knowledge and experience, capacity for loss.
• Technical data: IP address, device and browser information, session cookies, audit logs.
• Correspondence: emails, support tickets, recorded calls (with prior notice) for compliance purposes.

2. Legal basis

We process your data on the following bases:

• Contract (Art. 6(1)(b) GDPR) — to deliver the discretionary management services you request.
• Legal obligation (Art. 6(1)(c) GDPR) — to meet AFM, DNB, Wwft and tax obligations.
• Legitimate interest (Art. 6(1)(f) GDPR) — fraud prevention, service security, internal analytics on aggregated data.
• Consent (Art. 6(1)(a) GDPR) — for optional marketing emails, which you can withdraw at any time.

3. How we use your data

• Verify your identity and onboard you in compliance with anti-money-laundering rules.
• Manage your portfolio, execute trades through our custodian, and provide reporting.
• Communicate with you about your account, statements, regulatory disclosures, and service changes.
• Detect, investigate and prevent fraud, market abuse, and security incidents.
• Meet our regulatory obligations including transaction reporting (MiFIR), tax reporting, and record-keeping (≥ 7 years).

4. Who we share data with

We share personal data only with parties that need it to deliver the service or where required by law:

• Our contracted EU custodian and the executing brokers in our network.
• KYC/AML providers and identity-verification vendors.
• Payment-services providers for SEPA and corporate-action processing.
• Cloud-hosting and operational infrastructure providers (EU-based).
• Auditors, regulators (AFM, DNB, Belastingdienst), and law-enforcement agencies on lawful request.

We do not sell or rent your personal data, and we do not use it for targeted advertising.

5. International transfers

Personal data is stored within the European Economic Area. Where a sub-processor is located outside the EEA, transfers are protected by the European Commission’s Standard Contractual Clauses or an adequacy decision.

6. Retention

We retain client records for seven years after the end of the relationship, in line with Wwft and Wft requirements. Marketing data is deleted within 12 months after you withdraw consent or last interact with us, whichever is sooner. Backups are rotated continuously and superseded data is purged within 35 days.

7. Your rights

Under the GDPR, you have the right to:

• Access the personal data we hold about you.
• Have inaccurate data corrected without undue delay.
• Have data erased, where retention is not required by law.
• Restrict or object to certain processing.
• Receive your data in a portable, machine-readable format.
• Withdraw consent at any time, where consent is the legal basis.

To exercise these rights, email privacy@amsterdaminvestgroup.nl. You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens), although we’d encourage you to contact us first.

8. Security

We apply layered safeguards: TLS 1.3 in transit, AES-256 at rest, hardware-backed key management, role-based access with mandatory MFA for staff, segregated production environments, and continuous logging with tamper-evident archives. We test our controls annually and after material changes.

9. Cookies

We use essential cookies for authentication and session management. We do not deploy tracking, advertising, or third-party analytics cookies on this website.

10. Data Protection Officer

You can contact our Data Protection Officer at dpo@amsterdaminvestgroup.nl or by post to: DPO, Amsterdam Invest Group B.V., ..., ... Amsterdam, the Netherlands.