You rightly expect us to take care of your personal data. This is why we take care to set up secure IT systems and make our employees aware of the need to protect and respect your privacy.
This policy applies both to data that is initially collected when you contact easyvest and to data that is subsequently obtained by easyvest (e.g. when you subscribe to an additional product or service or when you update your initial information).
Before going into detail, you will find below a summary of the questions we are frequently asked about the processing of personal data:
|Do you store my personal data?||YES|
|Do you store my financial transaction data?||YES|
|Do you use plugins?||YES|
|Do you delete my data once my user account is deleted?||NO|
|Can I use easyvest without giving my permission to process my personal data?||NO|
|Do you sell my personal data?||NO|
|Do you share my personal information with other financial institutions?||YES|
|Do you regularly update this policy?||YES|
|Can I exercise my GDPR rights?||YES|
|Can I file a complaint somewhere?||YES|
Easyvest NV/SA is a Belgian company with its registered office at Rue Gachard 59 in 1050 Brussels, Belgium and our VAT number is BE0631.809.696.
We are responsible for the storage and processing of your data ("data controller"). This means that we determine the purposes and methods of this processing.
We have an internal data protection officer, a DPO or "Data Protection Officer". You can contact this person by e-mail at firstname.lastname@example.org or by post at the above address.
For certain services, we use specialized partners who act as subcontractors. They must comply with our data protection policy and must also comply with their legal obligations in this respect. We ensure the protection of your personal data through appropriate provisions in our contracts with subcontractors.
We start storing your data as soon as you contact us via one of easyvest's contact channels. This may happen when:
We also store data about visits and behavior on our website and mobile app, without being able to relate them to you as long as you have not communicated your identity to us.
We then collect your data every time you interact with easyvest, whether it is when you deposit money into your account, make a stock exchange transaction, talk on the phone with one of our employees, visit us in our offices, ask us a question or login to our app.
By personal data, we mean not only data that identifies you directly but also data that identifies you indirectly.
We store different data for different purposes. For example, we need some data to identify you in accordance with applicable financial legislation, some data related with the services you have subscribed to or your use of our site or mobile app, and some data to be able to provide you with exceptional user experience.
We process your data based on four legal bases in accordance with the GDPR: legal obligation, contractual obligation, legitimate interest and/or explicit consent.
The table below lists more precisely what data we collect, for what purpose and on what basis. This list is intended to be as complete as possible, but it may not be exhaustive.
|What data?||For what purpose?||On what basis?|
Last name, first name, e-mail address, telephone number
Copy of ID document (e.g. Belgian double-sided ID card or passport), expiry date, date and place of birth, national identification number, home address, tax identification number
|Bank account data|
Experience and financial knowledge, investment objective, investment horizon, risk profile, assets
Profession, origin of funds, destination of funds, political exposure, convictions and financial embargoes, links with legal entities and listed companies, analysis of atypical transactions, spouse and/or children ID data
A signed copy of agreements, identification sheets and investor profile
Investment objective, amounts to be invested, preferred tax wrapper and risk profile
Amounts of the legal, supplementary, and personal pensions, legal retirement age, social status, organizer and identification number of pension plan, pension trust organization, current capital and yearly add-on
Current and historical value of the portfolio, returns, breakdown by financial assets, transactions carried out
Interaction channels and preferred languages, a summary of past communications, order confirmation, files exchanged, e-mails, marketing campaigns viewed and origin of the relationship
Brand of your devices, operating systems, connection timing, browsing behavior, location, crash logs, cookies
Any other data that we collect by asking you questions (e.g. an employee in privileged contact with the customer, NPS)
First and foremost, we process the above-mentioned data to provide you with exceptional service and user experience. To be more specific, we use your data to provide our banking, investment and insurance intermediation services. On an anonymous or aggregated basis, we use your data for internal strategic decision-making or as a basis for external communication.
As a portfolio management company, which requires an authorization from the Belgian Financial Services and Markets Authority (FSMA) to operate, we have a legal obligation to collect a large amount of data in order to be authorized to provide our portfolio management service.
If certain other data does not need to be collected for a legal reason, we still process it because we believe it helps us to provide a better service, not only to you but also to all our existing and future clients.
We are also registered with the FSMA as an insurance broker, which allows us to distribute life insurance policies as part of your pension planning. As with banking and investment services, we collect your data for legal reasons or reasons of legitimate interest.
We anonymize our users' data and convert them into statistics. These statistics help us to make strategic and operational decisions internally. For example, the data allows us to evaluate whether we should continue a marketing campaign because it is successful or whether we should promote it in a specific city or to a specific customer segment.
We use the same anonymized data for external communication. For example, when we announce to the press the number of clients we are pleased to serve, the average performance of our clients' portfolios, or the number of assets under custody.
We use computer cookies. You can find more details about cookies and what we do with cookies below in the dedicated section on cookies.
We use a series of extension modules (or plugins). The purpose of these plugins is to better understand how you use the site so that we can not only improve its functionality but also to be able to present you our commercial messages on other sites.
For example, we use Google Analytics to analyze in real-time the number of visitors on our site, to know by what means they arrived on the site (e.g. search engine, direct, from the link of another site) and which pages they like to visit. Another plugin allows us to offer you a chat functionality on our website.
We store all data in a highly secure computer environment. To do this, we use the services of subcontractors who offer database technologies used in many government, military and financial applications. The subcontractors' servers are located in Europe and are duplicated in different locations to allow data recovery in the event of a server failure or destruction. These servers are extremely well protected against attempted physical or cyber-attacks.
We make it a point of honor to use trustworthy services that are well established and recognized for their respectful treatment of personal data.
Of course, we make every effort to protect the data entrusted to us as well as possible. However, we cannot provide any guarantee in this respect because there is no such thing as 100% security. If someone were to break into our database, you can't hold us responsible for that. Even if it causes you problems and damage. But we say it again: we do everything we can to make sure that doesn't happen. In doing so, we use high-security standards, which are regularly tested both by us and our auditors.
Within easyvest, our Data Protection Officer filters access to data by our employees according to the precautionary principle that employees can only access the data they need to do their job.
Our infrastructure's design, therefore, hides data from our employees by default. Should an employee nevertheless have access to data that they should not have access to, the employee is aware of the need to respect your privacy. In such a case, they are asked to destroy any data that has arrived in their possession by mistake and to report this potential security breach to our IT department, which will take the appropriate corrective measures.
As part of our activities as a portfolio management company and insurance broker, we must share your personal data with the custodian of your assets and our partner insurance companies.
This is not only because financial regulations oblige us to do so, but also because without this, these financial institutions simply cannot issue a contract allowing you to open a securities account or a life insurance policy, for investment.
Furthermore, like these other financial institutions, we are under the strict supervision of financial supervisors. For example, we have to check our users to see whether they are on international sanction lists, PEP ("politically exposed persons") lists or other official lists. For this purpose, we use your last name, first name, date and place of birth.
No one, not even the GDPR, can oppose our storing this data.
We process all data concerning you for as long as you continue to use our services. When you cease being a user, the length of retention will depend on the type of contractual relationship you had with us and the type of data.
If you have never been a customer per se, i.e. if you have never signed an agreement with us, we will be able to delete all your data on request.
If you have been a customer, we are legally obliged to keep all your data for 10 years. Indeed, we are subject to financial legislation, in particular to the Act of September 18, 2017, on the prevention of money laundering and the financing of terrorism, article 60 of which obliges us to keep certain data for up to 10 years after the collaboration has ended.
In other words, from the moment you no longer use our services, we are legally obliged to retain certain data for a further 10 years.
In short, we do not retain your personal data longer than is necessary to provide you with our services, unless we are legally obliged to do so.
Finally, we may keep your personal data longer if you have agreed to this or if it is necessary for us in the context of legal proceedings. Naturally, we make every effort to avoid having to provide your data to a court of law as evidence.
In principle, the GDPR gives you certain rights. However, as mentioned above, we are legally obliged to keep your ID and transaction data for 10 years. Most of your GDPR rights do not apply to this storage. Article 65 of the Anti-Money-Laundering Act, to be precise, states: "The person whose personal data are processed in accordance with this law does not have the right to access and rectify his or her data, nor the right to be forgotten, nor the right to portability of these data, nor the right to object, nor the right not to be profiled, nor the right to be notified of security breaches".
Notwithstanding these exceptions, the GDPR gives you six rights: the right of access and rectification (we must be able to tell you what data we hold about you and you can modify this data), the right to forget (you can ask us to delete all the data we hold about you), the right to limit processing (you can, for example, ask us to stop receiving our blogs), the right to portability (you can request a complete extract of your data from us), the right to withdraw your permission (you can, for example, withdraw your permission to use commercial profiling cookies), the right to object (you can, for example, request that we no longer use your data to receive commercial actions from us).
Please remember that we can only offer our services if we store and process your personal data. Without the processing of your data, the functionalities of our application, such as personal financial simulations, would simply not work. For this reason, we will, unfortunately, have to terminate our relationship if you ask us to limit or stop the processing of your personal data. In this case, you would no longer be able to use our services. On the other hand, your rights of access, rectification or portability of your personal data can, of course, be exercised without any problem.
Your privacy rights remain applicable to the processing of your personal data for commercial purposes, for example, processing to offer you discounts. This means, for example, that you have the right to request that we no longer process your personal data for these purposes, or to limit their processing.
Where we have processed your data for statistical purposes, we cannot change or delete the statistical data that has been derived from your personal data. This statistical data has already been processed and it has become impossible to trace the identity of an individual. It is therefore no longer personal data protected by the GDPR. Therefore, your privacy rights, such as the right of access, rectification or portability, do not apply to statistical data derived from your personal data.
To exercise your rights, you can send us your dated and signed request, accompanied by a legible copy of both sides of your ID card, being as precise as possible, either by e-mail to email@example.com or by post to easyvest DPO, Rue Gachard 50, 1050 Brussels.
Upon receipt of your complete request, we will respond to your inquiry within a maximum of 30 calendar days.
Easyvest bears the ultimate responsibility for processing your data.
It is important to us that you can always use the Easyvest website in an optimal way. That is why we make sure that the content of the website is tailored to your personal preferences and needs. For this purpose, we use different techniques such as cookies, tracking pixels, connections to external analysis libraries and local storage (hereafter referred to as "cookies").
The cookies rules apply to all Easyvest digital applications, including its website and mobile application.
Cookies are small information files that are sent to your browser when you visit a website or use an application, and are saved on your computer, smartphone or tablet. These files are read each time you visit this website or use the application.
These files contain information such as your language preference for the website. This way, you do not have to make this choice each time you visit. Other cookies allow us to measure the popularity of our website pages and the average length of a visit.
A cookie can also be used for marketing purposes. It can, for example, identify your interests in order to present you with Easyvest advertisements on another website that may be of interest to you.
The cookies installed by Easyvest are:
You will find more information in the detailed list of cookies below.
These are cookies that ensure the security and proper functioning of the Easyvest website and application. These cookies are used for example to check your identity when you log in, to establish communication between you and our digital solutions and to save your cookie settings. You cannot refuse them, because they are essential for the proper functioning of the Easyvest website, and in particular for the preservation of its security; your consent is therefore not necessary for this type of cookies.
These cookies collect information that allows us to track the number of visitors and the use of the website. They allow us to improve the content of the site (e.g., if we observe that a blog topic gets a lot of hits, we might write other blogs on a related topic), to tailor the site more precisely to users' needs (e.g., if a page is never visited, we might remove it) and to improve the usability of the site in general (e.g., if the loading time of a popular page is slow, we might improve it).
They also allow us to answer questions such as "from which site do visitors arrive at our site?" or "how long does the average visitor spend on a particular page? By disabling these cookies, we will not be able to analyze our site traffic.
These cookies allow us to offer you personalized messages of a commercial nature about Easyvest financial products or services that may be of interest to you.
|Trustpilot||Functional||Allows the display of customer reviews on the pages of our site.|
|Google Tag Manager||Functional||Allows the loading of other cookies below, depending on the user's choice to accept or decline cookies.|
|Google Analytics||Analytic||Analyses the use of the site such as the origin of the traffic, the most consulted pages, the number of visitors, the average time of visit.|
|Hotjar||Analytic||Analyses the stopping points in the scrolling of a page and of mouse movements to know the elements of a page to which the user pays attention (e.g., an image or a particular link)|
|Amplitude||Analytic||Analyses the site and mobile app usage to see where users click or the sequence of pages viewed.|
|Google Pixel||Analytic||Allows us to perform or optimize our advertising on the Google platform, including Google AdWords or Google Universal App Campaign.|
|Meta Pixel||Analytic||Allows us to perform or optimize our advertising on the Meta platform (Facebook), including Facebook Ad Manager.|
|Microsoft Pixel||Analytic||Allows us to perform or optimize our advertising on the Microsoft platform, including Bing or LinkedIn.|
You can choose to accept or decline cookies. If you accept, all three types of cookies described above will be enabled. If you refuse the cookies, only the functional cookies will be active, while the analytical and marketing cookies will be deactivated. In this case, it is possible that some parts of our site or application will correspond to a lesser extent to your needs and preferences.
On your first visit with a given browser (e.g., Chrome, Safari) on a given device (e.g., smartphone, laptop), our site will present you with a screen asking for your preferences, which, once selected, will remain valid for future visits.
However, you can change your preferences over time via your web browser. How you adjust these settings depends on your browser. You may want to consult your browser's help or use these links to go directly to the manuals for the most popular browsers: Internet Explorer, Mozilla Firefox, Chrome and Safari.
In some browsers, you can also choose not to be tracked by websites ("Do not track"). Easyvest only considers its own cookie settings and does not comply with "Do not track".
For each collaboration with third parties, Easyvest takes care that these third parties cannot identify you by means of the information Easyvest collects through its cookies.
We update these cookie rules on a regular basis. The latest version of the cookie rules is always available on our website. Only this latest version is applicable. Easyvest will inform you of any significant changes and ask for your consent if necessary.
If you want to make a complaint, you can send us a message via our website, app or general e-mail address (firstname.lastname@example.org) and we will respond as soon as possible.
If we are unable to reach an agreement, you can submit a request for mediation to the Belgian Data Protection Authority: Data Protection Authority, Rue de la Presse 35 in 1000 Brussels, by phone +32 2 274 48 00, e-mail: email@example.com or http://www.dataprotectionauthority.be.
If you want to make a complaint, you can send us a message via our website, our app or our general e-mail address (firstname.lastname@example.org) and we will answer you as soon as possible.
If we can't find a solution, you can submit a request for mediation to the Belgian Data Protection Authority: Data Protection Authority, Rue de la Presse 35, 1000 Brussels, by phone +32 2 274 48 00, e-mail: email@example.com or http://www.dataprotectionauthority.be.