chat icon

Privacy Policy

Or in other words, what we do with your personal data.

Introduction

Like any company, easyvest collects all kinds of data, including personal data. Our privacy policy describes what data we collect, how we process it and for what purposes.

This privacy policy is an integral part of our general terms and conditions for the use of easyvest's services, including its website and mobile app. You can't use our services without agreeing with our general terms and conditions.

You rightly expect us to take care of your personal data. This is why we take care to set up secure IT systems and make our employees aware of the need to protect and respect your privacy.

This policy applies both to data that is initially collected when you contact easyvest and to data that is subsequently obtained by easyvest (e.g. when you subscribe to an additional product or service or when you update your initial information).

We save and process your personal data in accordance with the GDPR (General Data Protection Regulation) (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of individuals concerning the processing of personal data and the free movement of such data. Further information on data protection can be obtained from the Data Protection Authority (https://www.autoriteprotectiondonnees.be). In this Privacy Policy, we use specific terms that are defined in these regulations (such as "personal data", "processing", "processor", "controller").

FAQ and summary

Before going into detail, you will find below a summary of the questions we are frequently asked about the processing of personal data:

  
Do you store my personal data?YES
Do you store my financial transaction data?YES
Do you use cookies?YES
Do you use plugins?YES
Do you delete my data once my user account is deleted?NO
Can I use easyvest without giving my permission to process my personal data?NO
Do you sell my personal data?NO
Do you share my personal information with other financial institutions?YES
Do you regularly update this policy?YES
Can I exercise my GDPR rights?YES
Can I file a complaint somewhere?YES

Who are we?

Easyvest NV/SA is a Belgian company with its registered office at Rue Gachard 59 in 1050 Brussels, Belgium and our VAT number is BE0631.809.696.

We are responsible for the storage and processing of your data ("data controller"). This means that we determine the purposes and methods of this processing.

We have an internal data protection officer, a DPO or "Data Protection Officer". You can contact this person by e-mail at info@easyvest.be or by post at the above address.

For certain services, we use specialized partners who act as subcontractors. They must comply with our data protection policy and must also comply with their legal obligations in this respect. We ensure the protection of your personal data through appropriate provisions in our contracts with subcontractors.

When do we store your data?

We start storing your data as soon as you contact us via one of easyvest's contact channels. This may happen when:

We also store data about visits and behavior on our website and mobile app, without being able to relate them to you as long as you have not communicated your identity to us.

We then collect your data every time you interact with easyvest, whether it is when you deposit money into your account, make a stock exchange transaction, talk on the phone with one of our employees, visit us in our offices, ask us a question or login to our app.

What data do we keep?

By personal data, we mean not only data that identifies you directly but also data that identifies you indirectly.

We store different data for different purposes. For example, we need some data to identify you in accordance with applicable financial legislation, some data related with the services you have subscribed to or your use of our site or mobile app, and some data to be able to provide you with exceptional user experience.

We process your data based on four legal bases in accordance with the GDPR: legal obligation, contractual obligation, legitimate interest and/or explicit consent.

  1. Certain regulations legally require us to collect certain data. For example, the MiFID (Markets in Financial Instruments Directive) requires us to know our client well before giving financial advice. Money laundering, in particular for tax evasion or terrorist financing, is a subject to which we pay particular attention. As part of our business, we see financial transactions taking place and we, therefore, have a role to play in preventing money laundering. To achieve this, we may ask you questions about the origin of your funds and we may retain this data to comply with anti-money-laundering regulations.
  2. The signing of the service contract between you and us implies that we will process certain data to execute this contract. For example, we retain your transactions and portfolio status data to be able to report to you on the progress of your portfolio.
  3. Easyvest also processes your data for the fulfilment of its legitimate interests, in particular its business development and customer service interests. To do this, easyvest maintains a fair balance between the need to process the data and the respect of your rights and freedoms, in particular your privacy protection.
  4. We may process certain data after your explicit consent. For example, by agreeing to provide us with data relating. to your legal pension and your 2nd and 3rd pillar pension plans, you agree that we may use this data to run simulations on our pension planning tool.

The table below lists more precisely what data we collect, for what purpose and on what basis. This list is intended to be as complete as possible, but it may not be exhaustive.

What data?For what purpose?On what basis?
Contact data
Last name, first name, e-mail address, telephone number
  • Identification
  • Provision of services
  • Legal obligation
  • Contractual
Identification data
Copy of ID document (e.g. Belgian double-sided ID card or passport), expiry date, date and place of birth, national identification number, home address, tax identification number
  • Identification
  • Provision of services
  • Legal obligation
  • Legitimate interest
Bank account data
IBAN/BIC
  • Withdrawal of money only allowed to this account (security)
  • Provision of services
  • Contractual
MiFID data
Experience and financial knowledge, investment objective, investment horizon, risk profile, assets
  • Adequate and appropriate investment advice
  • Provision of services
  • Legal obligation
  • Contractual
  • Legitimate interest
AML Data
Profession, origin of funds, destination of funds, political exposure, convictions and financial embargoes, links with legal entities and listed companies, analysis of atypical transactions, spouse and/or children ID data
  • Prevention of the use of the financial system for money laundering purposes
  • Legal obligation
Contractual data
A signed copy of agreements, identification sheets and investor profile
  • Legal back-up
  • Provision of services
  • Contractual
  • Legal obligation
Simulation data
Investment objective, amounts to be invested, preferred tax wrapper and risk profile
  • Provision of services
  • Legitimate interest
Pension data
Amounts of the legal, supplementary, and personal pensions, legal retirement age, social status, organizer and identification number of pension plan, pension trust organization, current capital and yearly add-on
  • Provision of services
  • Contractual
  • Explicit consent
  • Legal obligation
Portfolio data
Current and historical value of the portfolio, returns, breakdown by financial assets, transactions carried out
  • Provision of services
  • Legal obligation
  • Contractual
  • Legitimate interest
Interaction data
Interaction channels and preferred languages, a summary of past communications, order confirmation, files exchanged, e-mails, marketing campaigns viewed and origin of the relationship
  • Provision of services
  • Legitimate interest
Usage data
Brand of your devices, operating systems, connection timing, browsing behavior, location, crash logs, cookies
  • Provision and improvement of services
  • Contractual
  • Explicit consent
  • Legitimate interest
Development data
Any other data that we collect by asking you questions (e.g. an employee in privileged contact with the customer, NPS)
  • Provision of services
  • Contractual
  • Legitimate interest

What do we do with this data?

First and foremost, we process the above-mentioned data to provide you with exceptional service and user experience. To be more specific, we use your data to provide our banking, investment and insurance intermediation services. On an anonymous or aggregated basis, we use your data for internal strategic decision-making or as a basis for external communication.

Investment services

As a portfolio management company, which requires an authorization from the Belgian Financial Services and Markets Authority (FSMA) to operate, we have a legal obligation to collect a large amount of data in order to be authorized to provide our portfolio management service.

If certain other data does not need to be collected for a legal reason, we still process it because we believe it helps us to provide a better service, not only to you but also to all our existing and future clients.

Insurance Intermediation

We are also registered with the FSMA as an insurance broker, which allows us to distribute life insurance policies as part of your pension planning. As with banking and investment services, we collect your data for legal reasons or reasons of legitimate interest.

Internal strategic management

We anonymize our users' data and convert them into statistics. These statistics help us to make strategic and operational decisions internally. For example, the data allows us to evaluate whether we should continue a marketing campaign because it is successful or whether we should promote it in a specific city or to a specific customer segment.

External communication

We use the same anonymized data for external communication. For example, when we announce to the press the number of clients we are pleased to serve, the average performance of our clients' portfolios, or the number of assets under custody.

Cookies

We use computer cookies. You can find more details about cookies and what we do with cookies below in the dedicated section on cookies.

Plugins

We use a series of extension modules (or plugins). The purpose of these plugins is to better understand how you use the site so that we can not only improve its functionality but also to be able to present you our commercial messages on other sites.

For example, we use Google Analytics to analyze in real-time the number of visitors on our site, to know by what means they arrived on the site (e.g. search engine, direct, from the link of another site) and which pages they like to visit. Another plugin allows us to offer you a chat functionality on our website.

Where do we store this data?

We store all data in a highly secure computer environment. To do this, we use the services of subcontractors who offer database technologies used in many government, military and financial applications. The subcontractors' servers are located in Europe and are duplicated in different locations to allow data recovery in the event of a server failure or destruction. These servers are extremely well protected against attempted physical or cyber-attacks.

We make it a point of honor to use trustworthy services that are well established and recognized for their respectful treatment of personal data.

Of course, we make every effort to protect the data entrusted to us as well as possible. However, we cannot provide any guarantee in this respect because there is no such thing as 100% security. If someone were to break into our database, you can't hold us responsible for that. Even if it causes you problems and damage. But we say it again: we do everything we can to make sure that doesn't happen. In doing so, we use high-security standards, which are regularly tested both by us and our auditors.

Who has access to the data?

Within easyvest, our Data Protection Officer filters access to data by our employees according to the precautionary principle that employees can only access the data they need to do their job.

Our infrastructure's design, therefore, hides data from our employees by default. Should an employee nevertheless have access to data that they should not have access to, the employee is aware of the need to respect your privacy. In such a case, they are asked to destroy any data that has arrived in their possession by mistake and to report this potential security breach to our IT department, which will take the appropriate corrective measures.

As part of our activities as a portfolio management company and insurance broker, we must share your personal data with the custodian of your assets and our partner insurance companies.

This is not only because financial regulations oblige us to do so, but also because without this, these financial institutions simply cannot issue a contract allowing you to open a securities account or a life insurance policy, for investment.

Furthermore, like these other financial institutions, we are under the strict supervision of financial supervisors. For example, we have to check our users to see whether they are on international sanction lists, PEP ("politically exposed persons") lists or other official lists. For this purpose, we use your last name, first name, date and place of birth.

No one, not even the GDPR, can oppose our storing this data.

How long do we keep these data?

We process all data concerning you for as long as you continue to use our services. When you cease being a user, the length of retention will depend on the type of contractual relationship you had with us and the type of data.

If you have never been a customer per se, i.e. if you have never signed an agreement with us, we will be able to delete all your data on request.

If you have been a customer, we are legally obliged to keep all your data for 10 years. Indeed, we are subject to financial legislation, in particular to the Act of September 18, 2017, on the prevention of money laundering and the financing of terrorism, article 60 of which obliges us to keep certain data for up to 10 years after the collaboration has ended.

In other words, from the moment you no longer use our services, we are legally obliged to retain certain data for a further 10 years.

In short, we do not retain your personal data longer than is necessary to provide you with our services, unless we are legally obliged to do so.

Finally, we may keep your personal data longer if you have agreed to this or if it is necessary for us in the context of legal proceedings. Naturally, we make every effort to avoid having to provide your data to a court of law as evidence.

Do you have privacy rights?

In principle, the GDPR gives you certain rights. However, as mentioned above, we are legally obliged to keep your ID and transaction data for 10 years. Most of your GDPR rights do not apply to this storage. Article 65 of the Anti-Money-Laundering Act, to be precise, states: "The person whose personal data are processed in accordance with this law does not have the right to access and rectify his or her data, nor the right to be forgotten, nor the right to portability of these data, nor the right to object, nor the right not to be profiled, nor the right to be notified of security breaches".

Notwithstanding these exceptions, the GDPR gives you six rights: the right of access and rectification (we must be able to tell you what data we hold about you and you can modify this data), the right to forget (you can ask us to delete all the data we hold about you), the right to limit processing (you can, for example, ask us to stop receiving our blogs), the right to portability (you can request a complete extract of your data from us), the right to withdraw your permission (you can, for example, withdraw your permission to use commercial profiling cookies), the right to object (you can, for example, request that we no longer use your data to receive commercial actions from us).

Please remember that we can only offer our services if we store and process your personal data. Without the processing of your data, the functionalities of our application, such as personal financial simulations, would simply not work. For this reason, we will, unfortunately, have to terminate our relationship if you ask us to limit or stop the processing of your personal data. In this case, you would no longer be able to use our services. On the other hand, your rights of access, rectification or portability of your personal data can, of course, be exercised without any problem.

Your privacy rights remain applicable to the processing of your personal data for commercial purposes, for example, processing to offer you discounts. This means, for example, that you have the right to request that we no longer process your personal data for these purposes, or to limit their processing.

Where we have processed your data for statistical purposes, we cannot change or delete the statistical data that has been derived from your personal data. This statistical data has already been processed and it has become impossible to trace the identity of an individual. It is therefore no longer personal data protected by the GDPR. Therefore, your privacy rights, such as the right of access, rectification or portability, do not apply to statistical data derived from your personal data.

How to exercise your rights?

To exercise your rights, you can send us your dated and signed request, accompanied by a legible copy of both sides of your ID card, being as precise as possible, either by e-mail to info@easyvest.be or by post to easyvest DPO, Rue Gachard 50, 1050 Brussels.

Upon receipt of your complete request, we will respond to your inquiry within a maximum of 30 calendar days.

How do we update this policy?

We update this privacy policy regularly. In particular, when the data processed and the places where it is stored change. You will be informed of any changes by e-mail. The latest version of the privacy policy is always available on our website (www.easyvest.be/en/privacy).

Who is ultimately responsible for the processing of your data?

Easyvest bears the ultimate responsibility for processing your data.

What are the cookies rules?

Introduction

It is important to us that you can always use the Easyvest website in an optimal way. That is why we make sure that the content of the website is tailored to your personal preferences and needs. For this purpose, we use different techniques such as cookies, tracking pixels, connections to external analysis libraries and local storage (hereafter referred to as "cookies").

In this section on cookies rules, we explain what cookies are, what types of cookies we use, how to change your cookie preferences and how Easyvest protects your privacy. We also explain why we use cookies and how long we keep them.

The cookies rules apply to all Easyvest digital applications, including its website and mobile application.

If you access a third-party website via our website or application, the cookie policy of that third party applies. Easyvest therefore recommends that you also read the cookie policy of that third party.

What is a cookie?

Cookies are small information files that are sent to your browser when you visit a website or use an application, and are saved on your computer, smartphone or tablet. These files are read each time you visit this website or use the application.

These files contain information such as your language preference for the website. This way, you do not have to make this choice each time you visit. Other cookies allow us to measure the popularity of our website pages and the average length of a visit.

A cookie can also be used for marketing purposes. It can, for example, identify your interests in order to present you with Easyvest advertisements on another website that may be of interest to you.

The cookies installed by Easyvest are:

You will find more information in the detailed list of cookies below.

What type of cookies do we use?

Easyvest uses cookies to operate its website, analyze its use and offer personalized marketing actions.

Cookies essential to the functioning of the site

These are cookies that ensure the security and proper functioning of the Easyvest website and application. These cookies are used for example to check your identity when you log in, to establish communication between you and our digital solutions and to save your cookie settings. You cannot refuse them, because they are essential for the proper functioning of the Easyvest website, and in particular for the preservation of its security; your consent is therefore not necessary for this type of cookies.

Site usage analytical cookies

These cookies collect information that allows us to track the number of visitors and the use of the website. They allow us to improve the content of the site (e.g., if we observe that a blog topic gets a lot of hits, we might write other blogs on a related topic), to tailor the site more precisely to users' needs (e.g., if a page is never visited, we might remove it) and to improve the usability of the site in general (e.g., if the loading time of a popular page is slow, we might improve it).

They also allow us to answer questions such as "from which site do visitors arrive at our site?" or "how long does the average visitor spend on a particular page? By disabling these cookies, we will not be able to analyze our site traffic.

Cookies for personalized marketing proposals

These cookies allow us to offer you personalized messages of a commercial nature about Easyvest financial products or services that may be of interest to you.

What cookies do we use specifically?

Here is the list of cookies we use. Cookies generally have technical names, visible in your browser, which we do not list here for readability. We prefer to list here the names of the services we use that use cookies. It is possible that a service listed below uses one or more cookies for its proper functioning.

NameTypeUsage
EasyvestFunctionalEnsures the security of the session hosted on force.com, the selection of the language of use, and saves the visitor's acceptance/refusal of the use of cookies.
TrustpilotFunctionalAllows the display of customer reviews on the pages of our site.
Google Tag ManagerFunctionalAllows the loading of other cookies below, depending on the user's choice to accept or decline cookies.
Google AnalyticsAnalyticAnalyses the use of the site such as the origin of the traffic, the most consulted pages, the number of visitors, the average time of visit.
HotjarAnalyticAnalyses the stopping points in the scrolling of a page and of mouse movements to know the elements of a page to which the user pays attention (e.g., an image or a particular link)
AmplitudeAnalyticAnalyses the site and mobile app usage to see where users click or the sequence of pages viewed.
Google PixelAnalyticAllows us to perform or optimize our advertising on the Google platform, including Google AdWords or Google Universal App Campaign.
Meta PixelAnalyticAllows us to perform or optimize our advertising on the Meta platform (Facebook), including Facebook Ad Manager.
Microsoft PixelAnalyticAllows us to perform or optimize our advertising on the Microsoft platform, including Bing or LinkedIn.

How do I accept or reject cookies?

You can choose to accept or decline cookies. If you accept, all three types of cookies described above will be enabled. If you refuse the cookies, only the functional cookies will be active, while the analytical and marketing cookies will be deactivated. In this case, it is possible that some parts of our site or application will correspond to a lesser extent to your needs and preferences.

On your first visit with a given browser (e.g., Chrome, Safari) on a given device (e.g., smartphone, laptop), our site will present you with a screen asking for your preferences, which, once selected, will remain valid for future visits.

However, you can change your preferences over time via your web browser. How you adjust these settings depends on your browser. You may want to consult your browser's help or use these links to go directly to the manuals for the most popular browsers: Internet Explorer, Mozilla Firefox, Chrome and Safari.

In some browsers, you can also choose not to be tracked by websites ("Do not track"). Easyvest only considers its own cookie settings and does not comply with "Do not track".

What about your privacy?

For each collaboration with third parties, Easyvest takes care that these third parties cannot identify you by means of the information Easyvest collects through its cookies.

When Easyvest collects personal data via cookies, it always does so in accordance with this privacy policy.

How does Easyvest update its cookie rules?

We update these cookie rules on a regular basis. The latest version of the cookie rules is always available on our website. Only this latest version is applicable. Easyvest will inform you of any significant changes and ask for your consent if necessary.

What to do if you have a complaint?

If you want to make a complaint, you can send us a message via our website, app or general e-mail address (info@easyvest.be) and we will respond as soon as possible.

If we are unable to reach an agreement, you can submit a request for mediation to the Belgian Data Protection Authority: Data Protection Authority, Rue de la Presse 35 in 1000 Brussels, by phone +32 2 274 48 00, e-mail: contact@apd-gba.be or http://www.dataprotectionauthority.be.

What if this policy does not work for you?

If you don't agree with our privacy policy, that's too bad, but you can't use our website or app. We cannot provide you with our services without this agreement. The collection, storage and processing of data is part of our service provision.

What to do if you have a complaint?

If you want to make a complaint, you can send us a message via our website, our app or our general e-mail address (info@easyvest.be) and we will answer you as soon as possible.

If we can't find a solution, you can submit a request for mediation to the Belgian Data Protection Authority: Data Protection Authority, Rue de la Presse 35, 1000 Brussels, by phone +32 2 274 48 00, e-mail: contact@apd-gba.be or http://www.dataprotectionauthority.be.

Easyvest is a brand of EASYVEST NV/SA, authorized and regulated by the Belgian Authority for Financial Services and Markets, with company number 0631.809.696, as a portfolio management company and as a broker in insurances, with registered office at Rue Gachard 59, 1050 Brussels, Belgium. Copyright 2022 EASYVEST NV/SA. Past performance is no guarantee of future results. Any historical returns, expected returns, or probability projections may not reflect actual future performance. All securities involve risk and may result in loss.