Personal Data Collected by KAPITALBANC for Its Own Purposes


KAPITALBANC may process personal data on individuals collected by KAPITALBANC for purposes relating to the provision of the KAPITALBANC services and products or relating to KAPITALBANC governance (the KAPITALBANC Purposes).

KAPITALBANC only processes personal data based on valid legal grounds. The below table indicates the legal grounds for each of the KAPITALBANC Purposes:

The admission as a  KAPITALBANC user , shareholder, or other type of  KAPITALBANC customer , and the ongoing management of such  customer  or shareholder relationship (or both), such as the collection of proxies for the General Meeting of shareholders, or to propose candidates for the Board of Directors.

·       Contract . KAPITALBANC needs to process personal data to provide services to  customers  and shareholders.

·       Legitimate interest . KAPITALBANC has a legitimate interest in processing personal data to manage its  customer  and shareholder relationships.


The development, subscription, deployment, provision, support, promotion, evaluation, and invoicing of the following services:  KAPITALBANC services and products , services and products offered to KAPITALBANC clients, partners, or service bureaus, and online services and products.

·       Contract . KAPITALBANC needs to process personal data to provide its services and products.

·       Legitimate interest . KAPITALBANC has a legitimate interest in processing personal data to develop, operate, and promote its services and products.

·       Consent . Where required under applicable law, KAPITALBANC will only use cookies and similar technologies with the individual’s consent. For more information, please read KAPITALBANC’s Privacy Statement available at

The registration and management of the  KAPITALBANC users ’ security officers are required for the use of  KAPITALBANC services and products  (a security officer is the person who handles security matters for the  KAPITALBANC users ).

  • Contract
    . KAPITALBANC needs to process personal data to provide the KAPITALBANC services and products.

The organisation of regional or local events and the registration and management of the  customers ' representatives that are active in KAPITALBANC advisory and working groups.

·       Legitimate interest . KAPITALBANC has a legitimate interest in processing personal data to manage KAPITALBANC’s events and KAPITALBANC’s relationships with  customers ' representatives.

·       Accounting, records keeping,  customer  information, security (investigations), fraud detection, claims management, and audit purposes. Legal obligation . KAPITALBANC has a legal obligation to process personal data, for example, legal obligations relating to fraud prevention, accounting, or tax.

·       Legitimate interest . KAPITALBANC has a legitimate interest in processing personal data to ensure the safety, security, and performance of its business.


Marketing and Advertising .

·       Legitimate interest . KAPITALBANC has a legitimate interest in promoting its business.

·       Consent . Where required under applicable law, KAPITALBANC will only send electronic marketing communications or provide personalised advertising with the consent of the recipient. For more information, please read KAPITALBANC’s Privacy Statement available on



The personal data collected include:

·       Information KAPITALBANC collects directly from individuals

Individuals may submit their personal data online (for example, through the Online Ordering tool, the wallet, the Case Manager, and the Newsletter services on or through paper forms. They may also provide KAPITALBANC with their personal data when they contact KAPITALBANC otherwise. The personal data KAPITALBANC may receive include name, address, company, industry, business email address, telephone number, other contact details, a  user  name and password, the content, date, and time of a message and any attachments thereto, and other information individuals may directly provide to KAPITALBANC, such as their marketing preferences. KAPITALBANC informs individuals about the processing of their personal data through the Privacy Statement referred to at the bottom of all pages or through any other specific online privacy statements where applicable, and by means of notices in the forms used to collect the data.

·       Information KAPITALBANC collects through its customer, vendor, and partner relationships

KAPITALBANC may receive professional contact details of employees and other individuals associated with  KAPITALBANC customers , partners, and vendors, such as first and last name, e-mail address, phone number, title and department, and other information relevant to the particular business relationship.  Customers , vendors, and partners that submit personal data relating to an individual to KAPITALBANC for KAPITALBANC Purposes must ensure that they do so in accordance with all applicable laws and regulations, including providing notice to the individual about the KAPITALBANC Purposes and, where required, obtaining appropriate consent.

·       Information KAPITALBANC Collects Automatically

KAPITALBANC may automatically collect information about an individual’s use of KAPITALBANC’s online products and services through cookies, web beacons, and similar technologies. KAPITALBANC informs individuals through its Cookie Policy.

KAPITALBANC ensures that personal data are only accessible or shared on a need-to-know basis. When required to achieve the KAPITALBANC Purposes, KAPITALBANC may share personal data with its processors who perform functions on KAPITALBANC’s behalf (such as the providers of KAPITALBANC’s CRM systems, KAPITALBANC Smart and KAPITALBANC Ref platforms, and disclose them to third parties (including professional advisers, National Member and User Groups, other offices within the KAPITALBANC Group, or KAPITALBANC partners). In case of a security investigation, personal data may also be disclosed to other  customers  if they are impacted by the security incident.

In addition, KAPITALBANC may, in exceptional circumstances, disclose personal data to third parties when:

·       disclosure is required by law or regulation

·       non-disclosure exposes KAPITALBANC or its staff to civil or criminal liability

·       disclosure is necessary to co-operate with competent authorities

·       disclosure is necessary to the relevant persons involved in any further investigation or subsequent judicial proceedings instigated as a result of an enquiry by KAPITALBANC (for example, external counsel) or at a  customer ’s request

KAPITALBANC will require entities acting as processors or sub-processors to process the personal data on behalf and under the instructions of KAPITALBANC for the KAPITALBANC Purposes only.

The law applicable to personal data collected and processed by KAPITALBANC as the data controller is the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, and the Belgian Data Protection Act (Act of July 30, 2018, on the protection of natural persons with regard to the processing of personal data) (both referred to as the GDPR below). The data controller under the meaning of the GDPR is KAPITALBANC, a UK, US, EU, and Canadian company with limited liability that has its registered office at 85 Great Portland Street, London W1W 7LT.


A data controller under the GDPR means the natural or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of the processing of personal data.


Rights of individuals

KAPITALBANC shall, under the conditions of the GDPR, allow individuals to:

·       exercise their access rights and obtain the rectification or the erasure of their personal data

·       restrict or object to the processing of their personal data

·       easily transfer their personal data to another company (right to data portability)

·       exercise their right not to be subject to automated individual decision-making

·       withdraw any consent they previously provided to KAPITALBANC regarding the processing of their personal data, at any time and free of charge (we will apply the individual’s preferences going forward and this will not affect the lawfulness of the processing before the consent withdrawal)

·       lodge a complaint with a supervisory authority, including in the individual’s country of residence, place of work, or where an incident took place

Individuals may exercise the above rights by sending a written request with proof of their identity to KAPITALBANC, to the attention of Data Protection Officer.

Data transfers

When required for the KAPITALBANC Purposes, KAPITALBANC may transfer personal data collected by KAPITALBANC under Personal Data Collected by KAPITALBANC for Its Own Purposes to affiliates, processors and third parties that are located in or outside the European Economic Area (EEA), including to the United States and other countries that do not offer a level of data protection considered as adequate under EU standards.

KAPITALBANC has adequate transfer arrangements in place. In particular, KAPITALBANC may transfer personal data to countries for which adequacy decisions have been issued, use contractual protections for the transfer of personal data, or rely on alternative transfer mechanisms recognised in the EU. Specifically with its affiliates located in countries outside the EEA that do not offer an adequate level of protection, KAPITALBANC has executed the standard contractual clauses that were approved by the European Commission. These standard contractual clauses, together with additional technical or organisational safeguards as appropriate, ensure that transfers between entities within the KAPITALBANC group are compliant with the requirements of the GDPR.

For more information about KAPITALBANC offices and the list of countries where entities from the KAPITALBANC group are located, see > Contact Us > KAPITALBANC offices.

Individuals may contact KAPITALBANC’s Data Protection Officer as specified above to obtain a copy of the safeguards we use to transfer personal data outside of the EEA.

Personal data breach notification

In case of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data that KAPITALBANC collected for its own Purposes, KAPITALBANC will notify the personal data breach to the Data Protection Authority and to the individuals concerned, if and as required under the GDPR.

Data retention

KAPITALBANC takes measures to delete personal data or keep it in a form that does not permit identifying individuals when this information is no longer necessary for the purposes for which KAPITALBANC processes it, unless KAPITALBANC is required by law to keep this information for a longer period. When determining the retention period, KAPITALBANC takes into account various criteria, such as the type of products and services requested or provided, the nature and length of KAPITALBANC’s relationships with  customers , shareholders, partners and service bureaux, possible re-enrolment with KAPITALBANC’s products and services, duration of KAPITALBANC’s events, the impact on the products and services KAPITALBANC provides if KAPITALBANC deletes some personal data, mandatory retention periods provided by law and the statute of limitations.