Privacy Notice

1. Introduction  

This Privacy Notice (“Notice”) is addressed to individuals outside Amicorp Group (“Amicorp”, “we”, “us” or “our”) with whom we interact, including individual clients, personnel or representative of corporate clients, vendors and other recipients of our services (together, “you”) and explains how we collect, hold, use, disclose and transfer your Personal Data in every contractual relationship we may have with you. 

This Notice also applies to the processing of all your Personal Data when you use the Website, including when you, as a natural person, user or entrepreneur, or as a representative of a business entity, provide Personal Data on the Website. 


In this Notice we may use the following words and, any time we use them, they will have the meaning provided below. 


2.  Protection of Personal Data

This Privacy Notice describes how we, as Controller of your Personal Data, collect, hold, use and disclose personal information that you provide, is provided on your behalf or is collected by us. 

The Controller of your Personal Data is the Amicorp entity with which you have the contractual relationship. For Amicorp Group companies and their details, please visit: 

Each Amicorp Group company (“Amicorp”) is subject to any Data Protection Legislation that may be applicable in the country in which it is located. This Privacy Notice should not be viewed as a supplement to such local privacy laws and shall not vary or diminish each Amicorp Group company’s obligations under the applicable local Privacy laws. To the extent this Privacy Notice conflicts with any provisions of local Privacy laws, such Data Protection Legislation shall take precedence over this Privacy Notice. 

This Notice may be amended or updated at our discretion from time to time to reflect changes in our practices with respect to the Processing of Personal Data, or any changes in applicable law. 

3. Personal Data

In order to facilitate, enable and/or maintain our business relationship, we collect and otherwise Process Personal Data relating to the client and any other person(s) involved in the business relationship, as the case may be, such as authorized representative(s), person(s) holding a power of attorney, beneficial owners, if different from the client, any natural person who exercises control over an entity (control is generally exercised by any natural person who ultimately has a controlling ownership interest in an entity, “Controlling Person”) and any person for the benefit of which the client is holding a company as agent, nominee or similar (account holder for automatic exchange of information purposes, “AEI Account Holder”), each an “Affected Person”.

Relevant Data Processed by Amicorp includes, but is not limited to, Affected Person’s personal information, subject to applicable law, are as follows: 

Data without personal information, which could be attributed to a natural person by the use of additional information, can also be considered Personal Data.

 4.  Collection of Personal Data

We collect Personal Data about you from a variety of sources as follows: 

 5.   The legal basis for Processing your Personal Data

In accordance with the current Data Protection Legislation, we Process your Personal Data on the following legal grounds: 

6. Purposes for which we may Process your Personal Data

The purposes for which we may Process your Personal Data are: 

 7.   Disclosure of Personal Data to third parties

We may disclose your Personal Data to other entities within Amicorp, for legitimate business purposes (including providing services to you), in accordance with applicable law. 

It is to be noted that we are bound by confidentiality obligations regarding all client-related matters of which we acquire knowledge. We may pass Personal Data only if required by a legal provision or in case of client consent. Bearing in mind these requirements, please be informed that we may disclose your Personal Data to: 

If we engage a third-party Processor to Process your Personal Data, the Processor will be subject to binding contractual obligations to: (i) only Process the Personal Data in accordance with our prior written instructions; and (ii) use measures to protect the confidentiality and security of the Personal Data; together with any additional requirements under applicable law. 

 8.   International transfer of Personal Data

We may transfer Personal Data to Data Recipients located countries outside the European Economic Area1. Such transfer takes place so long as: 

These transfers will always be carried out in compliance with confidentiality obligations regarding all client-related matters of which we acquire knowledge and only to fulfil the purpose for which data have been collected. 

 9.   Data security

We have implemented appropriate technical and organizational security measures designed to protect your Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, unauthorized access, and other unlawful or unauthorized forms of Processing, in accordance with applicable law. 

You are responsible for ensuring that any Personal Data that you send to us are sent securely. 

10. Data accuracy and minimization 

We take reasonable steps designed to ensure that:

From time to time, we may ask you to confirm the accuracy of your Personal Data. 

At the same time, we take reasonable steps designed to ensure that your Personal Data are limited to that reasonably required in connection with the purposes set out in this Notice. 

11. Retention of your Personal Data

We will retain your Personal Data in accordance with Amicorp’s Data Retention Policy. 

If the Data is no longer required in order to fulfill contractual or statutory obligations, it is deleted, unless its further Processing is required – for a limited time – for the following purposes: 

12. Your rights

Subject to applicable law, you may have a number of rights regarding the Processing of your Personal Data, including: 

You can exercise these rights by contacting the Group Data Protection Officer at:

13. Joint controllership of your Personal Data

From time to time, two or more entities within the Amicorp Group may together provide their services to the same client. In this case, these entities jointly determine the purposes and the means of Processing, thus qualifying as Joint Controllers.

In an internal policy on joint controllership, taking effect of the arrangement required by Article 26(1) GDPR, Amicorp has determined how the respective tasks and responsibilities in the Processing of Personal Data are structured among the Joint Controller and who fulfills which data protection obligations.

The following is the essence of the arrangement between Joint Controllers which must be made available to the Data Subjects under Article 26(2) of the GDPR:

Joint Controllers Obligations (a) Duty of compliance with Data Protection Legislation and the service agreement in Processing Personal Data;

(b) duty to adopt Technical and Organizational Measures (TOMs) to protect Personal Data;

(c) duty to ensure the lawful collection of Personal Data;

(d) duty to comply with the retention period;

(e) duty of assistance between Joint Controllers in managing DSARs and reporting data breaches;

(f) duty to inform other Joint Controllers on the Processing, DSARs and inquiries by public and supervisory authority;

Procedure in case of breach of personal data (a) notification without undue delay the other Joint Controllers of any data breach;

(b) provision to the other Joint Controllers of all required and necessary information to notify the breach to supervisory authorities and communicate it to the Data Subjects concerned;

(c) notification to the breach to the competent supervisory authority by the Joint Controller responsible for the system or process underlying the breach;

Data subjects’ rights (a) Rights to the information required by Articles 13 and 14 of the GDPR, such information being available at:;

(b) right to contact any of the joint controllers about the rights granted to them by Articles 15 through 22 of the GDPR;

(c) right to obtain information on the essence of the joint controllership policy.


14. Use of our Website

This Notice also applies to the processing of all your Personal Data when you use the Website, including when you, as a natural person, user or entrepreneur, or as a representative of a business entity, provide Personal Data on the Website. 

This Notice is legally binding on you from the moment you log in to the Website, regardless of which device (computer, tablet, TV, etc.) You use. By using the Website and providing Personal Data, you acknowledge that you have read and agree to abide by this Notice. If you do not agree to the terms of the Notice, please do not visit (log out of) the Website or use its content and / or services. 

If you are under the age of 18, please ensure that you have the permission of a parent / legal representative before providing us with Personal Data. Upon Our request, you will need to prove that such consent has been given. It is forbidden for persons under 14 years of age to provide Personal Data on the Website. 

15. Cookies

A cookie is a small file that is placed on your device when you visit a website (including our websites). It records information about your device, your browser and, in some cases, your preferences and browsing habits. We may Process your Personal Data through cookie technology, in accordance with Amicorp Group of companies’ Cookie Notice. 

 16. Contact details

If you have any comments, questions, complain or any other issues relating to the Processing of Personal Data by Amicorp, please contact the Group Data Protection Officer at: