Suche starten DE menü Kundenportal der EIB-Gruppe
Schließen Kundenportal der EIB-Gruppe
Suche starten
Suche starten
Ergebnisse
Top-5-Suchergebnisse Alle Ergebnisse anzeigen Erweiterte Suche
Häufigste Suchbegriffe
Meistbesuchte Seiten

Anti-money laundering and combatting the financing of terrorism (AML-CFT) activities

1.     Introduction

The European Investment Bank (hereinafter “the EIB”) is committed to the protection personal data. The EIB collects and further processes personal data in accordance with Regulation (EC) 2018/1725 of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (hereinafter the “EU DPR”).

This data protection statement explains the reason for the processing, the way of collection, handling and ensuring protection of all personal data. Additionally, this statement further explains the ways in which the information is used, and the rights of the individuals concerned, that are available in relation to their personal data.

The information in relation to the processing operation Anti-money laundering and combatting the financing of terrorism (AML-CFT) activities undertaken by the EIB is presented below.

2.     Controller

The data controller is the Compliance function, as part of the EIB’s Group Risk and Compliance Directorate (GR&C) of the European Investment Bank (the “EIB”). 

3.     Purpose of the processing

This data protection statement provides information regarding the processing of personal data carried out by the EIB in the course of its AML-CFT activities. The EIB performs these tasks in the exercise of the authority vested to it in accordance with the Provisions of the Treaties and its Statute.

The EIB processes personal data with a view to manage Anti-money laundering and combatting the financing of terrorism (AML-CFT) activities, in a reasonable and proper manner, in accordance with applicable laws and regulations. Personal data are processed in accordance with Regulation (EU) 2018/1725 of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (hereafter, the EU DPR).

In the context of Anti-money laundering and combatting the financing of terrorism (AML-CFT) activities, the EIB processes the personal data for the below purpose(s) as described in the record: comply with the requirements defined in the regulatory framework on the fight against money laundering and terrorist financing.

The processing of personal data in the context of Anti-money laundering and combatting the financing of terrorism (AML-CFT) activities does not involve the existence of automated decision-making, including profiling.

4.     Legal Basis of the processing

The legal basis for the processing of personal data in the context of Anti-money laundering and combatting the financing of terrorism (AML-CFT) activities, is: Public interest assigned by Union legislation: Directives, Regulations, Contract to which the data subject is party, Legal obligation incumbent on controller. In Particular, the processing is based on the AML Directive (EU) 2018/843 of the European Parliament and of the Council of 30 May 2018 amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, and amending Directives 2009/138/EC and 2013/36/EU.

5.     Categories of data subjects

The following categories of data subjects are/may be concerned by the processing under 2: Persons who directly or indirectly own EIB Group counterparties (or potential counterparties), as well as persons entrusted with control and management of such legal entities (e.g. beneficial owners, shareholders, chairpersons, chief executive officers, boards of directors, management committees, supervisory boards, local authority councils or equivalent).

6.     What personal data does the EIB process?

The EIB processes the following categories of personal data Name, Date of birth, Contact information (incl.  e-mail address, business telephone number, mobile telephone number, fax number, company and department, country of residence, internet address, postal address) gender, Identification number, Photo, Other sensitive data and criminal convictions and offences.

7.     Where does the EIB obtain the personal data?

The EIB may obtain personal data directly from the requester. It may collect some information about the requester, or the persons represented by the requester from publicly available sources.

Personal data is obtained from:

  • directly from the data subject
  • from a legal entity or an organisation that the data subject represents, or with which is associated
  • from an intermediary involved in the transaction /contract to which EIB is associated to
  • if the data subject is an individual beneficiary or a beneficial owner of or other key individual associated with a beneficiary, EIB may also collect some information about the data subject from international sanctions lists and other publicly available sources.

8.     To whom is the personal data disclosed?

The EIB may disclose personal data to the following recipients:

  • Internally, to the EIB relevant services and/or EIB governing and controlling bodies,
  • our legal advisors,
  • the legal entity, organisation (if any) with which you are associated,
  • the European Investment Fund and other EU institutions (including the European Commission, and the European Court of Auditors, OLAF or EPPO),
  • public authorities in the EU Member States, and competent regulatory, prosecuting and tax authorities,
  • LSEG World-Check and Dow Jones, external data bases which are utilized for the screening programs being part of the AML-CFT activities

9.     International Transfers

Personal data are transferred to United Kingdom where LSEG World-Check and Dow Jones are located. The transfer of data is based on the adequacy decision adopted by the European Commission.

10.  How long does the EIB keep personal data?

Personal data is kept for 5 years as from the end of the business relationship with the Relevant Counterparty (hereinafter "RC") or after the date of an occasional transaction.

11.  What are the rights of data subjects and how can they exercise them?

Data subjects’ rights are set out in sections 3 to 5 of the EU DPR.

  • Data subjects have the right to obtain from the controller confirmation as to whether or not their personal data are being processed, and, if so, to access their personal data by contacting the controller or through the EIB DPO (right of access);
  • Data subjects have the right to request the controller to rectify any inaccurate data and/or have incomplete personal data completed (right to rectification);
  • Data subjects have the right to request the controller to erase their personal data as per Article 19 of the EU DPR (right to be forgotten);
  • Data subjects have the right to request the controller to restrict the processing of their personal data in the following cases (right to restriction of processing):
    (i) if they contest the accuracy of their data;
    (ii) if the processing of the data is unlawful and they oppose to their erasure;
    (iii) if the controller no longer needs the personal data referred to for the purposes of the processing but the data subject concerned needs them for the establishment, exercise or defence of legal claims; or
    (iv) if data subjects have objected to the processing of their data and the EIB seeks to establish whether the controller has legitimate grounds overriding data subjects’ right to restriction.
  • Data subjects have the right to object to the processing of personal data, on grounds relating to their particular situation, unless the EIB demonstrates compelling legitimate grounds for the processing or for the establishment, exercise or defence of legal claims;
  • Data subjects have the right to receive their personal data from the EIB in a structured, commonly used and machine-readable format to allow you to transmit your data to another controller without hindrance from the EIB (right to data portability);
  • When the legal basis of the processing is consent, data subjects have the right to withdraw their consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal;
  • Data subjects have the right to lodge a complaint with the European Data Protection Supervisor (www.edps.europa.eu) at any time (right to lodge a complaint).

12.  Contact

Should data subjects have any questions about the processing of their personal data, or wish to exercise any of the aforementioned rights, please contact Portfolio Management and Monitoring (PMM): a.rohde@eib.org or the EIB's Data Protection Officer, Mr. Pelopidas Donos, by email at p.donos@eib.org or at the following address:

Mr. Pelopidas Donos

European Investment Bank

98-100 Boulevard Konrad Adenauer

L-2950 Luxembourg (Grand Duchy of Luxembourg)