Personal Data Protection
The document governs the purpose and means of processing personal data when providing Services to Users. Capitalized terms have the meaning set out in the General Terms and Conditions.
The Service Provider is Investown Technologies s.r.o., company ID No.: 086 67 144, with registered office at Inovační 122, Hodkovice, 252 41 Zlatníky-Hodkovice, registered in the Commercial Register of the Municipal Court in Prague, Section C, Insert 322874 (hereinafter referred to as the "Company"). The Company is the controller of the personal data of the Users listed below. The Company has not appointed a data protection officer.
What personal data do we work with?
The Company, as the Data Controller, and to the extent necessary to provide the Services and comply with its legal obligations. Furthermore, entities that supply various services to the Company as processors of your personal data to the extent necessary to fulfill the purpose of the service provided ("Processor"). The Controller delegates the performance of specific processing operations of your personal data to the Processor only for the purposes set out in this document and always on the basis of a contract with the Processor and in accordance with the GDPR.
In particular, the Company uses the following categories of Processors:
- Companies providing services enabling online verification of Clients, e.g., Veriff OÜ or ProfiSMS, Ltd;
- Companies providing cloud storage services, e.g., Amazon Web Services, Inc;
- companies providing services enabling electronic communication with the Company, e.g., Intercom, Inc., Ontraport Inc., or OneSignal, Inc;
- companies providing services that enable the distribution of marketing materials, e.g., Ontraport, Inc., Meta Inc;
- Other categories of Processors in the IT services industry, as applicable.
Recipients of personal data may also be public authorities based on a request or legal obligation of the Company. These may include, in particular, the CNB, the Financial Analysis Authority, or law enforcement authorities.
By registering on the Platform through a partner of the Company, you also consent to the transfer of your personal data to these third parties for the purpose of processing it to provide the agreed service. This may include, in particular, business partners and financial advisors through whom you have registered on the Platform.
Why do we work with your personal data?
To enable us to do the following:
To provide services to Users;
Promoting and improving the Company's services (informing you of news and sending you newsletters);
protecting the Company's rights in the event of a dispute with a User or any other person;
fulfilling legal obligations applicable to the Company by law (in particular, identification and control of the User according to the AML Law).
Your personal data are not subject to any decision by the Controller based solely on automated processing, including profiling, which could have legal effects on you or would affect you in a similar way significantly (e.g., in the form of a risk of a negative impact on the protection of your rights and legitimate interests).
How long will we work with personal data?
We always process personal data for a period of time related to the specific purpose of the processing, namely for the time necessary to fulfill the purpose of the processing or for the time required by binding legal regulations.
The duration of the processing of personal data for the purposes of the processing of personal data defined in the preceding Article 3 is set as a period of time:
- for the provision of services for the duration of the contract and three years after the termination of the contract;
- for the sending of newsletters or other commercial communications and marketing materials as long as our legitimate interest continues or you do not legitimately refuse such processing (unsubscribe);
- for the purpose of protecting the legitimate interests of the Company for ten years after termination of the contract, or longer in justified cases, in particular, in cases of complaint, claim or litigation, or proceedings before a public authority concerning a specific User;
- for the purposes of compliance with the AML Law, ten years as long as the legal obligation to comply with it continues, including the legally required archiving periods.
Where do we work with your personal data?
The processing of personal data by the Controller and its Processors occurs outside the EU.
If we transfer personal data outside the EU to third countries or international organisations, its protection will be ensured in accordance with standard contractual clauses adopted in accordance with the mechanism set out in the GDPR, or on the basis of a Commission decision on the appropriate level of protection of personal data.
What rights do you have in relation to the processing of your personal data?
We always process personal data for a period related to the specific purpose of processing, for the time necessary to fulfill the purpose of processing or for the period required by binding legal regulations.
The duration of the processing of personal data for the purposes of processing personal data as defined in the previous Article 3 is determined as the period of:
- for the provision of services for the duration of the contract and 3 years after the termination of the contract;
- for sending newsletters, or other commercial communications and marketing materials as long as our legitimate interest persists or you do not legitimately refuse such processing (unsubscribe);
- in order to protect the legitimate interests of the Company 10 years after the termination of the contract, or in justified cases longer, in particular in cases of resolving a complaint, complaint or litigation or proceedings before a public authority concerning a particular User;
- for the purpose of complying with the AML Act, 10 years as long as the legal obligation that we are obliged to comply with, including the legally required retention periods, persists.
Where do we work with your personal data?
The processing of personal data by the Controller and its Processors also takes place outside the EU.
If we transfer personal data outside the EU to third countries or international organisations, their protection will be ensured under the standard contractual clauses adopted in accordance with the mechanism set out in the GDPR, or on the basis of the Commission's decision on the adequacy of the protection of personal data.
What are your rights in relation to the processing of your personal data?
Data protection legislation guarantees you various rights in the area of data protection. To the extent that the data protection legislation - in particular the GDPR - guarantees you the following rights:
- The right to access your personal data (i.e., information about what specific personal data we handle and how we process it);
- the right to restrict the processing of your personal data (this means that although we will not delete your personal data yet, we will not process it further without your consent until your request for restriction is resolved);
- the right to rectification and erasure of your personal data (wherever the legal conditions for this are met);
- the right to object to processing based on the legitimate interest of the Controller (sending newsletters, providing Services to non-customers, protecting the rights of the Controller);
- the right to have your personal data transferred to another controller directly by the Company if the data has been processed by automated means and on the basis of consent or performance of a contract in connection with the provision of the Services.
To exercise any of these rights, please contact us using the contact details above - the easiest way to do this is to send us an email at email@example.com, and we will be happy to help you exercise your rights.
If you believe that we are violating the law by processing your personal data, you can file a complaint with the supervisory authority, which is the Office for Personal Data Protection, located at Pplk. Sochor 27, 170 00 Prague 7, website: www.uoou.cz.
Objections to processing: if you do not agree to us using your data to send you newsletters, you can refuse. The easiest way is to use the link in each newsletter, or you can send us an objection by email or letter. If you refuse such processing, we will stop sending you newsletters. You can also refuse other processing based on legitimate interest, and we will restrict it unless we can demonstrate compelling and qualified legitimate grounds for the processing.
This policy is issued in electronic form and can be accessed on the website or via a link on the Investown Platform as part of the registration process.
With this paragraph, the terms will take effect on 1.2.2023
By registering on the Platform through a partner of the Company, you also consent to the transfer of your personal data to these third parties for processing to provide the agreed service. This may include, in particular, business partners and financial advisors through whom you have registered on the Platform.