Principles of personal data processing

A document regulating the purpose and means of processing personal data in the provision of Services to Users. Capitalized terms have the meaning set out in the General Terms and Conditions.

Privacy Policy

a document regulating the purpose and means of processing personal data when providing Services to Users. Capitalized terms have the meaning set out in the General Terms and Conditions.

The service provider is Investown Technologies s.r.o., Company ID: 086 67 144, with its registered office at Inovační 122, Hodkovice, 252 41 Zlatníky-Hodkovice, registered in the Commercial Register of the Municipal Court in Prague, Section C, Insert 322874 (hereinafter referred to as the "Company"). The Company is the administrator of the following personal data of the Users. The Company has not appointed a Data Protection Officer.

What personal data do we work with?

As part of the provision of Services, we, as the Administrator, are authorized to process your personal data to the extent specified below:

  • identification data of Users (in particular name and surname, date of birth or birth number, permanent or other residence);
  • contact details of Users (e-mail address, mobile phone number, bank account, variable symbol of Clients assigned by the Company, contact address);
  • Login data of clients (e-mail address and, if applicable, password, stored in encrypted form using a one-way hash function);
  • information on the financial situation of Clients as part of the assessment of the suitability of services;
  • information about the location of Clients;
  • the history of Clients' transactions in the Investment Wallet (data on deposits, withdrawals, Invested amounts, received revenues and charged fees);
  • the history of the Client's movements on the platform (for example, data on visited pages and events on the site, including data on the HW and SW equipment used and the Client's Internet connection), which are necessary for the performance of the contract and for the protection of the Company's legitimate interests in the event of legal disputes;
  • data necessary to fulfil the obligation to identify and control Users under the Act. No. 253/2008 Coll., on certain measures against money laundering and terrorist financing (e.g. a copy of an identity card, a photograph of the Client, information on the source of income, the purpose of the transaction, the status of a politically exposed person, place of birth)

Who processes your personal data?

The Company as a Personal Data Controller to the extent necessary for the provision of Services and the fulfillment of legal obligations. Furthermore, entities that provide the Company with various services as processors of your personal data to the extent necessary to fulfill the purpose of the service delivered ("Processor"). The Controller proceeds to perform certain tasks of processing your personal data to the Processor only for the purposes specified in this document, always on the basis of a contract with the Processor and in accordance with the GDPR.

In particular, the Company uses the following Categories of Processors:

  • companies providing services enabling online verification of Clients, e.g. Veriff OÜ or ProfiSMS, s.r.o.;
  • companies providing cloud storage services, such as Amazon Web Services, Inc.;
  • companies providing services enabling electronic communication with the Company, e.g. Intercom, Inc., Ontraport Inc. or OneSignal, Inc.;
  • companies providing services enabling the distribution of marketing materials, e.g. Ontraport, Inc., Meta Inc.;
  • or other categories of Processors in the field of providing IT services.

Recipients of personal data may also be public authorities, based on a request or legal obligation of the Company. This may include, in particular, the CNB, the Financial Analytical Office or law enforcement authorities.

Why do we work with your personal data?

In order to do the following:

  • providing services to Users;
  • promotion and improvement of the Company's services (informing about news and sending newsletters);
  • protection of the Company's rights in the event of a dispute with the User or another person;
  • fulfillment of legal obligations applicable to the Company by law (in particular identification and control of the User according to the AML Act).

Your personal data are not subject to any decision on the part of the Controller based solely on automated processing, including profiling, which could have legal effects for you or would similarly significantly affect you (e.g. in the form of a risk of negative impact on the protection of your rights and legitimate interests).

How long will we work with personal data?

We always process personal data for a period related to the specific purpose of processing, for the time necessary to fulfill the purpose of processing or for the period required by binding legal regulations.  

The duration of the processing of personal data for the purposes of processing personal data as defined in the previous Article 3 is determined as the period of:

  • for the provision of services for the duration of the contract and 3 years after the termination of the contract;
  • for sending newsletters, or other commercial communications and marketing materials as long as our legitimate interest persists or you do not legitimately refuse such processing (unsubscribe);
  • in order to protect the legitimate interests of the Company 10 years after the termination of the contract, or in justified cases longer, in particular in cases of resolving a complaint, complaint or litigation or proceedings before a public authority concerning a particular User;
  • for the purpose of complying with the AML Act, 10 years as long as the legal obligation that we are obliged to comply with, including the legally required retention periods, persists.

Where do we work with your personal data?

The processing of personal data by the Controller and its Processors also takes place outside the EU.

If we transfer personal data outside the EU to third countries or international organisations, their protection will be ensured under the standard contractual clauses adopted in accordance with the mechanism set out in the GDPR, or on the basis of the Commission's decision on the adequacy of the protection of personal data.

What are your rights in relation to the processing of your personal data?

Data protection legislation guarantees you various rights in the area of personal data protection. To the extent that you are guaranteed by data protection regulations – in particular the GDPR – you have the following rights:

  • the right to access your personal data (i.e. information about what specific personal data we work with and how we process them);
  • the right to restrict the processing of your personal data (this means that we will not delete the personal data for the time being, but we will not further process it without your consent until the request for restriction made by you is resolved);
  • the right to rectification and erasure of your personal data (always if the legal conditions for this are met);
  • the right to object to processing based on the legitimate interest of the Controller (sending newsletters, providing Services to non-clients, protection of the Controller's rights);
  • the right to have your personal data transferred to another controller directly by the Company, if these data have been processed automatically and on the basis of consent or performance of a contract in connection with the provision of the Service.

To exercise any of these rights, please contact us using the above contact details – the easiest way is to send us an email: and we will be happy to help you exercise your rights.

If you believe that the processing of your personal data violates the law, you can file a complaint with the supervisory authority, which is the Office for Personal Data Protection, with its registered office at Pplk. Sochora 27, 170 00 Prague 7, web page:

Objections to processing: If you do not consent to us using your data to send you newsletters, you can object to this. The easiest way is to use the link that is in each newsletter, or you can send us an objection by email or letter. If you refuse such processing, we will stop sending you newsletters. You may also object to other processing based on legitimate interest and we will restrict it unless we demonstrate compelling and qualified legitimate grounds for the processing.

These principles are issued in electronic form and are accessible on the website or via a link on the Investown Platform as part of the registration.  

The Principles come into effect on 20.7.2022