Privacy Statement of LitFin group
last updated 20th May 2022
This privacy statement sets out the personal data processing activities conducted by LitFin group. The LitFin group shall mean LitFin Capital a.s., with its registered office at Hybernská 7, Nové Město 110 00 Prague 1, Czech Republic, ID No.: 084 38 412, registered in the Commercial Register maintained by the Municipal Court in Prague, Section B, Insert 24636, and all companies controlled by LitFin Capital a.s. For the purposes of this definition, the term «controlled» shall mean a) ownership, b) a supermajority voting share in the company, c) the ability to vote with a supermajority of voting shares, d) a supermajority ownership interest in the company. We are committed to protecting your personal information and your right to privacy. If you have any questions or concerns about our policy, or our practices with regards to your personal information, please contact us at info@litfin.cz. Please read this privacy policy carefully as it will help you make informed decisions about sharing your personal data with us.Personal data protection
Privacy Policy
I.
Personal Data Controller
- The data controller pursuant to Article 4, point 7 of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter: «GDPR») is each of the companies belonging to the LitFin Group (hereinafter: «LitFin»).
- The contact details of the controller are:
- The data controller has not appointed a data protection officer.
II.
Sources and categories of personal data processed
- The data controller processes personal data provided to it by the data subject or personal data obtained by the data controller on the basis of the performance of a contract.
- The data controller processes, in particular, identification and contact data, in particular in the following scope: name, surname, date of birth, bank connection, contact details, other data necessary for the performance of the contract.
- The data controller processes personal data from a special category within the meaning of Article 9 GDPR, with the express consent of the data subject.
III.
Legal basis and purpose of the processing of personal data
- LitFin processes personal data on the basis of the following legal grounds:
-
- the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
- the processing is necessary for the performance of a contract to which the data subject is a party or for the measures taken before the conclusion of the contract at the request of the data subject;
- the processing is necessary for compliance with a legal obligation to which the data controller is subject;
- legitimate interest of the data controller in providing direct marketing (in particular for sending commercial communications and newsletters);
- consent to processing for the purposes of providing direct marketing (in particular for sending commercial communications and newsletters) pursuant to Article 6(1)(a) of the GDPR in conjunction with Section 7(2) of Act No. 480/2004 Coll., on Certain Information Society Services (in the case of Slovakia: Section 62 (2) of Act No. 351/2011 Coll., on Electronic Communications, as amended) in the absence of a contract with the controller.
- The purpose of the processing of personal data is:
- the exercise of rights and obligations arising from the contractual relationship between the personal data subject and the data controller; when negotiating the conclusion of a contract, personal data necessary for the successful conclusion of the contractual relationship with the controller (name and address, contact, date of birth), the provision of personal data is a necessary requirement for the conclusion and performance of the contract – without the provision of personal data it is not possible to conclude the contract or its performance by the controller;
- to fulfil a legal obligation to which we are subject as a data controller (e.g. bookkeeping, tax compliance, etc.);
- sending commercial communications and other marketing activities;
- to establish, exercise or enforce legal claims.
- There is no automatic individual decision-making by the data controller within the meaning of Article 22 GDPR.
IV.
Data retention period
- The data controller shall retain personal data:
- for the period necessary for the exercise of the rights and obligations arising from the contractual relationship between the data subject and the controller and the exercise of claims arising from that contractual relationship (for a maximum period of 10 years from the termination of the contractual relationship);
- for as long as the consent to the processing of personal data for marketing purposes is not withdrawn, if the personal data are processed on the basis of consent.
- After the expiry of the retention period, the data controller shall delete the personal data.
V.
Recipients of personal data
- When processing personal data, we also use the services of verified and contractually obligated external business partners. These are the so-called recipients and processors who develop and maintain functional and secure systems for LitFin, supply the necessary software solutions or provide other services or products that are necessary for part of the processing of personal data for the above-mentioned purposes.
- In addition, the personal data provided to:
- the courts, other public authorities and other public bodies, where necessary for the exercise of the controller’s rights vis-à-vis the data subject or for the fulfilment of the controller’s legal obligation;
- law enforcement authorities, where necessary for the exercise of the controller’s rights vis-à-vis the data subject or for the fulfilment of the data controller’s legal obligation;
- third parties who will act on our behalf in the provision of services or in the performance of other activities related to the provision of services on the basis of an authorisation from the data controller;
- third parties who will be involved in negotiating contract opportunities with the data controller;
- third parties who will provide marketing services; and
- the new owners of LitFin and legal advisors in the case of sale of LitFin or other similar transaction.
- The data controller may transfer personal data to a third country (a country outside the EU) or an international organisation. Recipients of personal data in third countries are providers of mailing services or cloud services or persons involved in negotiating contract opportunities with the controller, involved in ensuring the operation of the services and providing marketing services.
- In this case, the data controller shall adopt adequate guarantees of the protection of personal data within the meaning of Article 44 et seq. of the GDPR.
VI.
Rights if the data subject
- Under the conditions set out in the GDPR, the data subject shall have:
- the right of access to his or her personal data pursuant to Article 15 of the GDPR;
- the right to rectification of personal data pursuant to Article 16 GDPR, or restriction of processing pursuant to Article 18 GDPR;
- the right to erasure of personal data pursuant to Article 17 GDPR;
- the right to object to processing pursuant to Article 21 GDPR (in particular in the case of processing for direct marketing purposes);
- the right to data portability pursuant to Article 20 GDPR;
- the right to withdraw consent to the processing of personal data at any time in writing or electronically to the address or email of the data controller specified in Article III of these Terms and Conditions.
- In addition, the data subject has the right to lodge a complaint with the competent Data Protection Authority, in particular in the Member State of his or her habitual residence, place of employment or place of alleged infringement, if he or she considers that his or her right to data protection has been infringed.
VII.
Voluntary provision of personal data
- The provision of personal data shall be voluntary, but non-provision of the necessary personal data shall be incompatible with the establishment of the relevant legal relationship and the fulfilment of the rights and obligations arising therefrom.
VIII.
Conditions for the security of personal data
- The data controller declares that it has taken all appropriate technical and organisational measures to ensure the security of personal data and the security of data storage devices and documents containing personal data.
- The controller declares that only persons authorised by the data controller have access to the personal data.
IX.
Cookies
- The LitFin website uses cookies.
- Cookies can be refused by clicking on the «Decline» button that appears in the bottom right corner of the browser after opening the LitFin website.
- This website uses functional and analytical cookies. Functional cookies are cookies that are necessary for the website to function. LitFin also uses analytics cookies (Google Analytics) that measure the quality and functionality of the website. These analytics cookies do not process any personal data, only statistical information.
X.
Final provisions
- By ticking the consent box or signing the agreement, you confirm that you have read the privacy policy and accept it in its entirety.
- The data controller is entitled to change these terms and conditions. It will publish the new version of the privacy policy on its website or, where applicable, send the new version of the privacy policy to the data subject at the email address provided to the controller.