Principles of protection of personal data with effect from 25.05.2018

By means of the Privacy Policy (hereinafter referred to as the "Policy") we shall notify the data subjects whose personal data we process, as well as about all processing activities and the privacy policy of the data subjects.

1. RESPONSIBLE PERSONS

PERSONAL DATA MANAGER:

The Company INVESTER LLC (hereinafter referred to as the “Operator”)

CONTACTS TO APPLY YOUR RIGHTS:

Tel: +420 225 376 211, +420 777 689 390
E-mail: info@invester.cz

(hereinafter referred to as "we")

2. BASIC TERMS

GDPR:

Regulation (EU) 2016/679 of the European Parliament and of the Council 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC effective from 25.5.2018.

PERSONAL DATA:

Personal data within the meaning of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (hereinafter referred to as "GDPR") means all information about an identified or identifiable natural person (i.e. data subject = you).

SPECIAL PERSONAL DATA:

Special personal data means information on racial or ethnic origin, political opinions, religion or philosophical beliefs or trade union membership, processing of genetic data, biometric data to uniquely identify a natural person and data on health or sexual life or sexual orientation of persons.

DATA SUBJECT = YOU:

Data subject shall mean an identified or identifiable natural person, the identifiable natural person being a natural person who can be identified, directly or indirectly, in particular by reference to an identifier, such as name, identification number, location information, network identifier or one or more specific elements of the natural person; the physiological, genetic, psychological, economic, cultural or social identity of that individual.

PROCESSING OF PERSONAL DATA:

Processing of personal data within the meaning of Article 4 (2) of the GDPR means any operation or set of operations involving personal data or files of personal data which is carried out with or without automated procedures such as collecting, recording, arranging, structuring, storing, adapting or altering, finding, inspecting, using, making available, sorting or combining, restricting, deleting or destroying.

ADMINISTRATOR:

For the purposes of Article 4 (7) of the GDPR, "controller" means a natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. We act as administrator in relation to your personal data.

PROCESSOR:

For the purposes of Article 4 (8) of the GDPR, "processor" means a natural or legal person, public authority, agency or other entity processing personal data for the controller.

SUPERVISORY AUTHORITY:

In the Czech Republic, the Supervisory Authority means the Office for Personal Data Protection (hereinafter referred to as the “DPO”).

RISK PROCESSING:

Risky processing means processing likely to pose a risk to the rights and freedoms of data subjects, processing is not occasional, or involves processing of specific personal data or personal data relating to criminal convictions and offenses referred to in Article 10 of the GDPR.

AUTOMATED INDIVIDUAL DECISION MAKING INCL. PROFILING:

Automated individual decision making incl. profiling is generally understood to be any form of decision based on automated processing of personal data, i.e. without human intervention, based, inter alia, on the evaluation of certain personal aspects relating to the data subject, in particular for the purpose of analysis or estimation, respectively analyzing or anticipating aspects of his / her work performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movement.

3. CATEGORIES OF ENTITIES, PROCESSED PERSONAL DATA, PURPOSE, LEGAL BASIS AND TIME OF PROCESSING

Categories of data subjects	Purpose of personal data processing	Legal basis and personal data processed	Processing period
Website visitors	Statistics before data automation, showing advertisements for our services or goods	The legal basis is a legitimate interest in terms of a) improving our services and focusing on what you really care about; b) offering you similar services or goods that meet your needs by accessing our website. Identifying information (name, surname), contact information (address, e-mail, telephone), IP address and cookies.	For this purpose, personal data may be processed for a number of months.
Sending a response to a website visitors query	The legal basis is the performance of the contract or your consent. Identifying information (name, surname), contract information (address, e-mail, telephone), IP adress and cookies, inquiry form.	For this purpose, personal data may be processed until the inquiry form has been processed from the contact form, but no longer than 30 days or the period for which your consent to the processing lasts.
News subscribers	Sending business messages by email	The legal basis is the consent you gave us when signing up for our newsletter. Identification data (name, surname), contact information (e-mail).	For this purpose, personal data may be processed until withdrawal of consent.

Categories of data subjects

Purpose of personal data processing

Legal basis and personal data processed

Processing period

Website visitors

Statistics before data automation, showing advertisements for our services or goods

The legal basis is a legitimate interest in terms of a) improving our services and focusing on what you really care about; b) offering you similar services or goods that meet your needs by accessing our website.

Identifying information (name, surname), contact information (address, e-mail, telephone), IP address and cookies.

For this purpose, personal data may be processed for a number of months.

Sending a response to a website visitors query

The legal basis is the performance of the contract or your consent.

Identifying information (name, surname), contract information (address, e-mail, telephone), IP adress and cookies, inquiry form.

For this purpose, personal data may be processed until the inquiry form has been processed from the contact form, but no longer than 30 days or the period for which your consent to the processing lasts.

News subscribers

Sending business messages by email

The legal basis is the consent you gave us when signing up for our newsletter.

Identification data (name, surname), contact information (e-mail).

For this purpose, personal data may be processed until withdrawal of consent.

We only store personal data for as long as is necessary for the purpose of their processing - see the table above. After this period, personal data may be stored only for the purposes of the State Statistical Service, for scientific purposes and for archival purposes.

5. BENEFICIARIES AND TRANSMISSION OF PERSONAL DATA OUTSIDE THE EUROPEAN UNION

In justified cases, we may pass on your personal data to other entities (hereinafter referred to as "the recipient").

Personal data may be passed to the following recipients:

processors who process your personal data in accordance with our instructions, in particular in the areas of public relations, electronic data management or bookkeeping;
public authorities and other bodies if required by the applicable legislation;
other entities in the event of an unforeseen event in which the provision of data is necessary for the purpose of protecting life, health, property or other public interest or where necessary to protect our rights, property or security.

6. Cookies

After your first visit to our site, our server sends a small amount of data to your computer and stores it there. The browser then sends the data back to the server each time you visit the site. This small file is called a "cookie" and is a short text file containing a specific string of characters with unique information about your browser. We use cookies to improve the quality of our services and to better understand how people use our site. That is why we have stored user preferences in cookies to track user trends and how people behave and view them on our site.

Most browsers are set to accept cookies. However, you have the option of setting your browser to block cookies or to notify you when cookies are sent. However, without cookies some of our services or features will not work properly.

Our website uses “first-party” cookies, i.e. cookies used only by our website (“first-party cookies”) and “third-party” cookies (i.e. cookies from third-party websites). We use first-party cookies to store user preferences and information needed during your visit to the website (e.g., the contents of your shopping cart). We use third-party cookies to track user trends and behavior patterns, and to target advertising with the help of third-party web statistics providers.

Third-party cookies used to track trends and behavior patterns are only used by our website and web statistics providers, and are not shared with any other third party. WE USE IN PARTICULAR THE FOLLOWING COOKIES:

Google Analytics
Google AdWords
Facebook
Sklik

7. PRINCIPLES OF PERSONAL DATA PROCESSING

LEGALITY

We process your personal data in accordance with applicable law, in particular GDPR.

CONSENT OF THE DATA SUBJECT

We only process personal data in the manner and to the extent that you have given us permission, where the consent is required for the processing.

MINIMIZATION AND LIMITATION OF PERSONAL DATA PROCESSING

We only process personal data to the extent that it is necessary to achieve the purpose of their processing and for no longer than is necessary to achieve the purpose of their processing.

PRECISION OF PERSONAL DATA PROCESSED

We process personal data with an emphasis on accuracy, using available measures. And we use updated means to process updated personal information.

TRANSPARENCY

Through this Policy and the contact person, you have the opportunity to become acquainted with the way we process your personal data, as well as with its scope and content.

EFFECTIVE LIMITATIONS

We process personal data only to the extent necessary to fulfill the stated purpose and in accordance with this purpose.

SAFETY

We process personal data in such a way as to ensure that it is properly secured, including by means of appropriate technical or organizational measures, against unauthorized or unlawful processing, and accidental loss, destruction or damage.

8. AUTOMATIZED INDIVIDUAL DECISION-MAKING AND PROFILING

There is no automated individual decision-making when processing personal data, even on the basis of profiling.

9. YOUR RIGHTS AS A DATA SUBJECT

RIGHT OF ACCESS TO PERSONAL DATA:

You have the right to request from us access to personal data concerning you. In particular, you have the right to obtain confirmation from us whether or not personal data concerning you are processed by us, and to provide further information about the data processed and the processing in accordance with the relevant GDPR provisions (purpose of processing, personal data categories, recipients, planned storage period, existence of your right to request correction, deletion, processing restriction or right to object, source of personal data and right to file a complaint). If you request, we will provide you with a copy of the personal data we process about you free of charge. In the case of a repeated application, we may charge a reasonable fee for providing a copy, corresponding to the administrative cost of processing.

Use your user account or contacts listed in this policy to access your personal information.

RIGHT TO REVERSE PERSONAL DATA PROCESSING IF PROCESSING IS BASED ON A CONTRACT:

You have the right at any time to withdraw your consent to the processing of personal data processed by us under this consent.

You may revoke consent through your user account or the contacts listed in this policy.

RIGHT TO CORRECTION, RESTRICTION OR LIMITATION:

If you find that the personal information we have about you is inaccurate, you may require us to correct it without undue delay. If this is appropriate in the specific circumstances of the case, you may also request the addition the information we hold about you.

You may request correction, processing restriction or deletion of data via your user account or contacts listed in this policy.

RIGHT TO DELETE PERSONAL DATA:

You have the right to request that we delete, without undue delay, personal data concerning you in the following cases:

if you withdraw your consent to the processing of personal data and there is no other legitimate reason for the processing of the data that prevails over your right of erasure;
if you object to the processing of personal data (see below);
your personal information is no longer needed for the purposes for which we have collected or otherwise processed it;
personal data were processed unlawfully by us;
personal data collected by us in connection with the offer of information company services to a person under 18 years of age;
personal data must be deleted to fulfill a legal obligation laid down in European Union law or in the Czech legal order that applies to us.

In such cases, you may request deletion via your user account or the contacts listed in this policy.

RIGHT TO REQUEST THE DELETION OF PERSONAL DATA IS NOT GIVEN IN THE SITUATION WHEN PROCESSING IS NECESSARY:

for exercising the right to freedom of expression and information;
to fulfill our legal obligations;
for reasons of public interest in the field of public health;
for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes, where deletion of data is likely to prevent or seriously jeopardize the attainment of the objectives of that processing;
to determine, exercise or defend legal claims.

You can find out if there are any reasons why you cannot use the right of erasure by using your user account or the contacts in this policy.

RIGHT TO RESTRICT PERSONAL DATA:

You have the right to restrict the processing of your personal data if:

you deny the accuracy of your personal information. In this case, the restrictions apply to the time required to verify the accuracy of the personal information.
processing is unlawful and you refuse to delete personal data and ask instead to restrict its use.
we no longer need your personal data for the purposes for which we have processed it, but you require it to identify, exercise or defend legal claims;
you dispute the processing (see below). In this case, the restriction applies until it is verified that the justified reasons on our part outweigh your justified reasons.

At a time when personal data is restricted, we may only process your personal data (except for storing it) with your consent, or to determine, exercise or defend our legal claims, to protect the rights of another natural or legal person, or or a Member State. As noted above, you may request processing restrictions through your user account or contacts listed in this policy.

RIGHT TO OBJECT TO ANY PROCESSING YOUR PERSONAL DATA, IN THE FOLLOWING CASES:

You have the right to object to the processing of your personal data in the following cases:

if personal data is processed because processing is necessary for the performance of a task performed in the public interest or in the exercise of official authority to which we are delegated or for the purposes of our legitimate interests, and you object to the processing, process, unless we can prove serious legitimate reasons for processing that outweigh your interests, rights and freedoms, or to determine, exercise or defend our legal claims.
if personal data is processed for direct marketing purposes and you object to the processing, we will no longer process personal data for that purpose.
if your personal data is processed for scientific or historical research purposes or for statistical purposes, we will not process it unless the processing is necessary for the performance of a task performed for reasons of public interest.

You can dispute these through your user account or through the contacts listed in this policy.

DATA TRANSFER RIGHT:

In the event that we process your personal data with your consent or because it is necessary to fulfill the contract concluded between us, you have the right to obtain from us personal data relating to you which you have provided us in a structured , a commonly used and machine-readable format if personal data is processed by us. You have the right to transfer this data to another data controller or to request that data be provided directly to another data controller, if technically feasible. You can obtain your personal information through your user account or through the contacts listed in this policy.

THE RIGHT TO BE NOT SUBJECT TO ANY DECISION BASED ONLY ON AUTOMATED PROCESSING, INCLUDING PROFILING:

We do not use personal information to make automated decisions.

RIGHT TO GET INFORMATION ON BREACH OF SECURITY OF YOUR PERSONAL DATA:

If it is likely that a breach of our security will result in a high risk to your rights and freedoms, we will notify you without undue delay. If appropriate technical or organizational measures have been used to process your personal data to ensure that the data is incomprehensible to an unauthorized person, for example, or if we take additional measures to ensure that the high risk does not materialize, we do not need to disclose the violation.

RIGHT TO MAKE A COMPLAINT TO THE SUPERVISORY AUTHORITY:

If you believe that processing your personal data violates the obligations set out in GDPR, you have the right to file a complaint with the supervisory authority. The supervisory authority in the Czech Republic is the Office for Personal Data Protection.