Privacy Statement of LitFin group
last updated 20th May 2022
Personal data protection
Personal Data Controller
- The data controller pursuant to Article 4, point 7 of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter: “GDPR”) is each of the companies belonging to the LitFin Group (hereinafter: “LitFin”).
- The contact details of the controller are:
Hybernská 7, Nové Město, 110 00 Prague 1, Czech Republic email: firstname.lastname@example.org
- The data controller has not appointed a data protection officer.
Sources and categories of personal data processed
- The data controller processes personal data provided to it by the data subject or personal data obtained by the data controller on the basis of the performance of a contract.
- The data controller processes, in particular, identification and contact data, in particular in the following scope: name, surname, date of birth, bank connection, contact details, other data necessary for the performance of the contract.
- The data controller processes personal data from a special category within the meaning of Article 9 GDPR, with the express consent of the data subject.
Legal basis and purpose of the processing of personal data
- LitFin processes personal data on the basis of the following legal grounds:
- the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
- the processing is necessary for the performance of a contract to which the data subject is a party or for the measures taken before the conclusion of the contract at the request of the data subject;
- the processing is necessary for compliance with a legal obligation to which the data controller is subject;
- legitimate interest of the data controller in providing direct marketing (in particular for sending commercial communications and newsletters);
- consent to processing for the purposes of providing direct marketing (in particular for sending commercial communications and newsletters) pursuant to Article 6(1)(a) of the GDPR in conjunction with Section 7(2) of Act No. 480/2004 Coll., on Certain Information Society Services (in the case of Slovakia: Section 62 (2) of Act No. 351/2011 Coll., on Electronic Communications, as amended) in the absence of a contract with the controller.
- The purpose of the processing of personal data is:
- the exercise of rights and obligations arising from the contractual relationship between the personal data subject and the data controller; when negotiating the conclusion of a contract, personal data necessary for the successful conclusion of the contractual relationship with the controller (name and address, contact, date of birth), the provision of personal data is a necessary requirement for the conclusion and performance of the contract – without the provision of personal data it is not possible to conclude the contract or its performance by the controller;
- to fulfil a legal obligation to which we are subject as a data controller (e.g. bookkeeping, tax compliance, etc.);
- sending commercial communications and other marketing activities;
- to establish, exercise or enforce legal claims.
- There is no automatic individual decision-making by the data controller within the meaning of Article 22 GDPR.
Data retention period
- The data controller shall retain personal data:
- for the period necessary for the exercise of the rights and obligations arising from the contractual relationship between the data subject and the controller and the exercise of claims arising from that contractual relationship (for a maximum period of 10 years from the termination of the contractual relationship);
- for as long as the consent to the processing of personal data for marketing purposes is not withdrawn, if the personal data are processed on the basis of consent.
- After the expiry of the retention period, the data controller shall delete the personal data.
Recipients of personal data
- When processing personal data, we also use the services of verified and contractually obligated external business partners. These are the so-called recipients and processors who develop and maintain functional and secure systems for LitFin, supply the necessary software solutions or provide other services or products that are necessary for part of the processing of personal data for the above-mentioned purposes.
- In addition, the personal data provided to:
- the courts, other public authorities and other public bodies, where necessary for the exercise of the controller’s rights vis-à-vis the data subject or for the fulfilment of the controller’s legal obligation;
- law enforcement authorities, where necessary for the exercise of the controller’s rights vis-à-vis the data subject or for the fulfilment of the data controller’s legal obligation;
- third parties who will act on our behalf in the provision of services or in the performance of other activities related to the provision of services on the basis of an authorisation from the data controller;
- third parties who will be involved in negotiating contract opportunities with the data controller;
- third parties who will provide marketing services; and
- the new owners of LitFin and legal advisors in the case of sale of LitFin or other similar transaction.
- The data controller may transfer personal data to a third country (a country outside the EU) or an international organisation. Recipients of personal data in third countries are providers of mailing services or cloud services or persons involved in negotiating contract opportunities with the controller, involved in ensuring the operation of the services and providing marketing services.
- In this case, the data controller shall adopt adequate guarantees of the protection of personal data within the meaning of Article 44 et seq. of the GDPR.
Rights if the data subject
- Under the conditions set out in the GDPR, the data subject shall have:
- the right of access to his or her personal data pursuant to Article 15 of the GDPR;
- the right to rectification of personal data pursuant to Article 16 GDPR, or restriction of processing pursuant to Article 18 GDPR;
- the right to erasure of personal data pursuant to Article 17 GDPR;
- the right to object to processing pursuant to Article 21 GDPR (in particular in the case of processing for direct marketing purposes);
- the right to data portability pursuant to Article 20 GDPR;
- the right to withdraw consent to the processing of personal data at any time in writing or electronically to the address or email of the data controller specified in Article III of these Terms and Conditions.
- In addition, the data subject has the right to lodge a complaint with the competent Data Protection Authority, in particular in the Member State of his or her habitual residence, place of employment or place of alleged infringement, if he or she considers that his or her right to data protection has been infringed.
Voluntary provision of personal data
- The provision of personal data shall be voluntary, but non-provision of the necessary personal data shall be incompatible with the establishment of the relevant legal relationship and the fulfilment of the rights and obligations arising therefrom.
Conditions for the security of personal data
- The data controller declares that it has taken all appropriate technical and organisational measures to ensure the security of personal data and the security of data storage devices and documents containing personal data.
- The controller declares that only persons authorised by the data controller have access to the personal data.
- Cookies can be refused by clicking on the “Decline” button that appears in the bottom right corner of the browser after opening the LitFin website.
- This website uses functional and analytical cookies. Functional cookies are cookies that are necessary for the website to function. LitFin also uses analytics cookies (Google Analytics) that measure the quality and functionality of the website. These analytics cookies do not process any personal data, only statistical information.