The careful handling of your personal data is our highest priority. We value your trust and assure you that we handle your personal data very carefully.
Investro.com ensures that personal data is collected, processed and used solely for the purpose specified herein.
As suggested above, this privacy also applies to processing personal data of all specific Company’s service providers such as marketing services providers, moderators, consent writers, publishers etc. if provided by natural persons and/or companies structure, in which case we process personal data of its directors, shareholders and/or employees if necessary.
1. Who is the data controller?
Invest Media s.r.o., reg.n.: 09880666, reg. office: Spálená 480/1, Trnitá, 602 00 Brno, Czech Republic (operator of Investro.com), is responsible for the processing of personal data. We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the DPO using the details set out below. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
2. Which sources and data do we use?
We process personal data that we receive from our (potential) customers or other affected persons as part of our business relationship. In addition, we process – insofar as necessary for the provision of our services – personal data that we legitimately gain from publicly available sources (e.g. the internet) or which we obtain from registration forms on our or other websites.
Relevant personal data (if collected) are:
- particulars (name, company name, address and other contact details, reg. numbers, tax ID numbers, date and place of birth and nationality),
- legitimacy data (e.g. identity card data)
- authentication data (e.g. signature sample).
- Payment data (bank account no., card data etc.)
Device Information (if collected) are:
- device and device identification number, device IMEI
- IP address
- browser type and version
- operating system
- Internet service providers
- advertising identifier of your device
- visitor identifier
In addition, this may include order data, data from the fulfilment of our contractual obligations (e.g. turnover data from the transactions), advertising, promotional and sales data (including advertising scores), documentation data (e.g. recording of telephone conversations) as well as other data comparable to the mentioned categories.
3. What is the purpose of processing data and on what legal grounds do we process your personal data?
We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR):
a)For the performance of contractual obligations (Article 6 (1) b GDPR)
The processing of data is carried out to provide and mediate our services, as part of the execution of our contracts with our customers or to carry out pre-contractual actions, which are carried out on request. The purposes of data processing are primarily based on the specific agreement. Further details on the data processing purposes can be found in the relevant contract documents and terms and conditions.
b)For legitimate interests (Article 6 (1) f GDPR)
If necessary, we process your data beyond the actual performance of the contract for the protection of legitimate interests of us or third parties.
- Process and negotiate pre-contractual communication and presentation of our services through electronic means
- review and optimisation of requirements analysis procedures for direct customer approach,
- advertising or market and opinion research, as long as you have not objected to the use of your data,
- asserting legal claims and defence in legal disputes,
- ensuring the IT security and IT operations of the company,
- prevention and investigation of criminal offences,
- measures for the business control and further development of services and products,
- risk management of the Company,
- creditors or insolvency administrators requesting foreclosures
c) With your consent (Article 6 (1) a GDPR)
If applicable you may give us consent to the processing of personal data for specific purposes (e.g. extended use of e-mail address for advertising measures and the sending of newsletters, sharing your personal data with other controllers), the legality of this processing may be based on your consent.
We will get your express opt-in consent before we share your personal data with any company for their own processing purposes.
A given consent can be revoked at any time. The revocation of consent does not affect the legality of the data processed until the revocation.
d) Due to legal requirements (Article 6 (1) c GDPR) or in the public interest (Article 6 (1) e GDPR)
In addition, as a service provider, we are subject to various legal obligations, i.e. legal requirements as well as supervisory requirements. The purposes of the processing include identity and age checks, prevention of fraud and money laundering, the fulfilment of reporting obligations towards public authorities as well as the evaluation and management of risks within the company.
Consents can, of course, be revoked at any time with effect for the future.
4. Collection and use of your personal data
Information that we receive from you helps us to customize our services and offers and to continually improve them. We use this information to perform our services. We also use your information to communicate with you about services, products, services, and marketing opportunities (see communications below by e-mail), as well as to update our records and maintain your customer profile and to recommend services that might interest you. We also use your information to improve our product offering and our platform, to prevent or detect misuse of our website or to enable third parties to carry out technical, logistical or other services on our behalf.
We collect the following information:
- Information you provide us: We collect and store any information that you submit to our website (registration of our account and/or news subscription) or transmit to us in any other way. You give us information when you are looking for something, consulting a course, completing a questionnaire or communicating with our customer service. For example, when you search for a product, place an order, or provide information in your personal information; if you communicate with us by phone, e-mail or otherwise; if you complete a questionnaire, attend a webinar, and use other service offerings that personally inform you of certain offers – e.g. newsletter. Information you provide us here may be your name, address, telephone number, account information, etc.. You may choose not to provide us with certain information, but this may result in you being unable to use many of our services/features or we might be unable to communicate.
- Automated information: As soon as you contact us or visit our website, we store certain information. Among other things, we use – like many other websites – so-called “cookies” and receive information as soon as your web browser opens Investro.com website. Examples of information we collect and analyse include, in abbreviated form, the Internet Protocol (IP) address that connects your computer to the internet, email receipt and a read receipt, logins, e-mail addresses, computer information and internet connection such as; Browser type and version, operating system and platform as well as the complete Uniform Resource Locators (URL) clickstream to, through and from our website, that means the order of the pages of our internet site that you visit, including date and time, cookie number, and the products that you viewed or searched for.
- E-mail communication: as a necessary part of mutual communication, we use email and/or other distance means to contact you as well as to be able to receive any inquiries from you if needed.
- Information from other sources: Occasionally, we may also use information about you from other sources and add it to our information about your customer account. Examples of information we receive from other sources include updated information about suppliers’ inventory addresses that we use to update our database to ensure your next activity statement or other important documents and to ensure that we are with you to be able to communicate. Other examples include information about your potential status as a politically exposed person or the emergence of a sanction list that we use to detect misuse, particularly fraud, and offer you certain services within our scope.
5. Whom do we share your data with?
Invest Media s.r.o., those departments gain access to your data, which need it to fulfil our contractual and legal obligations. Our service providers and vicarious agents may also receive data for these purposes if they maintain business confidentiality. These are companies in the categories: IT services, education services, logistics, printing services, telecommunications and consulting (law, taxes) as well as sales and marketing. They all might have the status of the processor.
With regard to the transfer of data to recipients outside of our company, it should first be noted that as a service provider we commit ourselves to secrecy about all customer-related facts and valuations from which we become aware. In principle, we may only disclose information about you if statutory provisions require it, if you have given your consent or if we are authorised to provide information. Under these conditions, recipients of personal data may be:
- Public bodies and institutions (e.g. Federal Financial Supervisory Authority, tax authorities, law enforcement authorities) in the case of a legal or regulatory obligation
- Other data recipients may be those for whom you have given us your consent to submit the data or to whom we may delegate personal information due to legitimate interests.
6. Is your personal data being transmitted to non-EU countries or international organizations?
A transfer of data to countries outside the European Union takes place, as far as
- it is required to execute your requirements,
- it is required by law (e.g. tax reporting obligations) or
- you have given us your consent.
Furthermore, a transfer of data to authorities in third countries is provided in the following cases:
- If this is required in individual cases, your personal information may be transferred to an IT service provider in another third country to ensure the IT operations of the company in compliance with the European data protection level
- With the consent of the person concerned or due to legal provisions on the fight against money laundering, terrorist financing and in other cases, personal data (e.g. legitimacy data) are transmitted in compliance with the level of data protection of the European Union in other criminal acts as well as in the context of a legitimate interest.
Cookies are textual information (ASCII text) stored on your hard drive via your browser (e.g. Microsoft Explorer or Mozilla Firefox). If you visit the website again, which has passed the cookie to your browser, you will be recognized here and individually addressed.
8. How long is your personal data being stored for?
We process and store your personal data as long as it is necessary for the performance of our contractual and legal obligations. It should be noted that our business relationship is a continuing obligation, which is designed for years.
If the data is no longer required for the performance of contractual or legal obligations, these are regularly deleted, unless their – temporary – further processing is necessary for the following purposes:
- Only if applicable and if related to certain services fulfilment of commercial and tax-related retention requirements: tax legislation, the financial legislation, the Money Laundering and Terrorist Financing Act. The storage periods are, in most cases, 5 – 10 years.
- Processing of personal data of the registered person (companies) may take up to 1 year without granting additional consent from registration or until rejection of such processing.
- If registration occurs for the purpose of obtaining services from us hence the business relationship is established, personal data processing is necessary to maintain for the period of such relationship existence. After its termination due to our legitimate interest we process personal data for additional 5 years.
- Preservation of evidence within the statutory limitation period.
- Personal data contained in email, chats and other means of distant communication might be processed according to the related and relevant purpose specified herein. Processing period might be up to 5 years. Processing your data in order to preserve active communication without your responding might take up to 12 months (or longer if applicable any of other purposes to process).
9. Which rights do you have as a data subject?
Each data subject has the right of access under Article 15 of the GDPR, the right of rectification under Article 16 GDPR, the right to erasure under Article 17 GDPR, the right to restriction of processing under Article 18 GDPR, the right to object under Article 21 GDPR and the right to data portability under Article 20 GDPR.
There is a right of appeal to a competent data protection supervisory authority.
You may revoke your consent to the processing of personal data at any time.
Please note that revocation only works for the future. Processing that took place before the revocation is not affected.
10. Do you have an obligation to provide data to us?
As part of our business relationship and possibly pre-contract relationship, you must provide the personal information that is required to collect, perform, and terminate a business relationship and to perform the associated contractual obligations or that we are required to collect by law. Without this information, we will generally be unable to neither provide you with a presentation of our services nor conclude or execute the contract with you.
In particular, if certain services are provided according to the money laundering regulations, we are obliged to identify you prior to the establishment of the business relationship on the basis of your identity document and to record the name, place of birth, date of birth, nationality, address and identity card details. In order for us to be able to fulfil this legal obligation, you must provide us with the necessary information and documents in accordance with the Money Laundering Act and immediately notify us of any changes during the business relationship.
If you do not provide us with the necessary information and documents, we may not take up or continue your desired business relationship.
11. Does any automated decision-making take place?
In principle, we do not use fully automated automatic decision-making pursuant to Article 22 GDPR to justify and implement the business relationship. If we use these procedures in individual cases, we will inform you about this separately, provided that this is prescribed by law.
12. Complaint to the Data Protection Authority
You have the right to submit a complaint to the competent Data Protection Authority – Web
13. Right to object, Art. 21 GDPR
a) Case-specific right of objection
You have the right for reasons that derive from your special situation, to object at any time against the processing of your personal data resulting from Article 6 (1) (f) of the GDPR (data processing based on legitimate interests); this also applies to profiling based on this provision in the senses of Art. 4 No. 4 DS-GVO, which we use for advertising purposes.
If you object, we will not further process your personal data unless we can do so for legitimate reasons which predominate your rights and freedoms predominate or the processing serves the assertion, exercise or defence of legal claims.
b) Right to object to the processing of data for direct marketing purposes
In individual cases, we process your personal data in order to operate direct mail. You have the right to object at any time to the processing of personal data concerning you for the purposes of such advertising; this also applies to profiling insofar as it is associated with such direct mail.
If you object to the processing for direct marketing purposes, we will no longer process your personal data for these purposes. The objection can be free of form and should be directed to our email.