Personal Data Protection Policies of DELTA Investicní spolecnost, a.s. (and the funds it manages)

Identity and contact details of the controller

DELTA Investicní spolecnost, a.s. Americká 340/31, Prague – Vinohrady, 120 00 Company ID No.: 03232051

Data Protection Officer (DPO) – Goodking DPO s.r.o.
deltais@kontaktDPO.cz, tel. +420 725 587 047

(hereinafter “we” or the “administrator”)

Please, carefully read the following text to understand our procedures with your personal data and how we will treat them. We apply a “lucid approach” to explanation of its procedures in relatioto the protection of personal data as recommended with the supervisory bodies. For your feedback or any of your queries to protect privacy, the Policies also contain the contact information of the Data Protection Officer (DPO), who is appointed by DELTA Investicní spolecnost, a.s.

Content and purpose of the Data Protection Policy Document

This document contains information concerning the protection of the personal data of data subjects, mainly investors and potential investors. The purpose of this document is to acquaint you with your rights and provide comprehensible information about how the personal data shall be treated. We appreciate the confidence with which you are providing us with your personal data, and we proceed in the processing of the personal data according to Act No. 101/2000 Coll., on personal data protection, and Regulation (EU) 2016/679, i.e., the General Data Protection Regulation in force from 25 April 2018, which is generally known as the General Data Protection Regulation. By clicking the number of the Regulation in the preceding sentence, you directly jump to the text of this regulation and also find the wording of the legal regulations to which we refer in the text below. DELTA Investicní spolecnost, a.s., who is engaged in the founding, management and administration of funds of qualified investors according to Act No. 240/2013 Coll., on investment companies and investment funds with provision of comprehensive services and operation of the www.deltais.cz website and the websites of the funds managed by the Company, undertakes to protect and respect your right to privacy. These Policies lay down the foundation that shall form the basis for processing any personal data, which we shall get from you or that you shall provide to us.

Types of personal data that we process

We mandatorily process personal data in cases stipulated by law. We further process data that arises in the justified interest of the controller, from fulfilment of the contract or from the contract negotiations. If we shall require content to process some personal data for specific purposes, then such data shall only be processed for the concrete purpose with your consent. You can cancel such consent at any time.

The following personal data categories: identification and contact data, payment data, records of instructions and communication with clients and data ascertained by questionnaire for determination of the profile of the investing person are processed on the basis of the legal title for fulfilment of the legal obligations according to the legal regulations. It primarily concerns Act No. 256/2004 Coll., on business on the capital market, Act No. 190/2004 Coll., on bonds, Act No. 563/1991 Coll., on accounts, Act No. 240/2013 Coll., on investment companies and investment funds, Act No. 253/2008 Coll., on some measures against the legalisation of proceeds from crime and funding of terrorism and Commission delegated Regulation (EU) No. 231/2013. Since this concerns statutory requirements, which do not provide such personal data, it shall make the provision of a specific service or product possible. The given personal data categories are processed for the purpose of fulfilment of the above-stated legal obligations. The data is processed for a period of 10 years from the end of the transaction or termination of the contractual relationship with the exception of the category of the records of instructions and communication with clients, where the archiving period is 5 years after the year to which the data applies.

The following personal data categories: identification, contact data and payment data, are also processed on the basis of the legal title for fulfilment of the contract. The processing of the above-stated personal data is primarily done for the purpose of keeping a record and fulfilment of the contract, record of incoming investments and payment of yields. The data is processed for a period of 10 years from the end of the transaction or termination of the contractual relationship.

The following personal data categories: identification and contact data, payment data are processed on the basis of the legal title of the justified interest of the controller. The processing of the above-stated personal data is done for marketing, trading, statistics and security purposes. The data is in the case of justified interest only processed for the reasonable duration of the justified interest.

Automated decision-making and profiling

In the case of processing of all the above-stated personal data, automatic decision-making is not used. Profiling is only used during the review of the investor’s profile and during fulfilment of legal obligations.

Disclosure of your information

We do not provide the personal data to anybody, excluding cases described in these Policies. The only recipients of your personal data are solely in the following categories (types) of subjects: interconnected companies within the controller’s group and the managed and administered funds, providers of accounting, audit and legal services, providers of the IT system or data storage and distributors. We can share your personal data with third parties in order to prevent crime and reduce risk if this is required by law and where such action is necessary for judicial proceedings or in order to protect our own or our customers’ rights or assets.

Where we store your personal data

The data we collect from you is only kept and processed within the European Economic Area (“EEA”).

Data security

We directly adopt technical and organisational measures and all other steps necessary to ensure the secure handling of your personal data according to these Policies. If we have provided you (or you have already chosen your own) password, access point or any other security resource for the purpose of authentication, which will enable you to access certain parts of our websites or the websites of the funds we manage, you are responsible for keeping this password secret and observance of our instructions.

Your rights

Right of access to personal data (Article 15 of the GDPR)

This concerns the right to confirmation of the scope of your processed personal data. If we are processing your personal data, then you have the right to access it and the information about its processing, i.e., you have the right to know what personal data, why and over what period we shall process it.

Right to correction of personal data (Article 16 of the GDPR)

It is the right to immediate information about your incorrect data or its update. You have the right to supplement incomplete personal data, also by provision of an additional declaration (in which you state the new or full data).

Right to erasure of personal data or the “right to be forgotten” (Article 17 of the GDPR)

In given cases, you have the right to request us to delete your data immediately and irreversibly, also from all active back-ups.

Right to restriction of processing (Article 18 of the GDPR)

In the stipulated cases, according to the stated article, you have the right to demand the restriction of your personal data.

Right to data portability (Article 20 of the GDPR)

Under the conditions stipulated in the applicable article, you have the right to get your personal data and provide it to another controller, if this is technically feasible. The controller must not in any way hinder such action and must provide the data in standard machine readable format. If in case of necessity, you require a copy of the personal data, we shall provide the data on standard basis free-of-charge.

Right to object (Article 21 of the GDPR)

If the personal data is processed for the purpose of the justified interests of the controller, you have the right to object to such processing. If shall no longer be further possible to process the data if the justified interest shall no longer be dominant over your interests, rights and freedoms. If the justified interest concerns the processing of data for direct marketing, then the consequence of the objection shall always be termination of the further processing of the personal data for direct marketing purposes.

Right to lodge a complaint with a supervisory authority (Article 77 of the GDPR)

If you have the feeling that your rights and freedoms are being violated in the area of protection of personal data, you have the right to lodge a complaint with the Office for Protection of Personal Data (OPPD). The details of the OPPD are available on the www.uoou.cz website.

Changes to our Privacy Policy

Any changes, which we can make in future in our Privacy Policy, shall be published on our website.

Contact us

If you desire to exercise any of your rights on personal data protection against the controller or other managing funds, you can contact us.

DELTA Investicní spolecnost, a.s. Americká 340/31, Prague – Vinohrady, 120 00 Company ID No.: 03232051

Data Protection Officer (DPO) – Goodking DPO s.r.o.

deltais@kontaktDPO.cz, tel. +420 725 587 047