Privacy policy

Privacy Policy for clients of Broker Trust

The purpose of this Privacy Policy is to provide, in accordance with the General Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR), information on what personal data Broker Trust, a.s. with registered office at Hanusova 1411/18, Michle, 140 00 Praha 4, registration number: 264 39 719, registered in the Commercial Register maintained by the Municipal Court in Prague, Section B, Insert 7141 (hereinafter referred to as „BT“) processes as the controller about its clients. This Privacy Policy will also apply if you download and use our mobile application (with the working name „BTAKK“) or any other application of ours that directly links to the Privacy Policy.

Protecting the personal information of our clients – current and, to the extent appropriate, potential or former clients – is a priority for us, as is adherence to the principles and standards of data protection, in particular the following principles:

  • lawfulness, fairness, transparency

We process personal data in a fair, lawful and transparent manner in relation to our clients.

  • purpose limitation

We collect personal data of our clients only for specific and legitimate purposes and we do not process it in a way that is incompatible with those purposes.

  • data minimisation

We process our clients‘ personal data only to the extent appropriate and relevant to the purposes for which they are processed.

  • accuracy

We only process personal data identical to the data provided to us by the client.

  • storage limitation

We only process personal data enabling the identification of the client for no longer than is necessary for the purposes for which the personal data are processed.

  • integrity and confidentiality

Clients‘ personal data is appropriately secured. Ensuring the integrity, confidentiality and availability of personal data is crucial for us.

CONTENTS:

1. THE IDENTITY AND CONTACT DETAILS OF THE CONTROLLER AND THE PROCESSOR

1.1.Data controller     
1.2.Data Protection Officer (DPO)   

2. PROCESSING PURPOSES

2.1.Provision of financial advisory and related services   
2.2.Fulfilling legal obligations    
2.3.Legitimate interest     
2.4.Giving consent
2.5.Contacting you with offers of products, services and advice

3. CATEGORIES OF PERSONAL DATA

4. SOURCES AND PROCESSING OF PERSONAL DATA

5. RECIPIENTS OF PERSONAL DATA

6. TIME LIMIT FOR PROCESSING PERSONAL DATA

7. YOUR DATA PROTECTION RIGHTS

7.1.Right of access to personal data    
7.2.Right to rectification of inaccurate data    
7.3.Right to erasure    
7.4.Right to restriction of processing    
7.5.Right to notification of rectification, erasure or restriction of processing    
7.6.Right to data portability
7.7.Right to object to the processing of personal data    
7.8.Right to withdraw consent to the processing of personal data    
7.9.Automated individual decision-making, including profiling    
7.10.Cookies    
7.11.Right to contact the Office for Personal Data Protection

8. FINAL PROVISIONS

1. THE IDENTITY AND CONTACT DETAILS OF THE CONTROLLER AND THE DPO

1.1.Personal data controller

The personal data controller is Broker Trust, a.s. with registered office at Hanusova 1411/18, Michle, 140 00 Praha 4, registration number: 264 39 719, registered in the Commercial Register maintained by the Municipal Court in Prague, Section B, Insert 7141. As the controller, we determine the purposes and means of processing personal data.

1.2.Data Protection Officer

Due to the nature of our business, we have appointed a Data Protection Officer in accordance with the GDPR. We have ensured that our data protection officer (according to GDPR, we also use the abbreviation DPO) is properly and timely involved in all matters related to the protection of personal data. We provide them with the resources necessary to perform these tasks, to access personal data and processing operations and we maintain their expertise.

The Data Protection Officer duly fulfils its obligations under the GDPR or other legal regulations and, during the performance of their activities, provides information and advice to our employees and associates who come into contact with personal data and are involved in the processing of personal data. They monitor compliance of processing with the GDPR and other regulations, provide advice upon request, fulfil other obligations under the GDPR and cooperate with the supervisory authority.

If you would like to contact our Data Protection Officer regarding your rights or to inquire about how we use your personal data or to make a complaint about how we process your personal data, please send an email to the Data Protection Officer at DPO@brokertrust.cz or contact us in writing to Broker Trust, a.s., Data Protection Officer, Hanusova 1411/18, Michle, 140 00 Praha 4.

2. PROCESSING PURPOSES

2.1.Provision of financial advisory and related services

In this case, you – as a client – provide us with personal data when filling in the relevant forms, which may be, for example, an Investment Questionnaire or a Record of Meeting.

The provision of your personal data is necessary for the performance of the contract, or for the acts aimed at concluding the contract at your request, and is therefore necessary for the provision of our financial advisory and broker services.  

2.2.Compliance with legal obligations

As a provider of financial brokerage and advisory services, we must comply with certain legal obligations where we process your personal data.

These include reporting obligations to supervisory authorities (e.g. the Czech National Bank), archiving obligations or obligations under the Act on Certain Measures against the Legalization of Proceeds of Crime and Terrorist Financing.

2.3.Legitimate interest

In some cases, and only where our interests do not override your privacy interests, we process your personal data without your consent. This may include, for example, our administrative tasks, risk assessment, debt recovery, carrying out analyses and statistics, credit rating, or marketing targeted at our existing customers to offer our other services. However, we always follow the intentions of the GDPR.

2.4.Giving of consent

We use your consent to process your personal data for the purposes defined in the consent. This may include marketing to potential customers, sending you offers of our products and services or sending you newsletters.  

We process your personal data on the basis of your consent even if no contract is concluded or beyond the scope of the concluded contract. It is your decision whether to give us your consent. If you do not consent to the processing in question, we will not be able to offer you these services.
You can, of course, narrow or withdraw your consent at any time.

3. CATEGORIES OF PERSONAL DATA

Personal data is any information about an identified or identifiable natural person. An identifiable natural person is a natural person – a client who can be directly or indirectly identified.

We process our clients‘ personal data only to the extent necessary to fulfil the above purposes. In particular, we process:

  • Contact and identification details: name, date and place of birth, birth number, identity card number and expiry date, permanent address, contact address, nationality, for natural persons conducting business: business registration number, registered office address, telephone number, e-mail, bank account.
  • Details of the products provided: type and specification of the contract concluded, volume of products provided and their price.
  • Data required for financial planning: basic physical characteristics (age), socio-economic and
    socio-demographic characteristics (marriage, partnership, number of children, housing and household information, education, qualifications, employment occupation), lifestyle data (e.g. habits, leisure time = the aim is to find out possible costs), data on the use of financial products (it is also useful to assess the costs paid for existing financial product contracts). If you are interested in investment, we process data from the Investment Questionnaire (Adequacy Test and Suitability Test).
  • Personal data arising from communications with us, whether written or in person, such as records of meetings with you.
  • Data obtained from financial analysis: data about your available funds, security needs and need for savings to achieve your goals, etc.
  • Other data: this may include, for example, data on your health in the case of life insurance brokerage or certain types of supplementary insurance. As the processing of data about your health involves the processing of special categories of personal data, consent for such processing is always required, unless there is another legal basis for processing such personal data.

4. SOURCES AND METHODS OF PERSONAL DATA PROCESSING

We collect your personal data mainly through our partners, who collect it directly from you during the processing of the financial analysis (i.e. during the provision of financial advice according to your requirements and needs), or in other ways (e.g. by filling in a consent form). All our partners have a written data processing agreement with us and guarantee the same safeguards for the processing of your personal data as we do. We regularly check with our partners that they comply with our security policy, and we also provide training to our partners on data protection and information security in accordance with the requirements of the GDPR.

Your personal data is further processed by our employees in the performance of their duties, but only to the extent strictly necessary and with maximum security and compliance.

In addition, we may obtain your personal data from marketing events, campaigns, trade fairs, publicly available sources (public registers, records or lists).

We process your personal data manually and automatically in our information systems. A record is kept of each processing activity.

When evaluating aspects of your behaviour so that we can offer you the most accurate product on your personal terms, we also create derived data – profiling. Profiling takes place only within the framework of internal information systems where we comply with (and regularly verify) the security measures recommended by ISMS (Information Security Management System according to ISO certification).

5. RECIPIENTS OF PERSONAL DATA

We transfer your personal data to third parties involved in the processing of such data if it is necessary, in particular to financial advisors (tied agents), a list of which can be found on the Czech National Bank‘s website. We may also disclose your personal data if we are under a legal obligation to do so. In the case that there is no legal obligation, but is a contractual relationship, we will always enter into a personal data processing agreement with each such recipient.

For the purposes of providing advisory services and the performance of contracts concluded in relation to a financial product, we transfer your personal data to the entities whose product you have chosen to contract through us. These entities then act as independent data controllers.

In some cases, we are entitled or obliged (i.e. without your consent) by law to transfer your personal data to supervisory authorities or other public authorities in connection with the performance of our statutory duties.

In accordance with our legitimate interests, where necessary for the enforcement of our legal claims, we are entitled to transfer your personal data to other entities, such as bailiffs or courts.

We do not transfer your personal data to third countries.

6. TIME LIMIT FOR PROCESSING PERSONAL DATA

We only process your personal data for the necessary period of time corresponding to the purpose of the processing. That is:

Purpose Deadline
Legal obligation Established by a specific legislation
Provision of advisory services For the duration of the products or services (duration of the contract).
Potential client contact form 6 months after filling in the contact form
Potential client advisory meeting 2 years from the date of the meeting
Our legitimate interests For the duration of the interest. In general, the personal data is processed for the purposes of our legitimate interest until the 10th calendar year following the end of the use of products or services.  If legal, administrative or other proceedings are initiated under the period, the time limit shall last until the conclusion of the proceedings in question.
Your consent Until you withdraw your consent, unless the processing period is shorter.
Marketing and business purposes For a period of 10 years or for the duration of your consent.

7. YOUR DATA PROTECTION RIGHTS

Under the GDPR, you have the following rights.

7.1.Right of access to personal data

According to Article 15 of the GDPR, you have the right of access to your personal data, which includes the right to obtain from us:

  • confirmation whether we process your personal data,
  • information on the purposes of the processing, the categories of personal data concerned the recipients to whom the personal data have been or will be disclosed,
    the intended duration of the processing, the existence of a right to request rectification from the controller or erasure of personal data relating to the data subject, or restrictions on the processing or to object to such processing, the right to lodge a complaint with a supervisory authority, any available information on the source of the personal data, if not obtained from the data subject, the fact that automated decision-making takes place, including profiling, the appropriate safeguards in case of transfer of data outside the EU,
  • if the rights and freedoms of others will not be adversely affected, a copy of the personal data.

In the event of a repeated request, we are entitled to charge a reasonable fee for a copy of the personal data.

The right to confirmation of the processing of personal data and the right to information can be exercised in writing to the address of the registered office of our company Broker Trust, a.s., Data Protection Officer, Hanusova 1411/18, Michle, 140 00 Praha 4, or electronically by email at dpo@brokertrust.cz. A response will be sent to you within 30 days of receipt of your request, after verifying your identity to ensure that your personal data is only transferred to you. The exact verification procedure will be communicated to you after your request.

7.2.Right to rectification of inaccurate data

According to Article 16 of the GDPR, you have the right to rectification of inaccurate personal data we process about you. You also have the obligation to notify changes to your personal data and to provide evidence that such changes have occurred. You can submit your request for rectification electronically at dpo@brokertrust.cz or in writing to Broker Trust, a.s., Data Protection Officer, Hanusova 1411/18, Michle, 140 00 Praha 4.

7.3.Right to erasure

According to Article 17 of the GDPR, you have the right to erasure of personal data relating to you unless we can demonstrate legitimate grounds for processing such personal data. We have mechanisms in place to ensure that personal data is anonymised or erased if it is no longer needed for the purpose for which it was processed. If you believe that your personal data has not been deleted, please contact our Data Protection Officer, electronically at dpo@brokertrust.cz or in writing to Broker Trust, a.s., Data Protection Officer, Hanusova 1411/18, Michle, 140 00 Praha 4.

7.4.Right to restriction of processing

According to Article 18 of the GDPR, you have the right to obtain form us restriction of processing until the complaint is resolved, if you contest the accuracy of the personal data, the grounds for processing or if you object to the processing. You can submit your request for restriction of processing electronically at dpo@brokertrust.cz or in writing to Broker Trust, a.s., Data Protection Officer, Hanusova 1411/18, Michle, 140 00 Praha 4.

7.5.Right to notification of rectification, erasure or restriction of processing

According to Article 19 of the GDPR, you have the right to be notified by us in the event of rectification, erasure or restriction of the processing of your personal data. We will notify you if personal data is rectified or erased, unless this proves impossible or involves disproportionate effort.

7.6.Right to data portability

According to Article 20 of the GDPR, you have the right to the receive your personal data, that you have provided to us, in a structured, commonly used and machine-readable format and the right to request that we transmit this data to another controller.

If the exercise of this right would adversely affect the rights and freedoms of third parties, your request cannot be granted.

You may submit a request for transfer of information electronically at dpo@brokertrust.cz or in writing to Broker Trust, a.s., Data Protection Officer, Hanusova 1411/18, Michle, 140 00 Praha 4.

7.7.Right to object to the processing of personal data

According to Article 21 of the GDPR, you have the right to object to the processing of your personal data on the grounds of our legitimate interest. You can submit your objection electronically at dpo@brokertrust.cz or in writing to Broker Trust, a.s., Data Protection Officer, Hanusova 1411/18, Michle, 140 00 Praha 4.

If we do not demonstrate that there are compelling legitimate grounds for the processing which overrides the interests or rights and freedoms of the data subject, we will terminate the processing without undue delay based on the objection.

7.8.Right to withdraw consent to the processing of personal data

Consent to the processing of personal data may be withdrawn at any time. The revocation must be made in an explicit, comprehensible and specific expression of your will.

The withdrawal of consent should include at least your name, home address, date of birth and a description of the specific consent you are withdrawing.

You may narrow or withdraw your consent electronically at dpo@brokertrust.cz or in writing to Broker Trust, a.s., Data Protection Officer, Hanusova 1411/18, Michle, 140 00 Praha 4. It may be necessary to verify your identity to comply with your request to narrow or withdraw your consent to ensure that your personal data is only passed on to you. The exact verification process will be communicated to you after your request, if necessary.

7.9.Automated individual decision-making, including profiling

Under Article 22 of the GDPR, you have the right not to be subject to any decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affect you, except for a decision necessary for entering into or performance of, a contract or similar relationship relating to the provision of financial advisory between you and us. We declare that we do not carry out automated decision-making with legal effects on data subjects without the influence of human judgement.

7.10.Cookies

The processing of data from cookies on our website can be prevented by refusing them directly on the website.

7.11.Right to contact the Office for Personal Data Protection

Finally, you have the right to contact the supervisory authority, i.e. the Office for Personal Data Protection, address Pplk. Sochora 27, 170 00 Praha 7, tel.: +420 234 665 111, website: https://www.uoou.cz/.

8. FINAL PROVISIONS

The Privacy Policy is valid and effective as of 21 May 2018. This document is a translation of the Czech version of the Privacy Policy available at https://www.brokertrust.cz/zasady-ochrany-soukromi/. If there are differences between the two versions, the Czech version shall prevail.

Annex 1 Scope of personal data processed

In order to ensure that we always have tailor-made offers for you, we will process your personal data and possibly other data that we have collected. This will include the following categories of data:

  1. Identification data: address, title, first name, surname, date of birth, birth number, details of identity documents
  2. Address details: address of permanent or temporary residence,
    delivery or other contact address, place and country of birth, nationality, business name, registered office, registration number
  3. Electronic contact details: telephone, mobile phone, fax, email address, SMS
  4. Other electronic data: IP address
  5. Other personal data related to contracts: account number, contract number, details of income and expenses, debts and liabilities, etc.
  6. Other information related to contract amendments and negotiations
  7. Voice recording of the client’s communication with Broker Trust.

Annex 2 List of companies whose products and services we broker

As part of our business activities, we offer products and services of the companies listed below. We have entered into a commercial representation agreement with these companies. These companies are in the position of a data controller in relation to clients.

The current list of these companies is published on our website or on the Czech National Bank website here.  

Centrála

Hanusova 1411/18
Praha 4, 140 00

+420 267 912 730
centrala@brokertrust.cz

Kdo jsme

Inspirace

Broker Trust, a.s., IČ: 26439719 se sídlem Hanusova 1411/18, Praha 4, 140 00. Společnost zapsána u OR vedeného Městským soudem v Praze oddíl B, vložka 7141. Společnost registrována u ČNB jako investiční zprostředkovatel, jako samostatný zprostředkovatel dle zákona o distribuci pojištění a zajištění a jako samostatný zprostředkovatel spotřebitelského úvěru. Detail zápisu u ČNB a seznam všech vázaných zástupců naleznete zde.