en
Log in Create an account

RoklenFX

Personal data protection

Personal Data Protection Principles and Further Processing of Customer Data

This document sets out the basic principles of personal data protection and provides an overview of the data we process about our customers/potential customers pursuant to Act No. 110/2019 Coll. on the Processing of Personal Data and Regulation (EU) 2016/679 (GDPR).

Who administers and processes your data?

The websites www.roklen.cz, www.roklenfx.cz, www.roklencf.cz, www.drazby-akcii.cz and www.zaknihovane-akcie.cz are operated by Roklen360 a.s., Company ID: 60732075, with its registered office at Václavské náměstí 838/9, Nové Město, 110 00 Prague 1, registered in the Commercial Register kept by the Municipal Court in Prague, Section B, File 20437.

For what purposes do we process your personal data?

We process personal data that you provide to us in connection with the use of our services, in particular for:

  • entering into and performing the Agreement on the Provision of Payment Services,
  • entering into and performing the Agreement on the Provision of Investment Services,
  • entering into and performing the Agreement on keeping records of securities,
  • entering into and performing the Agreement on collective custody of securities,
  • entering into and performing the Agreement on arranging the placement and issuance of a security,
  • entering into and performing other mandate, commission or brokerage agreements in the field of corporate finance,
  • sending newsletters or other contact – processing your data for marketing purposes, either on the basis of our legitimate interest (if you are our client), pursuant to Act No. 480/2004 Coll. on certain information society services (if you are our client or you give us consent), or on the basis of your consent to offer certain individual products and services.

We are also obliged to process your personal data to comply with legal obligations, e.g. to prevent money laundering and the financing of terrorism pursuant to Act No. 253/2008 Coll. on certain measures against the legalization of proceeds of crime and the financing of terrorism (the “AML Act”).

What personal data do we process?

We process personal data that you provide when registering for one of our services, when signing any of our agreements and when performing concluded agreements. Most often, this includes:

  • identification data, in particular first name, surname, academic title, personal identification number, date of birth, place and country of birth, permanent residence address, all previous surnames, residence, billing address, tax residency, citizenship, bank details, scans of bank account statements, IP address, information about job position, politically exposed person information, language, information about authorised persons and statutory representatives, VAT-related information, copies of identity documents and other data needed to verify your identity.
  • contact data, in particular correspondence address, telephone number, e‑mail address
  • information on the sources of your income and the intended nature of the contractual relationship,
  • data related to your transactions, in particular your transaction history including information about recipients,
  • data needed to assess the appropriateness of an investment service through an investment questionnaire,
  • information about the device used (including operating system and hardware information), and information about the content of contractual relationships,
  • recordings of your telephone calls, made in accordance with Act No. 256/2004 Coll. on Capital Market Undertakings,
  • data relating to the reporting person under Act No. 171/2023 Coll. on the Protection of Whistleblowers, namely first name and surname, date of birth, contact details for sending confirmation of receipt of the report and notification of its resolution, and other personal data related to the submission of the report.

To whom do we transfer your personal data?

Roklen360 a.s. is part of the Roklen financial group, which also includes Roklen Holding a.s. and Fundlift s.r.o. Personal data may be transferred within this group. Importantly, none of these companies will further process your data for any purpose other than the one for which you entrusted your personal data to us, unless you provide consent.

We keep your data safe even when transferring it to our partners. We carefully select our partners and contractually ensure personal data protection so as to implement technical and organisational safeguards and prevent unauthorised misuse. All our partners are bound by contractual confidentiality and may not use your data for purposes other than those for which we make it available. Our processors include: TOTAL SOLUTIONS s.r.o. (Company ID: 25308378), Onlio, a.s. (Company ID: 26194813), COMPLY F&L s.r.o., Grant Thornton Audit s.r.o., EzConvey s.r.o., ECOMAIL.CZ, s.r.o. (Company ID: 02762943), VSHosting s.r.o. (Company ID: 61505455).

 

If you use payment services, your data may also be transferred to The Currency Cloud Limited, The Steward Building, 12 Steward Street, London, E1 6FQ, United Kingdom. This processor is a licensed payment institution supervised by the Financial Conduct Authority (FCA). If you use services related to investment instruments, your data may also be transferred to the Central Securities Depository, where book‑entry securities are registered.

Your personal data is also transferred to banks, custodians (companies where your securities are held when using investment services) and companies that help us deliver postal items.

Under certain conditions defined by law, we are obliged to transfer some of your personal data pursuant to applicable legislation, e.g. to the Police of the Czech Republic, the Czech National Bank, the Financial Analytical Office, the Office for Personal Data Protection, or other law‑enforcement authorities and public administration bodies.

What are cookies and what types of cookies do we use?

Information about the cookies we use can be found in the banner that appears upon the first visit to our website.

How long do we process your data?

We process your personal data for the entire duration of the agreement and subsequently for an additional 10 years after the termination of the contractual relationship.

Personal data processed on the basis of your consent given via the website (e.g. if you are interested in assistance with opening an account) is processed for 10 days.

Recordings of telephone calls leading to the conclusion of a transaction in an investment instrument are retained for 5 years. Other call recordings are retained for 1 year.

Personal data retained pursuant to Act No. 171/2023 Coll. on the Protection of Whistleblowers is retained for 5 years from the receipt of the report.

Do we process personal data without your consent?

Yes. We are entitled to process your personal data without your consent, but only on the basis of:

  • entering into and performing a contract,
  • compliance with legal obligations arising from generally binding legislation,
  • the fulfilment of legitimate interests (e.g. ensuring the security of our website),
  • sending commercial communications (only if you are our customer or you give us consent).

How do we secure your personal data?

We secure your personal data in a manner that protects it from misuse, loss and unauthorised access. For example, we use:

  • restricting physical access to our business premises,
  • restricting access to information we collect about you,
  • securing systems with SSL certificates and encryption,
  • disposing of your data when there is no longer any purpose for processing, as required by law.

What rights do you have in relation to personal data protection?

Under the GDPR, in relation to your personal data you have the right to:

  1. information,
  2. request access to your personal data,
  3. data portability,
  4. request correction of inaccurate personal data or completion of incomplete data,
  5. request restriction of processing,
  6. object to the processing of personal data,
  7. request erasure of personal data without undue delay (only where there is no other legal basis),
  8. withdraw your consent to the processing of personal data,
  9. not to be subject to a decision based solely on automated processing, including profiling,
  10. lodge a complaint with the supervisory authority, which is the Office for Personal Data Protection, Pplk. Sochora 27, 170 00 Prague 7.

 

How can you raise an objection?

If you are dissatisfied with the processing of personal data, you may raise an objection. In such a case, we will not process your personal data for that purpose unless we have compelling legitimate grounds to continue such processing.

How can you contact us?

If you have any questions about personal data protection or the exercise of your rights, please contact us by e‑mail at info@roklen.cz or in writing at: Roklen360 a.s., Václavské náměstí 838/9, Nové Město, 110 00 Prague 1.

In this context, we would like to inform you that we may ask you to prove your identity in an appropriate manner so that we can verify it. This is a preventive security measure to prevent unauthorised persons from accessing your personal data. For the purpose of improving service quality and keeping records of compliance with our legal obligations, all communication with you is monitored.

Last update: 7 Aug 2024