Information on the processing of personal data

provided in accordance with Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR”)

Welcome to our website www.pentafund.com. The security of your personal data is a priority for us. In this document, we will provide you with comprehensive information on how and why we process your personal data, as well as other information in accordance with the GDPR.

1. Controller and contact details

The controller, i.e. the entity determining the purpose and scope of the processing of personal data provided via the website www.pentafund.com, is the commercial company Penta Funds Management s.r.o. with its registered office at Na Florenci 2139/2, 110 00 Prague, Czech Republic, ID No.: 217 92 178, registered in the Commercial Register of the Municipal Court in Prague, File No.: C 406533 (hereinafter also referred to as the “Controller“). If you have any questions regarding the processing of your personal data, or if you wish to exercise any of your rights under the GDPR, please contact us electronically via email at: info@pentafund.com or by regular mail at the address of the Controller’s registered office listed above.

2. Collection of personal data

This processing information concerns personal data – your name and surname, e-mail address, telephone number, city, country, the nature of your position (natural person, legal person, financial specialist or investment intermediary) and the indicative amount of the intended investment, which we collect from you on the basis of your request to provide marketing information related to collective investment, which you have sent to us via the form on the website www.pentafund.com.

During the use of this website, we also process data about the technical specifications of the device you use to visit our website, as well as about search operations on the www.pentafund.com website.  We collect this data via so-called cookies.

3. Purposes of the processing of personal data

We process your personal data for the following purposes:

• for marketing purposes and to carry out our marketing activities, which include the provision of marketing information relating to collective investment ,
• for the purpose of administering the pentafund.com website.
  
  

4. Legal basis for processing your personal data

The legal basis for the processing of your personal data for marketing purposes is your consent, which you have voluntarily provided to us via our website.

In the case of the processing of personal data for the purpose of administering this website (collection of cookies), the legal basis for the processing of personal data is consent and, in the case of certain types of cookies, the legitimate interest of providing IT services.

You have the option to withdraw your consent to the processing of personal data for marketing purposes that you have previously provided to us at any time. You can do this directly on the www.pentafund.com website by clicking on the “Opt out of marketing information” link or by emailing info@pentafund.com. Withdrawal of consent to the processing of your personal data does not affect the lawfulness of the processing of personal data based on consent until the moment of withdrawal.

You also have the possibility to change the cookie settings in your internet browser at any time.

5. Duration of processing of your personal data

In accordance with the GDPR principle of proportionality and minimisation of the processing of personal data, we retain your personal data for two years after you have given your consent. After this period, your personal data will be deleted and destroyed. If you would like us to continue to provide you with marketing information relating to collective investment, you can re-grant your consent for this purpose via the www.pentafund.com website.

6. Sharing your personal data with third parties

In accordance with the processing purposes specified in this policy, your personal data may also be processed by third parties.

Such third parties are the service providers we use to carry out the processing of your personal data for the purposes set out in this policy. Specifically, these are services related to the administration of the marketing services and the website, as well as the technical provision of marketing information. It also includes services to ensure the display of advertising whose content is tailored to your interests (targeted advertising). The Controller has entered into intermediary agreements with these entities to ensure that security standards are maintained in the processing of your personal data.

Processors are obliged to process your personal data solely for the purposes set out in this policy. Your data will not be disclosed to third parties for independent use or processing beyond the purposes set out in this policy.

7. International transfer of your personal data

For transfers to third countries, your personal data will be transferred to the United States of America (The Rocket Science Group LLC / MailChimp, located at 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, Georgia 30308, USA; Google LLC, located at 1600 Amphitheatre Parkway, Mountain View, California, USA; Facebook Inc., located at 1 Hacker Way, Menlo Park, California, USA), Czech Republic (Ecomail, Na Zderaze 1275/15, 120 00 Praha 2 Czech republic). Your personal data will not be disclosed to any international organizations.

8. Your rights in relation to the processing of your personal data

At any time, you can exercise any of your rights related to the processing of your personal data, which are:

• the right to request access to personal data concerning you;
• the right to rectification of your personal data;
• the right to erasure of your personal data (“‘right to be forgotten “);
• the right to restriction of processing of your personal data;
• the right to object to processing of your personal data;
• the right to transfer (portability) of your personal data;
• the right to lodge a complaint with the supervisory authority.

Below you will find more information on the content of your individual rights related to the GDPR:

1. The right to request access to personal data concerning you from the Controller

You have the right to request confirmation from the Controller as to whether personal data relating to you is being processed and, if so, to obtain access to that personal data and the following information:

(a) the purposes of processing your personal data,

(b) the categories of personal data concerned,

(c) the recipients or categories of recipients of such data to whom the personal data have been or will be disclosed,

(d) the expected retention period of the personal data or the criteria for determining it.

You also have the right to request information from the Controller on the possible transfer of personal data to third countries, on the Controller’s processors, on your rights and their detailed content, on the possibility of contacting the supervisory authority , on the source of the personal data processed, as well as on information on whether automated decision-making and/or profiling is taking place.

1. Right to rectification of your personal data

You may request the Controller to rectify the data concerning you without undue delay if the personal data processed by the Controller concerning you are outdated, incorrect or inaccurate. You also have the right to have your incomplete personal data completed by the Controller with regard to the purposes for which they are processed, which you may provide to the Controller, for example, by providing a written statement.

1. Right to erasure (“right to be forgotten “) of your personal data

You have the right to request that the Controller erase your personal data if any of the following conditions are met:

• Your personal data is no longer necessary for the purposes for which it was collected or processed;
• you withdraw the consent to the processing of personal data that you have previously given to the Controller and on the basis of which the processing of personal data is carried out and where there is no other legal basis for the processing of personal data (i.e. where the processing is not based on law, contract, etc.);
• you object to the processing of your personal data if the processing is for the performance of a task carried out in the public interest or for the purpose of the legitimate interests of the Controller and there are no overriding legitimate grounds for the processing;
• you object to the processing of your personal data for direct marketing purposes;
• Your personal data has been processed unlawfully;
• Your personal data must be erased in order to comply with a legal obligation under Union or law of the Czech republic;
• Your personal data was collected in connection with the offer of information society services.

Each request for erasure of personal data will be assessed by the Controller as to its legitimacy. The Controller will not be obliged to delete personal data about you only if there is a legal obligation to continue to process that personal data or if there is a legitimate interest of the Controller on the basis of which it is entitled to process that personal data.

1. The right to restriction of processing of your personal data

You may request the Controller to restrict the processing of your personal data in the following cases: 

• if you challenge the accuracy of the personal data during the period allowing the Controller to verify the accuracy of the personal data;
• if the processing is unlawful and you object to the erasure of the personal data and instead request the restriction of its use;
• if the Controller no longer needs your personal data for the purposes of processing, but you need it to prove, exercise or defend your claims;
• if you object to the processing of your personal data, pending verification that the legitimate grounds on the part of the Controller outweigh your legitimate grounds.

1. Right to object to processing of your personal data

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you, where the processing is for the performance of a task carried out in the public interest or for the purpose of the legitimate interests of the Controller. You also have the right to object to profiling based on the purposes referred to in the preceding sentence if it occurs in the processing of personal data by the Controller.

Furthermore, you have the right to object to the processing of personal data for direct marketing purposes, including profiling to the extent that it is related to such direct marketing.

1. Right to transfer (data portability) of your personal data

You have the right to obtain the personal data concerning you that you have provided to the Controller in a structured, commonly used and machine-readable format, and you have the right to transfer this data to another controller or another company if this is technically feasible and if the following conditions are met:

• the processing is based on the consent you have given to the controller or on a contract and at the same time;
• processing is carried out by automated means.

1. Right to lodge a complaint with the supervisory authority

You may at any time address your complaint or complaint regarding the processing of personal data to the supervisory authority, which is:

Office for Personal Data Protection (Úřad pro ochranu osobních údajů)

ID: 708 37 627

Pplk. Sochora 27, 170 00 Prague 7, Czech Republic

www: https://www.uoou.cz

If you would like more information about your rights under the GDPR that you can exercise, please contact us in writing at our registered office address listed at the beginning of this policy or by email at: info@pentafund.com.