Terms of personal data protection

from the applicable legal regulation Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), which entered into force on 25 May 2018, the company assumes the following obligations regarding the protection of personal data.

I. Basic provisions

1. The controller of personal data pursuant to Article 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as “GDPR”) is NIX group s.r.o. Company ID: 19630328 Registration number: C 389442 kept at the Municipal Court in Prague Date of registration: August 17, 2023 Registered office: Production site Rybná 716/24, Staré Město, 110 00 Prague 1 Vladislavova 49/9, Prague 1, 110 00 (hereinafter referred to as “Controller”). 2. The contact details of the controller are Address: Rybná 716/24, Staré Město, 110 00 Prague 1 Address of the establishment: Vladislavova 49/9, Prague 1, 110 00 Email: [email protected] Telephone: — +420 777 119 997 3. Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. 4. The controller has not appointed a data protection officer. The contact details of the authorized person are: processes the data required by Act No. 253/2008 Coll., on certain measures against the legalization of proceeds from crime and the financing of terrorism, as amended (hereinafter referred to as "Act No. 253/2008 Coll.") in the event that it is clear that the value of the transaction will exceed EUR 1,000, i.e.: Identification data of the natural person-client: • all names and surnames; • personal identification number, and if not assigned, date of birth; • place of birth; • gender; • permanent or other residence; • citizenship; • for a natural person doing business, also the business name, distinguishing addition or other designation, place of business and identification number; • type and number of the identity card, the country or authority that issued it, and its validity period; • information on whether the client is not a politically exposed person; For a natural person who is a member of the statutory body of a client-legal entity: • data to establish and verify the identity of this natural person, i.e. similarly the data specified above for the client-natural person, including the type and number of the identity card, the state or authority that issued it, and its validity period; • business name or name of the legal entity, including a distinguishing supplement or other designation, registered office, personal identification number or a similar number assigned abroad, and also including the identification data of another legal entity that is a statutory body, its member or controlling person of this legal entity. For a trustee, manager, or a person in a similar position of a client-trust fund or a client of another legal arrangement without legal personality: • identification data of this natural person (identical to the identification data of the client-natural person and also to the data of a member of the statutory body of the legal entity - see above); • designation of a trust fund or other legal arrangement without legal personality. For all the above categories of natural persons, in addition to the above information, other identification data may also be obtained, such as in particular the telephone number, e-mail delivery address, employment data or employer, if justified by the risk assessment pursuant to Section 21a of Act No. 253/2008 Coll. For all the above categories of natural persons, also: • information on whether the natural or legal person is a person against whom the Czech Republic applies international sanctions pursuant to the Act on the Implementation of International Sanctions; • identification data of the agent, if the client is represented on the basis of a power of attorney; • identification data of the legal representative or guardian, if the client is represented by a legal representative or guardian, incl. the relevant court decision in the case of a guardian; • during the duration of the business relationship or in the case of further transactions, data on checking the validity and completeness of the client's identification data, information obtained as part of the client's due diligence, the justification for simplified client due diligence or exemption from client due diligence, including recording changes to such data; • copies or extracts from the documents submitted; • information on the purpose and intended nature of the transaction or business relationship; • data on the ownership and management structure of the client and its beneficial owner, if the client is a legal entity, trust fund or other legal arrangement without legal personality, and the adoption of measures to identify and verify the identity of the beneficial owner; • data on the ongoing monitoring of the business relationship, including the review of transactions carried out during the relationship in order to determine whether the transactions are in accordance with what the obliged entity knows about the client and its business and risk profile; • data on the review of the sources of funds or other assets to which the transaction or business relationship relates; • information on reasonable measures to ascertain the origin of assets of a politically exposed person within the framework of a business relationship with such a person; • information to verify

Legal grounds, purpose and duration of personal data processing

1. The legal basis for processing personal data is the performance of the contract between you and the controller, the legitimate interest of the controller in providing direct marketing (in particular for sending commercial communications and newsletters), Your consent to processing for the purposes of providing direct marketing (in particular for sending commercial communications and newsletters) in conjunction with Section 7(2) of Act No. 480/2004 Coll., on certain information society services in the event that no order for goods or services has been placed. 2. The purpose of processing personal data is to process your order and exercise the rights and obligations arising from the contractual relationship between you and the controller; when placing an order, personal data necessary for the successful processing of the order (name and address, contact), the provision of personal data is a necessary requirement for the conclusion and performance of the contract, without the provision of personal data it is not possible to conclude the contract or for the controller to perform it, sending commercial communications and carrying out other marketing activities. The personal data of clients of cash and non-cash services is processed by the administrator based on obligations arising from applicable legal regulations, or on the basis of processing necessary for the performance of a contract. The personal data of clients is processed by the administrator solely for the purpose of fulfilling legal obligations, or for the purpose of fulfilling obligations arising from a contractual relationship. The administrator has set periods for data retention in accordance with Act No. 253/2008 Coll., which regulates the periods for data retention by an obligated person; the administrator does not retain data beyond these periods. Accounting and tax documents, which are used to account for the services provided, The administrator retains only for the purposes of fulfilling obligations set out in relevant accounting and tax regulations, for the period imposed by these regulations. In exceptional cases of attempted fraudulent conduct, or in the case of similar disputes, we are forced to process data relevant to the dispute for the duration of the dispute, until its final conclusion, solely for the purpose of protecting rights in such a dispute. Personal data is made available exclusively to the relevant public authorities, which are authorized to request it by generally binding legal regulations within the framework of the supervision carried out. For the purpose of providing certain support services (providing internal audit, accounting, development of the information system, etc.), the controller uses the services of processors. This is always processing carried out exclusively for our company and based on our instructions. The controller and third parties carry out data processing and adhere to the principles of protection and security of your data and personal data. Processors and persons of the controller always have access only to data relevant to the execution of the transaction/request and only for the period strictly necessary for the implementation of the processing. The main processors are or may be, for example: Seznam.cz, a.s., Radlická 3294/10, 150 00, Prague, ID: 26168685 Google Czech Republic, s.r.o., Stroupežnického 3191/17, 150 00, Prague, ID: 27604977 Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland For all processors, the controller ensures their selection in terms of trustworthiness and quality of services, including the security of the processed personal data. The controller transfers clients' personal data abroad for the purpose of checking them against lists of politically exposed persons or persons subject to sanctions, i.e. for the purpose of fulfilling the obligation to identify the client pursuant to Act No. 253/2008 Coll. The controller thus transfers clients' personal data to a foreign company providing a service for verifying politically exposed persons or persons subject to sanctions. This transfer is carried out by the controller on the basis of a concluded processing agreement, including Standard Contractual Clauses according to the decision of the European Commission. Data retention period 1. The controller stores personal data for the period necessary to exercise the rights and obligations arising from the contractual relationship between you and the controller and to assert claims from these contractual relationships (for a period of 15 years from the termination of the contractual relationship). until the consent to the processing of personal data for marketing purposes is revoked, for a maximum of 10 years if the personal data is processed on the basis of consent. 2. After the expiry of the personal data retention period, the controller deletes the personal data. Customer rights in the area of ​​personal data protection

RIGHTS OF THE DATA SUBJECT

As a data subject, you have the following rights that arise for you from legal regulations and that you can exercise at any time. These are: the right to access personal data, according to which you have the right to obtain information from the controller about whether the controller is processing your personal data. The controller is obliged to provide you with this information without undue delay. The content of the information is given by the provisions of Article 15 of the GDPR. The controller has the right to request reasonable compensation for the provision of information not exceeding the costs necessary to provide the information; the right to rectification or erasure of personal data, or restriction of processing, according to which you have the right to have personal data that is inaccurate or incorrect corrected. If your personal data are no longer necessary for the purposes for which they were collected or are being processed unlawfully, you have the right to request their deletion. If you do not want to request the deletion of personal data, but only temporarily restrict their processing, you can request the restriction of processing; the right to request an explanation if you suspect that the processing of personal data by the controller is in breach of legal regulations; the right to contact the Office for Personal Data Protection in case of doubts about compliance with the obligations related to the processing of personal data; the right to data portability, i.e. the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format, for more details see Art. 20 GDPR; the right to object to the processing of personal data which is processed for the purpose of fulfilling a task carried out in the public interest or in the exercise of official authority or for the purpose of protecting the legitimate interests of the controller. The controller shall terminate the processing without undue delay unless it demonstrates that there is a legitimate interest/reason for the processing which overrides your interest, rights or freedoms; If the Customer wishes to transfer this data to another controller, the controller will enable the data to be obtained in a structured, commonly used and machine-readable format, or, if technically feasible, will directly transfer it to another controller; the right to withdraw consent to the processing of personal data at any time, if you have granted the controller consent to the processing of personal data. the right to file a complaint with the supervisory authority - the Office for Personal Data Protection with its registered office at Pplk. Sochora 27, 170 00 Prague 7 (www.uoou.cz). In the event of any ambiguities or questions regarding the processing of personal data, the Customer may contact the controller: 📍 In writing to: NIX group s.r.o. Rybná 716/24, Staré Město, 110 00 Prague 1 Business address: Vladislavova 49/9, Prague 1, 110 00 📞 By phone: +420 777 119 997 📧 By e-mail: [email protected] 🔹 Contact the representative for supervision of personal data processing: 📞 Phone: +420 777 119 997 📧 E-mail: [email protected] Final provisions 1. By sending an order from the online order form and in any other form, you confirm that you are familiar with the terms and conditions of personal data protection and that you accept them in full. 2. You agree to these terms and conditions by checking the consent via the online form. By ticking the consent box, you confirm that you are familiar with the terms and conditions of personal data protection and that you accept them in their entirety. 3. The administrator is entitled to change these terms and conditions. The administrator will publish the new version of the terms and conditions of personal data protection on its website and will also send you a new version of these terms and conditions to your e-mail address that you provided to the administrator. These terms and conditions come into effect on 01.01.2026

Privacy Overview
DealFin

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Required cookies

(mandatory - without them the website site will not work)

Statistical cookies

(collection of statistics, for example, Google Analytics)

Marketing cookies

(targeted advertising, for example, Facebook Pixel)

Preference

This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.

Keeping this cookie enabled helps us to improve our website.

Powered by  GDPR Cookie Compliance