Protection of personal data

When protecting your personal data, we comply with all regulations and regulations, especially the so-called GDPR (EU General Regulation No. 2016/679, on the protection of personal data) and we have taken appropriate technical and organizational measures to secure personal data.

What personal data do we process?

We do not always process some of these data, but only in justified cases:

• Identification data - data such as name, surname, birth number, date of birth, address of permanent residence, copy of identity card or other similar document and details about this document.
• Contact details - contact address, email, phone.
• Communication data - sent e-mail communication with you.
• Political exposure - the law requires us to find out in justified cases whether or not you are a politically exposed person. You can find the exact definition of this term either in each Declaration or in Act 253/2008 Coll. § 4 paragraph 5.
• Documents on bank account ownership - statements from the bank or a contract for the establishment of a bank account and similar documents proving that you or your company is the owner of the account.
• Further information on the origin of funds, the field of business of companies and the intended purpose of the exchange.
• Client risk - for contractual clients, we keep an indication of whether they are risky from the point of view of the law against money laundering and terrorist financing.

How and for what purposes do we process your personal data?

The processing of your personal data must have its legal basis. It can be your consent or for the purposes of complying with the law, or fulfilling a contract or negotiating its conclusion.

• Client identification - We need to know your identification data not only for the purpose of concluding the contract and to know who we are communicating with, but to know this data is also required by Act No. 253/2008 Coll., Lay the Anti-Money Laundering Act.
• For contractual clients and over-limit transactions, we verify your identity according to the submitted personal documents, we also verify whether you are not on the AML sanction list, and for sent documents on account ownership, we verify that you are the owner of the account.
• For one-time clients or users of the Europlatba.cz portal, they are used for identification, ie. Client statement.
• Concluding a framework agreement - this includes your application for a Framework Agreement, where we ask for your data, which is then used for the Framework Agreement, and contact information, thanks to which we can communicate with you during the conclusion of the agreement.
• Questionnaire - this information is useful for us to assess the possibility of entering into a contractual relationship (legitimate interest of the administrator), and the anti-money laundering law requires us to know details such as purpose and intended nature of business, origin of funds, and obliges us to review business, whether they are in line with what we know about the client's business or risk profile.
• Sending service messages - we send confirmations and documents for individual stores to clients by email. Knowing your email is important for fulfilling the contract, fulfilling the Europlatba.cz service or the Course Monitor service.
• We also send clients and users of our services important notifications about changes in the service or planned restrictions on the operation of the service. If you do not wish to receive such infomails, you can also unsubscribe from them and you will only receive messages in connection with the transactions you have entered.
• Marketing - Czech laws before GDPR allowed us to use your email address for direct marketing. We only use email without additional information. We send business offers a maximum of 1-2 times a year, because we don't like spam either. For each such email, you always have the option to unsubscribe from receiving further offers.
• Reporting suspicious transactions - if we evaluate a transaction as suspicious from the point of view of the Anti-Money Laundering and Terrorist Financing Act, we have a legal obligation to report such a transaction to the Financial Analysis Office. In this case, we would pass on your personal data and other details of the transaction to this office.

• Transfer of data to third parties (eg partner investment companies or other companies in the EasyChange group) - we do not transfer your data to third parties without your consent. If you are interested in the services of third parties, we will ask you for your consent to the transfer of your personal data to a third party (for example, your name and e-mail to connect the communication between you and the third party).

Are you obliged to provide us with personal data?

You are not obliged to provide us with personal data, but without providing the data we need to carry out the business or fulfill the service and to fulfill our legal obligations (identification, etc.), you cannot use our services. In this respect, we are primarily subject to Act 253/2008 Coll. as amended and related regulations.

How long do we keep your data?

• We keep all data for the necessary length of time to fulfill their purpose. After the end of our cooperation, however, we can not delete them completely, the law "against money laundering" requires us to archive transactions and all related data within the deadlines set by Act 253/2008 Coll. as amended.

   

  • After the termination of the cooperation (for contractual clients after the termination of the framework contract and for one-off clients after the transaction), we are obliged to keep your data for a period of 10 years.
  • If you give us consent, we keep this consent for 5 years or until you revoke it.
  • If you only provide us with data for a trade request or a proposal for concluding a contract, but this purpose is not fulfilled, we will delete the data within 1 calendar month of their provision.
  • In the case of inquiries about trades that meet certain features of suspicious trades (according to the definition of Act 253/2008 Coll.), We keep e-mail communication and other data for this period of 1 calendar month in order to prevent suspicious trades in the future.

To whom can we pass on your personal data?

• We may pass on your personal data, for example, to our suppliers - IT service providers, e-mail service providers, or postal service providers. I.e. only in connection with the performance of our activities, if it is necessary to fulfill our services for you.
• By law, we are also obliged in certain cases to pass on your personal data to state supervisory authorities (eg the Czech National Bank, the Ministry of Finance), law enforcement authorities, and the Financial Analytical Office when we find suspicious business.

What rights do you have?

By contacting our email info@easychange.cz you can apply:

• the right to extract their personal data pursuant to Article 15 of the GDPR
• the right to correct personal data pursuant to Article 16 of the GDPR, or restrictions on processing pursuant to Article 18 of the GDPR
• the right to delete personal data pursuant to Article 17 of the GDPR
• the right to object to the processing under Article 21 of the GDPR
• the right to data portability according to Article 20 of the GDPR
• the right to withdraw consent to the processing of data

If you are not satisfied with the solution to your application, you can also file a complaint with the Office for Personal Data Protection.

Name and contact details of the administrator:

Easychange s.r.o.

Company ID: 29044570

Registered office: Jungmannova 747/28, Nové Město, 110 00 Prague 1

Email: info@easychange.cz

The administrator did not appoint a data protection officer.