Privacy policy

PRIVACY POLICY

 

Art. I.
Introductory Provisions

 

  • 1. DEALock j.s.a., with registered office at Pribinova 25, 811 09 Bratislava, ID No.: 55 033 938, registered in the Commercial Register of the District Court Bratislava I, Section Sja, Insert No. 254/B (hereinafter referred to as “DEALock j.s.a.“), as the operator of an application called DEALock, designed mainly for computer and mobile devices (hereinafter referred to as the “DEALock Application“), through which it is possible to mediate contact and information between the Users of the Application for the purpose of concluding Transactions through the deals published by the Users in the DEALock Application and the investor database available in the DEALock Service, is also the data controller of the Users’ personal data obtained through the DEALock Application.

 

  • 2. DEALock j.s.a., as a personal data controller, processes personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (hereinafter referred to as the “Regulation“) and Act No. 18/2018 Coll. on the protection of personal data, as amended.

 

  • 3. The purpose of this Privacy Policy (“Policy“) is to inform, in accordance with Articles 13 and 14 of the Regulation, how DEALock j.s.a. collects and processes the personal data of Users provided through the website www.dealock.com.

 

  • 4. DEALock j.s.a. has appointed the responsible person in accordance with Article 37 of the Regulation, who is Martin Vojtek. The responsible person of DEALock j.s.a. can be contacted at the e-mail address gdpr@dealock.com.

 

  • 5. DEALock j.s.a. processes the personal data of DEALock Application Users who create an Account (profile) in the Application protected by access data specified by the Users themselves (authentication elements) and who are interested in using the DEALock Application to use its individual functionalities.

 

 

Art. II.
Legal basis, purpose and manner of processing of personal data

 

  • The data subjects within the meaning of the Regulation whose personal data is processed by DEALock j.s.a. are the Users. A User may be a legal entity or a natural person.

 

  • DEALock j.s.a. processes the following personal data of Users, which Users provide to DEALock j.s.a. when registering or modifying a User’s Account, when Users register and use the DEALock Application:
  1. first and last name,
  2. username,
  3. address of residence,
  4. e-mail address,
  5. phone number,
  6. the name, surname, address of residence and other data entered by the User when making a data subject request within the meaning of the Regulation.

 

  • DEALock j.s.a., when registering Users who are legal entities and when Users who are legal entities use the DEALock Application, processes data about the legal entity (business name, registered office, number of employees) in addition to the data referred to in point 2.2 of this Article of the Policy.

 

  • The legal basis for the processing of personal data is:
  1. the performance of the contract pursuant to Article 6(1)(b) of the Regulation, which is the DEALock Service Contract concluded between DEALock j.s.a. as the provider of the DEALock Service on the one hand and the User as the subscriber of the DEALock Service on the other hand (hereinafter referred to as the “Contract“), the subject matter of which is the provision of functionalities through the Application between the User and the operator of the DEALock Application;
  2. the fulfilment of the statutory obligation under Article 6(1)(c) of the Regulation to record and process requests from data subjects in accordance with the Regulation;
  3. legitimate interests pursuant to Article 6(1)(f) of the Regulation, which are, in particular, to improve the services provided, to improve the functionality of the DEALock Application and to prevent the misuse of the DEALock Application or the use of the DEALock Application in breach of the Terms of Use.

 

  • The purpose of the processing of Users’ personal data is the registration of Users in the DEALock Application, the conclusion of the Agreement referred to in point 2.3(a) of this Article of the Policy through the DEALock Application, the improvement of the DEALock Application’s functions, the prevention of misuse of the DEALock Application or the use of the DEALock Application in violation of the Terms of Use, the registration and processing of requests from data subjects in accordance with the Regulation. Users’ personal data are also processed in third-party information and analysis systems strictly necessary for the activities of DEALock j.s.a. (e.g. accounting software).

 

  • Personal data in the range of first name, surname, address of residence, e-mail address and telephone number are mandatory data for registration in the DEALock Application, which must be entered when completing the registration form, and which are also a contractual requirement, without the provision of which it is not possible to conclude the Contract referred to in point 2.3(a) of this article of the Terms. The User is responsible for providing the personal data of other persons in the scope of name, surname, e-mail address and telephone number in order to provide references about his/her person, and by providing the data of other persons he/she confirms that he/she is authorized to provide such data. DEALock j.s.a. processes the personal data of the persons provided by the User for the purpose of references about his/her person only for the purpose of verifying the User’s request for registration in the DEALock Application.

 

  • In the case of personal data pursuant to point 2.2(f) of this Article, this is a legal obligation of DEALock j.s.a. as a data controller and, if DEALock j.s.a. is unable to identify the data subject due to the non-provision of personal data, DEALock j.s.a. may refuse to act on the request of the data subject.

 

  • DEALock j.s.a. does not process special categories of personal data pursuant to Article 9 of the Regulation.

 

  • DEALock j.s.a. provides the User’s personal data to the following recipients of personal data:

 

  1. to other Users of the DEALock Application, provided that the User expressly consents to the disclosure of his/her personal data to other Users (i.e., the User decides which other Users will have access to his/her personal data);
  2. the bank that provides the clearing of payments received and the payment gateway;
  3. professional advisers, in particular accounting and legal advisers;
  4. companies providing email notifications;
  5. cloud service providers.

 

  • DEALock j.s.a. provides the User’s personal data to its partner companies as recipients for the purpose of ensuring the quality of the services provided, while the partner companies process the User’s personal data only in accordance with DEALock j.s.a.’s instructions and for the purposes set out in this Policy, in particular in the following areas:

 

  1. Administrative support,
  2. IT Systems, software support,
  3. Customer service centres,
  4. Debt recovery.

 

  • DEALock j.s.a. requires all third parties to respect the security of Users’ personal data and to treat it in accordance with the law, in particular it does not allow third party service providers to use Users’ personal data for their own purposes, these providers may only process Users’ personal data for specific purposes and in accordance with DEALock j.s.a.’s instructions.

 

  • DEALock j.s.a. applies security measures to protect Users’ personal data from accidental loss, use and unauthorized access, alteration and sharing. Access to personal data is limited to employees, agents, contractors and other third parties who have a business need to know the data. These persons process Users’ personal data only as instructed by DEALock j.s.a. and, in addition, are bound by a duty of confidentiality.

 

  • DEALock j.s.a. may sometimes anonymize Users’ personal data (so that it can no longer be linked to them) for research and statistical purposes; in this case, it may use the information for an indefinite period of time without having to inform Users.

 

  • Public authorities which may receive personal data in the context of a specific enquiry in accordance with European Union law or the law of a Member State shall not be considered as recipients.

 

  • Personal data is processed primarily in the member states of the European Union. However, DEALock j.s.a. may, if necessary, transfer personal data to a third country or an international organisation on the basis of adequacy decisions in accordance with Article 45 of the Regulation or after the adoption of adequate safeguards in accordance with Article 46 of the Regulation and provided that the data subjects have enforceable rights and effective legal remedies, or in the case of exceptions for specific situations in accordance with Article 49 of the Regulation. In the event of a transfer of personal data to a third country or an international organisation pursuant to Article 49 of the Regulation, DEALock j.s.a. is obliged to inform the data subject thereof.

 

  • 16 Users’ personal data is stored only for as long as necessary to fulfil the purpose of processing personal data:
  1. in the case of personal data processed for the purpose of the registration process in the DEALock Application, the personal data is stored for the duration of the User’s registration in the DEALock Application and is subsequently deleted without delay unless the same personal data is also processed for another purpose at the same time;
  2. in the case of personal data processed for the purpose of concluding the Agreement referred to in point 2.3 a) of this Article of the Policy, for the time necessary to fulfil the purpose (provision of the functionalities of the DEALock Application) and subsequently registered in the User’s Account for the duration of the existence of the User’s Account;
  3. in the case of personal data processed for the purpose of processing and recording requests from data subjects to exercise their rights under the Regulation, the personal data shall be stored for a maximum period of one year from the date of processing of the request and shall be deleted thereafter.

 

 

Art. III.

Technical data

 

  • DEALock j.s.a. collects the following technical data from Users when using the DEALock Application:
  1. the unique identifier of the computing or mobile device,
  2. IP address,
  3. identification of the operating system of a computer or mobile device,
  4. type and version of internet browser,
  5. time zone and location settings,
  6. the operating system and platform and other technologies on the devices that Users use to access the DEALock Application website,
  7. information on using the DEALock Application.
  • The technical data collected may be considered personal data of Users. The purpose of processing technical data is to ensure the functionality of the DEALock Application, to improve the functionality of the DEALock Application, to check compliance with the Terms of Use of the DEALock Application, to obtain data for the further development of the DEALock Application, to obtain data on the use of the DEALock Application and to protect against misuse of the DEALock Application. The legal basis for the processing is the legitimate interests of DEALock j.s.a. in accordance with Article 6(1)(f) of the Regulation, which are to ensure the functionality of the DEALock Application, to improve the functionalities of the DEALock Application, to check compliance with the terms of use of the DEALock Application, to obtain data for the further development of the DEALock Application, to obtain data on the use of the DEALock Application and to protect against misuse of the DEALock Application. Special categories of personal data within the meaning of Article 9 of the Regulation are not subject to processing. The technical data collected may be used for profiling, the sole purpose of which is to better configure the functionalities of the DEALock Application for Users.

 

  • Personal data is provided to companies that provide email notifications.

 

  • Personal data is processed primarily in the member states of the European Union. However, DEALock j.s.a. may, if necessary, transfer personal data to a third country or an international organisation on the basis of adequacy decisions in accordance with Article 45 of the Regulation or after the adoption of adequate safeguards in accordance with Article 46 of the Regulation and provided that the data subjects have enforceable rights and effective legal remedies, or in the case of exceptions for specific situations in accordance with Article 49 of the Regulation. In the event of a transfer of personal data to a third country or an international organisation pursuant to Article 49 of the Regulation, DEALock j.s.a. is obliged to inform the data subject thereof.

 

  • The personal data is recorded for a maximum period of two years from the date of acquisition.

 

Art. IV.

Rights of the data subject

 

  • The data subject has the following rights in relation to the processing of personal data:

 

  1. the right of access to data pursuant to Article 15 of the Regulation – the data subject has the right to obtain confirmation from DEALock j.s.a. as to whether personal data concerning the data subject are processed by DEALock j.s.a. and, if so, the data subject has the right to be informed of the purpose of the processing, the categories of personal data processed, the recipients of the personal data and the duration of their storage. DEALock j.s.a. is obliged to provide a copy of the personal data it processes to the data subject upon request. DEALock j.s.a. shall be entitled to charge a reasonable fee corresponding to the administrative costs for any further copies requested by the data subject. If the data subject makes a request by electronic means, the information shall be provided to the data subject in a commonly used electronic format, unless the data subject expressly requests a different method of provision;

 

  1. the right to rectification pursuant to Article 16 of the Regulation – the data subject has the right, at the request of the data subject, to have inaccurate personal data concerning him or her rectified by DEALock j.s.a. without undue delay. The data subject shall also have the right, with regard to the purposes for which the personal data are processed, to have incomplete personal data completed;

 

  1. the right to erasure (“right to be forgotten”) pursuant to Article 17 of the Regulation – the data subject has the right to erasure of personal data concerning the data subject and DEALock j.s.a. is obliged to erase such personal data without delay if one of the following grounds is met:
  2. the personal data are no longer necessary for the purposes for which they were processed,
  3. the data subject withdraws consent to the processing of personal data, insofar as it is the legal basis for the processing of personal data,
  4. the data subject objects to the processing of personal data pursuant to Article 21(1) of the Regulation and there are no overriding legitimate grounds for processing or objects to the processing of personal data pursuant to Article 21(2) of the Regulation,
  5. personal data have been unlawfully processed,
  6. the personal data must be erased in order to comply with a legal obligation under European Union or Member State law.

 

  1. the right to restriction of processing pursuant to Article 18 of the Regulation – the data subject has the right to have the processing of personal data restricted by DEALock j.s.a. if:
  2. the data subject contests the accuracy of the personal data during the verification of their accuracy,
  3. the personal data have been unlawfully processed and, instead of erasure, the data subject requests restriction of their use,
  4. DEALock j.s.a. no longer needs the personal data for the purposes of the processing, but the data subject needs them to establish, exercise or defend legal claims,
  5. the data subject objects to the processing of personal data pursuant to Article 21(1) of the Regulation, pending verification whether the legitimate grounds on the part of DEALock j.s.a. outweigh the legitimate grounds of the data subject.

 

  1. the right to data portability pursuant to Article 20 of the Regulation – the data subject has the right to obtain personal data provided to DEALock j.s.a. on a legal basis pursuant to Article 6(1)(a) or (b) of the Regulation (consent of the data subject or performance of a contract) concerning the data subject and to transfer them to another controller. The data subject has the right to transfer the personal data to the other controller only insofar as this is technically feasible;

 

  1. the right to object under Article 21 of the Regulation – the data subject has the right to object, on grounds relating to a particular situation, to processing of personal data which is carried out on a legal basis pursuant to Article 6(1)(f) of the Regulation (legitimate interest). In the event of such an objection by the data subject, DEALock j.s.a. may no longer process the personal data unless the data subject demonstrates compelling legitimate grounds for the processing or for the establishment, exercise or defence of legal claims;

 

  1. the right to lodge a complaint – if the data subject considers that DEALock j.s.a. has infringed data protection legislation, he or she may lodge a complaint with the supervisory authority, which is:

 

Data Protection Authority

Hraničná 12
820 07 Bratislava

e-mail address: statny.dozor@pdb.gov.sk website: http://www.dataprotection.gov.sk/

 

  • The rights of the data subject may be exercised by sending a request to the e-mail address gdpr@dealock.com or in writing to DEALock j.s.a., Pribinova 25, 811 09 Bratislava.