This document contains transparent and comprehensible information about the way in which the personal data controller REDSIDE investiční společnost, a.s., company ID number: 24244601, registered office: V Celnici 1031/4, 110 00 Prague 1 (hereinafter “REDSIDE”) works with investors’ personal data. The document contains the following parts:
- What personal data REDSIDE gathers and processes and for what purpose;
- What legal grounds REDSIDE has for personal data processing;
- In what way REDSIDE processes personal data and how it ensures their protection;
- To whom REDSIDE can disclose investors’ personal data;
- What are investors’ rights in relation to the personal data that REDSIDE processes.
Data that REDSIDE processes and for what purpose
REDSIDE primarily processes data that concerns investors in the funds that REDSIDE manages, including possible future investors that are interested in REDSIDE’s services. If it is necessary due to the nature of the situation, it also processes data about investors’ representatives. It also processes data that results from telephone or written communications with an investor or his representative. REDSIDE only processes the data necessary so that it can provide investors with investment company services.
REDSIDE specifically processes the following personal data:
- Data necessary to identify an investor: first name, surname, sex, date of birth, address of residence, number of ID card or copy of it, number of money or asset account, citizenship, nationality and place of tax residence, for an investor that is a natural person doing business also the company ID number and any tax ID number.
Data necessary for identification is kept by REDSIDE to the extent foreseen by legal regulations, in particular Act No. 240/2013 Sb., on investment companies and investment funds (hereinafter the “Investment Companies and Investment Funds Act”), Act No. 256/2004 Coll., on capital market undertakings (hereinafter the “Act on Capital Market Undertakings”), and Act No. 253/2008 Coll., on some measures against money-laundering and financing terrorism (hereinafter the “AML Act”).
In this category REDSIDE especially draws investors’ attention to the fact that it processes their birth number, if allocated.
- Data necessary for the assessment of an investor from the viewpoint of prevention of money laundering and financing terrorism, also data necessary for the provision of investment services.
This is data necessary for the performance of duties that result for REDSIDE from legal regulations, in particular the AML Act, the Investment Companies and Investment Funds Act and the Act on Capital Market Undertakings. It is data concerning a person’s source of income, the relationship of the investment to the expected amount of income, risk tolerance, etc. Also information about whether an investor is a politically exposed person or a person with US status (in accordance with the FATCA agreement).
It is also information about the expertise and experience of an investor with the capital markets and investments, including information about whether an investor is a qualified investor and whether an investor is an eligible counterparty, a professional client or non-professional client.
In this category REDSIDE draws investors’ attention to the fact that it processes a copy or duplicate of an identity document and the data stated therein.
- An investor’s contact details, which are his e-mail address and telephone number.
In the event that an investor has access to the client section at the website www.redsidefunds.com, then REDSIDE administers access details, in particular the log-in name and any password.
- Communication records.
REDSIDE has a legitimate interest in making and keeping records of telephone calls with an investor for the purposes of performance of a contract and to deal with investors’ wishes and complaints. An investor takes note that in the event that a REDSIDE employee calls an investor on the telephone number he stated in the contract it is not necessary for him to say that the call is being recorded at the start of the call. In the event of an incoming call, REDSIDE must draw the caller’s attention to the recording of the call. Telephone recordings are stored so that they can be used as evidence in the event of a dispute in accordance with Section 17 of Act No. 256/2004 Coll., on capital market undertakings.
During communication with an investor (including a future investor), REDSIDE can obtain information such as the number of the investor’s asset account or data about proceedings conducted against the investor.
In connection with the use of the www.redsidefunds.com website, cookies are saved on the investor’s device. Cookies are used only for the Google Analytics service.
If an investor or future investor completes the contact form at the www.redsidefunds.com website, REDSIDE only processes the data input into the form (e-mail address, telephone number and any data stated in a message). REDSIDE processes these data for one month for the purpose of contact with the investor.
REDSIDE processes personal data for the following purposes:
- Processing without the investor’s consent for the purposes of conclusion and performance of a contract;
This primarily concerns the provision of a service, realisation of a transaction or provision of other performance in accordance with a contract concluded with REDSIDE, including negotiations on the conclusion or amendment of the relevant contract.
- Processing without the investor’s consent for the purpose of compliance with REDSIDE’s legal duties resulting from the relevant legal regulations.
This primarily concerns:
- Identification and checks on investors in accordance with the provisions of the AML Act;
- The proper and prudent provision of investment services;
- Compliance with the rules of conduct with customers in accordance with the provisions of the Act on Capital Market Undertakings, the Investment Companies and Investment Funds Act and related European regulations;
- The handover of data and information about foreign accounts in accordance with valid international contracts and other legal regulations (FATCA, GATCA);
- Processing with the investor’s consent for the purpose of identification.
In the event REDSIDE does not have the aforementioned legal grounds for processing the investor’s personal data, it can only process data in the event the investor expressly agrees to the processing. This concerns, for example, processing a copy or duplicate of an ID document and the data stated therein.
REDSIDE also obtains personal data from the following sources
REDSIDE obtains investors’ personal data from the following sources:
- From investors—this concerns data that an investor provides as a part of pre-contractual negotiations, in a contract or as a part of a business relationship; An investor can hand over his personal data to REDSIDE actively or passively by using REDSIDE’s services;
- From third parties that are entitled to handle (future) investors’ personal data and hand it over to REDSIDE. This concerns, for example, an investment intermediary or brokerage firm with which REDSIDE has concluded a co-operation agreement;
- From publicly available sources (public registers, records or lists).
How REDSIDE processes personal data
REDSIDE works with data in such a manner that it always ensures the maximum degree of protection and safety of investors’ personal data. The personal data is processed manually, as well as automatically in electronic information systems.
For the systems that REDSIDE uses it applies that in them employees have access to personal data and all persons that have access to personal data are bound by confidentiality.
In the case of co-operation with investment intermediaries and brokerage firms REDSIDE insists that they ensure the same degree of personal data protection.
Deadlines for personal data processing by REDSIDE
REDSIDE has the duty to store personal data for the statutory period, i.e. 10 years following the end of the calendar year in which the contractual relationship was terminated. After the expiry of this period, personal data will irretrievably be deleted from the system.
In accordance with the General Data Protection Regulation (GDPR), investors have the right:
- To access personal data and other related information that REDSIDE processes about investors;
- To the rectification and supplementation of personal data that REDSIDE processes about investors;
- To request the erasure or restriction of processing of personal data. In such case REDSIDE will continue to process only personal data where processing is required by the law, for the statutory period;
- To the portability of their data;
- To object to personal data processing that REDSIDE performs based on a legitimate interest. An investor can submit an objection by e-mail to firstname.lastname@example.org;
- To contact the Office for Personal Data Protection with proposals or complaints at the address: Pplk. Sochora 727/27, 170 00 Prague 7 – Holešovice.
To whom REDSIDE will disclose or provide an investor’s personal data
The personal data that REDSIDE obtained from an investor in connection with the aforementioned procedures can be disclosed to another party without the investor’s consent only in the following cases:
- To the Czech National Bank, as the regulator, as a part of the performance of duties stipulated for REDSIDE by special legal regulations;
- To courts, authorities active in criminal proceedings, tax administrators, court bailiffs, the financial arbitrator, social security authorities, other supervisory bodies when exercising their statutory powers;
- To the financial analysis authority in accordance with the AML Act;
- To processors, i.e. persons with which REDSIDE has concluded a contract on personal data processing and that provide sufficient guarantees about technical and organisational security for the protection of data provided;
- To other persons, if it is necessary for the protection of rights and lawfully protected interests of REDSIDE. This means, in particular, courts, bailiffs, etc. REDSIDE hands over the data to the extent necessary for making its claims;
- In accordance with Act No. 164/2013 Coll., on international co-operation on the administration of taxes, to the Specialised Financial Authority and also to the relevant tax administrators in countries involved in co-operation based on international agreements. The data are handed over based on international agreements to which the Czech Republic or EU is party (e.g. FATCA agreements). Information about international agreements is available at www.mfcr.cz.
REDSIDE can disclose an investor’s personal data to persons it has authorised to perform its contractual and statutory duties, including the realisation of rights under contractual relations.
REDSIDE can also hand investors’ personal data over to persons it has authorised in accordance with Section 50 of the Investment Companies and Investment Funds Act to perform its contractual and statutory duties (outsourcing). In such cases there can be processing of the relevant personal data by an authorised person, who can become a personal data processor. A processor is entitled to handle data solely for the purposes of performing the activities it was authorised to perform by the relevant controller and for the purposes of performance of processing activities there is no requirement for the investor’s consent, as such processing is enabled directly by a legal regulation.
Authorised persons can be:
- IT service providers;
- Banks ensuring payment contact;
- The operator of the www.redsidefunds.com website;
- Law firms that REDSIDE works with;
- Insurance companies;
- Providers of print and postal services, including couriers.
With an investor’s consent we can disclose personal data or hand it over to another person.
Personal Data Processing after Termination of Contractual Relationship
After the termination of the contractual relationship with REDSIDE, an investor can ask for the restriction of the processing of personal data for purposes that do not result from legal regulations. REDSIDE will continue to store the investor’s personal data, but only for the performance of its statutory duties.
When processing and protecting investors’ personal data we always proceed in accordance with valid legal regulations and protect data in a manner that is allowed by generally available technical means.
You can find more information about rights concerning personal data in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR).
This document will be updated regularly.