This policy regulates the purpose and means of processing personal data when providing services to users under the Framework Agreement concluded between the User and the Company, effective as of April 21, 2022.
The operator of the Platform is Fintown s.r.o., Business ID: 17323657, with its registered office at:
Jungmannova 26/15, Praha 1 - Nové Město, 110 00, Prague,
registered in the Commercial Register kept by the Municipal Court in Prague under registration number C 369924, represented by Mr. Maxim Vichorev, the company's managing director.
Contact email: admin@fintown.eu ("Company")
The Company is the controller of the personal data of Users listed below. The Company has not appointed a Data Protection Officer.
The Company processes Users' personal data collected from Users to the extent necessary for the following purposes:
Login data (email address and, where applicable, password, stored in encrypted form using a one-way hashing function) necessary for the conclusion and performance of the contract or for implementing measures before the contract is concluded.
Identification data (name, surname, date of birth, permanent or other residence) necessary for contract performance and fulfilling the Company’s legal obligations.
Contact information (email address, mobile phone number, bank account, payment reference number) necessary for contract performance or implementing pre-contractual measures.
Transaction history in the Wallet (details of deposits, withdrawals, investment amounts, received proceeds, and charged fees), necessary for contract performance, fulfilling legal obligations, and protecting the Company’s legitimate interests in case of legal disputes.
User activity on the Platform (pages visited, actions performed, device and software information, internet connection data) necessary for contract performance and protecting the Company’s legitimate interests in case of legal disputes.
Data for legal compliance under Act No. 253/2008 Sb. (e.g., identity card copies, source of income, transaction purpose, politically exposed person status, place of birth) required to fulfill anti-money laundering (AML) and counter-terrorist financing (CTF) obligations.
The Company processes Users' personal data to properly and efficiently provide its services, specifically for:
Communication with the User in fulfilling contractual obligations.
Compliance with legal obligations, particularly in public law matters.
Troubleshooting and service improvement, including technical issue resolution and customer support.
Marketing purposes, where the Company may send Users marketing offers to a reasonable extent.
The provision of personal data is a contractual and legal obligation. Without providing the required data, the
Company cannot conclude a Framework Agreement, and the User cannot invest on the Platform.
The Company will never sell or rent personal information to third parties.
Users' personal data is stored on servers within the European Union.
The Company has conducted a risk analysis and implemented technical and organizational measures to maximize data security and prevent unauthorized access. Personal data is retained from the creation of the User's profile (as per Article 2 of the Platform Rules) until three (3) full calendar years after profile cancellation (as per Article 8 of the Platform Rules).
Data Transfers
The Company may transfer personal data to the following recipients:
Government authorities and entities with legal authority to enforce regulatory compliance.
Subcontractors for web hosting, mailing, cloud, and transport services to fulfill contractual obligations.
Banking institutions (e.g., the Company’s bank holding Users’ funds) and insurance providers covering liability risks.
Internet advertising service providers, to the extent of the Company’s legitimate interests.
Users' personal data is not subject to automated decision-making.
Users have the following rights concerning their personal data:
Right to Access and Rectification
Users can request access to and correction of inaccurate or outdated data.
The Company will verify, correct, or remove inaccuracies upon request.
Right to Erasure ("Right to be Forgotten")
Users can request data deletion if:
The purpose for processing ceases to exist.
They object to processing, and the objection is justified.
Processing is unlawful or must be deleted due to legal obligations.
Exceptions: The Company cannot delete data if legally required to retain it or for establishing, exercising, or defending legal claims.
Right to Restriction of Processing
Users can request limited processing if:
They dispute the accuracy of their data.
The processing is unlawful, but they opt for restriction instead of deletion.
The Company no longer needs the data, but the User requires it for legal claims.
Right to Object
Users can object to processing for legitimate interests, public interest, or direct marketing.
Right to Data Portability
Users can request their data in a machine-readable format (e.g., .xls, .xlsx) for transfer to another controller.
Right to File a Complaint
Users may file a complaint with the Office for Personal Data Protection at:
Address: Pplk. Sochora 27, 170 00 Prague 7
Phone: +420 234 665 125 (GDPR consultation: +420 234 665 800)
Email: posta@uoou.cz
The Company reserves the right to unilaterally amend this PDPP in accordance with Section 1752 of the Czech Civil Code (CC).
Users will be notified at least two (2) weeks before changes take effect.
If a User disagrees with the changes, they may terminate the Framework Agreement before the effective date.
If a User does not terminate the agreement, the new PDPP version becomes binding from the effective date.