Personal data protection

Privacy Policy and other processing of customer data


Privacy Policy and other processing of customer data

In this document you will find the basic principles of data protection and an overview of the processed
data of our customers/potential customers according to Act 110/2019 Coll., on the processing of personal data
and Regulation (EU) 2016/679 (GDPR).

Who manages and processes your data?

The websites,,, are operated by
Roklen360 a.s., ID: 60732075, with registered office at Václavské náměstí 838/9, Nové Město, 110 00 Prague 1,
registered in the Commercial Register maintained by the Municipal Court in Prague, Section B, Insert 20437.

For what purposes do we process your personal data?

We process personal data that you provide to us in connection with the use of our services. These are
– Conclusion and performance of the Contract for the provision of payment services,
– Conclusion and performance of the Investment Services Agreement,
– Conclusion and performance of the Securities Record Keeping Agreement,
– Conclusion and performance of the Contract for bulk custody of securities,
– Conclusion and performance of the Agreement on securing the placement and issue of securities,
– Conclusion and performance of other mandate, order, brokerage agreements in the field of
corporate finance,
– Sending newsletters – if you give us your consent.
We are also obliged to process your personal data in order to comply with legal obligations, e.g. for the purposes of
Prevention of money laundering and terrorist financing pursuant to Act 253/2008 Coll., on
Certain Measures against the Legalization of the Proceeds from Crime and the Financing of Terrorism (“AML Act”)

What personal data do we process?

We process personal data that you provide to us when you register for one of our services, when you sign
one of our contracts and in the performance of contracts entered into. This most often includes:
– Identification data, which means, in particular, name, income, title, birth number, date
birth, place and country of birth, tax residency, nationality, ID number and validity
identity document (including the issuer of the identity document), business name, place of business, registration number
of the natural person doing business, bank details, copies of your identity documents (which will give us
allowed by your consent under §8 (9) of the AML Act), etc,
– Contact details, which are in particular correspondence address, telephone number, e-mail
– Information about your sources of income and the intended nature of the contractual relationship,
– Data relating to your transactions, in particular your transaction history, including
information about your beneficiaries,
– Information we collect about your needs assessment and service suitability assessment
through questionnaires,
– Records of your telephone calls, which we take in accordance with Act 256/2004 Coll., on
capital market business.

Who do we pass your personal data to?

Roklen360 a.s. belongs to the Roklen financial group, which also includes the companies
Roklen Holding a.s. and Fundlift s.r.o. Personal data may be transferred within this group.
However, it is important that none of these companies further processes your data for any purpose other than
which you have entrusted us with your personal data, unless you give your consent.

We keep your data secure even when we pass it on to our partners. We carefully
We select and contract the protection of personal data to ensure that we provide technical and organisational
security of your data so that your data cannot be misused. All of our
partners are bound by contractual confidentiality and may not use your data for purposes other than those for which
we make it available to them. Our processors are TOTAL SOLUTIONS s.r.o. (ID: 25308378), Onlio, a.s. (ID:
26194813), COMPLY F&L s.r.o., (ID: 24691020), Grant Thornton Audit s.r.o. (08061017), EzConvey
s.r.o. (08583153).

If you use payment services, your data may also be transferred to The Currency Processor
Cloud Limited, whose registered office is at The Steward Building, 12 Steward Street, London, E1 6FQ, United Kingdom.
This processor is a licensed payment institution that is supervised by the Financial Conduct Authority
(FCA). If you are using services related to investment instruments, your data may also be transferred to
To the central securities depository where the book-entry securities are held.

In addition, your personal data is transferred to banks, custodians (companies with which securities are held
your securities if you use investment services) and companies that help us send

Under certain conditions defined by law, we are required to transfer some of your personal information to
under applicable law, e.g. to the Police of the Czech Republic, the Czech National Bank, the Financial Analytical
Office, the Office for Personal Data Protection, or other law enforcement authorities and other
public administration authorities.

What are cookies and what types of cookies do we use?

For information about the cookies we use, please see our Cookie Policy.

How long do we process your data?

We process your personal data for the duration of the contract and for a further 10 years thereafter
after the end of the contractual relationship.
We keep records of telephone calls that lead to the conclusion of a trade in an investment instrument
for a period of 5 years. Other telephone records are kept for 1 year.

Do we process personal data without your consent?

Yes, we are entitled to process your personal data without your consent, but only on the basis of:
– the conclusion and performance of a contract,
– the fulfilment of legal obligations arising for us from generally binding legal regulations,
– to meet legitimate interests (for example, to ensure the security of our website),
– sending commercial communications pursuant to Act 480/2004 Coll., on certain information services
(only if you are our customer or give us your consent)

How do we secure your personal data?

We secure your personal data in a way that protects your data from misuse, loss
and unauthorised access. We use security measures such as:
– Restricting physical access to our business premises,
– restricting access to information we collect about you,
– securing the system with an SSL certificate and encryption,
– where there is no longer any purpose for processing the data, we dispose of your data as required
by law.

What rights do you have in relation to data protection?

According to the General Regulation, you have the following rights in relation to your personal data:
1. to information,
2. to request access to your personal data,
3. the right to data portability,
4. to request the rectification of inaccurate personal data or its completion,
5. to request the restriction of the processing of your personal data,
6. object to the processing of your personal data,
7. request the erasure of your personal data without undue delay (only if there is no other lawful
8. withdraw your consent to the processing of your personal data,
9. the right not to be subject to any decision based solely on automated
processing, including profiling,
10. lodge a complaint with the supervisory authority, which is the Office for Personal Data Protection, Pplk. Sochor 27,
170 00 Prague 7.

How can you object?

If you are dissatisfied with the processing of your personal data, you can object. Your personal data
in this case, we will not process your personal data for the given purpose, unless we have compelling and
legitimate reasons for us to continue such processing.

Where can you contact us?

If you have any questions about data protection and exercising your rights, please contact us by email: or in writing to Roklen360 a.s., Wenceslas Square 838/9, Nové Město,
110 00 Prague 1.

In this context, we would like to inform you that we may require you to provide us with appropriate
prove your identity in a suitable manner so that we can verify your identity. This is a precautionary security measure
security precautions to prevent unauthorised persons from accessing your personal data. In order to
improving the quality of our services and keeping a record of our compliance with our legal obligations
all communications with you are monitored.

Last updated: 16 January 2023