How we treat your personal data
Preamble
Taking care of our clients in the financial world is our highest priority, but at the same time a very challenging task. In order to properly understand the needs of our clients and at the same time to provide products and services at the highest level, we need to know a lot of personal details. This allows us to focus on the individual needs of our clients and thus bring them tailor-made solutions.
With regard to the transparency and security of the personal data processed, we consider it a priority to inform you about the principles we observe when processing personal data. When processing the personal data of our clients, we primarily follow the EU General Data Protection Regulation (GDPR), the provisions of the Act no. 18/2018 Coll. on personal Data Protection, which are applicable to us, as well as other legal regulations of the European Union and the Slovak Republic.
This information of personal data processing explains how we process personal data within our company pursuant to Art. 13 and Art. 14 of the GDPR Regulation.
In case of any questions related to the processing of personal data by our company, including the exercise of rights of data subjects, please contact us at the email address frontoffice@wem.sk.
Article I. Personal Data Controller
The Controller of the personal data processed are the following companies belonging to the WEM group:
- Wealth Effect Management o.c.p., a.s. with the registered office at: Bottova 2A, 811 09 Bratislava, Company ID: 51 127 113, registered in the Commercial Register of the City Court Bratislava III, file no.: 6652/B, section: Sa, and
- Wealth Effect Management a.s., with the registered office at Bottova 2A, 811 09 Bratislava, Company ID: 52 391 728, registered in the Commercial Register of the City Court Bratislava III, section Sa, file no. 6976/B
The Personal Data Controller means a company to which you have provided personal data for a specific purpose (also in case of being interested in the service) or whose client you are. If you have products with several members of the WEM group, the particular member of the WEM group manages primarily the personal data that are related to their product or service. In case the purpose or conditions of personal data processing result from the legal regulations, the controller is a member of the WEM group, who is specified by the relevant law for the purpose of processing as a controller.
Joint Controllers
If you, as a client, have given us consent to process your personal data for marketing activities, the members of the WEM group act as joint controllers. In such case, the joint controllers decide together on the conditions and the purpose of personal data processing. Detailed conditions on the scope and conditions of processing of personal data of joint controllers are specified in the agreement of joint controllers.
Joint controllers are responsible for processing of your data jointly to the extent, in which they participate in the processing.
Article II. Personal Data Categories
Members of the WEM group process, for the below purposes, the following categories of personal data:
Identification and contact details: first name, surname, permanent residence address, temporary residence address, personal identification number, if assigned, date of birth, nationality, type and number of identity document, in case of a self-employed person or a statutory body of a legal person, in addition to the name, registered office and registration number, also a date of birth, permanent residence address, nationality, type and number of identity document, telephone number, email address
Transaction details: account number, bank details
Socio-demographic data: amount and origin of a regular income, regular expenditures and financial liabilities (e.g. information on loans), information on movable and immovable property, financial experience with investing, amount of invested funds, amount of a planned investment
Profile details: for the purpose of filling in the record of requirements, needs and experience of a client, we process the following personal data: age, sex, education attained, place of residence, marital status, family situation, information on income, monthly expenses, occupation.
Communication and interaction data: Information provided by the potential client or the client in the record of the business meeting
Records of telephone calls or electronic communication: Within the records of telephone calls, the first name and surname of a potential client or client of WEM, time and date of a call are collected.
Article III. Purposes of Personal Data Processing, Including the Relevant Legal Bases
Considering the basic principles of personal data processing, the members of the WEM group process personal data for the following purposes:
Identification and verification of client’s identification
Your identification is necessary for us to be able to provide you with our products and services. The authorization, as well as obligation to identify our client or a potential client arises for us from several legal regulations. This includes, in particular, Act no. 186/2009 on financial intermediation and financial advisory services and on amendment and supplementation of certain acts, as amended, 566/2001 Coll. on securities and investment services and on the amendment and supplementation of certain acts (the Securities Act), as well as Act no. 297/2008 on protection against money laundering.
In addition to the standard identification through ID documents of clients, members of the WEM group in online sale of a product also use a video call. However, the recording does not use biometrics or automated processing of personal data. The recording is used exclusively for client identification.
In such case we process personal data pursuant to Art. 6 sec. 1 point c) of the GDPR Regulation, in order to fulfil a legal obligation.
Conclusion and maintenance of a contractual relationship with the client – performance of a financial intermediation and performance of activities of a securities broker.
We process your personal data due to the conclusion and maintenance of a financial service agreement, while we process these personal data only to the extent specified for us by the Act on Financial Intermediation and Financial Advisory. This purpose includes the processing of personal data necessary for the analysis of your needs, the conclusion of a financial service agreement as well as activities aimed at fulfilling the financial service agreement concluded between you and our company.
To conclude, register and manage a contractual relationship, we process your personal data also in relation to the performance of activities of a securities broker pursuant to the Securities Act, to the extent necessary for the provision of investment services, investment activities and ancillary services.
The provision of personal data to conclude and maintain a contractual relationship with the client is voluntary, but necessary for the conclusion of a financial service agreement, as well as the provision of investment services, investment activities and ancillary services in relation to the performance of activities of a securities broker. We cannot provide you with any service without your successful identification and we are obliged to refuse to execute the trade or to provide the service in such a case. This obligation arises to us from our position as an independent financial agent pursuant to Art. 31 of the Financial Intermediation Act as well as a securities broker pursuant to the Securities and Investment Services Act.
We process personal data pursuant to Art. 6 sec. 1 point c) of the GDPR, in order to fulfil a legal obligation.
Service activities
As part of our service activities, we send to our clients the important information related to products and services concluded by the client. We do so on the basis of sending the so-called service reports. For this purpose, we also process data on potential clients who have expressed interest in our products or services through various communication channels (phone call, email). In such a case, we process the name and contact details of the potential client for contacting purposes.
For this purpose, we process the personal data of our clients and potential clients based on preparing the contract or maintaining a contractual relationship with our client, in accordance with Art. 6 sec. 1 point b) of the GDPR.
Control and prevention of money laundering and terrorism financing
Pursuant to the Act on Protection against Money Laundering and Terrorism Financing, we as a liable person are obliged to perform due diligence in relation to the client and thereby identify, evaluate, understand the risks and adopt appropriate measures to mitigate the risks arising from possible money laundering and terrorism financing of our potential clients or clients.
In this case, we process personal data only to the extent necessary under the Act on Protection against Money Laundering and Terrorism Financing.
Exercising, proving and enforcing legal claims of WEM group members – dispute agenda
In certain cases, WEM is entitled to process personal data for the purpose of exercising, proving or enforcing a receivable towards its clients. This is primarily to protect WEM from misuse of its services, against any fraudulent activity to the detriment of WEM, including fraudulent or other actions aimed against WEM.
WEM processes personal data for this purpose due to the legitimate interest of WEM.
Taxes and Accounting
WEM as an independent financial agent and securities broker is subject to the tax and accounting obligations arising to the company under applicable legal regulations governing taxes and accounting. For this purpose, WEM processes personal data only to the extent required by the relevant legal regulations. In such a case, WEM processes personal data to fulfil the legal obligation under Art. 6 sec. 1 point c) of the GDPR.
Prevention and compliance control of activities arising from MIFID regulation
Pursuant to the Securities Act, WEM, as a securities broker, is obliged to produce records of all provided investment services, investment activities and ancillary services or executed transactions. The above also applies to records of telephone calls and electronic communication related to:
- transactions concluded in trading on one’s own account or
- provision of services related to client orders, related to the receipt, sending and execution of client’s orders or
- with the intent to result in transactions concluded in trading on one’s own account or in the provision of services related to client’s orders; to the receipt, sending and executing client’s orders, even if such conversations or communication do not result in conclusion of such transactions or in the provision of services related to client orders.
Improving the quality of services
The records of telephone calls between the client as a data subject and WEM as a securities broker are used not only for prevention and compliance control of activities arising from MIFID regulation, but also to increase the quality of WEM’s services, in order to best meet the client’s requirement.
We process clients’ personal data for this purpose on the basis of a legitimate interest in such personal data processing
Marketing
In order to optimally analyse and identify the needs of our client, we analyse individual products and investment strategies so as to provide our clients with the most effective investment solution. For such an analysis, we use the profile and socio-demographic data of our clients.
In case of marketing activities towards a client or a potential client, who has not expressed an interest in sending marketing information or news, WEM processes personal data on the basis of the granted consent to process personal data pursuant to Art. 6. sec. 1 point a) of the GDPR.
At the same time, as part of our marketing activities, we send to the potential clients who have expressed their interest in services through our subordinate financial agents or sales channels, such as a customer line, and to the clients, various marketing materials in the form of calls, electronic mail (email), text messages or through the WEM newsletter.
In case of marketing activities towards potential clients who have expressed an interest in some form of sending marketing materials, e.g. sending a WEM newsletter, through various sales channels or subordinate financial agents, we process personal data on such a person to the extent of first name, surname and a contact provided by a potential client. In this case, we process these personal data on the basis of a legitimate interest in such processing.
In order to be able to identify a data subject, who has rejected the sending of marketing materials, we process identification and contact details on such a data subject in our information systems. In this case, we process these personal data on the basis of a legitimate interest in such processing.
We process potential clients’ personal data on the basis of a legitimate interest in such personal data processing.
On the basis of a legitimate interest, we process your personal data for the following purposes:
- exercising, proving and enforcing legal claims of WEM group members – dispute agenda,
- improving the quality of services,
- marketing – contacting potential clients after they have expressed an interest.
Article IV. Automated Decision-Making and Profiling
In the provision of investment services, WEM as a securities broker processes personal data of potential clients using the automated decision-making method, including profiling.
Automated decision-making, including profiling of potential clients, occurs when collecting information, knowledge and experience of a potential client into an investment questionnaire, in order to create a so-called ‘investment profile’, i.e. to assess the financial situation, ability to bear losses and to determine the potential client’s resilience to any investment risks so that the controller (WEM as a securities broker) can recommend investment services and financial instruments to potential clients and to determine an investment strategy, which is appropriate for them and which corresponds to their resilience to financial risk.
Such a financial analysis is necessary for WEM to fulfil a legal obligation arising from the Securities Act, where it acts as a securities broker. Without such an analysis, WEM would not be able to properly assess the potential client’s financial situation and goals, which could result in incorrect provision of a requested service.
When calculating the potential client’s ‘investment profile’, WEM uses an automated form, resulting in client categorization and provision of a relevant investment profile that can be stable, conservative, balanced or dynamic.
For automated decision-making, including profiling, transactional, economic details and profile data specified in point 2 of this information on personal data processing are used and are entered by the potential client into an investment questionnaire.
In case of automated decision-making, including profiling, you have the right to object to the automated processing of personal data, including profiling. In such case the automated decision-making will be excluded and the decision based on an automated decision-making, including profiling, will be reviewed individually.
Article V. Recipients of Personal Data
Maintaining confidentiality of our clients’ personal data is our highest priority. We process our clients’ personal data mostly by our employees, who work with personal data based on ‘need to know’ principal, i. e. only authorized employees related to the processing itself. For some activities necessary for administrative and technical operations of WEM that we need to conduct upon generally binding legal regulations such as legal duties, we use third parties.
We provide personal data to the following external companies to ensure administrative and technical activities:
- companies belonging to various groups (as independent controllers), if there is legal basis or contractual relationship thereto,
- verified and contractually committed intermediaries,
- IT-system, software equipment, information or cloud services provider,
- accounting or payroll company and companies providing auditing services,
- subordinate financial agents performing financial intermediation on our behalf,
- Centrálny depozitár cenných papierov (Central Depository of Securities), Štátny fond rozvoja bývania (State Fund of Housing Development) and Garančný fond investícií (Investment Guarantee Fund),
- authorities in charge of supervision and public administration bodies – Národná banka Slovenska (Central Bank of Slovakia),
- professional advisers such as executors, notaries, law firms.
WEM group members may under certain circumstances act as intermediary for other WEM group member or other controllers. In this case, a client negotiates with more WEM group companies on contract conclusion. This can concern for example a situation when sale of a product of Wealth Effect Management as a broker is intermediated to you by Wealth Effect Management, a.s. as an independent financial agent and vice versa. Another case may occur when Wealth Effect Management, a.s. performs regular service for clients of Wealth Effect Management o.c.p. as a broker.
Members of WEM group share personal data within their marketing activities, where they act as joint controllers, thus in case when client granted us with consent to process their personal data for marketing purposes. Special conditions of personal data processing among WEM group members are included directly in a consent to personal data processing.
Article VI. Personal Data Processing Period
We store personal data for the period specified by applicable legal regulations, especially by the Act of Financial Intermediation, Act on Securities, Mifid regulation or Act on prevention of legalisation of proceeds of criminal activity and financing of terrorism. At the same time, personal data retention period is also specified in registration and archiving rules of our company. The term of retention varies depending on a particular purpose of personal data processing, for which members of WEM process the very personal data. The specified archiving period for personal data complies with the rule of minimum personal data retention, therefore, personal data are processed only until they are necessary for the purposes for which they are processed. In the chart we have taken personal data retention period into account, with regard to purpose of such a processing.
| Purpose of Personal Data Processing | Personal Data Processing Period |
|---|---|
| Identification and verification of client’s identification | Within the term of an agreement on financial service and at least 5 years after the validity termination of this agreement. |
| Conclusion and maintenance of a contractual relationship with the client – performance of a financial intermediation and performance of activities of a securities broker | Within the term of an agreement on financial service and at least 5 years after the validity termination of this agreement. |
| Keeping records about a client – client administration | Within the term of an agreement on financial service and at least 5 years after the validity termination of this agreement. |
| Service activities | Within the term of an agreement on financial service. |
| Control and prevention of money laundering and terrorism financing | Within the term of an agreement on financial service and at least 5 years after the validity termination of this agreement. |
| Dispute agenda | Limitation period of a legal claim |
| Taxes and accounting | During the contractual relation and 10 years after its termination. |
| Prevention and compliance control of activities arising from MIFID regulation | Within 5 years and upon request by Central Bank of Slovakia 7 years as of generating the record. |
| Improving the quality of services | Within 5 years and upon request by Central Bank of Slovakia 7 years as of generating the record |
| Marketing | Within 5 years as of granting the consent to personal data processing, in case of a potential client within 1 year as of introducing a person in internal record system or service provision. |
Article VII. Personal Data Source
Members of WEM group acquire personal data:
- directly from a client, namely by communication when concluding an agreement on investment and ancillary service provision,
- publicly available personal data acquired from the Companies Register, publicly available sources, especially within client care pursuant to prevention of legalisation of proceeds of criminal activity and financing of terrorism.
Article VIII. Rights of Data Subject
Pursuant to Art. 15 to 21 of the GDPR, a data subject has the following rights:
1. Right of access
As a data subject, you have the right to the
- confirmation whether WEM processes personal data and if so, you have the right to access to the information on the purposes of personal data processing, categories of personal data concerned, recipients or categories of recipients, the period of personal data retention, information on your rights, on the right to file a complaint to the Office for Personal Data Protection, information on the source of personal data, information on whether the automated decision-making and profiling are conducted, information and guarantees in case of transferring the personal data to a third country or international organization.
- a copy of the documents, information and documents that WEM has archived in their information systems.
2. Right to correction
Client as a data subject has the right to the correction of personal data that we keep about them and that are inaccurate or incomplete. In case you find out that the personal data available to the WEM members are not up-to-date, you can contact the address specified in point 1 of this Declaration. We will verify the correctness of your personal data and remedy the situation immediately.
3. Right to deletion (right to be forgotten)
In certain cases stipulated by law, the client as a data subject may request the deletion of all their personal data from the information systems that WEM members process about them. As personal data controllers, we are then obliged to destroy these personal data.
In case you exercise your right, we are also obliged to inform other controllers/third parties, to whom we have provided your personal data, about the exercise of your right. However, such exercise of the right to deletion is subject to individual decision due to the fact that in certain cases our company has, even in case of exercise of such a right, the right to retain the relevant personal data due to a legitimate interest or to fulfil a legal obligation.
4. Right to restrict processing
In certain cases stipulated by law, you have the right to restrict the processing of your personal data. Restriction of processing means a clear identification of personal data in order to restrict their processing for a certain period. After exercising this right, we will not process your personal data in any way, except for situation where your personal data are used to exercise legal claims or other claims arising from the GDPR.
5. The right to transferability
As the data subject, you have the right to have your personal data, which we process as members of WEM – independent controllers, transferred to another organization.
6. The right to objection and the right to object to the automated personal data processing
Should you find out that we process your personal data in an unlawful manner or in contradiction to the protection of your privacy, you have the right to object to such processing. In such a case, we are obliged to examine the situation and if your objection proves relevant, we are obliged to stop processing your personal data. You also have the right to restrict the automated processing of your personal data or profiling.
7. The right to file a complaint to the supervisory authority
If the data subject deems to be affected in terms of their rights under the GDPR regulation, e. g. as the controller of your personal data we do not provide you with information on the processing of your personal data, you have the right to file a complaint to the supervisory authority, which is the Office for Personal Data Protection of the Slovak Republic.
8. The right to withdraw consent to the processing of personal data
The consent to the processing of personal data is given voluntarily and you can withdraw it at any time. All relevant information pursuant to Art. 7 of the GDPR Regulation is provided directly in the consent to the processing of personal data. Consent to the processing of personal data can be withdrawn only in case of personal data processing for the purpose of marketing activities of the WEM group members. Personal data processed by the company for other purpose, e. g. to fulfil the contract to which the data subject is a party, or not if personal data processing results from special laws. Withdrawal of a consent shall not affect the lawfulness of the processing arising from the consent prior to its withdrawal.
You can withdraw your consent to the processing of personal data at centrala@wem.sk.
This document is exhecuted in English and Bulgarian languages. The contracting parties agreed that in case of any discrepancy between the English and Bulgarian wording the English wording prevails.
In Bratislava on 17.07.2024