GDPR NOTIFICATION

Information on the processing of personal data

IDENTITY AND CONTACT DETAILS OF THE CONTROLLER

The data controller providing the information in this document is:

APS CREDIT FUND SICAV, a.s., ID No.: 03624251, with registered office at Celetná 988/38, Staré Město, 110 00 Prague 1, registered in the Commercial Register kept by the Municipal Court in Prague, Section B, Insert 20276,

(hereinafter referred to as "APS" or "the Company“) 

Contact details of the Company in the matter of personal data protection

Telephone number:  +420 776 505 103

e-mail: info@apscreditfund.com

In relation to personal data collected in connection with the Agreement on the Issuance and Redemption of Investment Shares, the data controller is the Company referred to above.

THE PURPOSE AND SCOPE OF THE PROCESSING OF PERSONAL DATA

The Company processes personal data for the following purposes:

performance of the contract under which the company provides services to the client,

the performance of legal obligations imposed by law (e.g. Act No. 253/2008 Coll., on certain measures against the legalization of the proceeds of crime and the financing of terrorism;

marketing and business purposes (e.g. offering products and services, sending commercial communications, invitations to cultural events).

The company processes personal data of the following categories of data subjects :

Investors (clients)

Representatives of business partners

To the extent that they are provided at the time of entering into a contract or negotiating a contract, or disclosed by the data subject at a later date during the course of the contractual relationship, and to the extent that they are recorded in the client's account held by the Company for the client under the contract

This includes in particular the following categories of personal data:

 

Identification data (e.g. name and surname, date and place of birth, birth number, nationality, number and period of validity of the identity card, details of the authority that issued the identity card);

Contact details (e.g. permanent or other contact address, telephone number, e-mail address);

Socio-demographic data (e.g. age, gender, client's activity (employment, business);

Investment data (e.g. value of funds or investment instruments in the client's account held by the data company, range of the client's annual income, value of the client's assets, investment intentions of the client)

and others.

The company processes copies of identity cards only in cases where it is required to do so by law (in particular Act No. 253/2008 Coll., on certain measures against the legalization of the proceeds of crime and terrorist financing), or in cases where the owner of the identity card consents to the acquisition and processing of a copy of the identity card.

The data processed within the Company comes primarily from you, from contracts you have entered into with the Company, from public sources and from cooperating third parties.

Personal data is processed manually and automatically by means of computer technology.

THE LEGITIMATE INTERESTS OF THE CONTROLLER

The Company also processes the personal data of its clients for direct marketing purposes because of its legitimate interest in promoting its similar products and services. To object to the processing of personal data for direct marketing purposes, the client can t via the above email address.

RECIPIENTS OF PERSONAL DATA

The Company may provide personal data to processors, namely companies that perform activities requiring the processing of personal data for the Company under contract, in particular:

investment intermediaries (tied agents) authorised to broker the Company's products or managed funds;

fund administrator;

persons entrusted with certain activities of the Fund;

information technology providers or operators;

marketing and market research agencies;

personal data is transferred to the Depositary, which processes it for the purpose of fulfilling the obligations arising from the performance of the activities of the Investment Fund Depository.

If the Company uses the services of processors when processing your personal data, this is only provided that the standards of protection of personal data at the specific processor are contractually guaranteed at least at the same level as at the Company and that such processor meets the conditions set out by law.

Furthermore, the Company may, if necessary, provide personal data to supervisory authorities (e.g. the Czech National Bank), law enforcement authorities or other administrative authorities if this is necessary to comply with the obligations set out in the legislation.

PERIOD OF PROCESSING OF PERSONAL DATA

The Company processes personal data for the duration of the contractual relationship with the client, and for the period for which it is obliged to retain personal data under the law (for the duration of the contractual relationship and for the following 10 years after its termination). Even if no contract is concluded between the Company and the potential client, the Company retains the personal data of the potential client for the period for which it is obliged to do so under the law.

After this period or after your consent to the processing of your personal data has expired and become effective, your personal data will be deleted, anonymised or processed only to the extent and for purposes for which your consent is not required.

If APS processes personal data on the basis of consent to the processing of personal data, it will process it for the period for which consent was given or until the consent is withdrawn.

TRANSFER OF PERSONAL DATA OUTSIDE THE EHP

In the case of international transfers of data originating in the European Economic Area (EEA), where the European Commission has recognised a country outside the EEA as having an adequate level of data protection, your personal data may be transferred on this basis.

 

For transfers to non-EEA countries where the level of protection has not been recognised by the European Commission as adequate, we will rely on the legislative restrictions applicable to the specific situation (e.g. where the transfer needs to be made to fulfil our contract with you, such as when making an international payment) or when implementing one of the safeguards below to ensure the protection of your personal data:

Standard Contractual Clauses approved by the European Commission.

THE RIGHTS OF PERSONS WHOSE PERSONAL DATA ARE PROCESSED

The person whose data is processed is hereinafter referred to as the "data subject".

The data subject shall have the right to object to the processing of personal data at any time. Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to the processing of personal data for such marketing, and the controller shall cease the processing of personal data for direct marketing purposes.

The data subject has the right to ask the company to confirm whether it is processing personal data concerning him or her. If the company processes the personal data of the data subject, the data subject has the right to access such personal data and to information about the purpose of the processing, the categories of personal data concerned, the recipients of the personal data, the intended duration of the processing and his or her rights in relation to the processing of the personal data.

The data subject has the right to have inaccurate personal data rectified and incomplete personal data completed.

The data subject also has the right to erasure of personal data, namely

if they are no longer necessary for the purposes for which they were processed,

if he or she withdraws consent to the processing of personal data and there is no other legal ground for processing,

if he or she objects to processing for which there are no overriding legal grounds for processing,

where the personal data have been unlawfully processed,

where erasure is necessary to comply with a legal obligation; or

where the personal data have been collected in connection with the offer of information society services to a child under the age of 13.

The data subject also has the right to restrict the processing of personal data, namely

if he or she denies the accuracy of the personal data, for the period necessary to verify the accuracy of the personal data,

if the processing is unlawful and the data subject refuses the erasure of the personal data and requests instead the restriction of its use,

where the controller no longer needs the personal data for the purposes of the processing but the data subject requires them for the establishment, exercise or defence of legal claims; or

if he or she objects to the processing until it is verified that the legitimate grounds of the controller override those of the client.

The data subject shall further have the right to the portability of personal data processed on the basis of consent or for the performance of a contract, which means the right to obtain his or her personal data provided to the controller in a structured, commonly used and machine-readable format and the right to transmit such data to another controller, or to have such data transmitted directly from one controller to another controller, if technically feasible.

Where personal data are processed on the basis of consent, the data subject shall have the right to withdraw that consent at any time. However, the lawfulness of the processing of personal data prior to the withdrawal of consent shall not be affected.

The data subject shall have the right to lodge a complaint with the Office for Personal Data Protection at any time if he or she considers that there has been a breach of the law.

If you intend to exercise the above rights, please send a letter or email to the above address.

In accordance with the applicable regulation, in addition to your rights listed above, you also have the right to file a complaint with the competent supervisory authority, which in the Czech Republic is the Office for Personal Data Protection, located at Pplk. Sochor 727/27, 170 00 Prague 7, Holešovice.

VOLUNTARY PROVISION OF PERSONAL DATA

The provision of personal data to the company is voluntary, but failure to provide it does not allow the company to conclude a contract with the client and provide the requested service. If the client is interested in concluding a contract with the company, he/she must provide the personal data because the law requires it.

This document shall enter into force on 20 October 2021

The Controller is entitled to amend, supplement, cancel or replace this notice at any time if necessary, provided that the updated notice must be published at least 30 days before it becomes effective.