Protection of personal data

When protecting your personal data, we adhere to all regulations and laws, especially the GDPR (General Data Protection Regulation EU 2016/679), and we have implemented appropriate technical and organizational measures to secure personal data.

What personal data do we process?

Some of this data is not processed on a regular basis but only in justified cases:

• Identification data - data such as name, surname, social security number, date of birth, permanent address, copy of identification card or similar document, and details of this document.
• Contact details - contact address, email, phone.
• Communication data - email communication exchanged with you.
• Political exposure - the law requires us, in justified cases, to determine whether or not you are a politically exposed person. You can find the exact definition of this term either in each Declaration or in the Law 253/2008 Coll. § 4 para. 5.
• Documents about ownership of a bank account - bank statements or contracts for the establishment of a bank account and similar documents proving that either you or your company are the owner of the account.
• Additional information about the origin of funds, business activities of companies, and intended purpose of the transaction.
• Client risk - for contractual clients, we keep records indicating whether they are considered risky under anti-money laundering and counter-terrorism financing laws.

How and for what purposes do we process your personal data?

The processing of your personal data must have its legal basis. This may involve your consent or for the purpose of fulfilling a legal obligation, performing a contract, or negotiating the terms of a contract.

• Customer identification - We need to know your identification details not only for the purpose of entering into a contract and to know who we are communicating with, but also because the law No. 253/2008 Coll, colloquially known as the anti-money laundering law, requires us to know these details. For contractual clients and transactions exceeding the limit, we verify your identity based on the submitted personal documents. Furthermore, we check if you are not on the AML sanctions list, and for the submitted account ownership documents, we verify that you are the owner of the account in question. For one-time clients or users of the Europlatba.cz portal, a customer declaration is used for identification purposes.
• Conclusion of a framework agreement - This includes your request for a framework agreement, where we ask for your details, which are subsequently used for the framework agreement, and contact details, which enable us to communicate with you during the conclusion of the agreement.
• Questionnaire - These data are useful for us both to assess the possibility of concluding a contractual relationship (legitimate interest of the controller), and also the anti-money laundering law requires us to know details such as the purpose and intended nature of the transaction, the origin of funds, and imposes on us the obligation of ongoing review of transactions to ensure they are in line with what is known about the client's business or risk profile.
• Sending service messages - We send confirmations and documents related to individual transactions to clients via email. Knowing your email is important for fulfilling the contract, providing the Europlatba.cz service, or the Currency Monitor service. We also send important notifications about changes to the service or planned service disruptions to clients and users of our services. If you do not wish to receive such emails, you can unsubscribe from them, and you will only receive messages related to transactions you have entered into.
• Marketing - Using your email address for direct marketing was allowed by Czech laws even before GDPR. We only use email without any additional information. We send commercial offers a maximum of 1-2 times a year because we also do not like spam. With each such email, you always have the option to unsubscribe from receiving further offers.
• Reporting Suspicious Transactions - If we identify any transaction as suspicious under the law against money laundering and terrorism financing, we have a legal obligation to report such a transaction to the Financial Analytical Office. In such a case, we would disclose your personal data and other details of the transaction to this authority.
• Sharing Data with third parties (e.g., partner investment companies or other companies within the EasyChange group) - We do not share your data with third parties without your consent. If you express interest in services provided by third parties, we will ask for your consent to share your personal data with the third party (such as your name and email for facilitating communication between you and the third party).

Are you required to provide us with personal data?

You are not obliged to provide us with personal data, but without providing the necessary information for the execution of a transaction or the fulfillment of our services and legal obligations (such as identification, etc.), you cannot use our services. In this regard, we are primarily subject to the law 253/2008 Sb. in its current wording and related regulations.

How long do we keep your data?

We retain all data for as long as necessary to fulfill its purpose. However, after our cooperation ends, we cannot completely delete it. The "anti-money laundering" law requires us to archive transactions and all related data within the deadlines set by the current version of Act No. 253/2008 Coll.

• After the termination of cooperation (for contractual clients after the termination of the framework agreement, and for one-time clients after the completion of the transaction), we are required to retain your data for a period of 10 years.
• If you grant us consent, we retain this consent for a period of 5 years or until you revoke it.
• If you only provide us with data for the purpose of requesting a trade or proposing a contract, but this purpose is not fulfilled, we will delete the data within 1 calendar month from its provision.

To whom can we disclose your personal data?

• We may disclose your personal data, for example, to our suppliers - providers of IT services, providers of email services, or providers of postal services. That is, only in connection with the performance of our activities, if it is necessary to fulfill our services for you.
• By law, we also have an obligation to disclose your personal data to certain supervisory authorities (e.g., the Czech National Bank, the Ministry of Finance), law enforcement authorities, and, if we discover suspicious transactions, to the Financial Analytical Office.

What rights do you have?

By contacting us at our email info@easychange.cz you can exercise:

• the right to access your personal data pursuant to Article 15 of the GDPR
• the right to rectify personal data pursuant to Art. 16 of the GDPR, or, if applicable, the right to restrict processing pursuant to Art. 18 of the GDPR
• the right to erasure of personal data pursuant to Art.17 of the GDPR
• the right to object to processing pursuant to Art. 21 of the GDPR
• the right to data portability pursuant to Art. 20 of the GDPR
• the right to withdraw consent to the processing of data.

If you are not satisfied with the resolution of your request, you can also file a complaint with the Office for personal data protection.

The name and contact details of the data controller:

Easychange s.r.o.

The identification number: 29044570

The registered office: Jungmannova 747/28, Nové Město, 110 00 Praha 1

Email: info@easychange.cz

The data controller has not appointed a data protection officer.