Privacy policy

This Privacy Policy (hereinafter later referred to only as the “Policy”) defines the privacy practices employed by Fintokei, a platform operated by Fintokei s.r.o., incorporated in Masarykova 409/26, Brno-mesto, 602 00 Brno, Czech Republic, 09110127, file: C 117301 registered by Regional Court in Brno (hereinafter later referred to only as the “Company”) in providing and/or receiving the Service (as defined in the Terms and conditions) to its customers and/or from providers such as vendors, affiliates, marketing services providers etc. if provided by natural persons and/or companies structure, in which case Company processes personal data of its directors, shareholders and/or employees if necessary (hereinafter referred collectively only as the “Subjects” or specifically as  “Client” / “Provider”) and shall be read in the light of the legal agreements and policies provided by Company.


This Policy aims to define the process how the Company collects and processes personal data of the Clients through the use of and its services or within the scope of Company and Provider contractual relationship (hereinafter later referred to only as the “Website” or “Service”), including any data the Client/Provider may provide through the Website when signing up thereto.

The Services are not intended for minors (persons below 18 years of age) and no data related to minors may be collected.


 The Company is the controller and person/entity responsible for Subject’s personal data. It is important that the personal data the Company holds about the Subject is accurate and up to date. The Subject is obliged to inform the Company of any changes in his/her personal data.


Business name: Fintokei s.r.o 09110127

reg. office: Masarykova 409/26, Brno-mesto, 602 00 Brno, Czech Republic

e-mail address:

The Subject has a right to make a complaint or raise a question concerning personal data processing at the above-mentioned address.

In the event the number of subjects exceeds certain level, the Company shall appoint the Data Protection Officer, whose identification will be published within this Privacy Policy without delay.


Personal data, or personal information, means any information about an individual which may be used to identify that person. It does not include data where the identity has been removed (anonymous data).

As per the conditions defined herein the Company may collect, use, store and transfer different kinds of personal data about the Subject. For the purpose of this policy, the data is divided into the following groups:

  • Identity Data includes first name, maiden name, last name, username or similar identifier.
  • Contact Data includes e-mail address and telephone numbers.
  • Technical Data includes internet protocol (IP) address, Subject’s login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices the Subject uses to access Services.
  • Profile Data includes the username and password of the Subject, his interests, preferences, feedback and survey responses.
  • Usage Data includes information about how Subject uses the Services.
  • Marketing and Communications Data includes preferences of the Subject in relation to receiving marketing from the Company and/or third parties and respective communication preferences.


The Company will collect the following personal information about the Subject in the event of opening an Fintokei account with the Company:

  1. Name;
  2. Email address;
  3. Resident address
  4. Phone number
  5. Bank account


Where the Company is required to collect personal data by law, or under the terms of respective agreement with such Subject, but the Subject does not provide such data after being requested so, the Company may not be able to perform the agreement with the Subject (concluded or in the process of conclusion). In such case, the Company may have to cancel the agreement with the Subject with the obligation to notify the Subject thereabout.


The Company uses different methods to collect data from and about the Subject, including the following:

  • Direct interactions. The Subject may provide his personal data to the Company by filling in forms or by distant communication with the Company via post, phone, email or otherwise. This includes personal data the Subject provides, if he:
  • applies for the Fintokei services by filling the registration form;
  • applies for the Fintokei services by contacting Company’s representatives, assigned for the communication with subjects;
  • applies for the Fintokei services through any form of marketing tool (newsletter, landing page, etc.);
  • applies for the Fintokei mobile app.
  • Introducing Brokers and other affiliates: Company may be provided with Subject‘s personal data though Company’s Introducing Brokers and/or other affiliates. In this case Subject acknowledges that the introducing party may disclose or make available to the Company personal data for the purposes of the services provided by the Company. Both the Company and the Introducing Broker are Controllers of such data for the purpose of providing their services. The Company and the Introducing Broker are acting in common and not jointly in respect of any personal data.
  • Automated technologies or interactions. As Subject interacts with the website and also in accordance with the Cookies policy, his Technical Data about his equipment, browsing actions and patterns may be collected automatically. The Company collects such personal data by using cookies, server logs and other similar technologies. Technical Data about the Subject may also be requested if such Subject visits other websites by employing cookies of the Company.
  • Third parties or publicly available sources. Company may receive personal data about the Subject from various third parties and public sources such as:
  • analytics providers such as Google based outside the EU;
  • advertising networks based outside and within the EU.


Subject’s personal data will be used only in case where the law allows the Company to do so. Most commonly, Company will use Subject’s personal data in the following circumstances:

  • where there is a need to perform the agreement (concluded or in a process of conclusion with the Subject),
  • where it is necessary for Company’s legitimate interests (or those of a third party) and if such interests and fundamental rights do not override these interests,
  • where the Company shall comply with a legal or regulatory obligation.
  • Where freely given, specific, informed and unambiguous consent has been granted (if applicable).

In cases not covered by the abovementioned legal grounds for data processing, a consent of the data subject (Subject) is required. This applies particularly to situations when personal data is used for the purposes of third parties direct marketing communications to the Subject via e-mail or text messages. The Subject has the right to withdraw his consent to processing of personal data for marketing purposes at any time by contacting the Company at the following email


In a table format below, there is a description of all the ways the Company plans to use the personal data of its subjects and the legal bases the Company relies on in such case. The Company has also identified what its legitimate interests are, where appropriate.

Subject’s personal data may be processed on more than one lawful ground depending on the specific purpose for which Company uses personal data. If necessary, the Subject may contact the Company at for the purpose of obtaining necessary details about the specific legal ground the Company relies on to process his personal data where more than one ground has been set out in the table below


Type of data

Lawful basis for processing including basis of legitimate interest

To register the Subject as a new Client / Provider

(a) Identity

(b) Contact

Performance of agreement with the Subject.

To manage Company’s relationship with the Subject, including:

  1. Notification of any changes to the terms or privacy policy
  2. Asking the Subject to leave a review or to take a survey

(a) Identity

(b) Contact

(c) Marketing data

Performance of agreement with the Subject.

To deliver relevant Service content and advertisements to the Subject and to measure or understand the advertising efficiency.

(a) Identity

(b) Contact

(c) Technical Data

(d) Profile Data

(e) Usage Data

Performance of a contract with the Subject.

Necessary for Company’s legitimate interests (study of Subject‘s behaviour and their use of Fintokei, business growth, marketing strategy information).

To use data analytics to improve the Service, products/services, marketing, customer relationships and experiences.

(a) Identity

(b) Contact

(c) Technical Data

(d) Profile Data

(e) Usage Data

Performance of a contract with the Subject.

Necessary for Company‘s legitimate interests (definition of respective Subjects‘ categories, Service update, business development, marketing strategy development).

To make suggestions and recommendations to the Subject with regard to any product that may be of interest to the Subject.

(a) Identity

(b) Contact

(c) Technical Data

(d) Profile Data

(e) Usage Data

Necessary for Company‘s legitimate interests (business growth and development of portfolio of Subjects with real accounts).

To administer and protect Company‘s business and the Services (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)

(a) Identity

(b) Contact

(c) Technical Data

(d) Profile Data

(e) Usage Data

Performance of a contract with the Subject.

Necessary for Company‘s legitimate interests (provision of administration and IT services, network security, fraud prevention, business reorganisation).


(a) Identity

(b) Contact

Necessary for Company’s legitimate interests

Necessary to comply with a legal obligation


The Company provides option to the Subject with regard to certain personal data uses, particularly related to marketing and advertising.


Company may use Subject‘s identity, contact, technical, usage and profile data to form a view with regard to potential needs or possible interests of the Subject. Thus, the Company may provide products, services and offers relevant for the Subject (marketing purposes form a legitimate interest of the Company in relation to its products or services).

The Subject may receive marketing communications from the Company only if he has requested information from the Company or provided his details when accessing the Service for the purpose of receiving information and, in each case, not opting out the receipt of marketing notifications.


Before sharing Subject‘s personal data for marketing purposes with any company outside Fintokei group of companies, the Company needs an express opt-in consent of the Subject.


The Subject shall have the right to ask the Company or third parties to stop sending any marketing messages at any time by following the opt-out links on any marketing message sent to him or by contacting the Company at any time at the following e-mail address:


The Subject shall have the right to set his browser to refuse all or some browser cookies, or to alter the Company of any setting or access of cookies on the website. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly For more information about the cookies Company uses, please see the Cookies Policy.


Personal data of the Subject may be used for the purposes for which they have been collected, unless the legal basis of processing the data enables the Company to use it of other purpose and such reason is compatible with the original one.

In case of data use for an unrelated purpose, the Company shall notify the Subject and explain the legal basis therefor. Subject‘s personal data may be processed without his knowledge or consent only in compliance with the rules specified above, where such use is required or permitted by the law.


The Company may share Subject‘s personal data with third parties for the purpose of carrying out its services related to Fintokei properly. Security of Subject‘s personal data shall be fully respected by such third parties and treated in accordance with the law. Such Subject‘s personal data may not be used by third parties for their own purposes while they may be processed only for specified purposes by the Company and in accordance with Company‘s instructions.

Company’s service providers and vicarious agents may also receive data for these purposes if they maintain business confidentiality. These companies deliver IT services, logistics, printing services, legal, accounting, telecommunications and consulting as well as sales and marketing.

With regard to the transfer of data to recipients outside of the company, it should first be noted that Company commits itself to secrecy about all customer-related facts and valuations from which it become aware. In principle, Company may only disclose information about the Subject if required by statutory provisions, if Subject has given the consent, or if the Company is otherwise authorized to provide information. Under these conditions, in the case of a legal or regulatory obligation, recipients of personal data may be public bodies and institutions (e.g. regulatory authorities, tax authorities, law enforcement authorities).

Other data recipients may be those for whom the Subject have given the consent to submit the data or to whom Company may delegate personal information due to legitimate interests.


The Company is obliged to put appropriate security measures in place to prevent Subject‘s personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, the Company shall limit access to Subject‘s personal data to only such employees or third parties that are actively participating on the performance of subject of the License Agreement. Such employees or third parties will only process Subject‘s personal data on the basis of Company‘s instructions while respecting the duty of confidentiality.

The Company shall implement procedures to deal with any suspected personal data breach and notify the Subject and any applicable regulator thereabout, where legally required so.


Company might need on certain occasions for the purposes of carrying out the services to transfer personal data outside the European Economic Area (EEA).

Whenever Company transfer Subject‘s personal data out of the EEA, Company ensures a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • Company will only transfer personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
  • Where Company uses certain service providers, Company may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.


Personal data of the Subject shall be retained for as long as necessary to meet the purposes for which they were collected, including the purposes of satisfying any legal, accounting, or reporting requirements.

For the purpose of determination of appropriate retention period for personal data, the Company shall consider the number, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of such personal data, the purposes for which such personal data is processed and if these purposes may be achieved through other means, and the applicable legal requirements.

If the processing of the personal data requires consent (such as marketing or other purposes stated herein), the data retention period may differ according its very purpose. If not stated otherwise, personal data are processed for the period of 5 years or until Subject withdraws it.

Processing of personal data of service providers defined above takes five years after they cease being service providers.

Preservation of evidence for other purposes within the statutory limitation period.

Personal data contained in email, chats, phone calls and other means of distant communication might be processed according to the related and relevant purpose specified herein. Processing period might be up to 5 years.


Any Subject shall have following rights under data protection laws in relation to his personal data:

  • Request access to his personal data (commonly known as a “data subject access request”). The Subject is allowed to receive a copy of personal data the Company keeps about him and to check that such data is lawfully processed.
  • Request correction of his personal data. The Subject may request correction of any incomplete or inaccurate data the Company keeps about him, though the Company may need to verify the accuracy of the new data the Subject provides.
  • Request erasure of his personal data. The Subject has the right to request the Company to delete or remove personal data where there is no appropriate reason for the Company to process it. The Subject may also request the Company to delete or remove his personal data where he has successfully exercised his right to object to processing (see below), where his information may have been processed unlawfully or where the Company is required to erase his personal data to comply with local law. The Company may, however, refuse to comply with Subject’s request, if the applicable law allows it for specific reasons, which the Subject shall be notified of.
  • Object to processing of his personal data if the Company relies on a legitimate interest (or those of a third party) but the Subject believes such processing affects his fundamental rights and freedoms. The Subject may also object to processing of his personal data for direct marketing purposes. In justified cases, the Company may prove that it has compelling legitimate grounds to process Subject‘s information, overriding his rights and freedoms.
  • Request restriction of processing of his personal data. This allows the Subject to ask the Company to suspend the processing of his personal data in the following scenarios: (a) if the Subject wants the Company to establish the data’s accuracy; (b) where Company‘s use of the data is unlawful but the Subject does not want the Company to erase it; (c) where the Subject needs the Company to keep the data, even if no longer required by the Company, as he may need it to establish, exercise or defend legal claims; or (d) the Subject has objected to Company‘s use of his data but the Company needs to verify whether it has overriding legitimate grounds to use it.
  • Request the transfer of his personal data to him or to any third party. The Company will provide such personal data to the Subject or respective third party of his choice in a structured, commonly used, machine-readable format. This right only applies to automated information which the Subject initially provided consent for to the Company to use or where the Company used the information to perform a contract with the Subject.
  • Withdraw consent at any time where the Company relies on consent to process Subject‘s personal data. However, this will not affect the lawfulness of any processing carried out before the Subject withdraws his consent.