GDPR

Information on the Processing of Personal Data and the Rights of the Client as a Data Subject

This information is intended for the clients of Sympatia Financie, o.c.p., a.s., with its registered office at: Vajnorská 21 A, 831 03 Bratislava – Nové Mesto district, ID No. (IČO): 35 842 369, registered in the Commercial Register of the City Court Bratislava III, Section: Sa, Entry No. 2995/B (hereinafter referred to as “we” or “us”) in relation to whom we perform investment services and investment activities and ancillary investment services in the course of our activities as a securities dealer (hereinafter referred to as “you”) pursuant to Act No. 566/2001 Coll. on Securities and Investment Services and on amendments and supplements to certain acts, as amended (hereinafter referred to as the “Securities Act”). As a controller, we are obliged to fulfill our information duty toward you as a data subject.

In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the “Regulation” or “GDPR”) and Act No. 18/2018 Coll. on the Protection of Personal Data (hereinafter referred to as the “Data Protection Act”), which both entered into force on May 25, 2018, we hereby inform you of the following facts regarding the processing of personal data.

Identification and Contact Details of the Controller

Sympatia Financie, o.c.p., a.s.
Registered office: Vajnorská 21 A, 831 03 Bratislava – mestská časť Nové Mesto
ID No.: 35 842 369
Registered in the Commercial Register of the City Court Bratislava III, Section: Sa, Entry No. 2995/B

Phone number: +421 2 3263 0700
e-mail: info@sympatia.sk

Contact Details of the Data Protection Officer and Method for Exercising Rights

As the controller, we have appointed a Data Protection Officer (DPO) whom you may contact regarding the processing of personal data and related matters. The Data Protection Officer can be contacted via email at: dpo@sympatia.sk or by mail at the following address: JUDr. Jana Habánová, Data Protection Officer, Sympatia Financie, o.c.p., a.s., Vajnorská 21 A, 831 03 Bratislava.

You may exercise your rights and requests through any of the methods mentioned above, or in person. In the event that you deliver your request, objection, statement, or withdrawal of consent by means other than a letter with a handwritten signature, an email with a qualified electronic signature, or in person, we may require additional credible verification of your identity; otherwise, we shall not be obliged to comply with your request. Requests may also not be granted in cases provided for by legal regulations.

All requests will be processed no later than one month from the date of their receipt. We may extend this period by a further two months, even repeatedly, in justified cases and with regard to the complexity and number of requests. We will inform you of any extension of the deadline.

We provide information, confirmations, and notices free of charge. In the case of repeated requests or requests that are manifestly unfounded or excessive, we may charge a fee for the administrative costs incurred for their processing, or we may refuse to act on the request.

In the event that we contact you by telephone or you contact us directly, these telephone conversations will be recorded. You will be advised of this fact at the beginning of the telephone conversation. If you wish for the conversation not to be recorded, please contact us by other means or request to be contacted by telephone from an unmonitored line.

Method of Processing Personal Data We process personal data primarily in electronic form through automated information systems which we operate ourselves.

Purpose of Processing Personal Data As the controller, we process personal data for the following purposes:

A. Performance and Administration of Investment Services Provided by a Securities Dealer pursuant to the Securities Act

  • Legal Basis: The legal basis is the provision of Article 6(1)(c) of the GDPR Regulation in conjunction with Section 73a of the Securities Act – i.e., the processing of personal data is necessary for compliance with a legal obligation to which the controller is subject. The legal basis for processing for this purpose also includes other legal regulations, such as Act No. 297/2008 Coll. on Protection against the Legalization of Proceeds from Crime and on Protection against Terrorist Financing, as amended (hereinafter the “AML Act”), and Act No. 359/2015 Coll. on the Automatic Exchange of Information on Financial Accounts for Tax Administration Purposes, as amended (collectively hereinafter “Other Related Special Regulations”).

  • Sources of Personal Data: We obtain your personal data directly from you. Personal data (i) are primarily stated in the contracts we have concluded with you, (ii) were filled in by you in a form, (iii) were sent or provided by you within mutual correspondence or communication, or (iv) were derived by us from other data provided by you.

  • Categories of Data Subjects' Personal Data: The categories of personal data specified in Section 73a of the Securities Act and Other Related Special Regulations.

  • Voluntary or Mandatory Provision of Personal Data: We cannot provide investment services without the provision of personal data pursuant to Section 73a of the Securities Act and in accordance with Other Related Special Regulations. Providing your data in the above scope is a legal requirement. Without this data, we are prohibited from providing investment services, investment activities, and ancillary investment services. If you, as a potential client, have demonstrated a verifiable interest in these services, we are not authorized to provide them to you without the submission of the aforementioned data.

  • Recipients or Categories of Recipients of Personal Data:

  • Recipients performing IT service/support and IT development;

  • Recipients providing services related to the execution of payment transactions pursuant to special regulations;

  • Recipients providing mailing services, including the printing of documents, enveloping, postal delivery, and handling of returned mail and delivery receipts;

  • Recipients providing document archiving services;

  • Recipients performing the audit of our financial statements.

  • Retention Period of Personal Data: As the controller, we retain your personal data for the duration of the provision of investment services (hereinafter the “Contract”) and for the period necessary to fulfill our rights and obligations arising from the Contract and the Securities Act, including a period of 10 years after the termination of the Contract.

B. Direct Marketing Processing of Personal Data for Marketing Research and Introduction of our Product Portfolio

  • Legal Basis: The legal basis is the provision of Article 6(1)(a) of the GDPR Regulation in conjunction with the consent granted by you, if applicable – i.e., the data subject has given consent to the processing of their personal data for one or more specific purposes.

  • Sources of Personal Data: We obtain your personal data directly from you (via contracts, forms, correspondence, or derived data). If you did not provide the data yourself, the source was primarily your legal or authorized representative.

  • Categories of Data Subjects' Personal Data: Standard personal data to the extent of: name, surname, address, email address, and telephone number.

  • Voluntary or Mandatory Provision of Personal Data: You provide your personal data voluntarily. Failure to grant consent for marketing purposes has no impact on the performance of investment services. You may withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

  • Recipients or Categories of Recipients of Personal Data: Same as listed in Section A (IT support, mailing services, archiving, and auditors).

  • Retention Period of Personal Data: We retain your data for the duration of the Contract and for one year after its termination, or until the day your withdrawal of consent is delivered/effective.

C. Identity Verification using Facial Biometrics

Biometric data are a special category of personal data under the Regulation. We have authorized a processor to handle this: Rokan Biometrics, s.r.o., registered office: Kaštieľska 4, 821 05 Bratislava, ID No.: 53 967 658 (hereinafter the “Processor”). The Processor processes data on our behalf based on a data processing agreement concluded pursuant to Art. 28 of the Regulation.

  • Legal Basis: Article 9(1)(a) of the GDPR (explicit consent) in conjunction with Article 6(1)(c) of the GDPR (compliance with a legal obligation).

  • Sources of Personal Data: Obtained directly from you.

  • Categories of Data Subjects' Personal Data: Biometric characteristics of your face, i.e., a real-time facial image.

  • Voluntary or Mandatory Provision of Personal Data: Under the AML Act, we are required to verify your identity. Without your physical presence, we cannot conclude a Contract without performing identity verification via biometric data.

  • Recipients or Categories of Recipients of Personal Data: IT service/development; the NBS, the Financial Intelligence Unit (FSJ), or other entities authorized by special regulation.

  • Retention Period of Personal Data: Five years from the termination of the contractual relationship pursuant to Section 19(2) of the AML Act; this may be extended to up to ten years if requested in writing by the Financial Intelligence Unit pursuant to Section 19(3) of the AML Act.

Automated Individual Decision-Making, Including Profiling For the purposes of (i) investment service administration and (ii) direct marketing, we perform profiling. This consists of using personal data to evaluate aspects such as financial circumstances, personal preferences, interests, reliability, behavior, or location. This is done to ensure products match individual needs and to identify potential fraud or issues regarding FATCA, CRS, and AML/CFT. We do not perform profiling for the purpose of facial biometric verification.

Transfer of Personal Data to a Third Country or International Organization We do not intend to transfer your personal data to a third country or international organization. If you are from a third country, we apply the derogation for specific situations pursuant to Article 49(1)(b) of the GDPR Regulation.

Rights of the Data Subject

In accordance with the Regulation and the Data Protection Act, we hereby inform you, as a client in the position of a data subject (where such a contractual relationship applies), of your rights to the following extent:

A. Right to Request Access to Personal Data from the Controller

As a client, you have the right to obtain confirmation from us regarding:

  • the purpose of the processing of personal data;

  • the category of personal data being processed;

  • the recipient to whom the personal data has been/is to be provided;

  • the retention period of the personal data;

  • the right to request from the controller the rectification of personal data, erasure, or restriction of processing, and the right to object to the processing of personal data;

  • the right to initiate proceedings regarding personal data protection;

  • the source of the personal data;

  • the existence of automated individual decision-making, including profiling.

B. Right to Rectification of Personal Data

You have the right to have us, as the controller, rectify incorrect personal data without undue delay. Taking into account the purpose of the processing, you have the right to have incomplete personal data supplemented.

C. Right to Erasure or Restriction of Processing of Personal Data

You have the right to have us erase your personal data without undue delay; we shall erase the data without undue delay if:

  • the personal data is no longer necessary for the purpose for which it was obtained or processed;

  • you withdraw the consent on which the processing is based and there is no other legal basis for the processing;

  • you object to the processing of the personal data;

  • the personal data is processed unlawfully;

  • the reason for erasure is to comply with an obligation under the law, a special regulation, or an international treaty by which the Slovak Republic is bound.

You have the right to have us restrict the processing of your personal data if:

  • you contest the accuracy of the personal data, during a period allowing us, as the controller, to verify the accuracy;

  • the processing is unlawful and you object to the erasure of the personal data and request the restriction of its use instead;

  • we, as the controller, no longer need the personal data for the purpose of processing, but you require it for the establishment, exercise, or defense of legal claims; or

  • you object to the processing of personal data, until it is verified whether the legitimate grounds on our part override your legitimate grounds.

D. Right to Data Portability

You have the right to obtain the personal data concerning you which you have provided to us, in a structured, commonly used, and machine-readable format, and you have the right to transmit those data to another controller if technically feasible and if:

  • the processing is based on consent or is necessary for the performance of a contract to which you are a party;

  • the processing is carried out by automated means.

E. Withdrawal of Consent

You have the right to withdraw your consent to the processing of your personal data at any time if consent is the legal basis for processing. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. You may withdraw consent in the same manner in which it was granted, namely by sending the withdrawal to: Sympatia Financie, o.c.p., a.s., Vajnorská 21 A, 831 03 Bratislava – Nové Mesto district, or by email to: info@sympatia.sk.

F. Right to Initiate Proceedings on Personal Data Protection

If you suspect that your rights have been violated during the processing of personal data, you have the right to file a petition to initiate proceedings on personal data protection pursuant to the Data Protection Act. Template for the petition: https://www.dataprotection.gov.sk/uoou/sites/default/files/kcfinder/files/WEB-vzor_navrhu.pdf

G. Existence of Automated Individual Decision-Making Including Profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

H. Right to Object to the Processing of Personal Data

You have the right to object, on grounds relating to your particular situation, to the processing of personal data carried out for the purposes of the legitimate interests of the controller. As the controller, we may no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override your rights or interests, or for the establishment, exercise, or defense of legal claims. You have the right to object to the processing of personal data concerning you for the purpose of direct marketing. If you object to processing for direct marketing purposes, we may no longer process the personal data for such purposes.

Principles of Personal Data Processing

PRINCIPLE OF LAWFULNESS We process personal data fairly, transparently, and only on the basis of a legal ground (consent of the data subject, performance of a contract, compliance with a legal obligation, protection of the vital interests of the data subject or another natural person, performance of a task carried out in the public interest or in the exercise of official authority, or the legitimate interest of Sympatia). During processing, we shall not violate the rights of the data subject.

PRINCIPLE OF PURPOSE LIMITATION We may process personal data only for a specific, explicitly defined, and legitimate purpose; otherwise, only for archiving, scientific, statistical, or historical research purposes.

PRINCIPLE OF DATA MINIMIZATION We may process only the personal data that we strictly require or that which we are permitted to process by law. We will not process or request unnecessary personal data. It is also your responsibility to provide us only with the personal data strictly necessary for the purpose for which it will be processed and to refrain from providing redundant data (e.g., during mutual communication, etc.).

PRINCIPLE OF ACCURACY We process only accurate and up-to-date personal data. If the personal data we process is incorrect or incomplete, we shall rectify or supplement it. We shall erase inaccurate personal data. The accuracy of personal data also depends on you; therefore, it is essential that you always provide us with correct and complete personal data.

PRINCIPLE OF STORAGE LIMITATION We will process personal data only for the period necessary to fulfill the purpose or for the period stipulated by legal regulations. We will process data for a longer period only for archiving, scientific, statistical, or historical research purposes.

PRINCIPLE OF INTEGRITY AND CONFIDENTIALITY We shall protect personal data against loss, accidental erasure, damage, theft, or destruction. We ensure that no unlawful processing of personal data occurs. The security of personal data is paramount, and we ensure it through standard appropriate technical and other measures.

PRINCIPLE OF ACCOUNTABILITY We are responsible for the security and protection of personal data to you and to the Office for Personal Data Protection of the Slovak Republic, which is authorized to review the processing of personal data within proceedings regarding personal data protection.

Contact Details of the Office for Personal Data Protection of the Slovak Republic Address: Hraničná 12 820 07, Bratislava 27 Slovak Republic ID No. (IČO): 36 064 220 Email:

Cookie Policy

In accordance with Section 109(8) of Act No. 452/2021 Coll. on Electronic Communications, as amended, we would like to inform you about the use of cookies and draw your attention to the possibility of changing your internet browser settings in the event that the current cookie settings do not suit you.

What are cookies? Cookies are small text files that may be sent to your internet browser when you visit websites and stored on your device (computer or other device with internet access, such as a smartphone or tablet). Cookies are stored in your browser's file folder. Cookies usually contain the name of the website they come from and the date of their creation. Upon your next visit to the site, the web browser reloads the cookies and sends this information back to the website that originally created them. The cookies we use do not harm your computer.

What types of cookies do we process?

  • Functional cookies help perform certain functions, such as sharing website content on social media platforms, collecting feedback, and other third-party features.

  • Performance cookies are used to understand and analyze key website performance indices, which helps provide a better user experience for visitors.

  • Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

  • Advertising cookies are used to provide visitors with relevant advertisements and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.

  • Necessary cookies are absolutely essential for the proper functioning of the website. These cookies ensure basic functionalities and security features of the website anonymously.

  • Other cookies are those that are being analyzed and have not yet been classified into a category.

Use of cookies

During your first visit to our website, a pop-up window will appear with an explanation about cookies. As soon as you click "Accept all cookies," you agree to our use of the categories of cookies and plugins you selected in the pop-up window, which you can choose by clicking "Cookie Settings." You can disable the use of cookies through your browser.

Why do we use cookies?

We use cookies to optimally create and constantly improve our services, adapt them to your interests and needs, and improve their structure and content, as well as to create interesting offers for you. Sympatia does not use data obtained through cookies as contact information to reach you via mail, email, or telephone.

How can you change your cookie settings?

Most internet browsers are initially set to automatically accept cookies. You can change this setting by blocking cookies or by setting a notification in case cookies are to be sent to your device. Instructions for changing cookies can be found in the "Help" option of each browser. If you use different devices to access the pages (e.g., computer, smartphone, tablet), we recommend adjusting each browser on every device to your cookie preferences.

Why keep the cookie settings?

The use of cookies and their activation in the web browser is your decision. However, in the event of a change to their settings, some of our web pages may have limited functionality and a reduced user experience.